From 25720223492277ee5d421db0d7edcd04fd5821c7 Mon Sep 17 00:00:00 2001 From: Jelle Spreeuwenberg Date: Tue, 21 Apr 2026 01:42:32 +0200 Subject: [PATCH] feat: add host device type metadata --- modules/features/services/openssh.nix | 7 +++---- modules/hosts/orion/default.nix | 7 +------ modules/hosts/polaris/default.nix | 7 +------ modules/hosts/zenith/default.nix | 7 +------ modules/secrets/sops.nix | 8 +++----- modules/users.nix | 9 ++++----- 6 files changed, 13 insertions(+), 32 deletions(-) diff --git a/modules/features/services/openssh.nix b/modules/features/services/openssh.nix index 8ee7453..63f71d1 100644 --- a/modules/features/services/openssh.nix +++ b/modules/features/services/openssh.nix @@ -3,13 +3,12 @@ flake.modules.nixos.openssh = { config, + hostType ? "desktop", lib, - host ? { - isServer = false; - }, ... }: let + isServer = hostType == "server"; hostUserNames = builtins.attrNames ( lib.filterAttrs (_: user: user.isNormalUser or false) config.users.users ); @@ -17,7 +16,7 @@ { services.openssh = { enable = true; - openFirewall = host.isServer; + openFirewall = isServer; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; diff --git a/modules/hosts/orion/default.nix b/modules/hosts/orion/default.nix index 289de9f..e44ffa0 100644 --- a/modules/hosts/orion/default.nix +++ b/modules/hosts/orion/default.nix @@ -9,13 +9,8 @@ in { flake.modules.nixos.orion = { pkgs, ... }: - let - host = { - isServer = true; - }; - in { - _module.args.host = host; + _module.args.hostType = "server"; imports = [ inputs.home-manager.nixosModules.home-manager diff --git a/modules/hosts/polaris/default.nix b/modules/hosts/polaris/default.nix index 77a61b2..7299125 100644 --- a/modules/hosts/polaris/default.nix +++ b/modules/hosts/polaris/default.nix @@ -14,13 +14,8 @@ in pkgs, ... }: - let - host = { - isServer = false; - }; - in { - _module.args.host = host; + _module.args.hostType = "desktop"; imports = [ nixosModules.desktopBase diff --git a/modules/hosts/zenith/default.nix b/modules/hosts/zenith/default.nix index 201b76b..02279e2 100644 --- a/modules/hosts/zenith/default.nix +++ b/modules/hosts/zenith/default.nix @@ -10,13 +10,8 @@ in { flake.modules.nixos.zenith = { ... }: - let - host = { - isServer = false; - }; - in { - _module.args.host = host; + _module.args.hostType = "laptop"; imports = [ nixosModules.desktopBase diff --git a/modules/secrets/sops.nix b/modules/secrets/sops.nix index 3d3f9bb..7a7bb09 100644 --- a/modules/secrets/sops.nix +++ b/modules/secrets/sops.nix @@ -8,15 +8,13 @@ in { flake.modules.nixos.sopsHost = { + hostType ? "desktop", lib, - host ? { - isServer = false; - }, ... }: let - useHostSshKey = host.isServer; - useAdminKeyFile = !host.isServer; + useHostSshKey = hostType == "server"; + useAdminKeyFile = hostType != "server"; adminKeyDir = builtins.dirOf sopsAdminKeyPath; in { diff --git a/modules/users.nix b/modules/users.nix index 83bc3ad..837e848 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -24,18 +24,17 @@ let { accountName }: { config, - host ? { - isServer = false; - }, + hostType ? "desktop", lib, pkgs, ... }: let account = accounts.${accountName}; + isServer = hostType == "server"; in { - sops.secrets = lib.optionalAttrs (!host.isServer) { + sops.secrets = lib.optionalAttrs (!isServer) { "hashed-password-${accountName}".neededForUsers = true; }; @@ -51,7 +50,7 @@ let "networkmanager" ]; } - // lib.optionalAttrs (!host.isServer) { + // lib.optionalAttrs (!isServer) { hashedPasswordFile = config.sops.secrets."hashed-password-${accountName}".path; };