kiri/lux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: simplify host composition and shared feature config

Browse Source
This commit is contained in:
Jelle Spreeuwenberg
2026-04-22 03:29:19 +02:00
parent 5eec5689f4
commit 503c1fe9bc
16 changed files with 327 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files
AGENTS.md
+1 -1
View File
@@ -45,7 +45,7 @@ In this repo, `flake.nix` imports `./modules` recursively via `inputs.import-tre
- Reusable Home Manager concerns are published as `flake.modules.homeManager.<name>`. - Reusable Home Manager concerns are published as `flake.modules.homeManager.<name>`.
- Hosts are aspects too. `orion`, `polaris`, and `zenith` are `nixos` aspects assembled from smaller aspects. - Hosts are aspects too. `orion`, `polaris`, and `zenith` are `nixos` aspects assembled from smaller aspects.
- Host modules should use `config.meta.lib.mkHost` to define `meta.host`, base imports, hostname, and state version. - Host modules should use `config.meta.lib.mkHost` to define `meta.host`, base imports, hostname, and state version.
- Per-user Home Manager composition should use `config.meta.lib.mkHostUser` so `meta.host` and `meta.user` stay available to Home Manager features. - Per-host user declarations should use `config.meta.lib.mkHostUser` so host-local defaults stay close to the host and `mkHost` can wire `meta.host` and `meta.user` into Home Manager consistently.
- Features may rely on the `meta` contract. Existing modules already read `config.meta.host`, `config.meta.user`, and `config.meta.lib`. - Features may rely on the `meta` contract. Existing modules already read `config.meta.host`, `config.meta.user`, and `config.meta.lib`.
## Preferred Aspect Patterns ## Preferred Aspect Patterns
modules/features/git.nix
-4
View File
@@ -3,12 +3,10 @@
flake.modules.homeManager.git = flake.modules.homeManager.git =
{ {
config, config,
lib,
... ...
}: }:
let let
user = config.meta.user; user = config.meta.user;
usesScopedIdentity = user != null && user.sourceControl.profiles != { };
in in
{ {
programs.git = { programs.git = {
@@ -20,8 +18,6 @@
]; ];
settings = { settings = {
init.defaultBranch = "main"; init.defaultBranch = "main";
}
// lib.optionalAttrs (!usesScopedIdentity) {
user = { user = {
name = user.realName; name = user.realName;
email = user.primaryEmail.address; email = user.primaryEmail.address;
modules/features/meta.nix
+54 -19
View File
@@ -1,5 +1,7 @@
{ lib, ... }: { lib, ... }:
let let
nonEmptyStrType = lib.types.addCheck lib.types.str (value: lib.stringLength value > 0);
mkNullableOption = mkNullableOption =
type: type:
lib.mkOption { lib.mkOption {
@@ -10,9 +12,26 @@ let
hasSinglePrimaryEmail = hasSinglePrimaryEmail =
user: builtins.length (lib.filter (email: email.primary) (builtins.attrValues user.emails)) == 1; user: builtins.length (lib.filter (email: email.primary) (builtins.attrValues user.emails)) == 1;
scopeEmailCount =
scope: user:
builtins.length (lib.filter (email: email.scope == scope) (builtins.attrValues user.emails));
hasAtMostOneScopedEmail = scope: user: scopeEmailCount scope user <= 1;
requiredSourceControlScopes =
user:
lib.unique [
"personal"
user.sourceControl.projectScope
];
hasRequiredScopedEmail =
scope: user: scopeEmailCount scope user == 1;
primaryEmailFallback = { primaryEmailFallback = {
address = ""; address = "";
primary = false; primary = false;
scope = null;
type = ""; type = "";
}; };
@@ -53,6 +72,8 @@ let
type = lib.mkOption { type = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
scope = mkNullableOption sourceControlScopeType;
}; };
} }
); );
@@ -62,13 +83,11 @@ let
{ {
options = { options = {
publicKey = lib.mkOption { publicKey = lib.mkOption {
type = lib.types.str; type = lib.types.nullOr nonEmptyStrType;
};
privateKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null; default = null;
}; };
privateKeyPath = mkNullableOption nonEmptyStrType;
}; };
} }
); );
@@ -93,22 +112,10 @@ let
} }
); );
sourceControlProfileType = lib.types.submodule (
{ ... }:
{
options = { };
}
);
sourceControlType = lib.types.submodule ( sourceControlType = lib.types.submodule (
{ ... }: { ... }:
{ {
options = { options = {
profiles = lib.mkOption {
type = lib.types.attrsOf sourceControlProfileType;
default = { };
};
projectScope = lib.mkOption { projectScope = lib.mkOption {
type = sourceControlScopeType; type = sourceControlScopeType;
default = "personal"; default = "personal";
@@ -305,7 +312,22 @@ in
config.assertions = lib.mapAttrsToList (userName: user: { config.assertions = lib.mapAttrsToList (userName: user: {
assertion = hasSinglePrimaryEmail user; assertion = hasSinglePrimaryEmail user;
message = "User `${userName}` must define exactly one primary email entry."; message = "User `${userName}` must define exactly one primary email entry.";
}) config.meta.host.users; }) config.meta.host.users
++ lib.flatten (
lib.mapAttrsToList (userName: user:
(map (scope: {
assertion = hasAtMostOneScopedEmail scope user;
message = "User `${userName}` may define at most one `${scope}` scoped email entry.";
}) [
"personal"
"work"
])
++ map (scope: {
assertion = hasRequiredScopedEmail scope user;
message = "User `${userName}` must define exactly one `${scope}` scoped email entry.";
}) (requiredSourceControlScopes user)
) config.meta.host.users
);
}; };
flake.modules.homeManager.meta = flake.modules.homeManager.meta =
@@ -326,6 +348,19 @@ in
config.assertions = lib.optional (config.meta.user != null) { config.assertions = lib.optional (config.meta.user != null) {
assertion = hasSinglePrimaryEmail config.meta.user; assertion = hasSinglePrimaryEmail config.meta.user;
message = "User `${config.meta.user.name}` must define exactly one primary email entry."; message = "User `${config.meta.user.name}` must define exactly one primary email entry.";
}; }
++ lib.optionals (config.meta.user != null) (
(map (scope: {
assertion = hasAtMostOneScopedEmail scope config.meta.user;
message = "User `${config.meta.user.name}` may define at most one `${scope}` scoped email entry.";
}) [
"personal"
"work"
])
++ map (scope: {
assertion = hasRequiredScopedEmail scope config.meta.user;
message = "User `${config.meta.user.name}` must define exactly one `${scope}` scoped email entry.";
}) (requiredSourceControlScopes config.meta.user)
);
}; };
} }
modules/features/neovim/_kanagawa-theme.nix
+45
View File
@@ -0,0 +1,45 @@
{ themeName }:
''
require("kanagawa").setup({
colors = {
theme = {
all = {
ui = {
bg_gutter = "none"
}
}
}
},
overrides = function(colors)
local theme = colors.theme
local makeDiagnosticColor = function(color)
local c = require("kanagawa.lib.color")
return { fg = color, bg = c(color):blend(theme.ui.bg, 0.95):to_hex() }
end
return {
TelescopeTitle = { fg = theme.ui.special, bold = true },
TelescopePromptNormal = { bg = theme.ui.bg_p1 },
TelescopePromptBorder = { fg = theme.ui.bg_p1, bg = theme.ui.bg_p1 },
TelescopeResultsNormal = { fg = theme.ui.fg_dim, bg = theme.ui.bg_m1 },
TelescopeResultsBorder = { fg = theme.ui.bg_m1, bg = theme.ui.bg_m1 },
TelescopePreviewNormal = { bg = theme.ui.bg_dim },
TelescopePreviewBorder = { bg = theme.ui.bg_dim, fg = theme.ui.bg_dim },
Pmenu = { fg = theme.ui.shade0, bg = theme.ui.bg_p1 }, -- add `blend = vim.o.pumblend` to enable transparency
PmenuSel = { fg = "NONE", bg = theme.ui.bg_p2 },
PmenuSbar = { bg = theme.ui.bg_m1 },
PmenuThumb = { bg = theme.ui.bg_p2 },
DiagnosticVirtualTextHint = makeDiagnosticColor(theme.diag.hint),
DiagnosticVirtualTextInfo = makeDiagnosticColor(theme.diag.info),
DiagnosticVirtualTextWarn = makeDiagnosticColor(theme.diag.warning),
DiagnosticVirtualTextError = makeDiagnosticColor(theme.diag.error),
}
end,
})
vim.cmd.colorscheme("${themeName}")
''
modules/features/neovim/default.nix
+9 -48
View File
@@ -1,3 +1,7 @@
{ config, ... }:
let
repoTheme = config.meta.lib.repo.theme.kanagawa;
in
{ {
flake.modules.homeManager.neovim = flake.modules.homeManager.neovim =
{ {
@@ -109,56 +113,13 @@
# Hostname/ConfigDir needed for nixd # Hostname/ConfigDir needed for nixd
nixdExtras = { nixdExtras = {
nixpkgs = "import ${pkgs.path} {}"; nixpkgs = "import ${pkgs.path} {}";
nixos_options = ''(builtins.getFlake "path://${config.home.homeDirectory}/.config/nixos").nixosConfigurations.${config.meta.host.name}.options''; nixos_options = ''(builtins.getFlake "path://${config.meta.user.nixosConfigurationPath}").nixosConfigurations.${config.meta.host.name}.options'';
home_manager_options = ''(builtins.getFlake "path://${config.home.homeDirectory}/.config/nixos").nixosConfigurations.${config.meta.host.name}.options.home-manager.users.type.getSubOptions []''; home_manager_options = ''(builtins.getFlake "path://${config.meta.user.nixosConfigurationPath}").nixosConfigurations.${config.meta.host.name}.options.home-manager.users.type.getSubOptions []'';
}; };
# TODO: Put in separate theme file themeSetup = import ./_kanagawa-theme.nix {
themeSetup = # lua themeName = repoTheme.name;
'' };
require("kanagawa").setup({
colors = {
theme = {
all = {
ui = {
bg_gutter = "none"
}
}
}
},
overrides = function(colors)
local theme = colors.theme
local makeDiagnosticColor = function(color)
local c = require("kanagawa.lib.color")
return { fg = color, bg = c(color):blend(theme.ui.bg, 0.95):to_hex() }
end
return {
TelescopeTitle = { fg = theme.ui.special, bold = true },
TelescopePromptNormal = { bg = theme.ui.bg_p1 },
TelescopePromptBorder = { fg = theme.ui.bg_p1, bg = theme.ui.bg_p1 },
TelescopeResultsNormal = { fg = theme.ui.fg_dim, bg = theme.ui.bg_m1 },
TelescopeResultsBorder = { fg = theme.ui.bg_m1, bg = theme.ui.bg_m1 },
TelescopePreviewNormal = { bg = theme.ui.bg_dim },
TelescopePreviewBorder = { bg = theme.ui.bg_dim, fg = theme.ui.bg_dim },
Pmenu = { fg = theme.ui.shade0, bg = theme.ui.bg_p1 }, -- add `blend = vim.o.pumblend` to enable transparency
PmenuSel = { fg = "NONE", bg = theme.ui.bg_p2 },
PmenuSbar = { bg = theme.ui.bg_m1 },
PmenuThumb = { bg = theme.ui.bg_p2 },
DiagnosticVirtualTextHint = makeDiagnosticColor(theme.diag.hint),
DiagnosticVirtualTextInfo = makeDiagnosticColor(theme.diag.info),
DiagnosticVirtualTextWarn = makeDiagnosticColor(theme.diag.warning),
DiagnosticVirtualTextError = makeDiagnosticColor(theme.diag.error),
}
end,
})
vim.cmd.colorscheme("kanagawa-wave")
'';
}; };
modules/features/niri/default.nix
+6 -6
View File
@@ -30,6 +30,7 @@ in
... ...
}: }:
let let
repoTheme = metaLib.repo.theme.kanagawa;
outputs = lib.mapAttrs ( outputs = lib.mapAttrs (
_: display: _: display:
{ {
@@ -41,10 +42,10 @@ in
// lib.optionalAttrs (display.primary or false) { // lib.optionalAttrs (display.primary or false) {
"focus-at-startup" = true; "focus-at-startup" = true;
} }
// lib.optionalAttrs (display ? scale) { // lib.optionalAttrs (display.scale != null) {
inherit (display) scale; inherit (display) scale;
} }
// lib.optionalAttrs (display ? mode) { // lib.optionalAttrs (display.mode != null) {
inherit (display) mode; inherit (display) mode;
} }
) config.meta.host.displays; ) config.meta.host.displays;
@@ -81,7 +82,6 @@ in
spawn-at-startup = [ spawn-at-startup = [
{ command = [ "xwayland-satellite" ]; } { command = [ "xwayland-satellite" ]; }
{ command = [ "noctalia-shell" ]; } { command = [ "noctalia-shell" ]; }
{ command = [ "qbittorrent" ]; }
]; ];
prefer-no-csd = true; prefer-no-csd = true;
hotkey-overlay.skip-at-startup = true; hotkey-overlay.skip-at-startup = true;
@@ -106,9 +106,9 @@ in
border = { border = {
enable = true; enable = true;
width = 3; width = 3;
active.color = "#7E9CD8"; active.color = repoTheme.palette.niri.border.active;
inactive.color = "#54546D"; inactive.color = repoTheme.palette.niri.border.inactive;
urgent.color = "#E82424"; urgent.color = repoTheme.palette.niri.border.urgent;
}; };
}; };
modules/features/qbittorrent-client.nix
+9 -1
View File
@@ -7,8 +7,16 @@
}; };
flake.modules.homeManager.qbittorrent-client = flake.modules.homeManager.qbittorrent-client =
{ pkgs, ... }: {
lib,
pkgs,
...
}:
{ {
home.packages = [ pkgs.qbittorrent ]; home.packages = [ pkgs.qbittorrent ];
programs.niri.settings.spawn-at-startup = lib.mkAfter [
{ command = [ "qbittorrent" ]; }
];
}; };
} }
modules/features/source-control.nix
+26 -55
View File
@@ -14,40 +14,11 @@ in
user = config.meta.user; user = config.meta.user;
sourceControl = user.sourceControl; sourceControl = user.sourceControl;
hostSourceControlUsers = host.sourceControl.users; hostSourceControlUsers = host.sourceControl.users;
hostUserSourceControl = hostUserSourceControl = hostSourceControlUsers.${user.name} or { };
if lib.hasAttr user.name hostSourceControlUsers then hostSourceControlUsers.${user.name} else { };
profileNames = builtins.attrNames sourceControl.profiles;
parsedProfiles = map (
name:
let
matches = builtins.match "(github|gitlab)-(personal|work)" name;
in
{
inherit matches name;
isValid = matches != null;
scope = if matches == null then null else builtins.elemAt matches 1;
}
) profileNames;
validProfiles = builtins.filter (profile: profile.isValid) parsedProfiles;
invalidProfileNames = map (profile: profile.name) (
builtins.filter (profile: !profile.isValid) parsedProfiles
);
emailNamesForScope = {
personal = [
"personal"
"main"
];
work = [ "work" ];
};
scopeEmails = scopeEmails =
scope: scope:
map (name: user.emails.${name}) ( lib.filter (email: email.scope == scope) (builtins.attrValues user.emails);
builtins.filter (name: lib.hasAttr name user.emails) emailNamesForScope.${scope}
);
emailForScope = emailForScope =
scope: scope:
@@ -56,8 +27,14 @@ in
in in
if builtins.length emails == 1 then (builtins.head emails).address else null; if builtins.length emails == 1 then (builtins.head emails).address else null;
scopeConfig = scopeConfig = scope: hostUserSourceControl.${scope} or null;
scope: if lib.hasAttr scope hostUserSourceControl then hostUserSourceControl.${scope} else null;
scopeHasSigningKey =
scope:
let
keyConfig = scopeConfig scope;
in
keyConfig != null && keyConfig.publicKey != null;
privateKeyPathForScope = privateKeyPathForScope =
scope: scope:
@@ -69,7 +46,7 @@ in
else else
keyConfig.privateKeyPath; keyConfig.privateKeyPath;
scopePublicKey = publicKeyForScope =
scope: scope:
let let
keyConfig = scopeConfig scope; keyConfig = scopeConfig scope;
@@ -81,23 +58,25 @@ in
"personal" "personal"
sourceControl.projectScope sourceControl.projectScope
] ]
++ map (profile: profile.scope) validProfiles
); );
missingKeyScopes = builtins.filter (scope: scopePublicKey scope == null) scopesInUse;
invalidEmailScopes = builtins.filter (scope: emailForScope scope == null) scopesInUse; invalidEmailScopes = builtins.filter (scope: emailForScope scope == null) scopesInUse;
allowedSignersLines = map (scope: "${emailForScope scope} ${scopePublicKey scope}") ( allowedSignersLines = map (scope: "${emailForScope scope} ${publicKeyForScope scope}") (
builtins.filter (scope: emailForScope scope != null && scopePublicKey scope != null) scopesInUse builtins.filter (scope: emailForScope scope != null && scopeHasSigningKey scope) scopesInUse
); );
gitConfigForScope = scope: { gitConfigForScope =
gpg.ssh.allowedSignersFile = "${config.xdg.configHome}/git/allowed_signers"; scope:
user = { lib.recursiveUpdate {
name = user.realName; user = {
email = emailForScope scope; name = user.realName;
signingKey = "${privateKeyPathForScope scope}.pub"; email = emailForScope scope;
}; };
}; }
(lib.optionalAttrs (scopeHasSigningKey scope) {
gpg.ssh.allowedSignersFile = "${config.xdg.configHome}/git/allowed_signers";
user.signingKey = "${privateKeyPathForScope scope}.pub";
});
gitRoots = [ gitRoots = [
{ {
@@ -114,17 +93,9 @@ in
imports = [ homeModules.git ]; imports = [ homeModules.git ];
assertions = [ assertions = [
{
assertion = invalidProfileNames == [ ];
message = "Invalid source control profiles for `${user.name}`: ${lib.concatStringsSep ", " invalidProfileNames}. Expected `<service>-<scope>` using github/gitlab and personal/work.";
}
{
assertion = missingKeyScopes == [ ];
message = "Missing source control keys for `${user.name}` scopes: ${lib.concatStringsSep ", " missingKeyScopes}.";
}
{ {
assertion = invalidEmailScopes == [ ]; assertion = invalidEmailScopes == [ ];
message = "Expected exactly one email selected by name for `${user.name}` scopes: ${lib.concatStringsSep ", " invalidEmailScopes}. Personal uses `personal` or `main`; work uses `work`."; message = "Expected exactly one scoped email for `${user.name}` source-control scopes: ${lib.concatStringsSep ", " invalidEmailScopes}.";
} }
]; ];
modules/features/terminal.nix
+31 -29
View File
@@ -11,6 +11,8 @@ in
... ...
}: }:
let let
repoTheme = metaLib.repo.theme.kanagawa;
palette = repoTheme.palette;
terminal = metaLib.resolveUserTerminal { terminal = metaLib.resolveUserTerminal {
inherit pkgs; inherit pkgs;
user = config.meta.user; user = config.meta.user;
@@ -44,43 +46,43 @@ in
update_check_interval = 0; update_check_interval = 0;
}; };
extraConfig = '' extraConfig = ''
## name: Kanagawa ## name: ${repoTheme.displayName}
## license: MIT ## license: MIT
## author: Tommaso Laurenzi ## author: Tommaso Laurenzi
## upstream: https://github.com/rebelot/kanagawa.nvim/ ## upstream: https://github.com/rebelot/kanagawa.nvim/
background #1F1F28 background ${palette.background}
foreground #DCD7BA foreground ${palette.foreground}
selection_background #2D4F67 selection_background ${palette.selectionBackground}
selection_foreground #C8C093 selection_foreground ${palette.selectionForeground}
url_color #72A7BC url_color ${palette.url}
cursor #C8C093 cursor ${palette.cursor}
active_tab_background #1F1F28 active_tab_background ${palette.background}
active_tab_foreground #C8C093 active_tab_foreground ${palette.selectionForeground}
inactive_tab_background #1F1F28 inactive_tab_background ${palette.background}
inactive_tab_foreground #727169 inactive_tab_foreground ${palette.muted}
color0 #16161D color0 ${palette.terminal.color0}
color1 #C34043 color1 ${palette.terminal.color1}
color2 #76946A color2 ${palette.terminal.color2}
color3 #C0A36E color3 ${palette.terminal.color3}
color4 #7E9CD8 color4 ${palette.terminal.color4}
color5 #957FB8 color5 ${palette.terminal.color5}
color6 #6A9589 color6 ${palette.terminal.color6}
color7 #C8C093 color7 ${palette.terminal.color7}
color8 #727169 color8 ${palette.terminal.color8}
color9 #E82424 color9 ${palette.terminal.color9}
color10 #98BB6C color10 ${palette.terminal.color10}
color11 #E6C384 color11 ${palette.terminal.color11}
color12 #7FB4CA color12 ${palette.terminal.color12}
color13 #938AA9 color13 ${palette.terminal.color13}
color14 #7AA89F color14 ${palette.terminal.color14}
color15 #DCD7BA color15 ${palette.terminal.color15}
color16 #FFA066 color16 ${palette.terminal.color16}
color17 #FF5D62 color17 ${palette.terminal.color17}
''; '';
}; };
}; };
modules/features/vicinae.nix
+32 -18
View File
@@ -1,44 +1,58 @@
{ config, ... }:
let
metaLib = config.meta.lib;
in
{ {
flake.modules.homeManager.vicinae = flake.modules.homeManager.vicinae =
{ pkgs, inputs, ... }: {
pkgs,
inputs,
...
}:
let
repoTheme = metaLib.repo.theme.kanagawa;
palette = repoTheme.palette;
in
{ {
programs.vicinae = { programs.vicinae = {
enable = true; enable = true;
systemd.enable = true; systemd.enable = true;
themes.kanagawa-wave = { themes.${repoTheme.name} = {
meta = { meta = {
version = 1; version = 1;
name = "Kanagawa Wave"; name = repoTheme.displayName;
description = "A dark theme inspired by the colors of the famous painting by Katsushika Hokusai."; description = "A dark theme inspired by the colors of the famous painting by Katsushika Hokusai.";
variant = "dark"; variant = "dark";
inherits = "vicinae-dark"; inherits = "vicinae-dark";
}; };
colors = { colors = {
core = { core = {
background = "#1F1F28"; background = palette.background;
foreground = "#DCD7BA"; foreground = palette.foreground;
secondary_background = "#16161D"; secondary_background = palette.secondaryBackground;
border = "#2A2A37"; border = palette.border;
accent = "#7E9CD8"; accent = palette.accents.blue;
}; };
accents = { accents = {
blue = "#7E9CD8"; inherit (palette.accents)
green = "#98BB6C"; blue
magenta = "#D27E99"; cyan
orange = "#FFA066"; green
purple = "#957FB8"; magenta
red = "#E82424"; orange
yellow = "#E6C384"; purple
cyan = "#7AA89F"; red
yellow
;
}; };
input.border_focus = "colors.core.accent"; input.border_focus = "colors.core.accent";
}; };
}; };
settings.theme = { settings.theme = {
light.name = "kanagawa-wave"; light.name = repoTheme.name;
dark.name = "kanagawa-wave"; dark.name = repoTheme.name;
}; };
extensions = with inputs.vicinae-extensions.packages.${pkgs.stdenv.hostPlatform.system}; [ extensions = with inputs.vicinae-extensions.packages.${pkgs.stdenv.hostPlatform.system}; [
modules/features/workstation-base.nix
-1
View File
@@ -15,7 +15,6 @@ in
nixosModules.networking nixosModules.networking
nixosModules.niri nixosModules.niri
nixosModules.printing nixosModules.printing
nixosModules.qbittorrent-client
nixosModules.sddm nixosModules.sddm
nixosModules.sops-admin-key-file nixosModules.sops-admin-key-file
nixosModules.standard-boot nixosModules.standard-boot
modules/hosts/orion/default.nix
+1 -1
View File
@@ -44,7 +44,7 @@ in
flake.modules.nixos.orion = metaLib.mkHost { flake.modules.nixos.orion = metaLib.mkHost {
name = "orion"; name = "orion";
users = { users = {
kiri = { kiri = metaLib.mkHostUser {
account = metaLib.users.kiri; account = metaLib.users.kiri;
homeImports = [ homeImports = [
homeModules.shell homeModules.shell
modules/hosts/polaris/default.nix
+3 -11
View File
@@ -29,17 +29,8 @@ in
mouse.accelSpeed = 0.4; mouse.accelSpeed = 0.4;
}; };
sourceControl.users = {
kiri.personal.publicKey = "";
ergon = {
personal.publicKey = "";
work.publicKey = "";
};
};
users = { users = {
kiri = { kiri = metaLib.mkHostUser {
account = metaLib.users.kiri; account = metaLib.users.kiri;
needsPassword = true; needsPassword = true;
homeImports = [ homeImports = [
@@ -50,7 +41,7 @@ in
]; ];
}; };
ergon = { ergon = metaLib.mkHostUser {
account = metaLib.users.ergon; account = metaLib.users.ergon;
needsPassword = true; needsPassword = true;
homeImports = [ homeImports = [
@@ -62,6 +53,7 @@ in
imports = [ imports = [
nixosModules.workstation-base nixosModules.workstation-base
nixosModules.qbittorrent-client
nixosModules.steam nixosModules.steam
./_hardware.nix ./_hardware.nix
] ]
modules/hosts/zenith/default.nix
+3 -4
View File
@@ -31,8 +31,6 @@ in
}; };
sourceControl.users = { sourceControl.users = {
kiri.personal.publicKey = "";
ergon = { ergon = {
personal.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdR3KP2U84i7f7MlRqcML/3YyMw8JL3hdm637SkMUwO ergon@zenith#personal"; personal.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdR3KP2U84i7f7MlRqcML/3YyMw8JL3hdm637SkMUwO ergon@zenith#personal";
work.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHJz5uHKm0/TiMNh/cmzrODHNZ8NgEEZe+47XnJwQGk ergon@zenith#work"; work.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHJz5uHKm0/TiMNh/cmzrODHNZ8NgEEZe+47XnJwQGk ergon@zenith#work";
@@ -40,7 +38,7 @@ in
}; };
users = { users = {
kiri = { kiri = metaLib.mkHostUser {
account = metaLib.users.kiri; account = metaLib.users.kiri;
needsPassword = true; needsPassword = true;
homeImports = [ homeImports = [
@@ -51,7 +49,7 @@ in
]; ];
}; };
ergon = { ergon = metaLib.mkHostUser {
account = metaLib.users.ergon; account = metaLib.users.ergon;
needsPassword = true; needsPassword = true;
homeImports = [ homeImports = [
@@ -63,6 +61,7 @@ in
imports = [ imports = [
nixosModules.workstation-base nixosModules.workstation-base
nixosModules.qbittorrent-client
nixosModules.laptop-power nixosModules.laptop-power
{ {
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
modules/lib.nix
+100 -28
View File
@@ -4,6 +4,22 @@
... ...
}: }:
let let
mkHostUser =
{
account,
needsPassword ? false,
homeImports ? [ ],
stateVersion ? null,
}:
{
inherit
account
homeImports
needsPassword
stateVersion
;
};
mkHost = mkHost =
{ {
name, name,
@@ -20,22 +36,15 @@ let
... ...
}: }:
let let
hostUsers = lib.mapAttrs (_: spec: spec.account) users; hostUserSpecs = lib.mapAttrs (_: spec: mkHostUser spec) users;
hostUsers = lib.mapAttrs (_: spec: spec.account) hostUserSpecs;
userAssertions = lib.flatten ( userAssertions = lib.mapAttrsToList (userName: spec: {
lib.mapAttrsToList (userName: spec: [ assertion = userName == spec.account.name;
{ message = "Host `${name}` declares user `${userName}` with mismatched account name `${spec.account.name}`.";
assertion = userName == spec.account.name; }) hostUserSpecs;
message = "Host `${name}` declares user `${userName}` with mismatched account name `${spec.account.name}`.";
}
{
assertion = builtins.isList spec.homeImports;
message = "Host `${name}` user `${userName}` must define `homeImports` as a list.";
}
]) users
);
passwordUserSpecs = lib.filterAttrs (_: spec: spec.needsPassword or false) users; passwordUserSpecs = lib.filterAttrs (_: spec: spec.needsPassword) hostUserSpecs;
in in
{ {
assertions = userAssertions; assertions = userAssertions;
@@ -76,23 +85,26 @@ let
"networkmanager" "networkmanager"
]; ];
} }
// lib.optionalAttrs (spec.needsPassword or false) { // lib.optionalAttrs spec.needsPassword {
hashedPasswordFile = config.sops.secrets."hashed-password-${userName}".path; hashedPasswordFile = config.sops.secrets."hashed-password-${userName}".path;
} }
) users; ) hostUserSpecs;
home-manager.users = lib.mapAttrs (_: spec: { home-manager.users = lib.mapAttrs (
imports = spec.homeImports; _: spec:
meta = { {
host = config.meta.host; imports = spec.homeImports;
user = spec.account; meta = {
}; host = config.meta.host;
home = { user = spec.account;
username = spec.account.name; };
homeDirectory = spec.account.homeDirectory; home = {
stateVersion = spec.stateVersion or stateVersion; username = spec.account.name;
}; homeDirectory = spec.account.homeDirectory;
}) users; stateVersion = if spec.stateVersion == null then stateVersion else spec.stateVersion;
};
}
) hostUserSpecs;
}; };
mkCaddyReverseProxy = mkCaddyReverseProxy =
@@ -170,6 +182,8 @@ let
}; };
kanagawa = { kanagawa = {
displayName = "Kanagawa Wave";
name = "kanagawa-wave";
gtkThemeName = "Kanagawa-BL-LB"; gtkThemeName = "Kanagawa-BL-LB";
iconThemeName = "Kanagawa"; iconThemeName = "Kanagawa";
owner = "Fausto-Korpsvart"; owner = "Fausto-Korpsvart";
@@ -177,6 +191,56 @@ let
rev = "55ca4ba249eba21f861b9866b71ab41bb8930318"; rev = "55ca4ba249eba21f861b9866b71ab41bb8930318";
hash = "sha256-UdMoMx2DoovcxSp/zBZ3PRv/Qpj+prd0uPm1gmdak2E="; hash = "sha256-UdMoMx2DoovcxSp/zBZ3PRv/Qpj+prd0uPm1gmdak2E=";
version = "unstable-2025-10-23"; version = "unstable-2025-10-23";
palette = {
background = "#1F1F28";
foreground = "#DCD7BA";
secondaryBackground = "#16161D";
border = "#2A2A37";
selectionBackground = "#2D4F67";
selectionForeground = "#C8C093";
url = "#72A7BC";
cursor = "#C8C093";
muted = "#727169";
accents = {
blue = "#7E9CD8";
green = "#98BB6C";
magenta = "#D27E99";
orange = "#FFA066";
purple = "#957FB8";
red = "#E82424";
yellow = "#E6C384";
cyan = "#7AA89F";
};
niri.border = {
active = "#7E9CD8";
inactive = "#54546D";
urgent = "#E82424";
};
terminal = {
color0 = "#16161D";
color1 = "#C34043";
color2 = "#76946A";
color3 = "#C0A36E";
color4 = "#7E9CD8";
color5 = "#957FB8";
color6 = "#6A9589";
color7 = "#C8C093";
color8 = "#727169";
color9 = "#E82424";
color10 = "#98BB6C";
color11 = "#E6C384";
color12 = "#7FB4CA";
color13 = "#938AA9";
color14 = "#7AA89F";
color15 = "#DCD7BA";
color16 = "#FFA066";
color17 = "#FF5D62";
};
};
}; };
}; };
}; };
@@ -392,6 +456,13 @@ in
readOnly = true; readOnly = true;
}; };
options.meta.lib.mkHostUser = lib.mkOption {
type = lib.types.raw;
description = "Internal host user constructor shared between flake-parts modules.";
internal = true;
readOnly = true;
};
options.meta.lib.mkCaddyReverseProxy = lib.mkOption { options.meta.lib.mkCaddyReverseProxy = lib.mkOption {
type = lib.types.raw; type = lib.types.raw;
description = "Internal Caddy reverse proxy helper shared between flake-parts modules."; description = "Internal Caddy reverse proxy helper shared between flake-parts modules.";
@@ -447,6 +518,7 @@ in
mkCaddyReverseProxy mkCaddyReverseProxy
mkTerminalAssertions mkTerminalAssertions
mkHost mkHost
mkHostUser
repo repo
resolvePackagePath resolvePackagePath
resolveUserTerminal resolveUserTerminal
modules/users.nix
+7 -12
View File
@@ -9,30 +9,29 @@ let
personal = { personal = {
address = "mail@jelles.net"; address = "mail@jelles.net";
primary = true; primary = true;
scope = "personal";
type = "mxrouting"; type = "mxrouting";
}; };
old = { old = {
address = "mail@jellespreeuwenberg.nl"; address = "mail@jellespreeuwenberg.nl";
primary = false; primary = false;
scope = null;
type = "mxrouting"; type = "mxrouting";
}; };
uni = { uni = {
address = "j.spreeuwenberg@student.tue.nl"; address = "j.spreeuwenberg@student.tue.nl";
primary = false; primary = false;
scope = null;
type = "office365"; type = "office365";
}; };
work = { work = {
address = "jelle.spreeuwenberg@yookr.org"; address = "jelle.spreeuwenberg@yookr.org";
primary = false; primary = false;
scope = "work";
type = "office365"; type = "office365";
}; };
}; };
sourceControl = { sourceControl = { };
profiles = {
github-personal = { };
gitlab-personal = { };
};
};
}; };
ergon = { ergon = {
@@ -44,21 +43,17 @@ let
personal = { personal = {
address = "mail@jelles.net"; address = "mail@jelles.net";
primary = false; primary = false;
scope = "personal";
type = "mxrouting"; type = "mxrouting";
}; };
work = { work = {
address = "jelle.spreeuwenberg@yookr.org"; address = "jelle.spreeuwenberg@yookr.org";
primary = true; primary = true;
scope = "work";
type = "office365"; type = "office365";
}; };
}; };
sourceControl = { sourceControl = {
profiles = {
github-personal = { };
github-work = { };
gitlab-personal = { };
};
projectScope = "work"; projectScope = "work";
}; };
}; };