refactor: move from den based to flake-parts based

2026-04-21 00:59:54 +02:00
parent d2ab961c48
commit 5bed1336c0
71 changed files with 1832 additions and 2472 deletions
@@ -1,43 +1,70 @@
-{ den, lib, lux, ... }:
+{
+  inputs,
+  config,
+  ...
+}:
 let
-  lingerForUsers = den.lib.perHost (
-    { host, ... }:
-    {
-      nixos.users.users = lib.mapAttrs (_: _: {
-        linger = true;
-      }) host.users;
-    }
-  );
+  nixosModules = config.flake.modules.nixos;
 in
 {
-  den.aspects.orion = {
-    includes = (with lux.services._; [
-      caddy
-      openssh
-      vaultwarden
-      radicale
-      actual
-      gitea
-    ]) ++ [ lingerForUsers ];
-
-    nixos =
-      { pkgs, ... }:
-      {
-        environment.systemPackages = [
-          pkgs.kitty
-        ];
-
-        networking = {
-          firewall.enable = true;
-          firewall.allowPing = false;
-          nftables.enable = true;
-        };
-
-        # Use ssh authorization for sudo instead of password
-        security.pam = {
-          sshAgentAuth.enable = true;
-          services.sudo.sshAgentAuth = true;
-        };
+  flake.modules.nixos.orion =
+    { pkgs, ... }:
+    let
+      host = {
+        isServer = true;
      };
-  };
+    in
+    {
+      _module.args.host = host;
+
+      imports = [
+        inputs.home-manager.nixosModules.home-manager
+        nixosModules.sopsHost
+        nixosModules.caddy
+        nixosModules.openssh
+        nixosModules.vaultwarden
+        nixosModules.radicale
+        nixosModules.actual
+        nixosModules.gitea
+        nixosModules.kiri
+        ./_hardware.nix
+        ./_disk.nix
+      ];
+
+      system.stateVersion = "24.05";
+
+      home-manager = {
+        useGlobalPkgs = true;
+        backupFileExtension = "bak";
+        extraSpecialArgs = { inherit inputs; };
+      };
+
+      networking.hostName = "orion";
+
+      security.sudo.extraConfig = ''
+        Defaults env_keep+=SSH_AUTH_SOCK
+      '';
+
+      users.users.kiri = {
+        linger = true;
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAU2LydkXRTtNFY7oyX8JQURwXLVhB71DeK8XzrXeFX1 openpgp:0xA490D93A"
+        ];
+      };
+
+      environment.systemPackages = [
+        pkgs.kitty
+      ];
+
+      networking = {
+        firewall.enable = true;
+        firewall.allowPing = false;
+        nftables.enable = true;
+      };
+
+      security.pam = {
+        sshAgentAuth.enable = true;
+        services.sudo.sshAgentAuth = true;
+      };
+    };
 }