refactor: compose hosts and home-manager features explicitly

modules/features/cli-base.nix

@@ -0,0 +1,17 @@
+{ config, ... }:
+let
+  homeModules = config.flake.modules.homeManager;
+in
+{
+  flake.modules.homeManager.cli-base = {
+    imports = [
+      homeModules.terminal
+      homeModules.shell
+      homeModules.neovim
+      homeModules.git
+      homeModules.dev-tools
+      homeModules.podman
+      homeModules.gemini
+    ];
+  };
+}

modules/features/desktop-base.nix

@@ -1,50 +0,0 @@
-{ config, ... }:
-let
-  nixosModules = config.flake.modules.nixos;
-in
-{
-  flake.modules.nixos."core-base" = {
-    imports = [
-      nixosModules."meta-host"
-      nixosModules."home-manager-base"
-      nixosModules.nix
-      nixosModules."region-nl"
-      nixosModules."sops-host"
-    ];
-  };
-
-  flake.modules.nixos."server-base" = {
-    imports = [
-      nixosModules."core-base"
-      nixosModules.openssh
-    ];
-  };
-
-  flake.modules.nixos."workstation-base" = {
-    imports = [
-      nixosModules."core-base"
-      nixosModules."standard-boot"
-      nixosModules.sddm
-      nixosModules.niri
-      nixosModules.audio
-      nixosModules.bluetooth
-      nixosModules.flatpak
-      nixosModules.fonts
-      nixosModules.networking
-      nixosModules.printing
-      nixosModules."qbittorrent-client"
-    ];
-
-    users.mutableUsers = false;
-
-    services.dbus.implementation = "broker";
-
-    programs.nix-ld.enable = true;
-    environment.localBinInPath = true;
-  };
-
-  flake.modules.nixos."portable-host" = {
-    hardware.enableRedistributableFirmware = true;
-    services.fwupd.enable = true;
-  };
-}

modules/features/desktop-session.nix

@@ -0,0 +1,17 @@
+{ config, ... }:
+let
+  homeModules = config.flake.modules.homeManager;
+in
+{
+  flake.modules.homeManager.desktop-session = {
+    imports = [
+      homeModules.niri
+      homeModules.clipboard
+      homeModules.local-apps
+      homeModules.mpv
+      homeModules.vicinae
+      homeModules.xdg
+      homeModules.theme
+    ];
+  };
+}

modules/features/dev-tools.nix

@@ -1,5 +1,5 @@
 {
-  flake.modules.homeManager."dev-tools" =
+  flake.modules.homeManager.dev-tools =
     { config, ... }:
     {
       home.sessionVariables.CARGO_HOME = "${config.xdg.dataHome}/cargo";

modules/features/ergon-workstation.nix

@@ -3,7 +3,14 @@ let
   homeModules = config.flake.modules.homeManager;
 in
 {
-  flake.modules.homeManager."ergon-workstation" = {
-    imports = [ homeModules.nix ];
+  flake.modules.homeManager.ergon-workstation = {
+    imports = [
+      homeModules.cli-base
+      homeModules.desktop-session
+      homeModules.personal-productivity
+      homeModules.ssh-client
+      homeModules.sops
+      homeModules.nix
+    ];
   };
 }

modules/features/home-manager-base.nix

@@ -1,26 +0,0 @@
-{
-  inputs,
-  config,
-  ...
-}:
-let
-  homeModules = config.flake.modules.homeManager;
-in
-{
-  flake.modules.nixos."home-manager-base" =
-    { ... }:
-    {
-      imports = [ inputs.home-manager.nixosModules.home-manager ];
-
-      home-manager = {
-        useGlobalPkgs = true;
-        backupFileExtension = "bak";
-        extraSpecialArgs = { inherit inputs; };
-        sharedModules = [ homeModules."meta-context" ];
-      };
-
-      security.sudo.extraConfig = ''
-        Defaults env_keep+=SSH_AUTH_SOCK
-      '';
-    };
-}

modules/features/host-base.nix

@@ -0,0 +1,30 @@
+{
+  config,
+  inputs,
+  ...
+}:
+let
+  nixosModules = config.flake.modules.nixos;
+  homeModules = config.flake.modules.homeManager;
+in
+{
+  flake.modules.nixos.host-base = {
+    imports = [
+      nixosModules.meta
+      inputs.home-manager.nixosModules.home-manager
+      nixosModules.nix
+      nixosModules.region-nl
+    ];
+
+    home-manager = {
+      useGlobalPkgs = true;
+      backupFileExtension = "bak";
+      extraSpecialArgs = { inherit inputs; };
+      sharedModules = [ homeModules.meta ];
+    };
+
+    security.sudo.extraConfig = ''
+      Defaults env_keep+=SSH_AUTH_SOCK
+    '';
+  };
+}

modules/features/kiri-server.nix

@@ -0,0 +1,12 @@
+{ config, ... }:
+let
+  homeModules = config.flake.modules.homeManager;
+in
+{
+  flake.modules.homeManager.kiri-server = {
+    imports = [
+      homeModules.cli-base
+      homeModules.syncthing
+    ];
+  };
+}

modules/features/kiri-workstation.nix

@@ -3,21 +3,16 @@ let
   homeModules = config.flake.modules.homeManager;
 in
 {
-  flake.modules.homeManager."kiri-workstation" = {
+  flake.modules.homeManager.kiri-workstation = {
     imports = [
+      homeModules.cli-base
+      homeModules.desktop-session
+      homeModules.personal-productivity
+      homeModules.ssh-client
+      homeModules.sops
       homeModules.nix
-      homeModules.bitwarden
-      homeModules.email
-      homeModules.pim
-      homeModules.mpv
-      homeModules.niri
-      homeModules.clipboard
-      homeModules."local-apps"
-      homeModules."qbittorrent-client"
-      homeModules.vicinae
-      homeModules.xdg
-      homeModules.theme
-      homeModules.noctalia
+      homeModules.syncthing
+      homeModules.qbittorrent-client
     ];
   };
 }

modules/features/local-apps.nix

@@ -1,5 +1,5 @@
 {
-  flake.modules.homeManager."local-apps" =
+  flake.modules.homeManager.local-apps =
     { pkgs, ... }:
     {
       home.sessionVariables.BROWSER = "vivaldi";

modules/features/meta.nix

@@ -99,18 +99,6 @@ let
           type = lib.types.str;
         };
 
-        kind = lib.mkOption {
-          type = lib.types.enum [
-            "server"
-            "workstation"
-          ];
-        };
-
-        traits = lib.mkOption {
-          type = lib.types.listOf lib.types.str;
-          default = [ ];
-        };
-
         displays = lib.mkOption {
           type = lib.types.attrsOf displayType;
           default = { };
@@ -125,13 +113,13 @@ let
   );
 in
 {
-  flake.modules.nixos."meta-host" = {
+  flake.modules.nixos.meta = {
     options.meta.host = lib.mkOption {
       type = hostType;
     };
   };
 
-  flake.modules.homeManager."meta-context" = {
+  flake.modules.homeManager.meta = {
     options.meta = {
       host = lib.mkOption {
         type = lib.types.nullOr hostType;

modules/features/networking.nix

@@ -1,5 +1,5 @@
 {
-  flake.modules.nixos."server-firewall" = {
+  flake.modules.nixos.server-firewall = {
     networking = {
       firewall.enable = true;
       firewall.allowPing = false;

modules/features/noctalia.nix

@@ -1,3 +1,19 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  homeModules = config.flake.modules.homeManager;
+  baseSettings = import ./_noctalia-config.nix;
+  portableSettings = lib.recursiveUpdate baseSettings {
+    bar.widgets.right = baseSettings.bar.widgets.right ++ [
+      {
+        id = "Battery";
+      }
+    ];
+  };
+in
 {
   flake.modules.homeManager.noctalia =
     {
@@ -17,7 +33,13 @@
           }
         );
 
-        settings = import ./_noctalia-config.nix;
+        settings = baseSettings;
       };
     };
+
+  flake.modules.homeManager.noctalia-portable = {
+    imports = [ homeModules.noctalia ];
+
+    programs.noctalia-shell.settings = lib.mkForce portableSettings;
+  };
 }

modules/features/personal-productivity.nix

@@ -0,0 +1,13 @@
+{ config, ... }:
+let
+  homeModules = config.flake.modules.homeManager;
+in
+{
+  flake.modules.homeManager.personal-productivity = {
+    imports = [
+      homeModules.bitwarden
+      homeModules.email
+      homeModules.pim
+    ];
+  };
+}

modules/features/qbittorrent-client.nix

@@ -1,12 +1,12 @@
 {
-  flake.modules.nixos."qbittorrent-client" = {
+  flake.modules.nixos.qbittorrent-client = {
     networking.firewall = {
       allowedTCPPorts = [ 43864 ];
       allowedUDPPorts = [ 43864 ];
     };
   };
 
-  flake.modules.homeManager."qbittorrent-client" =
+  flake.modules.homeManager.qbittorrent-client =
     { pkgs, ... }:
     {
       home.packages = [ pkgs.qbittorrent ];

modules/features/region-nl.nix

@@ -1,6 +1,6 @@
 { ... }:
 {
-  flake.modules.nixos."region-nl" = {
+  flake.modules.nixos.region-nl = {
     time.timeZone = "Europe/Amsterdam";
 
     i18n.defaultLocale = "en_US.UTF-8";

modules/features/services/deluge.nix

@@ -1,5 +1,5 @@
 {
-  flake.modules.nixos."deluge-service" =
+  flake.modules.nixos.deluge-service =
     { ... }:
     {
       sops.secrets.deluge-auth-file = { };
@@ -10,7 +10,7 @@
       };
     };
 
-  flake.modules.homeManager."deluge-client" =
+  flake.modules.homeManager.deluge-client =
     { pkgs, ... }:
     {
       home.packages = [ pkgs.deluge ];

modules/features/services/openssh.nix

@@ -1,6 +1,6 @@
 { ... }:
 {
-  flake.modules.nixos."ssh-agent-auth" = {
+  flake.modules.nixos.ssh-agent-auth = {
     security.pam = {
       sshAgentAuth.enable = true;
       services.sudo.sshAgentAuth = true;
@@ -12,18 +12,15 @@
       config,
       ...
     }:
-    let
-      isServer = config.meta.host.kind == "server";
-      hostUserNames = builtins.attrNames config.meta.host.users;
-    in
     {
+      services.openssh.openFirewall = true;
+
       services.openssh = {
         enable = true;
-        openFirewall = isServer;
         settings = {
           PermitRootLogin = "no";
           PasswordAuthentication = false;
-          AllowUsers = hostUserNames;
+          AllowUsers = builtins.attrNames config.meta.host.users;
         };
       };
     };

modules/features/ssh.nix

@@ -1,5 +1,5 @@
 {
-  flake.modules.homeManager."ssh-client" =
+  flake.modules.homeManager.ssh-client =
     { config, ... }:
     {
       programs.ssh = {

modules/features/standard-boot.nix

@@ -1,6 +1,6 @@
 { ... }:
 {
-  flake.modules.nixos."standard-boot" =
+  flake.modules.nixos.standard-boot =
     { config, pkgs, ... }:
     {
       boot = {

modules/features/user-base.nix

@@ -1,29 +0,0 @@
-{ config, ... }:
-let
-  homeModules = config.flake.modules.homeManager;
-in
-{
-  flake.modules.homeManager."common-user-base" = {
-    imports = [
-      homeModules.terminal
-      homeModules.shell
-      homeModules.neovim
-      homeModules.git
-      homeModules."dev-tools"
-      homeModules.podman
-      homeModules.gemini
-    ];
-  };
-
-  flake.modules.homeManager."server-user-base" = {
-    imports = [ homeModules."common-user-base" ];
-  };
-
-  flake.modules.homeManager."workstation-user-base" = {
-    imports = [
-      homeModules."common-user-base"
-      homeModules."ssh-client"
-      homeModules."sops-admin"
-    ];
-  };
-}

modules/features/workstation-base.nix

@@ -0,0 +1,29 @@
+{ config, ... }:
+let
+  nixosModules = config.flake.modules.nixos;
+in
+{
+  flake.modules.nixos.workstation-base = {
+    imports = [
+      nixosModules.host-base
+      nixosModules.sops-admin-key-file
+      nixosModules.standard-boot
+      nixosModules.sddm
+      nixosModules.niri
+      nixosModules.audio
+      nixosModules.bluetooth
+      nixosModules.flatpak
+      nixosModules.fonts
+      nixosModules.networking
+      nixosModules.printing
+      nixosModules.qbittorrent-client
+    ];
+
+    users.mutableUsers = false;
+
+    services.dbus.implementation = "broker";
+
+    programs.nix-ld.enable = true;
+    environment.localBinInPath = true;
+  };
+}