refactor: compose hosts and home-manager features explicitly

2026-04-21 16:04:06 +02:00
parent 8c254f2eb1
commit a73cefb9df
28 changed files with 322 additions and 303 deletions
@@ -1,43 +1,42 @@
 {
  inputs,
+  config,
  ...
 }:
 let
+  nixosModules = config.flake.modules.nixos;
  sopsAdminKeyPath = "/var/lib/sops/keys.txt";
 in
 {
-  flake.modules.nixos."sops-host" =
-    {
-      config,
-      lib,
-      ...
-    }:
+  flake.modules.nixos.sops = {
+    imports = [ inputs.sops-nix.nixosModules.sops ];
+
+    sops.defaultSopsFile = ./secrets.yaml;
+  };
+
+  flake.modules.nixos.sops-admin-key-file =
+    { lib, ... }:
    let
-      useHostSshKey = config.meta.host.kind == "server";
-      useAdminKeyFile = config.meta.host.kind != "server";
      adminKeyDir = builtins.dirOf sopsAdminKeyPath;
    in
    {
-      imports = [ inputs.sops-nix.nixosModules.sops ];
+      imports = [ nixosModules.sops ];

-      sops = {
-        defaultSopsFile = ./secrets.yaml;
-        age =
-          lib.optionalAttrs useHostSshKey {
-            sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-          }
-          // lib.optionalAttrs useAdminKeyFile {
-            keyFile = sopsAdminKeyPath;
-          };
-      };
+      sops.age.keyFile = sopsAdminKeyPath;

-      systemd.tmpfiles.rules = lib.optionals useAdminKeyFile [
+      systemd.tmpfiles.rules = [
        "d ${adminKeyDir} 0750 root wheel -"
        "z ${sopsAdminKeyPath} 0640 root wheel -"
      ];
    };

-  flake.modules.homeManager."sops-admin" =
+  flake.modules.nixos.sops-host-ssh-key = {
+    imports = [ nixosModules.sops ];
+
+    sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  };
+
+  flake.modules.homeManager.sops =
    {
      pkgs,
      ...