From dba24ce5f370ae7f5c60369a74d0aca0028236fe Mon Sep 17 00:00:00 2001 From: Jelle Spreeuwenberg Date: Sun, 26 Apr 2026 18:08:48 +0200 Subject: [PATCH] feat: move to single-user config --- AGENTS.md | 15 ++--- modules/data.nix | 29 +++++++++- modules/features/_noctalia-config.nix | 5 +- modules/features/ai.nix | 19 ++---- modules/features/bitwarden.nix | 4 +- modules/features/email.nix | 6 +- modules/features/git.nix | 8 +-- modules/features/host-base.nix | 2 - modules/features/neovim/default.nix | 6 +- modules/features/nh.nix | 8 ++- modules/features/niri/default.nix | 3 +- modules/features/noctalia.nix | 46 ++++++--------- modules/features/services/caddy.nix | 2 +- modules/features/services/openssh.nix | 12 ++-- modules/features/sops-password.nix | 16 ++---- modules/features/source-control.nix | 8 +-- modules/features/syncthing.nix | 9 ++- modules/features/workstation-base.nix | 10 ++++ modules/flake-parts.nix | 2 +- modules/hosts/orion/default.nix | 14 ++--- modules/hosts/polaris/default.nix | 21 ++----- modules/hosts/zenith/default.nix | 20 ++----- modules/lib/helpers.nix | 46 ++++----------- modules/lib/schema.nix | 83 +++++++-------------------- modules/secrets/secrets.yaml | 7 +-- modules/users/ergon.nix | 20 ------- modules/users/kiri.nix | 39 ------------- 27 files changed, 160 insertions(+), 300 deletions(-) delete mode 100644 modules/users/ergon.nix delete mode 100644 modules/users/kiri.nix diff --git a/AGENTS.md b/AGENTS.md index de609cd..3634ee8 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -35,18 +35,19 @@ In this repo, `flake.nix` imports `./modules` recursively via `inputs.import-tre - `modules/hosts//default.nix`: host features that assemble NixOS aspects into `flake.modules.nixos.`. - `modules/secrets/`: secret-related features shared by hosts. - `modules/flake-parts.nix`: flake-parts entrypoint; defines systems, formatter, and `flake.nixosConfigurations`. -- `modules/lib.nix`: shared constructors and helpers in `config.meta.lib`, especially `mkHost` and `mkCaddyReverseProxy`. -- `modules/data.nix`: canonical shared repo data and account attrsets exposed through `meta.lib.repo` and `meta.lib.accounts`. -- `modules/features/meta.nix`: shared metadata schema for `meta.host` and `meta.user`. +- `modules/lib/`: shared schemas, constructors, and helpers exposed through `repo.helpers`, especially `mkHost` and `mkCaddyReverseProxy`. +- `modules/data.nix`: canonical shared repo data, including the single `repo.account`, machine inventory, desktop preferences, services, and theme data. +- `modules/lib/schema.nix`: shared metadata schema for `repo.*` and NixOS `meta.machine`. ## How Features Are Applied Here - Reusable NixOS concerns are published as `flake.modules.nixos.`. - Reusable Home Manager concerns are published as `flake.modules.homeManager.`. - Hosts are aspects too. `orion`, `polaris`, and `zenith` are `nixos` aspects assembled from smaller aspects. -- Host modules should use `config.meta.lib.mkHost` to define `meta.host`, base imports, hostname, and state version. -- Per-host user declarations should stay inline under `users.` using canonical accounts from `meta.lib.accounts`, so host-local defaults stay close to the host and `mkHost` can wire `meta.host` and `meta.user` into Home Manager consistently. -- Features may rely on the `meta` contract. Existing modules already read `config.meta.host`, `config.meta.user`, and `config.meta.lib`. +- `flake.nixosConfigurations` instantiates every entry in `repo.machines` with `config.repo.helpers.mkHost`. +- Hosts define machine data under `repo.machines.` and host-specific NixOS composition under `flake.modules.nixos.`. +- `mkHost` wires the single `repo.account` into `users.users.` and `home-manager.users.`. +- NixOS modules may read `config.meta.machine`; Home Manager modules should read host facts through `osConfig.meta.machine` and user facts through `config.home` or `repo.account`. ## Preferred Aspect Patterns @@ -68,6 +69,6 @@ Use **Collector Aspect** only when composition through imports or shared library ## Practical Heuristics - If you are about to edit a host because of a reusable concern, that concern probably wants its own feature. -- If a Home Manager module needs host or user facts, prefer reading `config.meta.host` or `config.meta.user` instead of duplicating literals. +- If a Home Manager module needs host facts, prefer `osConfig.meta.machine`; for user facts, prefer `config.home` or `repo.account` instead of duplicating literals. - If a concern spans system and user space, keep both aspects in one feature so the behavior stays coherent. - If imports would need to be conditional, redesign the aspect boundary instead. diff --git a/modules/data.nix b/modules/data.nix index 59aeae3..0bc5b55 100644 --- a/modules/data.nix +++ b/modules/data.nix @@ -1,6 +1,33 @@ { repo = { - contact.email = "mail@jelles.net"; + account = { + name = "kiri"; + realName = "Jelle Spreeuwenberg"; + sourceControl.projectScope = "work"; + emails = { + personal = { + address = "mail@jelles.net"; + primary = true; + scope = "personal"; + type = "mxrouting"; + }; + old = { + address = "mail@jellespreeuwenberg.nl"; + scope = null; + type = "mxrouting"; + }; + uni = { + address = "j.spreeuwenberg@student.tue.nl"; + scope = null; + type = "office365"; + }; + work = { + address = "jelle.spreeuwenberg@yookr.org"; + scope = "work"; + type = "office365"; + }; + }; + }; desktop = { browser = { diff --git a/modules/features/_noctalia-config.nix b/modules/features/_noctalia-config.nix index d086813..827db64 100644 --- a/modules/features/_noctalia-config.nix +++ b/modules/features/_noctalia-config.nix @@ -1,4 +1,5 @@ { + homeDirectory, lib, terminalPackage, }: @@ -102,7 +103,7 @@ screenOverrides = [ ]; }; general = { - avatarImage = "/home/kiri/.face"; + avatarImage = "${homeDirectory}/.face"; dimmerOpacity = 0; showScreenCorners = false; forceBlackScreenCorners = false; @@ -213,7 +214,7 @@ wallpaper = { enabled = true; overviewEnabled = false; - directory = "/home/kiri/media/images/wallpapers"; + directory = "${homeDirectory}/media/images/wallpapers"; monitorDirectories = [ ]; enableMultiMonitorDirectories = false; showHiddenFiles = false; diff --git a/modules/features/ai.nix b/modules/features/ai.nix index 8b1bf6e..0f57c9b 100644 --- a/modules/features/ai.nix +++ b/modules/features/ai.nix @@ -1,23 +1,12 @@ -{ inputs, ... }: +{ inputs, config, ... }: let + account = config.repo.account; + sharedContext = '' # Global Agent Context Be a concise technical thought partner. Check the premise before executing, optimize for the user's actual outcome, and make important assumptions or tradeoffs visible. - ## Workflow - - - Respect mode words literally: "read-only", "debug", "investigate", or "do not change code" means no edits; "plan" means produce a decision-complete plan; "implement" means make the smallest useful patch and verify it. - - Ask only when the answer cannot be discovered locally and a wrong assumption would materially change the result. Otherwise state the assumption and continue. - - Keep responses dense. Lead with the answer, cause, patch result, or recommendation. Avoid long preambles and generic reassurance. - - ## Code Changes - - - Preserve user work. Never revert or overwrite unrelated changes; read dirty files before editing them. - - Prefer simple, ergonomic code that matches the existing project style. Avoid future-proofing and new abstractions unless the current problem clearly pays for them. - - Before editing, understand the local architecture, dependency manager, formatter, and test commands. After editing, run the narrowest meaningful verification and report what ran. - - Do not install dependencies globally or mutate system configuration unless explicitly asked. - ## Machine Environment - This machine is Nix/NixOS-based. Standard Linux assumptions may be wrong: software is usually provided by flakes, dev shells, `devenv`, `direnv`, or the user's NixOS/Home Manager config rather than `apt`, `dnf`, or global installs. @@ -93,7 +82,7 @@ in "context-remaining" "five-hour-limit" ]; - projects.${config.meta.user.account.nixosConfigurationPath}.trust_level = "trusted"; + projects.${account.nixosConfigurationPath}.trust_level = "trusted"; sandbox_mode = "workspace-write"; personality = "pragmatic"; features.undo = true; diff --git a/modules/features/bitwarden.nix b/modules/features/bitwarden.nix index f824deb..0e5bfa5 100644 --- a/modules/features/bitwarden.nix +++ b/modules/features/bitwarden.nix @@ -4,6 +4,7 @@ }: let repo = config.repo; + account = repo.account; in { flake.modules.homeManager.bitwarden = @@ -12,9 +13,6 @@ in pkgs, ... }: - let - account = config.meta.user.account; - in { programs.rbw = { enable = true; diff --git a/modules/features/email.nix b/modules/features/email.nix index 746141a..ba7ee2c 100644 --- a/modules/features/email.nix +++ b/modules/features/email.nix @@ -1,4 +1,7 @@ -{ ... }: +{ config, ... }: +let + account = config.repo.account; +in { flake.modules.homeManager.email = { @@ -7,7 +10,6 @@ ... }: let - account = config.meta.user.account; mkOffice365Account = { address, diff --git a/modules/features/git.nix b/modules/features/git.nix index 56b45e7..7d05514 100644 --- a/modules/features/git.nix +++ b/modules/features/git.nix @@ -1,13 +1,13 @@ -{ ... }: +{ config, ... }: +let + account = config.repo.account; +in { flake.modules.homeManager.git = { config, ... }: - let - account = config.meta.user.account; - in { programs.git = { enable = true; diff --git a/modules/features/host-base.nix b/modules/features/host-base.nix index 8a8f5ef..660f61b 100644 --- a/modules/features/host-base.nix +++ b/modules/features/host-base.nix @@ -5,7 +5,6 @@ }: let nixosModules = config.flake.modules.nixos; - homeModules = config.flake.modules.homeManager; in { flake.modules.nixos.host-base = { @@ -21,7 +20,6 @@ in useGlobalPkgs = true; backupFileExtension = "bak"; extraSpecialArgs = { inherit inputs; }; - sharedModules = [ homeModules.meta ]; }; security.sudo.extraConfig = '' diff --git a/modules/features/neovim/default.nix b/modules/features/neovim/default.nix index decc8c1..baba615 100644 --- a/modules/features/neovim/default.nix +++ b/modules/features/neovim/default.nix @@ -1,5 +1,6 @@ { config, ... }: let + account = config.repo.account; repoTheme = config.repo.theme.kanagawa; in { @@ -8,6 +9,7 @@ in pkgs, config, inputs, + osConfig, ... }: { @@ -152,8 +154,8 @@ in # Hostname/ConfigDir needed for nixd nixdExtras = { nixpkgs = "import ${pkgs.path} {}"; - nixos_options = ''(builtins.getFlake "path://${config.meta.user.account.nixosConfigurationPath}").nixosConfigurations.${config.meta.machine.name}.options''; - home_manager_options = ''(builtins.getFlake "path://${config.meta.user.account.nixosConfigurationPath}").nixosConfigurations.${config.meta.machine.name}.options.home-manager.users.type.getSubOptions []''; + nixos_options = ''(builtins.getFlake "path://${account.nixosConfigurationPath}").nixosConfigurations.${osConfig.meta.machine.name}.options''; + home_manager_options = ''(builtins.getFlake "path://${account.nixosConfigurationPath}").nixosConfigurations.${osConfig.meta.machine.name}.options.home-manager.users.type.getSubOptions []''; }; themeSetup = import ./_kanagawa-theme.nix { diff --git a/modules/features/nh.nix b/modules/features/nh.nix index 6f18ad4..2261544 100644 --- a/modules/features/nh.nix +++ b/modules/features/nh.nix @@ -1,10 +1,14 @@ +{ config, ... }: +let + account = config.repo.account; +in { flake.modules.homeManager.nh = - { config, ... }: + { ... }: { programs.nh = { enable = true; - flake = config.meta.user.account.nixosConfigurationPath; + flake = account.nixosConfigurationPath; }; }; } diff --git a/modules/features/niri/default.nix b/modules/features/niri/default.nix index 60ea484..03d6d67 100644 --- a/modules/features/niri/default.nix +++ b/modules/features/niri/default.nix @@ -27,6 +27,7 @@ in { config, lib, + osConfig, pkgs, ... }: @@ -64,7 +65,7 @@ in ; }; } - ) config.meta.machine.displays; + ) osConfig.meta.machine.displays; in { assertions = [ diff --git a/modules/features/noctalia.nix b/modules/features/noctalia.nix index 8e87ec7..387001a 100644 --- a/modules/features/noctalia.nix +++ b/modules/features/noctalia.nix @@ -9,11 +9,13 @@ let mkNoctaliaSettings = { + homeDirectory, lib, terminalPackage, }: import ./_noctalia-config.nix { inherit + homeDirectory lib terminalPackage ; @@ -21,6 +23,7 @@ let mkBaseSettings = { + homeDirectory, lib, pkgs, }: @@ -34,7 +37,11 @@ let { } else mkNoctaliaSettings { - inherit lib terminalPackage; + inherit + homeDirectory + lib + terminalPackage + ; }; mkPortableSettings = @@ -62,15 +69,23 @@ in { flake.modules.homeManager.noctalia = { + config, inputs, lib, + osConfig, pkgs, ... }: let baseSettings = mkBaseSettings { inherit lib pkgs; + homeDirectory = config.home.homeDirectory; }; + settings = + if baseSettings == { } || !osConfig.meta.machine.portable then + baseSettings + else + mkPortableSettings baseSettings; in { imports = [ inputs.noctalia.homeModules.default ]; @@ -82,34 +97,7 @@ in calendarSupport = true; } ); - - settings = baseSettings; - }; - }; - - flake.modules.homeManager.noctalia-portable = - { - inputs, - lib, - pkgs, - ... - }: - let - baseSettings = mkBaseSettings { - inherit lib pkgs; - }; - in - { - imports = [ inputs.noctalia.homeModules.default ]; - - programs.noctalia-shell = { - enable = true; - package = lib.mkForce ( - inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default.override { - calendarSupport = true; - } - ); - settings = if baseSettings == { } then { } else mkPortableSettings baseSettings; + inherit settings; }; }; } diff --git a/modules/features/services/caddy.nix b/modules/features/services/caddy.nix index 3487616..c50cf19 100644 --- a/modules/features/services/caddy.nix +++ b/modules/features/services/caddy.nix @@ -6,7 +6,7 @@ in flake.modules.nixos.caddy = { services.caddy = { enable = true; - email = repo.contact.email; + email = repo.account.primaryEmail.address; openFirewall = true; }; }; diff --git a/modules/features/services/openssh.nix b/modules/features/services/openssh.nix index 34ff813..0dee956 100644 --- a/modules/features/services/openssh.nix +++ b/modules/features/services/openssh.nix @@ -1,4 +1,7 @@ -{ ... }: +{ config, ... }: +let + account = config.repo.account; +in { flake.modules.nixos.ssh-agent-auth = { security.pam = { @@ -8,10 +11,7 @@ }; flake.modules.nixos.openssh = - { - config, - ... - }: + { ... }: { services.openssh.openFirewall = true; @@ -20,7 +20,7 @@ settings = { PermitRootLogin = "no"; PasswordAuthentication = false; - AllowUsers = builtins.attrNames config.meta.machine.users; + AllowUsers = [ account.name ]; }; }; }; diff --git a/modules/features/sops-password.nix b/modules/features/sops-password.nix index 778ccff..4dc546d 100644 --- a/modules/features/sops-password.nix +++ b/modules/features/sops-password.nix @@ -1,17 +1,13 @@ -{ lib, ... }: +{ config, ... }: +let + account = config.repo.account; +in { flake.modules.nixos.sops-password = { config, ... }: { - sops.secrets = lib.mapAttrs' ( - userName: _: - lib.nameValuePair "hashed-password-${userName}" { - neededForUsers = true; - } - ) config.meta.machine.users; + sops.secrets.hashed-password.neededForUsers = true; - users.users = lib.mapAttrs (userName: _: { - hashedPasswordFile = config.sops.secrets."hashed-password-${userName}".path; - }) config.meta.machine.users; + users.users.${account.name}.hashedPasswordFile = config.sops.secrets.hashed-password.path; }; } diff --git a/modules/features/source-control.nix b/modules/features/source-control.nix index bc3883a..44e3bfb 100644 --- a/modules/features/source-control.nix +++ b/modules/features/source-control.nix @@ -1,5 +1,6 @@ { config, lib, ... }: let + account = config.repo.account; homeModules = config.flake.modules.homeManager; in { @@ -7,15 +8,14 @@ in { config, lib, + osConfig, ... }: let - machine = config.meta.machine; - user = config.meta.user; - account = user.account; + machine = osConfig.meta.machine; sourceControl = account.sourceControl; - scopeConfig = scope: user.sourceControl.${scope} or null; + scopeConfig = scope: machine.sourceControl.${scope} or null; emailForScope = scope: diff --git a/modules/features/syncthing.nix b/modules/features/syncthing.nix index 6d3ee53..76b5420 100644 --- a/modules/features/syncthing.nix +++ b/modules/features/syncthing.nix @@ -7,19 +7,18 @@ let syncthingMesh = lib.listToAttrs ( lib.concatMap ( machine: - lib.mapAttrsToList ( - userName: user: + lib.optional (machine.syncthingId != null) ( let - name = "${userName}@${machine.name}"; + name = "${config.repo.account.name}@${machine.name}"; in { inherit name; value = { inherit name; - id = user.syncthingId; + id = machine.syncthingId; }; } - ) (lib.filterAttrs (_: user: user.syncthingId != null) machine.users) + ) ) (builtins.attrValues config.repo.machines) ); in diff --git a/modules/features/workstation-base.nix b/modules/features/workstation-base.nix index 23e1930..f77ed35 100644 --- a/modules/features/workstation-base.nix +++ b/modules/features/workstation-base.nix @@ -2,10 +2,13 @@ let nixosModules = config.flake.modules.nixos; homeModules = config.flake.modules.homeManager; + account = config.repo.account; in { flake.modules.nixos.workstation-base = { imports = [ + nixosModules.host-base + nixosModules.audio nixosModules.bluetooth nixosModules.flatpak @@ -27,6 +30,10 @@ in programs.nix-ld.enable = true; environment.localBinInPath = true; + + home-manager.users.${account.name}.imports = [ + homeModules.workstation-base + ]; }; flake.modules.homeManager.workstation-base = { @@ -44,14 +51,17 @@ in homeModules.nix homeModules.pim homeModules.podman + homeModules.qbittorrent-client homeModules.shell homeModules.sops homeModules.source-control homeModules.ssh-client + homeModules.syncthing homeModules.terminal homeModules.theme homeModules.vicinae homeModules.xdg + homeModules.noctalia ]; }; } diff --git a/modules/flake-parts.nix b/modules/flake-parts.nix index e9f96ca..1a22d3c 100644 --- a/modules/flake-parts.nix +++ b/modules/flake-parts.nix @@ -15,7 +15,7 @@ _: machine: inputs.nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; - modules = [ (machine.buildFunction machine) ]; + modules = [ (config.repo.helpers.mkHost machine) ]; } ) config.repo.machines; diff --git a/modules/hosts/orion/default.nix b/modules/hosts/orion/default.nix index be6a7a9..ef81da6 100644 --- a/modules/hosts/orion/default.nix +++ b/modules/hosts/orion/default.nix @@ -5,17 +5,11 @@ }: let nixosModules = config.flake.modules.nixos; - accounts = config.repo.accounts; + account = config.repo.account; in { repo.machines.orion = { - buildFunction = config.repo.helpers.mkHost; - module = nixosModules.orion; - - users.kiri = { - account = accounts.kiri; - syncthingId = "NNRNQKZ-OWPHSVA-B6KKBHE-SDYLSTV-7SVHGPR-NEWLKPL-4MWNJG4-G5FHUAI"; - }; + syncthingId = "NNRNQKZ-OWPHSVA-B6KKBHE-SDYLSTV-7SVHGPR-NEWLKPL-4MWNJG4-G5FHUAI"; stateVersion = "24.05"; hmStateVersion = "24.05"; @@ -25,6 +19,8 @@ in { ... }: { imports = [ + nixosModules.host-base + nixosModules.sops-host-ssh-key nixosModules.openssh nixosModules.caddy @@ -38,7 +34,7 @@ in ./_disk.nix ]; - users.users.kiri = { + users.users.${account.name} = { linger = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAU2LydkXRTtNFY7oyX8JQURwXLVhB71DeK8XzrXeFX1 openpgp:0xA490D93A" diff --git a/modules/hosts/polaris/default.nix b/modules/hosts/polaris/default.nix index 7981136..2d6a5f0 100644 --- a/modules/hosts/polaris/default.nix +++ b/modules/hosts/polaris/default.nix @@ -5,22 +5,13 @@ }: let nixosModules = config.flake.modules.nixos; - homeModules = config.flake.modules.homeManager; - accounts = config.repo.accounts; in { repo.machines.polaris = { - buildFunction = config.repo.helpers.mkWorkstationHost; - module = nixosModules.polaris; + sourceControl.personal.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVORk45HKkX7gaGGp90KsVyUy6t+fKhbWN/grjkf3cQ kiri@polaris"; + sourceControl.work.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVORk45HKkX7gaGGp90KsVyUy6t+fKhbWN/grjkf3cQ kiri@polaris#work"; - users = { - kiri = { - account = accounts.kiri; - syncthingId = "6HBAKXB-DB3B4H2-BODCAXF-KD23H5W-6X5LGLC-ZJHZHLG-7U7YMGO-BB6IXQ3"; - }; - - ergon.account = accounts.ergon; - }; + syncthingId = "6HBAKXB-DB3B4H2-BODCAXF-KD23H5W-6X5LGLC-ZJHZHLG-7U7YMGO-BB6IXQ3"; stateVersion = "24.05"; hmStateVersion = "24.05"; @@ -43,6 +34,7 @@ in { ... }: { imports = [ + nixosModules.workstation-base nixosModules.qbittorrent-client nixosModules.steam ./_hardware.nix @@ -53,10 +45,5 @@ in common-cpu-amd common-gpu-amd ]); - - home-manager.users = { - kiri.imports = [ homeModules.noctalia ]; - ergon.imports = [ homeModules.noctalia ]; - }; }; } diff --git a/modules/hosts/zenith/default.nix b/modules/hosts/zenith/default.nix index a344747..4131c20 100644 --- a/modules/hosts/zenith/default.nix +++ b/modules/hosts/zenith/default.nix @@ -5,23 +5,14 @@ }: let nixosModules = config.flake.modules.nixos; - homeModules = config.flake.modules.homeManager; - accounts = config.repo.accounts; in { repo.machines.zenith = { - buildFunction = config.repo.helpers.mkWorkstationHost; - module = nixosModules.zenith; + portable = true; - users = { - kiri.account = accounts.kiri; - ergon = { - account = accounts.ergon; - sourceControl = { - personal.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdR3KP2U84i7f7MlRqcML/3YyMw8JL3hdm637SkMUwO ergon@zenith#personal"; - work.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHJz5uHKm0/TiMNh/cmzrODHNZ8NgEEZe+47XnJwQGk ergon@zenith#work"; - }; - }; + sourceControl = { + personal.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVORk45HKkX7gaGGp90KsVyUy6t+fKhbWN/grjkf3cQ kiri@polaris"; + work.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHJz5uHKm0/TiMNh/cmzrODHNZ8NgEEZe+47XnJwQGk kiri@zenith#work"; }; displays = { @@ -42,6 +33,7 @@ in { ... }: { imports = [ + nixosModules.workstation-base nixosModules.qbittorrent-client nixosModules.laptop-power { @@ -51,7 +43,5 @@ in ./_hardware.nix inputs.nixos-hardware.nixosModules.lenovo-yoga-7-14ARH7-amdgpu ]; - - home-manager.sharedModules = [ homeModules.noctalia-portable ]; }; } diff --git a/modules/lib/helpers.nix b/modules/lib/helpers.nix index ddc136e..5ea09c8 100644 --- a/modules/lib/helpers.nix +++ b/modules/lib/helpers.nix @@ -1,7 +1,6 @@ { lib, config, ... }: let nixosModules = config.flake.modules.nixos; - hmModules = config.flake.modules.homeManager; resolvePackagePath = { @@ -40,6 +39,9 @@ let mkHost = machine: { pkgs, ... }: + let + account = config.repo.account; + in { imports = [ nixosModules.host-base @@ -53,50 +55,23 @@ let programs.zsh.enable = true; - users.users = lib.mapAttrs (_: user: { + users.users.${account.name} = { isNormalUser = true; - home = user.account.homeDirectory; + home = account.homeDirectory; extraGroups = [ "wheel" "networkmanager" ]; shell = pkgs.zsh; - }) machine.users; - - home-manager.users = lib.mapAttrs (name: user: { - imports = [ user.account.baseModule ]; - - meta = { - inherit machine user; - }; + }; + home-manager.users.${account.name} = { home = { - username = name; - homeDirectory = user.account.homeDirectory; + username = account.name; + homeDirectory = account.homeDirectory; stateVersion = machine.hmStateVersion; }; - }) machine.users; - }; - - mkWorkstationHost = - machine: - { ... }: - { - imports = [ - (mkHost machine) - nixosModules.workstation-base - ]; - - users.users = lib.mapAttrs (_: _: { - extraGroups = [ "networkmanager" ]; - }) machine.users; - - home-manager.users = lib.mapAttrs (_: user: { - imports = [ - hmModules.workstation-base - user.account.workstationModule - ]; - }) machine.users; + }; }; in { @@ -110,7 +85,6 @@ in inherit mkCaddyReverseProxy mkHost - mkWorkstationHost resolvePackagePath ; }; diff --git a/modules/lib/schema.nix b/modules/lib/schema.nix index 56b5106..d0e1f43 100644 --- a/modules/lib/schema.nix +++ b/modules/lib/schema.nix @@ -1,5 +1,7 @@ -{ lib, ... }: +{ lib, config, ... }: let + nixosModules = config.flake.modules.nixos; + sourceControlScopeType = lib.types.enum [ "personal" "work" @@ -46,12 +48,11 @@ let ); accountType = lib.types.submodule ( - { name, config, ... }: + { config, ... }: { options = { name = lib.mkOption { type = lib.types.str; - default = name; }; realName = lib.mkOption { @@ -73,16 +74,6 @@ let default = { }; }; - baseModule = lib.mkOption { - type = lib.types.deferredModule; - default = { }; - }; - - workstationModule = lib.mkOption { - type = lib.types.deferredModule; - default = { }; - }; - sourceControl = lib.mkOption { type = sourceControlAccountType; default = { }; @@ -160,7 +151,7 @@ let } ); - sourceControlMachineUserType = lib.types.submodule ( + sourceControlMachineType = lib.types.submodule ( { ... }: { options = { @@ -177,27 +168,6 @@ let } ); - machineUserType = lib.types.submodule ( - { ... }: - { - options = { - account = lib.mkOption { - type = accountType; - }; - - sourceControl = lib.mkOption { - type = sourceControlMachineUserType; - default = { }; - }; - - syncthingId = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - }; - }; - } - ); - machineType = lib.types.submodule ( { name, config, ... }: { @@ -209,11 +179,7 @@ let module = lib.mkOption { type = lib.types.deferredModule; - default = { }; - }; - - buildFunction = lib.mkOption { - type = lib.types.functionTo lib.types.deferredModule; + default = nixosModules.${name}; }; stateVersion = lib.mkOption { @@ -230,19 +196,28 @@ let default = { }; }; - users = lib.mkOption { - type = lib.types.attrsOf machineUserType; + sourceControl = lib.mkOption { + type = sourceControlMachineType; default = { }; }; + + syncthingId = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + }; + + portable = lib.mkOption { + type = lib.types.bool; + default = false; + }; }; } ); in { options.repo = { - accounts = lib.mkOption { - type = lib.types.attrsOf accountType; - default = { }; + account = lib.mkOption { + type = accountType; }; machines = lib.mkOption { @@ -250,11 +225,6 @@ in default = { }; }; - contact = lib.mkOption { - type = lib.types.raw; - default = { }; - }; - desktop = lib.mkOption { type = lib.types.raw; default = { }; @@ -279,17 +249,4 @@ in }; }; - config.flake.modules.homeManager.meta = - { ... }: - { - options.meta = { - machine = lib.mkOption { - type = machineType; - }; - - user = lib.mkOption { - type = machineUserType; - }; - }; - }; } diff --git a/modules/secrets/secrets.yaml b/modules/secrets/secrets.yaml index 3b6613c..ffc7e5b 100644 --- a/modules/secrets/secrets.yaml +++ b/modules/secrets/secrets.yaml @@ -2,11 +2,10 @@ radicale-pass: ENC[AES256_GCM,data:3CpCnSibLWeZUJRBMuc=,iv:3J9x4ejcsYXCjRRGP5lOe university-calendar-url: ENC[AES256_GCM,data:oGP1BdF3YxdRRr061LaC4HaaiPXoyZq7ZALqU+cv8wb2GgYT+jgshgx9LRjM3jsIjPXolkG5bCZi46r/rpEk3mWSskQ3YnCXcwM1BN+PPVapdtQgkRSWriAOUXPnRpaZzpMs5WaJTnkOrJJqfAoy+jGIE0Nhul/CRw5tOeRkwPbDxfA/dY9MT80ciHWHscHb1w9R,iv:1JqN80OnrIjOl4LGmk99LsJMmoT3hGjlCet6mYeRb5o=,tag:9GhVQIa1BXAEjdOxswHH/A==,type:str] ssh-config-orion: ENC[AES256_GCM,data:8vrbtuHCLlMDtMAfnJuf+DcWmPZwFFpyGag8l32JAFUMmWyEEEvDctNDHNahw8fiQzwN0+9atjY=,iv:UKWqjZ4D3+McASovEaE5jt4TAkmlwR26chFvWblgc1k=,tag:oZJKwLDPQEbfa4CPHn9lVQ==,type:str] orion-ip: ENC[AES256_GCM,data:S6fpCWnD8dvchvrHlEo=,iv:72+oRxHUEJ7imJ+sWjGbG+TUrSqYL8hbyHl3ChwFYwA=,tag:Rj6msje87+Ve+M6kcZd4Jw==,type:str] -hashed-password-kiri: ENC[AES256_GCM,data:xubN5stH4RPlHYl+Jzcu2BCepz3Hra3TxjiSspktzjgpEWrU79h3NbcPMrYC0MSjsv3oaWio/S7nBV3Tes3WBlI9EC9vq+6tyTVPynUqpB7c9CvvYSmqc9bAHOnIOBb+gP2RR6JB395UoQ==,iv:uN83RNTfCJdBDhFhywV5NbVBp4xcptqzoKVAoAnaiQk=,tag:x9yufiPdSJwBADT6QymExA==,type:str] +hashed-password: ENC[AES256_GCM,data:mhYvALF/VrPMFFYEIGiML1MoRxdOI/J9akZPD+OF5drDTR4J5LBn3EejlbzP8CTCRsyoIF6tigMBxF8ZLz9W7hOVwT70Hr/yXfLWJ2lfBsf7l/SPZ+6NglKppCeQQktm4QKIHTVj7CkbRw==,iv:0RxXkb+vz/QK9dvecCZpWCWCsoPhi2F3OCt6CwUDqX4=,tag:j7QO8xUfWUnSpk4mMQUYmA==,type:str] gemini-api-key-neovim: ENC[AES256_GCM,data:B8FeFt45FsU3aagyLDKXiwmx0mRrsw4C8RQ3EWXwZ+YfWLMvwJad,iv:1HqBD6vc07Ke/PMYXfHqFrWDGw/UMjiiBjLRN33/xHI=,tag:czcrYGbJFi41rYtIPM4qTQ==,type:str] booklore-db-pass: ENC[AES256_GCM,data:dlPGXQ24itEaBRJSJ9WOogWCdF3atFQ2ZtlLGyGq8Tin5OmSZI6lZUzSE+femBW5SBTIlKQvzHEPCs9MT5tyMIqetzGLm+mMN3FDW7si684Cuv9z9Uq5gjAZWh14KQMWYPI=,iv:oLnqu2EDFBVcBpswVRXXeF617YolPxOUx9CscHRRn/8=,tag:Si6gF1EXhcHalk11D3Exlw==,type:str] deluge-auth-file: ENC[AES256_GCM,data:uJME7CAC5OOJZLPdu9MNkg8ZDZZ64Wsytg==,iv:5l4eTSbdSKtOwjXGr7D1Teud5TON1+lcjWeI8W4bCuQ=,tag:ND8+cOUef1fwAGjmvWXEUQ==,type:str] -hashed-password-ergon: ENC[AES256_GCM,data:ZmqrOb9dGNzZe5rJRHTImgPkNDFzNlyMLRrnz1KgUsIyh3/VsiIB/pPa98vli83FBrRFWdB/KPjEt1/V71qalTcA7seMccPiCQ==,iv:Fzkjfz+T3F18b5nqjZ986kx28HrqQaJqq8Ng419TnRA=,tag:xIenh0oOlrFog9Hon+nsDQ==,type:str] sops: age: - recipient: age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl @@ -27,7 +26,7 @@ sops: aW8vM0IwQ243TnNPdnlkeHE4bTFLR00KaJhbOxdbIUJSzn4lOt2OO1HOTNaOoiSE +pKjsYZZQBdcYFPREjffEL+oiyxHwoLi95noHad9AGmygLqwboUkWg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-17T00:35:34Z" - mac: ENC[AES256_GCM,data:pjtjsc9uATZo7GnauAguMwVCDnSnoZhkxAShuUrDT6/enURYp4UB9tIwPH54PAc2UpU23vgv5XJNJ2ah4nAgOse2iyfm84b0S+bOfXKCd5gQTf8beOFCOT+xrQmURMN9q/RAA47RBT7qZFu4J/b+EkNeY9lJM1rmYjcOygxXd58=,iv:2IYY0GmCQOZnwsnPHsAmC4CBjyS6e/DNTCQa3AkSTxc=,tag:ZtBvvMDqb851Tzg26p7NhQ==,type:str] + lastmodified: "2026-04-26T15:37:24Z" + mac: ENC[AES256_GCM,data:AR1PRP/zFzCoggCoUUCM5ZzIsOh0DSPJoAgkeZTaJAgFq9QbAI1cHPuk4qVPGyY7HZYDabhtvDSADbsbgkQOavct1Z/fFW6Sow1rLW3tkv1ENKv2lPiM2I8BK2olgH/blEa86vBE24jCS7qE0j2/ak69hWYH/bkKnyUrOCC/AUE=,iv:U0Q1jGlzY/WxbV3eNPtlMhVGiWXTOG9ft5j8U1ZacCQ=,tag:YpNUkifz0b6aoxv33pq1pw==,type:str] unencrypted_suffix: _unencrypted version: 3.12.2 diff --git a/modules/users/ergon.nix b/modules/users/ergon.nix deleted file mode 100644 index 27a0d54..0000000 --- a/modules/users/ergon.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, ... }: -{ - repo.accounts.ergon = { - realName = "Jelle Spreeuwenberg"; - sourceControl.projectScope = "work"; - emails = { - personal = { - address = "mail@jelles.net"; - scope = "personal"; - type = "mxrouting"; - }; - work = { - address = "jelle.spreeuwenberg@yookr.org"; - primary = true; - scope = "work"; - type = "office365"; - }; - }; - }; -} diff --git a/modules/users/kiri.nix b/modules/users/kiri.nix deleted file mode 100644 index e3255dc..0000000 --- a/modules/users/kiri.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, ... }: -let - hmModules = config.flake.modules.homeManager; -in -{ - repo.accounts.kiri = { - realName = "Jelle Spreeuwenberg"; - workstationModule = { - imports = [ - hmModules.syncthing - hmModules.qbittorrent-client - ]; - }; - emails = { - personal = { - address = "mail@jelles.net"; - primary = true; - scope = "personal"; - type = "mxrouting"; - }; - old = { - address = "mail@jellespreeuwenberg.nl"; - scope = null; - type = "mxrouting"; - }; - uni = { - address = "j.spreeuwenberg@student.tue.nl"; - scope = null; - type = "office365"; - }; - work = { - address = "jelle.spreeuwenberg@yookr.org"; - scope = "work"; - type = "office365"; - }; - }; - }; - -}