diff --git a/common/secure-boot.nix b/common/secure-boot.nix index cb9662e..c116ed8 100644 --- a/common/secure-boot.nix +++ b/common/secure-boot.nix @@ -1,5 +1,5 @@ { - self, + inputs, attrName, config, lib, @@ -10,7 +10,7 @@ let inherit (config.age) secrets; in { - age.secrets.secure-boot.file = self + /secrets/secure-boot/${attrName}.tar.age; + age.secrets.secure-boot.file = inputs.self + /secrets/secure-boot/${attrName}.tar.age; system.activationScripts.secureboot = let diff --git a/common/users.nix b/common/users.nix index 18680a7..c20abcb 100644 --- a/common/users.nix +++ b/common/users.nix @@ -1,5 +1,5 @@ { - self, + inputs, config, ... }: @@ -7,7 +7,7 @@ let inherit (config.users) mainUser; in { - age.secrets."user-${mainUser}".file = self + /secrets/users/${mainUser}.age; + age.secrets."user-${mainUser}".file = inputs.self + /secrets/users/${mainUser}.age; users = { mutableUsers = false; diff --git a/flake.lock b/flake.lock index f07e69e..021e004 100644 --- a/flake.lock +++ b/flake.lock @@ -852,11 +852,11 @@ ] }, "locked": { - "lastModified": 1752378829, - "narHash": "sha256-LVqpSiYJ+zcxLvA6YUn9udrq8+NFBJ9oSwiEePPa9+g=", + "lastModified": 1752441837, + "narHash": "sha256-FMH1OSSJp8Cx8MZHXz6KckxJGbCnVMotZNAH3v2WneU=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "12201a430ee613bc720cef21a130b416cb1b5108", + "rev": "839e02dece5845be3a322e507a79712b73a96ba2", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index fb5e2ca..c605177 100644 --- a/flake.nix +++ b/flake.nix @@ -98,10 +98,52 @@ }; }; - flake = { - lib = nixpkgs.lib.extend (import ./lib.nix); + flake.nixosConfigurations = + let + inherit (nixpkgs) lib; - nixosConfigurations = self.lib.genNixosConfigurations inputs; - }; + findModules = + paths: + builtins.concatMap ( + path: + lib.pipe path [ + (lib.fileset.fileFilter (file: file.hasExt "nix")) + lib.fileset.toList + ] + ) paths; + + genNixosConfigurations = + inputs: + let + modulesDir = ./modules; + profilesDir = ./profiles; + commonDir = ./common; + hostsDir = ./hosts; + + commonNixosSystem = + name: + lib.nixosSystem { + specialArgs = { + inherit inputs lib; + attrName = name; + }; + + modules = findModules [ + modulesDir + profilesDir + commonDir + (hostsDir + /${name}) + ]; + }; + + hosts = lib.pipe hostsDir [ + builtins.readDir + (lib.filterAttrs (_: type: type == "directory")) + builtins.attrNames + ]; + in + lib.genAttrs hosts commonNixosSystem; + in + genNixosConfigurations inputs; }; } diff --git a/hosts/abacus/forgejo.nix b/hosts/abacus/forgejo.nix index 249e923..7d6b7ad 100644 --- a/hosts/abacus/forgejo.nix +++ b/hosts/abacus/forgejo.nix @@ -1,5 +1,5 @@ { - self, + inputs, config, lib, pkgs, @@ -12,13 +12,13 @@ in { age.secrets = { forgejo-mailer = { - file = self + /secrets/forgejo/mailer.age; + file = inputs.self + /secrets/forgejo/mailer.age; mode = "400"; owner = cfg.user; }; forgejo-admin = { - file = self + /secrets/forgejo/admin.age; + file = inputs.self + /secrets/forgejo/admin.age; mode = "400"; owner = cfg.user; }; diff --git a/hosts/abacus/restic.nix b/hosts/abacus/restic.nix index 8504c03..3f2ed6a 100644 --- a/hosts/abacus/restic.nix +++ b/hosts/abacus/restic.nix @@ -1,7 +1,7 @@ { attrName, config, - lib, + inputs, ... }: let @@ -9,7 +9,7 @@ let secret = config.age.secrets.${secretName}; in { - age.secrets = lib.mkSecrets { ${secretName} = { }; }; + age.secrets.${secretName}.file = inputs.self + /secrets/restic/${attrName}.age; services.restic.backups.remote = { repository = "sftp:u459482@u459482.your-storagebox.de:/${attrName}"; diff --git a/hosts/abacus/vaultwarden.nix b/hosts/abacus/vaultwarden.nix index 22f076c..b43e5cf 100644 --- a/hosts/abacus/vaultwarden.nix +++ b/hosts/abacus/vaultwarden.nix @@ -1,6 +1,6 @@ { config, - lib, + inputs, ... }: let @@ -9,7 +9,7 @@ in { # TODO: tailscale - age.secrets = lib.mkSecrets { vaultwarden = { }; }; + age.secrets.vaultwarden.path = inputs.self + /secrets/vaultwarden.age; services.vaultwarden = { enable = true; diff --git a/hosts/vessel/musicomp.nix b/hosts/vessel/musicomp.nix index 66a65ac..b96e631 100644 --- a/hosts/vessel/musicomp.nix +++ b/hosts/vessel/musicomp.nix @@ -1,6 +1,5 @@ { inputs, - self, lib, pkgs, ... @@ -20,7 +19,7 @@ inhibitsSleep = true; post = let - abacusConfig = self.nixosConfigurations.abacus.config; + abacusConfig = inputs.self.nixosConfigurations.abacus.config; remoteDir = abacusConfig.services.navidrome.settings.MusicFolder; remoteDomain = abacusConfig.networking.domain; package = pkgs.writeShellApplication { diff --git a/hosts/vessel/restic.nix b/hosts/vessel/restic.nix index 11031d5..0cb1f75 100644 --- a/hosts/vessel/restic.nix +++ b/hosts/vessel/restic.nix @@ -1,7 +1,7 @@ { attrName, config, - lib, + inputs, ... }: let @@ -9,7 +9,7 @@ let secret = config.age.secrets.${secretName}; in { - age.secrets = lib.mkSecrets { ${secretName} = { }; }; + age.secrets.${secretName}.file = inputs.self + /secrets/restic/${attrName}.age; services.restic.backups = { local = { diff --git a/lib.nix b/lib.nix deleted file mode 100644 index 745ec43..0000000 --- a/lib.nix +++ /dev/null @@ -1,66 +0,0 @@ -lib: _: { - findModules = - paths: - builtins.concatMap ( - path: - lib.pipe path [ - (lib.fileset.fileFilter (file: file.hasExt "nix")) - lib.fileset.toList - ] - ) paths; - - mkIfElse = - condition: trueContent: falseContent: - lib.mkMerge [ - (lib.mkIf condition trueContent) - (lib.mkIf (!condition) falseContent) - ]; - - mkSecrets = - secrets: - let - mkSecret = - { - name, - secret, - }: - secret - // { - file = ./secrets/${name}.age; - }; - in - builtins.mapAttrs (name: secret: mkSecret { inherit name secret; }) secrets; - - genNixosConfigurations = - inputs: - let - modulesDir = ./modules; - profilesDir = ./profiles; - commonDir = ./common; - hostsDir = ./hosts; - - commonNixosSystem = - name: - lib.nixosSystem { - specialArgs = { - inherit (inputs) self; - inherit inputs lib; - attrName = name; - }; - - modules = lib.findModules [ - modulesDir - profilesDir - commonDir - (hostsDir + /${name}) - ]; - }; - - hosts = lib.pipe hostsDir [ - builtins.readDir - (lib.filterAttrs (_: type: type == "directory")) - builtins.attrNames - ]; - in - lib.genAttrs hosts commonNixosSystem; -} diff --git a/modules/pubkeys.nix b/modules/pubkeys.nix index 137e51b..fff4dc0 100644 --- a/modules/pubkeys.nix +++ b/modules/pubkeys.nix @@ -1,6 +1,6 @@ { lib, - self, + inputs, ... }: { @@ -16,5 +16,5 @@ readOnly = true; }; - config.pubkeys = lib.mkForce (import (self + /pubkeys.nix)); + config.pubkeys = import (inputs.self + /pubkeys.nix); } diff --git a/secrets/restic-abacus.age b/secrets/restic/abacus.age similarity index 100% rename from secrets/restic-abacus.age rename to secrets/restic/abacus.age diff --git a/secrets/restic-vessel.age b/secrets/restic/vessel.age similarity index 100% rename from secrets/restic-vessel.age rename to secrets/restic/vessel.age