cleanup

2025-07-14 00:12:47 +02:00 · 2025-07-14 00:12:47 +02:00 · 3f6dafe073
commit 3f6dafe073
parent 56c97b3712
13 changed files with 65 additions and 90 deletions
--- a/common/secure-boot.nix
+++ b/common/secure-boot.nix
@ -1,5 +1,5 @@
 {
-  self,
+  inputs,
  attrName,
  config,
  lib,
@ -10,7 +10,7 @@ let
  inherit (config.age) secrets;
 in
 {
-  age.secrets.secure-boot.file = self + /secrets/secure-boot/${attrName}.tar.age;
+  age.secrets.secure-boot.file = inputs.self + /secrets/secure-boot/${attrName}.tar.age;

  system.activationScripts.secureboot =
    let
--- a/common/users.nix
+++ b/common/users.nix
@ -1,5 +1,5 @@
 {
-  self,
+  inputs,
  config,
  ...
 }:
@ -7,7 +7,7 @@ let
  inherit (config.users) mainUser;
 in
 {
-  age.secrets."user-${mainUser}".file = self + /secrets/users/${mainUser}.age;
+  age.secrets."user-${mainUser}".file = inputs.self + /secrets/users/${mainUser}.age;

  users = {
    mutableUsers = false;
--- a/flake.lock
+++ b/flake.lock
@ -852,11 +852,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752378829,
-        "narHash": "sha256-LVqpSiYJ+zcxLvA6YUn9udrq8+NFBJ9oSwiEePPa9+g=",
+        "lastModified": 1752441837,
+        "narHash": "sha256-FMH1OSSJp8Cx8MZHXz6KckxJGbCnVMotZNAH3v2WneU=",
        "owner": "nix-community",
        "repo": "nix-index-database",
-        "rev": "12201a430ee613bc720cef21a130b416cb1b5108",
+        "rev": "839e02dece5845be3a322e507a79712b73a96ba2",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -98,10 +98,52 @@
          };
        };

-      flake = {
-        lib = nixpkgs.lib.extend (import ./lib.nix);
+      flake.nixosConfigurations =
+        let
+          inherit (nixpkgs) lib;

-        nixosConfigurations = self.lib.genNixosConfigurations inputs;
-      };
+          findModules =
+            paths:
+            builtins.concatMap (
+              path:
+              lib.pipe path [
+                (lib.fileset.fileFilter (file: file.hasExt "nix"))
+                lib.fileset.toList
+              ]
+            ) paths;
+
+          genNixosConfigurations =
+            inputs:
+            let
+              modulesDir = ./modules;
+              profilesDir = ./profiles;
+              commonDir = ./common;
+              hostsDir = ./hosts;
+
+              commonNixosSystem =
+                name:
+                lib.nixosSystem {
+                  specialArgs = {
+                    inherit inputs lib;
+                    attrName = name;
+                  };
+
+                  modules = findModules [
+                    modulesDir
+                    profilesDir
+                    commonDir
+                    (hostsDir + /${name})
+                  ];
+                };
+
+              hosts = lib.pipe hostsDir [
+                builtins.readDir
+                (lib.filterAttrs (_: type: type == "directory"))
+                builtins.attrNames
+              ];
+            in
+            lib.genAttrs hosts commonNixosSystem;
+        in
+        genNixosConfigurations inputs;
    };
 }
--- a/hosts/abacus/forgejo.nix
+++ b/hosts/abacus/forgejo.nix
@ -1,5 +1,5 @@
 {
-  self,
+  inputs,
  config,
  lib,
  pkgs,
@ -12,13 +12,13 @@ in
 {
  age.secrets = {
    forgejo-mailer = {
-      file = self + /secrets/forgejo/mailer.age;
+      file = inputs.self + /secrets/forgejo/mailer.age;
      mode = "400";
      owner = cfg.user;
    };

    forgejo-admin = {
-      file = self + /secrets/forgejo/admin.age;
+      file = inputs.self + /secrets/forgejo/admin.age;
      mode = "400";
      owner = cfg.user;
    };
--- a/hosts/abacus/restic.nix
+++ b/hosts/abacus/restic.nix
@ -1,7 +1,7 @@
 {
  attrName,
  config,
-  lib,
+  inputs,
  ...
 }:
 let
@ -9,7 +9,7 @@ let
  secret = config.age.secrets.${secretName};
 in
 {
-  age.secrets = lib.mkSecrets { ${secretName} = { }; };
+  age.secrets.${secretName}.file = inputs.self + /secrets/restic/${attrName}.age;

  services.restic.backups.remote = {
    repository = "sftp:u459482@u459482.your-storagebox.de:/${attrName}";
--- a/hosts/abacus/vaultwarden.nix
+++ b/hosts/abacus/vaultwarden.nix
@ -1,6 +1,6 @@
 {
  config,
-  lib,
+  inputs,
  ...
 }:
 let
@ -9,7 +9,7 @@ in
 {
  # TODO: tailscale

-  age.secrets = lib.mkSecrets { vaultwarden = { }; };
+  age.secrets.vaultwarden.path = inputs.self + /secrets/vaultwarden.age;

  services.vaultwarden = {
    enable = true;
--- a/hosts/vessel/musicomp.nix
+++ b/hosts/vessel/musicomp.nix
@ -1,6 +1,5 @@
 {
  inputs,
-  self,
  lib,
  pkgs,
  ...
@ -20,7 +19,7 @@
    inhibitsSleep = true;
    post =
      let
-        abacusConfig = self.nixosConfigurations.abacus.config;
+        abacusConfig = inputs.self.nixosConfigurations.abacus.config;
        remoteDir = abacusConfig.services.navidrome.settings.MusicFolder;
        remoteDomain = abacusConfig.networking.domain;
        package = pkgs.writeShellApplication {
--- a/hosts/vessel/restic.nix
+++ b/hosts/vessel/restic.nix
@ -1,7 +1,7 @@
 {
  attrName,
  config,
-  lib,
+  inputs,
  ...
 }:
 let
@ -9,7 +9,7 @@ let
  secret = config.age.secrets.${secretName};
 in
 {
-  age.secrets = lib.mkSecrets { ${secretName} = { }; };
+  age.secrets.${secretName}.file = inputs.self + /secrets/restic/${attrName}.age;

  services.restic.backups = {
    local = {
--- a/lib.nix
+++ b/lib.nix
@ -1,66 +0,0 @@
-lib: _: {
-  findModules =
-    paths:
-    builtins.concatMap (
-      path:
-      lib.pipe path [
-        (lib.fileset.fileFilter (file: file.hasExt "nix"))
-        lib.fileset.toList
-      ]
-    ) paths;
-
-  mkIfElse =
-    condition: trueContent: falseContent:
-    lib.mkMerge [
-      (lib.mkIf condition trueContent)
-      (lib.mkIf (!condition) falseContent)
-    ];
-
-  mkSecrets =
-    secrets:
-    let
-      mkSecret =
-        {
-          name,
-          secret,
-        }:
-        secret
-        // {
-          file = ./secrets/${name}.age;
-        };
-    in
-    builtins.mapAttrs (name: secret: mkSecret { inherit name secret; }) secrets;
-
-  genNixosConfigurations =
-    inputs:
-    let
-      modulesDir = ./modules;
-      profilesDir = ./profiles;
-      commonDir = ./common;
-      hostsDir = ./hosts;
-
-      commonNixosSystem =
-        name:
-        lib.nixosSystem {
-          specialArgs = {
-            inherit (inputs) self;
-            inherit inputs lib;
-            attrName = name;
-          };
-
-          modules = lib.findModules [
-            modulesDir
-            profilesDir
-            commonDir
-            (hostsDir + /${name})
-          ];
-        };
-
-      hosts = lib.pipe hostsDir [
-        builtins.readDir
-        (lib.filterAttrs (_: type: type == "directory"))
-        builtins.attrNames
-      ];
-    in
-    lib.genAttrs hosts commonNixosSystem;
-}
--- a/modules/pubkeys.nix
+++ b/modules/pubkeys.nix
@ -1,6 +1,6 @@
 {
  lib,
-  self,
+  inputs,
  ...
 }:
 {
@ -16,5 +16,5 @@
      readOnly = true;
    };

-  config.pubkeys = lib.mkForce (import (self + /pubkeys.nix));
+  config.pubkeys = import (inputs.self + /pubkeys.nix);
 }
--- a/secrets/restic/abacus.age
+++ b/secrets/restic/abacus.age
--- a/secrets/restic/vessel.age
+++ b/secrets/restic/vessel.age