remove "parts" directory and restructure modules

2025-10-01 19:36:53 +02:00
parent 4b26b8da52
commit f2cf7d36de
19 changed files with 77 additions and 117 deletions
--- a/machines/crocus/configuration.nix
+++ b/machines/crocus/configuration.nix
@@ -5,8 +5,7 @@
 {
  imports = [
    ./radicle.nix
-    ../../system/core
-    ../../system/nix
+    self.nixosModules.nix-defaults
    ../../modules/remote-builder.nix
    ./nextcloud.nix
    ../../modules/unbound.nix
--- a/machines/flake-module.nix
+++ b/machines/flake-module.nix
@@ -2,7 +2,6 @@
 {
  clan = {
    meta.name = "blossom";
-
    inventory.machines = {
      crocus = {
        tags = [
@@ -37,7 +36,7 @@
        roles.default.tags.server = { };
        roles.default.machines.haze = { };
        roles.default.settings.allowedKeys = {
-          rpqt_haze = (import ../parts).keys.rpqt.haze;
+          rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
        };
      };

@@ -64,9 +63,12 @@
        module.input = "clan-core";
        module.name = "sshd";
        roles.server.tags.all = { };
+        roles.server.extraModules = [
+          self.nixosModules.hardened-ssh-server
+        ];
      };

-      "rpqt-password-haze" = {
+      user-rpqt = {
        module.input = "clan-core";
        module.name = "users";
        roles.default.machines.haze = {
@@ -74,6 +76,18 @@
            user = "rpqt";
          };
        };
+        roles.default.extraModules = [
+          self.nixosModules.user-rpqt
+        ];
+      };
+
+      common-config = {
+        module = {
+          input = "clan-core";
+          name = "importer";
+        };
+        roles.default.tags.all = { };
+        roles.default.extraModules = [ self.nixosModules.common ];
      };

      "garage" = {
--- a/machines/genepi/builder.nix
+++ b/machines/genepi/builder.nix
@@ -1,6 +1,3 @@
-let
-  keys = import ../../parts/keys.nix;
-in
 {
  imports = [
    ../../modules/remote-builder.nix
@@ -8,6 +5,8 @@ in

  roles.remote-builder = {
    enable = true;
-    authorizedKeys = [ keys.hosts.haze ];
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"
+    ];
  };
 }
--- a/machines/genepi/configuration.nix
+++ b/machines/genepi/configuration.nix
@@ -23,9 +23,9 @@
    ../../modules/lounge.nix
    ../../modules/unbound.nix
    ../../modules/unbound-auth.nix
-    ../../system/core
-    ../../system/nix
+    self.nixosModules.nix-defaults

+    self.nixosModules.user-rpqt
  ];

  networking.hostName = "genepi";
--- a/machines/haze/configuration.nix
+++ b/machines/haze/configuration.nix
@@ -14,7 +14,6 @@
    ./steam.nix
    ./network.nix
    ./syncthing.nix
-    ../../system

    self.nixosModules.desktop
    self.nixosModules.nix-defaults
@@ -71,5 +70,17 @@
    '';
  };

+  nixpkgs.config.allowUnfree = true;
+
+  i18n.supportedLocales = [
+    "en_US.UTF-8/UTF-8"
+    "fr_FR.UTF-8/UTF-8"
+  ];
+
+  security.sudo = {
+    enable = true;
+    wheelNeedsPassword = false;
+  };
+
  services.tailscale.useRoutingFeatures = "client";
 }
--- a/machines/verbena/configuration.nix
+++ b/machines/verbena/configuration.nix
@@ -1,8 +1,7 @@
 { self, lib, ... }:
 {
  imports = [
-    ../../system/core
-    ../../system/nix
+    self.nixosModules.nix-defaults
    ../../modules/unbound.nix
    ../../modules/unbound-auth.nix

--- a/modules/flake-module.nix
+++ b/modules/flake-module.nix
@@ -1,3 +1,4 @@
+{ lib, ... }:
 {
  flake.nixosModules = {
    gitea.imports = [
@@ -7,5 +8,16 @@
    desktop.imports = [
      ./desktop.nix
    ];
+
+    nix-defaults.imports = [ ./nix-defaults.nix ];
+    tailscale.imports = [ ./tailscale.nix ];
+    user-rpqt.imports = [ ./user-rpqt.nix ];
+    hardened-ssh-server.imports = [ ./hardened-ssh-server.nix ];
+
+    common.imports = [
+      {
+        users.mutableUsers = lib.mkDefault false;
+      }
+    ];
  };
 }
--- a/modules/hardened-ssh-server.nix
+++ b/modules/hardened-ssh-server.nix
--- a/modules/nix-defaults.nix
+++ b/modules/nix-defaults.nix
@@ -1,18 +1,19 @@
 { pkgs, ... }:
 {
-  imports = [
-    ./nixpkgs.nix
-    ./substituters.nix
-  ];
-
  # for flakes
  environment.systemPackages = [ pkgs.git ];

  nix.settings = {
    auto-optimise-store = true;
    builders-use-substitutes = true;
-    experimental-features = ["nix-command" "flakes"];
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];

-    trusted-users = ["root" "@wheel"];
+    trusted-users = [
+      "root"
+      "@wheel"
+    ];
  };
 }
--- a/system/network/tailscale.nix
+++ b/system/network/tailscale.nix
--- a/modules/user-rpqt.nix
+++ b/modules/user-rpqt.nix
@@ -0,0 +1,21 @@
+{ lib, pkgs, ... }:
+{
+  users.users.rpqt = {
+    isNormalUser = true;
+
+    createHome = lib.mkDefault true;
+    home = lib.mkDefault "/home/rpqt";
+
+    description = "Romain Paquet";
+
+    shell = pkgs.zsh;
+
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"
+    ];
+
+    extraGroups = [ "wheel" ];
+  };
+
+  programs.zsh.enable = true;
+}
--- a/parts/default.nix
+++ b/parts/default.nix
@@ -1,3 +0,0 @@
-{
-  keys = import ./keys.nix;
-}
--- a/parts/keys.nix
+++ b/parts/keys.nix
@@ -1,15 +0,0 @@
-{
-  rpqt.haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
-
-  hosts = {
-    haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKga5V0H602RsBESBXf5kwRCnI1yfBPOHmjGsM4Rxf5r root@haze";
-    genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwq0inZe4DX4DuJx/vbfjG5XLZ46MnBXjipdHgD9LBg root@genepi";
-    crocus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAiz3nzuJGO5tRka2Y/kzqKa68wF7wwHr4hAympLNb9F root@crocus";
-    storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
-    storagebox-rsa = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";
-  };
-
-  services = {
-    radicle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBuoHC4P0h88OAL5PJmiqkbkvQR1cwfkjaevWbwdKOU7 radicle@rpqt.fr";
-  };
-}
--- a/system/core/default.nix
+++ b/system/core/default.nix
@@ -1,19 +0,0 @@
-{
-  imports = [
-    ./users.nix
-    ./ssh-server.nix
-  ];
-
-  i18n = {
-    defaultLocale = "en_US.UTF-8";
-    supportedLocales = [
-      "en_US.UTF-8/UTF-8"
-      "fr_FR.UTF-8/UTF-8"
-    ];
-  };
-
-  security.sudo = {
-    enable = true;
-    wheelNeedsPassword = false;
-  };
-}
--- a/system/core/users.nix
+++ b/system/core/users.nix
@@ -1,30 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  users.mutableUsers = lib.mkDefault false;
-
-  services.userborn.enable = true;
-
-  users.users.rpqt = {
-    isNormalUser = true;
-
-    createHome = true;
-    home = "/home/rpqt";
-
-    description = "Romain Paquet";
-
-    shell = pkgs.zsh;
-
-    openssh.authorizedKeys.keys = [ (import ../../parts/keys.nix).rpqt.haze ];
-
-    extraGroups = [
-      "wheel"
-    ];
-  };
-
-  programs.zsh.enable = true;
-}
--- a/system/default.nix
+++ b/system/default.nix
@@ -1,7 +0,0 @@
-{
-  imports = [
-    ./core
-    ./network
-    ./nix
-  ];
-}
--- a/system/network/default.nix
+++ b/system/network/default.nix
@@ -1,6 +0,0 @@
-{ self, ... }:
-{
-  imports = [
-    ./tailscale.nix
-  ];
-}
--- a/system/nix/nixpkgs.nix
+++ b/system/nix/nixpkgs.nix
@@ -1,5 +0,0 @@
-{
-  nixpkgs = {
-    config.allowUnfree = true;
-  };
-}
--- a/system/nix/substituters.nix
+++ b/system/nix/substituters.nix
@@ -1,11 +0,0 @@
-{
-  nix.settings = {
-    substituters = [
-      "https://cache.nixos.org?priority=10"
-    ];
-
-    trusted-public-keys = [
-      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-    ];
-  };
-}