From f2cf7d36de26a23d1db2a5ae369050e0977e95f5 Mon Sep 17 00:00:00 2001
From: Romain Paquet <rpqt@rpqt.fr>
Date: Wed, 1 Oct 2025 19:36:53 +0200
Subject: [PATCH] remove "parts" directory and restructure modules

---
 machines/crocus/configuration.nix             |  3 +-
 machines/flake-module.nix                     | 20 +++++++++++--
 machines/genepi/builder.nix                   |  7 ++---
 machines/genepi/configuration.nix             |  4 +--
 machines/haze/configuration.nix               | 13 +++++++-
 machines/verbena/configuration.nix            |  3 +-
 modules/flake-module.nix                      | 12 ++++++++
 .../hardened-ssh-server.nix                   |  0
 .../default.nix => modules/nix-defaults.nix   | 15 +++++-----
 {system/network => modules}/tailscale.nix     |  0
 modules/user-rpqt.nix                         | 21 +++++++++++++
 parts/default.nix                             |  3 --
 parts/keys.nix                                | 15 ----------
 system/core/default.nix                       | 19 ------------
 system/core/users.nix                         | 30 -------------------
 system/default.nix                            |  7 -----
 system/network/default.nix                    |  6 ----
 system/nix/nixpkgs.nix                        |  5 ----
 system/nix/substituters.nix                   | 11 -------
 19 files changed, 77 insertions(+), 117 deletions(-)
 rename system/core/ssh-server.nix => modules/hardened-ssh-server.nix (100%)
 rename system/nix/default.nix => modules/nix-defaults.nix (53%)
 rename {system/network => modules}/tailscale.nix (100%)
 create mode 100644 modules/user-rpqt.nix
 delete mode 100644 parts/default.nix
 delete mode 100644 parts/keys.nix
 delete mode 100644 system/core/default.nix
 delete mode 100644 system/core/users.nix
 delete mode 100644 system/default.nix
 delete mode 100644 system/network/default.nix
 delete mode 100644 system/nix/nixpkgs.nix
 delete mode 100644 system/nix/substituters.nix

diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix
index f0bed86..1747b9f 100644
--- a/machines/crocus/configuration.nix
+++ b/machines/crocus/configuration.nix
@@ -5,8 +5,7 @@
 {
   imports = [
     ./radicle.nix
-    ../../system/core
-    ../../system/nix
+    self.nixosModules.nix-defaults
     ../../modules/remote-builder.nix
     ./nextcloud.nix
     ../../modules/unbound.nix
diff --git a/machines/flake-module.nix b/machines/flake-module.nix
index 5882452..60050b6 100644
--- a/machines/flake-module.nix
+++ b/machines/flake-module.nix
@@ -2,7 +2,6 @@
 {
   clan = {
     meta.name = "blossom";
-
     inventory.machines = {
       crocus = {
         tags = [
@@ -37,7 +36,7 @@
         roles.default.tags.server = { };
         roles.default.machines.haze = { };
         roles.default.settings.allowedKeys = {
-          rpqt_haze = (import ../parts).keys.rpqt.haze;
+          rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
         };
       };
 
@@ -64,9 +63,12 @@
         module.input = "clan-core";
         module.name = "sshd";
         roles.server.tags.all = { };
+        roles.server.extraModules = [
+          self.nixosModules.hardened-ssh-server
+        ];
       };
 
-      "rpqt-password-haze" = {
+      user-rpqt = {
         module.input = "clan-core";
         module.name = "users";
         roles.default.machines.haze = {
@@ -74,6 +76,18 @@
             user = "rpqt";
           };
         };
+        roles.default.extraModules = [
+          self.nixosModules.user-rpqt
+        ];
+      };
+
+      common-config = {
+        module = {
+          input = "clan-core";
+          name = "importer";
+        };
+        roles.default.tags.all = { };
+        roles.default.extraModules = [ self.nixosModules.common ];
       };
 
       "garage" = {
diff --git a/machines/genepi/builder.nix b/machines/genepi/builder.nix
index 510a932..5e4a7e3 100644
--- a/machines/genepi/builder.nix
+++ b/machines/genepi/builder.nix
@@ -1,6 +1,3 @@
-let
-  keys = import ../../parts/keys.nix;
-in
 {
   imports = [
     ../../modules/remote-builder.nix
@@ -8,6 +5,8 @@ in
 
   roles.remote-builder = {
     enable = true;
-    authorizedKeys = [ keys.hosts.haze ];
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"
+    ];
   };
 }
diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix
index d991012..34b327d 100644
--- a/machines/genepi/configuration.nix
+++ b/machines/genepi/configuration.nix
@@ -23,9 +23,9 @@
     ../../modules/lounge.nix
     ../../modules/unbound.nix
     ../../modules/unbound-auth.nix
-    ../../system/core
-    ../../system/nix
+    self.nixosModules.nix-defaults
 
+    self.nixosModules.user-rpqt
   ];
 
   networking.hostName = "genepi";
diff --git a/machines/haze/configuration.nix b/machines/haze/configuration.nix
index f68a00b..1a836a1 100644
--- a/machines/haze/configuration.nix
+++ b/machines/haze/configuration.nix
@@ -14,7 +14,6 @@
     ./steam.nix
     ./network.nix
     ./syncthing.nix
-    ../../system
 
     self.nixosModules.desktop
     self.nixosModules.nix-defaults
@@ -71,5 +70,17 @@
     '';
   };
 
+  nixpkgs.config.allowUnfree = true;
+
+  i18n.supportedLocales = [
+    "en_US.UTF-8/UTF-8"
+    "fr_FR.UTF-8/UTF-8"
+  ];
+
+  security.sudo = {
+    enable = true;
+    wheelNeedsPassword = false;
+  };
+
   services.tailscale.useRoutingFeatures = "client";
 }
diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix
index 6e5056b..7b01303 100644
--- a/machines/verbena/configuration.nix
+++ b/machines/verbena/configuration.nix
@@ -1,8 +1,7 @@
 { self, lib, ... }:
 {
   imports = [
-    ../../system/core
-    ../../system/nix
+    self.nixosModules.nix-defaults
     ../../modules/unbound.nix
     ../../modules/unbound-auth.nix
 
diff --git a/modules/flake-module.nix b/modules/flake-module.nix
index 781a291..200dca4 100644
--- a/modules/flake-module.nix
+++ b/modules/flake-module.nix
@@ -1,3 +1,4 @@
+{ lib, ... }:
 {
   flake.nixosModules = {
     gitea.imports = [
@@ -7,5 +8,16 @@
     desktop.imports = [
       ./desktop.nix
     ];
+
+    nix-defaults.imports = [ ./nix-defaults.nix ];
+    tailscale.imports = [ ./tailscale.nix ];
+    user-rpqt.imports = [ ./user-rpqt.nix ];
+    hardened-ssh-server.imports = [ ./hardened-ssh-server.nix ];
+
+    common.imports = [
+      {
+        users.mutableUsers = lib.mkDefault false;
+      }
+    ];
   };
 }
diff --git a/system/core/ssh-server.nix b/modules/hardened-ssh-server.nix
similarity index 100%
rename from system/core/ssh-server.nix
rename to modules/hardened-ssh-server.nix
diff --git a/system/nix/default.nix b/modules/nix-defaults.nix
similarity index 53%
rename from system/nix/default.nix
rename to modules/nix-defaults.nix
index 10d84fc..fd3ef6d 100644
--- a/system/nix/default.nix
+++ b/modules/nix-defaults.nix
@@ -1,18 +1,19 @@
 { pkgs, ... }:
 {
-  imports = [
-    ./nixpkgs.nix
-    ./substituters.nix
-  ];
-
   # for flakes
   environment.systemPackages = [ pkgs.git ];
 
   nix.settings = {
     auto-optimise-store = true;
     builders-use-substitutes = true;
-    experimental-features = ["nix-command" "flakes"];
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
 
-    trusted-users = ["root" "@wheel"];
+    trusted-users = [
+      "root"
+      "@wheel"
+    ];
   };
 }
diff --git a/system/network/tailscale.nix b/modules/tailscale.nix
similarity index 100%
rename from system/network/tailscale.nix
rename to modules/tailscale.nix
diff --git a/modules/user-rpqt.nix b/modules/user-rpqt.nix
new file mode 100644
index 0000000..86b2cf4
--- /dev/null
+++ b/modules/user-rpqt.nix
@@ -0,0 +1,21 @@
+{ lib, pkgs, ... }:
+{
+  users.users.rpqt = {
+    isNormalUser = true;
+
+    createHome = lib.mkDefault true;
+    home = lib.mkDefault "/home/rpqt";
+
+    description = "Romain Paquet";
+
+    shell = pkgs.zsh;
+
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"
+    ];
+
+    extraGroups = [ "wheel" ];
+  };
+
+  programs.zsh.enable = true;
+}
diff --git a/parts/default.nix b/parts/default.nix
deleted file mode 100644
index 2948de5..0000000
--- a/parts/default.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  keys = import ./keys.nix;
-}
diff --git a/parts/keys.nix b/parts/keys.nix
deleted file mode 100644
index 95e187d..0000000
--- a/parts/keys.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-  rpqt.haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
-
-  hosts = {
-    haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKga5V0H602RsBESBXf5kwRCnI1yfBPOHmjGsM4Rxf5r root@haze";
-    genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwq0inZe4DX4DuJx/vbfjG5XLZ46MnBXjipdHgD9LBg root@genepi";
-    crocus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAiz3nzuJGO5tRka2Y/kzqKa68wF7wwHr4hAympLNb9F root@crocus";
-    storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
-    storagebox-rsa = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";
-  };
-
-  services = {
-    radicle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBuoHC4P0h88OAL5PJmiqkbkvQR1cwfkjaevWbwdKOU7 radicle@rpqt.fr";
-  };
-}
diff --git a/system/core/default.nix b/system/core/default.nix
deleted file mode 100644
index 1d3f1d5..0000000
--- a/system/core/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{
-  imports = [
-    ./users.nix
-    ./ssh-server.nix
-  ];
-
-  i18n = {
-    defaultLocale = "en_US.UTF-8";
-    supportedLocales = [
-      "en_US.UTF-8/UTF-8"
-      "fr_FR.UTF-8/UTF-8"
-    ];
-  };
-
-  security.sudo = {
-    enable = true;
-    wheelNeedsPassword = false;
-  };
-}
diff --git a/system/core/users.nix b/system/core/users.nix
deleted file mode 100644
index effffbf..0000000
--- a/system/core/users.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  users.mutableUsers = lib.mkDefault false;
-
-  services.userborn.enable = true;
-
-  users.users.rpqt = {
-    isNormalUser = true;
-
-    createHome = true;
-    home = "/home/rpqt";
-
-    description = "Romain Paquet";
-
-    shell = pkgs.zsh;
-
-    openssh.authorizedKeys.keys = [ (import ../../parts/keys.nix).rpqt.haze ];
-
-    extraGroups = [
-      "wheel"
-    ];
-  };
-
-  programs.zsh.enable = true;
-}
diff --git a/system/default.nix b/system/default.nix
deleted file mode 100644
index 763d619..0000000
--- a/system/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-  imports = [
-    ./core
-    ./network
-    ./nix
-  ];
-}
diff --git a/system/network/default.nix b/system/network/default.nix
deleted file mode 100644
index 2abc273..0000000
--- a/system/network/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ self, ... }:
-{
-  imports = [
-    ./tailscale.nix
-  ];
-}
diff --git a/system/nix/nixpkgs.nix b/system/nix/nixpkgs.nix
deleted file mode 100644
index d793f95..0000000
--- a/system/nix/nixpkgs.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  nixpkgs = {
-    config.allowUnfree = true;
-  };
-}
diff --git a/system/nix/substituters.nix b/system/nix/substituters.nix
deleted file mode 100644
index 04660af..0000000
--- a/system/nix/substituters.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-  nix.settings = {
-    substituters = [
-      "https://cache.nixos.org?priority=10"
-    ];
-
-    trusted-public-keys = [
-      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-    ];
-  };
-}