remove "parts" directory and restructure modules

2025-10-01 19:36:53 +02:00
parent 4b26b8da52
commit f2cf7d36de
19 changed files with 77 additions and 117 deletions
--- a/machines/crocus/configuration.nix
+++ b/machines/crocus/configuration.nix
@@ -5,8 +5,7 @@
 {
  imports = [
    ./radicle.nix
-    ../../system/core
-    ../../system/nix
+    self.nixosModules.nix-defaults
    ../../modules/remote-builder.nix
    ./nextcloud.nix
    ../../modules/unbound.nix
--- a/machines/flake-module.nix
+++ b/machines/flake-module.nix
@@ -2,7 +2,6 @@
 {
  clan = {
    meta.name = "blossom";
-
    inventory.machines = {
      crocus = {
        tags = [
@@ -37,7 +36,7 @@
        roles.default.tags.server = { };
        roles.default.machines.haze = { };
        roles.default.settings.allowedKeys = {
-          rpqt_haze = (import ../parts).keys.rpqt.haze;
+          rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
        };
      };

@@ -64,9 +63,12 @@
        module.input = "clan-core";
        module.name = "sshd";
        roles.server.tags.all = { };
+        roles.server.extraModules = [
+          self.nixosModules.hardened-ssh-server
+        ];
      };

-      "rpqt-password-haze" = {
+      user-rpqt = {
        module.input = "clan-core";
        module.name = "users";
        roles.default.machines.haze = {
@@ -74,6 +76,18 @@
            user = "rpqt";
          };
        };
+        roles.default.extraModules = [
+          self.nixosModules.user-rpqt
+        ];
+      };
+
+      common-config = {
+        module = {
+          input = "clan-core";
+          name = "importer";
+        };
+        roles.default.tags.all = { };
+        roles.default.extraModules = [ self.nixosModules.common ];
      };

      "garage" = {
--- a/machines/genepi/builder.nix
+++ b/machines/genepi/builder.nix
@@ -1,6 +1,3 @@
-let
-  keys = import ../../parts/keys.nix;
-in
 {
  imports = [
    ../../modules/remote-builder.nix
@@ -8,6 +5,8 @@ in

  roles.remote-builder = {
    enable = true;
-    authorizedKeys = [ keys.hosts.haze ];
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"
+    ];
  };
 }
--- a/machines/genepi/configuration.nix
+++ b/machines/genepi/configuration.nix
@@ -23,9 +23,9 @@
    ../../modules/lounge.nix
    ../../modules/unbound.nix
    ../../modules/unbound-auth.nix
-    ../../system/core
-    ../../system/nix
+    self.nixosModules.nix-defaults

+    self.nixosModules.user-rpqt
  ];

  networking.hostName = "genepi";
--- a/machines/haze/configuration.nix
+++ b/machines/haze/configuration.nix
@@ -14,7 +14,6 @@
    ./steam.nix
    ./network.nix
    ./syncthing.nix
-    ../../system

    self.nixosModules.desktop
    self.nixosModules.nix-defaults
@@ -71,5 +70,17 @@
    '';
  };

+  nixpkgs.config.allowUnfree = true;
+
+  i18n.supportedLocales = [
+    "en_US.UTF-8/UTF-8"
+    "fr_FR.UTF-8/UTF-8"
+  ];
+
+  security.sudo = {
+    enable = true;
+    wheelNeedsPassword = false;
+  };
+
  services.tailscale.useRoutingFeatures = "client";
 }
--- a/machines/verbena/configuration.nix
+++ b/machines/verbena/configuration.nix
@@ -1,8 +1,7 @@
 { self, lib, ... }:
 {
  imports = [
-    ../../system/core
-    ../../system/nix
+    self.nixosModules.nix-defaults
    ../../modules/unbound.nix
    ../../modules/unbound-auth.nix