remove "parts" directory and restructure modules

2025-10-01 19:36:53 +02:00
parent 4b26b8da52
commit f2cf7d36de
19 changed files with 77 additions and 117 deletions
--- a/machines/crocus/configuration.nix
+++ b/machines/crocus/configuration.nix
@@ -5,8 +5,7 @@
 {
  imports = [
    ./radicle.nix
-    ../../system/core
+    self.nixosModules.nix-defaults
    ../../system/nix
    ../../modules/remote-builder.nix
    ./nextcloud.nix
    ../../modules/unbound.nix
--- a/machines/flake-module.nix
+++ b/machines/flake-module.nix
@@ -2,7 +2,6 @@
 {
  clan = {
    meta.name = "blossom";
    inventory.machines = {
      crocus = {
        tags = [
@@ -37,7 +36,7 @@
        roles.default.tags.server = { };
        roles.default.machines.haze = { };
        roles.default.settings.allowedKeys = {
-          rpqt_haze = (import ../parts).keys.rpqt.haze;
+          rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
        };
      };
@@ -64,9 +63,12 @@
        module.input = "clan-core";
        module.name = "sshd";
        roles.server.tags.all = { };
        roles.server.extraModules = [
          self.nixosModules.hardened-ssh-server
        ];
      };
-      "rpqt-password-haze" = {
+      user-rpqt = {
        module.input = "clan-core";
        module.name = "users";
        roles.default.machines.haze = {
@@ -74,6 +76,18 @@
            user = "rpqt";
          };
        };
        roles.default.extraModules = [
          self.nixosModules.user-rpqt
        ];
      };
      common-config = {
        module = {
          input = "clan-core";
          name = "importer";
        };
        roles.default.tags.all = { };
        roles.default.extraModules = [ self.nixosModules.common ];
      };
      "garage" = {
--- a/machines/genepi/builder.nix
+++ b/machines/genepi/builder.nix
@@ -1,6 +1,3 @@
 let
  keys = import ../../parts/keys.nix;
 in
 {
  imports = [
    ../../modules/remote-builder.nix
@@ -8,6 +5,8 @@ in
  roles.remote-builder = {
    enable = true;
-    authorizedKeys = [ keys.hosts.haze ];
+    authorizedKeys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"
    ];
  };
 }
--- a/machines/genepi/configuration.nix
+++ b/machines/genepi/configuration.nix
@@ -23,9 +23,9 @@
    ../../modules/lounge.nix
    ../../modules/unbound.nix
    ../../modules/unbound-auth.nix
-    ../../system/core
+    self.nixosModules.nix-defaults
    ../../system/nix
    self.nixosModules.user-rpqt
  ];
  networking.hostName = "genepi";
--- a/machines/haze/configuration.nix
+++ b/machines/haze/configuration.nix
@@ -14,7 +14,6 @@
    ./steam.nix
    ./network.nix
    ./syncthing.nix
    ../../system
    self.nixosModules.desktop
    self.nixosModules.nix-defaults
@@ -71,5 +70,17 @@
    '';
  };
  nixpkgs.config.allowUnfree = true;
  i18n.supportedLocales = [
    "en_US.UTF-8/UTF-8"
    "fr_FR.UTF-8/UTF-8"
  ];
  security.sudo = {
    enable = true;
    wheelNeedsPassword = false;
  };
  services.tailscale.useRoutingFeatures = "client";
 }
--- a/machines/verbena/configuration.nix
+++ b/machines/verbena/configuration.nix
@@ -1,8 +1,7 @@
 { self, lib, ... }:
 {
  imports = [
-    ../../system/core
+    self.nixosModules.nix-defaults
    ../../system/nix
    ../../modules/unbound.nix
    ../../modules/unbound-auth.nix
--- a/modules/flake-module.nix
+++ b/modules/flake-module.nix
@@ -1,3 +1,4 @@
 { lib, ... }:
 {
  flake.nixosModules = {
    gitea.imports = [
@@ -7,5 +8,16 @@
    desktop.imports = [
      ./desktop.nix
    ];
    nix-defaults.imports = [ ./nix-defaults.nix ];
    tailscale.imports = [ ./tailscale.nix ];
    user-rpqt.imports = [ ./user-rpqt.nix ];
    hardened-ssh-server.imports = [ ./hardened-ssh-server.nix ];
    common.imports = [
      {
        users.mutableUsers = lib.mkDefault false;
      }
    ];
  };
 }
--- a/modules/hardened-ssh-server.nix
+++ b/modules/hardened-ssh-server.nix
--- a/modules/nix-defaults.nix
+++ b/modules/nix-defaults.nix
@@ -1,18 +1,19 @@
 { pkgs, ... }:
 {
  imports = [
    ./nixpkgs.nix
    ./substituters.nix
  ];
  # for flakes
  environment.systemPackages = [ pkgs.git ];
  nix.settings = {
    auto-optimise-store = true;
    builders-use-substitutes = true;
-    experimental-features = ["nix-command" "flakes"];
+    experimental-features = [
      "nix-command"
      "flakes"
    ];
-    trusted-users = ["root" "@wheel"];
+    trusted-users = [
      "root"
      "@wheel"
    ];
  };
 }
--- a/system/network/tailscale.nix
+++ b/system/network/tailscale.nix
--- a/modules/user-rpqt.nix
+++ b/modules/user-rpqt.nix
@@ -0,0 +1,21 @@
 { lib, pkgs, ... }:
 {
  users.users.rpqt = {
    isNormalUser = true;
    createHome = lib.mkDefault true;
    home = lib.mkDefault "/home/rpqt";
    description = "Romain Paquet";
    shell = pkgs.zsh;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"
    ];
    extraGroups = [ "wheel" ];
  };
  programs.zsh.enable = true;
 }
--- a/parts/default.nix
+++ b/parts/default.nix
@@ -1,3 +0,0 @@
 {
  keys = import ./keys.nix;
 }
--- a/parts/keys.nix
+++ b/parts/keys.nix
@@ -1,15 +0,0 @@
 {
  rpqt.haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
  hosts = {
    haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKga5V0H602RsBESBXf5kwRCnI1yfBPOHmjGsM4Rxf5r root@haze";
    genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwq0inZe4DX4DuJx/vbfjG5XLZ46MnBXjipdHgD9LBg root@genepi";
    crocus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAiz3nzuJGO5tRka2Y/kzqKa68wF7wwHr4hAympLNb9F root@crocus";
    storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
    storagebox-rsa = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";
  };
  services = {
    radicle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBuoHC4P0h88OAL5PJmiqkbkvQR1cwfkjaevWbwdKOU7 radicle@rpqt.fr";
  };
 }
--- a/system/core/default.nix
+++ b/system/core/default.nix
@@ -1,19 +0,0 @@
 {
  imports = [
    ./users.nix
    ./ssh-server.nix
  ];
  i18n = {
    defaultLocale = "en_US.UTF-8";
    supportedLocales = [
      "en_US.UTF-8/UTF-8"
      "fr_FR.UTF-8/UTF-8"
    ];
  };
  security.sudo = {
    enable = true;
    wheelNeedsPassword = false;
  };
 }
--- a/system/core/users.nix
+++ b/system/core/users.nix
@@ -1,30 +0,0 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  users.mutableUsers = lib.mkDefault false;
  services.userborn.enable = true;
  users.users.rpqt = {
    isNormalUser = true;
    createHome = true;
    home = "/home/rpqt";
    description = "Romain Paquet";
    shell = pkgs.zsh;
    openssh.authorizedKeys.keys = [ (import ../../parts/keys.nix).rpqt.haze ];
    extraGroups = [
      "wheel"
    ];
  };
  programs.zsh.enable = true;
 }
--- a/system/default.nix
+++ b/system/default.nix
@@ -1,7 +0,0 @@
 {
  imports = [
    ./core
    ./network
    ./nix
  ];
 }
--- a/system/network/default.nix
+++ b/system/network/default.nix
@@ -1,6 +0,0 @@
 { self, ... }:
 {
  imports = [
    ./tailscale.nix
  ];
 }
--- a/system/nix/nixpkgs.nix
+++ b/system/nix/nixpkgs.nix
@@ -1,5 +0,0 @@
 {
  nixpkgs = {
    config.allowUnfree = true;
  };
 }
--- a/system/nix/substituters.nix
+++ b/system/nix/substituters.nix
@@ -1,11 +0,0 @@
 {
  nix.settings = {
    substituters = [
      "https://cache.nixos.org?priority=10"
    ];
    trusted-public-keys = [
      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
    ];
  };
 }