refactor: split "real" modules and "config" modules

README.md

@@ -37,12 +37,12 @@ that most people would have. The configurations are sorted into three categories
 
 | ~~~~~~~~~~~~ | Program | Source | Description
 ---|---|---|---
-🐚 Shell | ZSH & Starship | [Link](./users/modules/config/shell) | ZSH configuration with FZF, starship prompt, sqlite history and histdb-skim for fancy <kbd>Ctrl</kbd><kbd>R</kbd>
+🐚 Shell | ZSH & Starship | [Link](./users/config/shell) | ZSH configuration with FZF, starship prompt, sqlite history and histdb-skim for fancy <kbd>Ctrl</kbd><kbd>R</kbd>
 🖥️ Terminal | Kitty | [Link](./users/myuser/graphical/kitty.nix) | Terminal configuration with nerdfonts and history <kbd>Ctrl</kbd><kbd>Shift</kbd><kbd>H</kbd> to view scrollback buffer in neovim
 🪟 WM | i3 | [Link](./users/myuser/graphical/i3.nix) | Tiling window manager, heavily customized to my personal preferences
 🌐 Browser | Firefox | [Link](./users/myuser/graphical/firefox.nix) | Firefox with many privacy settings and betterfox
 🖊️ Editor | Neovim | [Link](./users/myuser/neovim) | Extensive neovim configuration, made with nixvim
-📜 Manpager | Neovim | [Link](./users/modules/config/manpager.nix) | Isolated neovim as manpager via nixvim
+📜 Manpager | Neovim | [Link](./users/config/manpager.nix) | Isolated neovim as manpager via nixvim
 📷 Screenshots | Flameshot | [Link](./users/myuser/graphical/flameshot.nix) | Screenshot tool with custom [QR code detection](./pkgs/scripts/screenshot-area-scan-qr.nix) and [OCR to clipboard](./pkgs/scripts/screenshot-area.nix)
 🗨️ Notifications | wired-notify | [Link](./users/myuser/graphical/wired-notify.nix) | Notification daemon with a very customized layout and color scheme
 🎮 Gaming | Steam & Bottles | [Link](./users/myuser/graphical/games) | Setup for gaming
@@ -74,7 +74,7 @@ that most people would have. The configurations are sorted into three categories
 
 | ~~~~~~~~~~~~ | 💎 | Source | Description
 ---|---|---|---
-🗑️ Impermanence | – | [Link](./modules/config/impermanence.nix) | Only persist what is necessary. ZFS rollback on boot. Most configuration is will be next to the respective service / program configuration.
+🗑️ Impermanence | – | [Link](./config/impermanence.nix) | Only persist what is necessary. ZFS rollback on boot. Most configuration is will be next to the respective service / program configuration.
 
 - reverse proxy with wireguard tunnel
 - restic
@@ -89,7 +89,7 @@ that most people would have. The configurations are sorted into three categories
 ## Structure
 
 If you are interested in parts of my configuration,
-you probably want to examine the contents of `users/`, `modules/` and `hosts/`.
+you probably want to examine the contents of `users/`, `config/`, `modules/` and `hosts/`.
 Also, a lot of interesting modules have been moved to [nixos-extra-modules](https://github.com/oddlama/nixos-extra-modules), a separate repository specifically for reusable stuff.
 The full structure of this flake is described in [STRUCTURE.md](./STRUCTURE.md),
 but here's a quick breakdown of the what you will find where.
@@ -98,9 +98,9 @@ but here's a quick breakdown of the what you will find where.
 |---|---|
 `hosts/<hostname>` | top-level configuration for `<hostname>`
 `lib/` | library functions overlayed on top of `nixpkgs.lib`
-`modules/config/` | global configuration for all hosts
+`config/` | global configuration for all hosts
-`modules/optional/` | optional configuration included by hosts
+`config/optional/` | optional configuration included by hosts
-`modules/*` | classical reusable configuration modules
+`modules/` | classical reusable configuration modules
 `nix/` | library functions and flake plumbing
 `pkgs/` | Custom packages and scripts
 `secrets/` | Global secrets and age identities

STRUCTURE.md

@@ -1,15 +1,20 @@
 ## Structure
 
-If you are interested in parts of my configuration, you probably want to examine the contents of `users/`, `modules/` and `hosts/`.
+If you are interested in parts of my configuration, you probably want to examine the contents of `users/`, `config/`, `modules/` and `hosts/`.
 Make sure to utilize the github search if you know what you need!
 
+- `config/` contains common configuration that I use on all of my host
+  and which is applied by default.
+  - `config/optional/` contains optional configuration that is only needed for some hosts,
+  and which should be included explicitly by hosts that require it.
+
 - `hosts/<hostname>` contains the top-level configuration for `<hostname>`.
   Follow the imports from there to see what it entails.
 
   By convention I place secrets related to this host in the `secrets/` subfolder, but any host
   could technically use them. Especialy important files in this folder are:
   - `host.pub` This host's public key (retrieved after initial setup). Used to rekey secrets so the host can access them at runtime.
-  - `local.nix.age` Repository-wide local secrets. Decrypted on import, see `modules/repo/secrets.nix` for more information.
+  - `local.nix.age` Repository-wide local secrets. Decrypted on import, see `modules/secrets.nix` for more information.
 
   Some hosts define guests that run as containerized or virtualized guests. Their configuration is usually just a single file
   stored in `guests/<name>.nix`. Their secrets are usually stored in a subfolder of the host's secrets folder.
@@ -17,18 +22,11 @@ Make sure to utilize the github search if you know what you need!
 - `lib/` contains extra library functions that are needed throughout the config.
 
 - `modules/` contains modularized configuration. If you are interested in reusable parts of
-  my configuration, this is probably the folder you are looking for. Unless stated otherwise,
+  my configuration, this is probably the folder you are looking for. These will be regular
-  all of these will be regular reusable modules like those you would find in `nixpkgs/nixos/modules`,
+  reusable modules like those you would find in `nixpkgs/nixos/modules`.
-  and the tree of all relevant modules is included via `modules/default.nix`.
+
-  - `modules/config/` contains configuration that is I use across all my host and is applied by default.
+  Some of these simplify the option interface of existing options, others add new funtionality
-    These just add configuration unconditionally and don't expose any further options.
+  to existing modules.
-  - `modules/optional/` contains configuration that is only needed sometimes, and which should
-    be included explicitly by hosts that require it.
-  - `modules/*` contains regular modules and meta-modules that simplify the option interface of existing options.
-    I use this for stuff that I don't need on all my hosts and that may require different settings
-    for each host while sharing a common basis.
-    Some of these are "meta" in the sense that they depend on their own definitions on multiple hosts (wireguard).
-    These are probably as opinionated as stuff in `modules/config/` but may be a little more general.
 
 - `nix/` library functions and flake plumbing
   - `generate-installer-package.nix` Helper package that that will be available in our iso images. This provides the `install-system` command that will do a full install including partitioning.

config/default.nix

@@ -0,0 +1,42 @@
+{inputs, ...}: {
+  disabledModules = [
+    "services/security/kanidm.nix"
+    "services/networking/netbird.nix"
+  ];
+
+  imports = [
+    inputs.agenix-rekey.nixosModules.default
+    inputs.agenix.nixosModules.default
+    inputs.disko.nixosModules.disko
+    inputs.elewrap.nixosModules.default
+    inputs.home-manager.nixosModules.default
+    inputs.impermanence.nixosModules.impermanence
+    inputs.nix-topology.nixosModules.default
+    inputs.nixos-extra-modules.nixosModules.default
+    inputs.nixos-nftables-firewall.nixosModules.default
+
+    ../modules
+
+    ../users/root
+
+    ./boot.nix
+    ./home-manager.nix
+    ./impermanence.nix
+    ./inputrc.nix
+    ./issue.nix
+    ./net.nix
+    ./nftables.nix
+    ./nix.nix
+    ./resolved.nix
+    ./secrets.nix
+    ./ssh.nix
+    ./system.nix
+    ./topology.nix
+    ./users.nix
+  ];
+
+  nixpkgs.overlays = [
+    inputs.nixvim.overlays.default
+    inputs.wired-notify.overlays.default
+  ];
+}

config/hardware/odroid-n2plus.nix

@@ -1,7 +1,6 @@
 {inputs, ...}: {
   imports = [
     inputs.nixos-hardware.nixosModules.common-pc-ssd
-    ./physical.nix
   ];
 
   boot.initrd.availableKernelModules = [

config/secrets.nix

@@ -9,7 +9,7 @@
     local = config.node.secretsDir + "/local.nix.age";
   in
     {
-      global = ../../secrets/global.nix.age;
+      global = ../secrets/global.nix.age;
     }
     // lib.optionalAttrs (lib.pathExists local) {inherit local;};
 

hosts/envoy/default.nix

@@ -1,10 +1,9 @@
 {nodes, ...}: {
   imports = [
-    ../../modules/optional/hardware/hetzner-cloud.nix
+    ../../config
-
+    ../../config/hardware/hetzner-cloud.nix
-    ../../modules
+    ../../config/optional/initrd-ssh.nix
-    ../../modules/optional/initrd-ssh.nix
+    ../../config/optional/zfs.nix
-    ../../modules/optional/zfs.nix
 
     ./acme.nix
     ./fs.nix

hosts/kroma/default.nix

@@ -13,17 +13,18 @@
     inputs.nixos-hardware.nixosModules.common-pc-hdd
     inputs.nixos-hardware.nixosModules.common-pc-ssd
 
-    ../../modules/optional/hardware/physical.nix
+    ../../config
-    ../../modules/optional/hardware/nvidia.nix
-    ../../modules/optional/hardware/bluetooth.nix
 
-    ../../modules
+    ../../config/hardware/physical.nix
-    ../../modules/optional/initrd-ssh.nix
+    ../../config/hardware/nvidia.nix
-    ../../modules/optional/dev
+    ../../config/hardware/bluetooth.nix
-    ../../modules/optional/graphical
+
-    ../../modules/optional/laptop.nix
+    ../../config/dev
-    ../../modules/optional/sound.nix
+    ../../config/graphical
-    ../../modules/optional/zfs.nix
+    ../../config/optional/initrd-ssh.nix
+    ../../config/optional/laptop.nix
+    ../../config/optional/sound.nix
+    ../../config/optional/zfs.nix
 
     ../../users/myuser
 

hosts/nom/default.nix

@@ -8,16 +8,18 @@
     inputs.nixos-hardware.nixosModules.common-gpu-intel
     inputs.nixos-hardware.nixosModules.common-pc-laptop
     inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
-    ../../modules/optional/hardware/intel.nix
-    ../../modules/optional/hardware/physical.nix
 
-    ../../modules
+    ../../config
-    ../../modules/optional/initrd-ssh.nix
+
-    ../../modules/optional/dev
+    ../../config/hardware/intel.nix
-    ../../modules/optional/graphical
+    ../../config/hardware/physical.nix
-    ../../modules/optional/laptop.nix
+
-    ../../modules/optional/sound.nix
+    ../../config/dev
-    ../../modules/optional/zfs.nix
+    ../../config/graphical
+    ../../config/optional/initrd-ssh.nix
+    ../../config/optional/laptop.nix
+    ../../config/optional/sound.nix
+    ../../config/optional/zfs.nix
 
     ../../users/myuser
 

hosts/sentinel/default.nix

@@ -4,11 +4,10 @@
   ...
 }: {
   imports = [
-    ../../modules/optional/hardware/hetzner-cloud.nix
+    ../../config
-
+    ../../config/hardware/hetzner-cloud.nix
-    ../../modules
+    ../../config/optional/initrd-ssh.nix
-    ../../modules/optional/initrd-ssh.nix
+    ../../config/optional/zfs.nix
-    ../../modules/optional/zfs.nix
 
     ./acme.nix
     ./coturn.nix

hosts/sire/default.nix

@@ -9,12 +9,12 @@
   imports = [
     inputs.nixos-hardware.nixosModules.common-cpu-intel
     inputs.nixos-hardware.nixosModules.common-pc-ssd
-    ../../modules/optional/hardware/intel.nix
-    ../../modules/optional/hardware/physical.nix
 
-    ../../modules
+    ../../config
-    ../../modules/optional/initrd-ssh.nix
+    ../../config/hardware/intel.nix
-    ../../modules/optional/zfs.nix
+    ../../config/hardware/physical.nix
+    ../../config/optional/initrd-ssh.nix
+    ../../config/optional/zfs.nix
 
     ./fs.nix
     ./net.nix
@@ -72,7 +72,7 @@
         dataset = "bunker/paperless";
       };
       modules = [
-        ../../modules
+        ../../config
         ./guests/common.nix
         ./guests/${guestName}.nix
         {

hosts/ward/default.nix

@@ -9,12 +9,12 @@
   imports = [
     inputs.nixos-hardware.nixosModules.common-cpu-intel
     inputs.nixos-hardware.nixosModules.common-pc-ssd
-    ../../modules/optional/hardware/intel.nix
-    ../../modules/optional/hardware/physical.nix
 
-    ../../modules
+    ../../config
-    ../../modules/optional/initrd-ssh.nix
+    ../../config/hardware/intel.nix
-    ../../modules/optional/zfs.nix
+    ../../config/hardware/physical.nix
+    ../../config/optional/initrd-ssh.nix
+    ../../config/optional/zfs.nix
 
     ./fs.nix
     ./net.nix
@@ -59,7 +59,7 @@
         dataset = "safe/guests/${guestName}";
       };
       modules = [
-        ../../modules
+        ../../config
         ./guests/common.nix
         ./guests/${guestName}.nix
         {

hosts/zackbiene/default.nix

@@ -8,11 +8,11 @@
   wardWebProxyCfg = nodes.ward-web-proxy.config;
 in {
   imports = [
-    ../../modules/optional/hardware/odroid-n2plus.nix
+    ../../config
-
+    ../../config/hardware/odroid-n2plus.nix
-    ../../modules
+    ../../config/hardware/physical.nix
-    ../../modules/optional/initrd-ssh.nix
+    ../../config/optional/initrd-ssh.nix
-    ../../modules/optional/zfs.nix
+    ../../config/optional/zfs.nix
 
     #./esphome.nix
     ./fs.nix

modules/default.nix

@@ -1,37 +1,10 @@
-{inputs, ...}: {
+{
   disabledModules = [
     "services/security/kanidm.nix"
     "services/networking/netbird.nix"
   ];
 
   imports = [
-    inputs.agenix-rekey.nixosModules.default
-    inputs.agenix.nixosModules.default
-    inputs.disko.nixosModules.disko
-    inputs.elewrap.nixosModules.default
-    inputs.home-manager.nixosModules.default
-    inputs.impermanence.nixosModules.impermanence
-    inputs.nix-topology.nixosModules.default
-    inputs.nixos-extra-modules.nixosModules.default
-    inputs.nixos-nftables-firewall.nixosModules.default
-
-    ../users/root
-
-    ./config/boot.nix
-    ./config/home-manager.nix
-    ./config/impermanence.nix
-    ./config/inputrc.nix
-    ./config/issue.nix
-    ./config/net.nix
-    ./config/nftables.nix
-    ./config/nix.nix
-    ./config/resolved.nix
-    ./config/secrets.nix
-    ./config/ssh.nix
-    ./config/system.nix
-    ./config/topology.nix
-    ./config/users.nix
-
     ./acme-wildcard.nix
     ./backups.nix
     ./deterministic-ids.nix
@@ -45,9 +18,4 @@
     ./secrets.nix
     ./telegraf.nix
   ];
-
-  nixpkgs.overlays = [
-    inputs.nixvim.overlays.default
-    inputs.wired-notify.overlays.default
-  ];
 }

users/config/default.nix

@@ -0,0 +1,13 @@
+{
+  imports = [
+    ../modules
+
+    ./htop.nix
+    ./impermanence.nix
+    ./neovim.nix
+    ./shell
+    ./utils.nix
+  ];
+
+  xdg.configFile."nixpkgs/config.nix".text = "{ allowUnfree = true; }";
+}

users/modules/default.nix

@@ -1,14 +1,6 @@
-{...}: {
+{
   imports = [
     ./uid.nix
     ./secrets.nix
-
-    ./config/htop.nix
-    ./config/impermanence.nix
-    ./config/neovim.nix
-    ./config/shell
-    ./config/utils.nix
   ];
-
-  xdg.configFile."nixpkgs/config.nix".text = "{ allowUnfree = true; }";
 }

users/myuser/default.nix

@@ -30,7 +30,7 @@ in
 
     home-manager.users.${myuser} = {
       imports = [
-        ../modules
+        ../config
         ./dev
         ./graphical
         ./neovim

users/root/default.nix

@@ -15,7 +15,7 @@
 
   home-manager.users.root = {
     imports = [
-      ../modules
+      ../config
     ];
 
     home = {