refactor: split hardware related and system related common configuration

2025-10-10 23:00:39 +02:00 · 2023-05-01 15:27:28 +02:00 · 2023-05-01 15:27:28 +02:00 · de19b23d3d
commit de19b23d3d
parent f55c83c1b8
9 changed files with 82 additions and 99 deletions
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@ -1,100 +1,25 @@
-{
-  inputs,
-  lib,
-  pkgs,
-  config,
-  nodeName,
-  ...
-}: {
+{config, ...}: {
  imports = [
-    ./inputrc.nix
    ./impermanence.nix
+    ./inputrc.nix
    ./issue.nix
    ./net.nix
    ./nix.nix
    ./resolved.nix
    ./ssh.nix
-    ./tmux.nix
+    ./system.nix
    ./xdg.nix

    ../../../modules/wireguard.nix
  ];

-  # IP address math library
-  # https://gist.github.com/duairc/5c9bb3c922e5d501a1edb9e7b3b845ba
-  # Plus some extensions by us
-  lib = let
-    libWithNet = (import "${inputs.lib-net}/net.nix" {inherit lib;}).lib;
-  in
-    lib.recursiveUpdate libWithNet {
-      net.cidr = rec {
-        hostCidr = n: x: "${libWithNet.net.cidr.host n x}/${libWithNet.net.cidr.length x}";
-        ip = x: lib.head (lib.splitString "/" x);
-        canonicalize = x: libWithNet.net.cidr.make (libWithNet.net.cidr.length x) (ip x);
-      };
-    };
-
-  # Setup secret rekeying parameters
-  rekey = {
-    inherit
-      (inputs.self.secrets)
-      masterIdentities
-      extraEncryptionPubkeys
-      ;
-
-    # This is technically impure, but intended. We need to rekey on the
-    # current system due to yubikey availability.
-    forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
-    hostPubkey = let
-      pubkeyPath = ../.. + "/${nodeName}/secrets/host.pub";
-    in
-      lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
-      pubkeyPath;
-  };
-
-  boot = {
-    initrd.systemd.enable = true;
-    kernelParams = ["log_buf_len=10M"];
-    tmp.useTmpfs = true;
-  };
-
-  # Disable sudo which is entierly unnecessary.
-  security.sudo.enable = false;
-
-  time.timeZone = lib.mkDefault "Europe/Berlin";
-  i18n.defaultLocale = "C.UTF-8";
-  console.keyMap = "de-latin1-nodeadkeys";
-
-  hardware = {
-    enableRedistributableFirmware = true;
-    enableAllFirmware = true;
-  };
-
-  systemd.enableUnifiedCgroupHierarchy = true;
-  users.mutableUsers = false;
-
  home-manager = {
    useGlobalPkgs = true;
    useUserPackages = true;
    verbose = true;
  };

-  programs = {
-    # Required even when using home-manager's zsh module since the /etc/profile load order
-    # is partly controlled by this. See nix-community/home-manager#3681.
-    zsh.enable = true;
-    git = {
-      enable = true;
-      config = {
-        init.defaultBranch = "main";
-        pull.rebase = true;
-      };
-    };
-  };
-
-  services = {
-    fwupd.enable = true;
-    smartd.enable = true;
-    thermald.enable = builtins.elem config.nixpkgs.system ["x86_64-linux"];
-  };
+  # Required even when using home-manager's zsh module since the /etc/profile load order
+  # is partly controlled by this. See nix-community/home-manager#3681.
+  programs.zsh.enable = true;
 }
--- a/hosts/common/core/system.nix
+++ b/hosts/common/core/system.nix
@ -0,0 +1,54 @@
+{
+  inputs,
+  lib,
+  nodeName,
+  ...
+}: {
+  # IP address math library
+  # https://gist.github.com/duairc/5c9bb3c922e5d501a1edb9e7b3b845ba
+  # Plus some extensions by us
+  lib = let
+    libWithNet = (import "${inputs.lib-net}/net.nix" {inherit lib;}).lib;
+  in
+    lib.recursiveUpdate libWithNet {
+      net.cidr = rec {
+        hostCidr = n: x: "${libWithNet.net.cidr.host n x}/${libWithNet.net.cidr.length x}";
+        ip = x: lib.head (lib.splitString "/" x);
+        canonicalize = x: libWithNet.net.cidr.make (libWithNet.net.cidr.length x) (ip x);
+      };
+    };
+
+  # Setup secret rekeying parameters
+  rekey = {
+    inherit
+      (inputs.self.secrets)
+      masterIdentities
+      extraEncryptionPubkeys
+      ;
+
+    # This is technically impure, but intended. We need to rekey on the
+    # current system due to yubikey availability.
+    forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
+    hostPubkey = let
+      pubkeyPath = ../.. + "/${nodeName}/secrets/host.pub";
+    in
+      lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
+      pubkeyPath;
+  };
+
+  boot = {
+    initrd.systemd.enable = true;
+    kernelParams = ["log_buf_len=10M"];
+    tmp.useTmpfs = true;
+  };
+
+  # Disable sudo which is entierly unnecessary.
+  security.sudo.enable = false;
+
+  time.timeZone = lib.mkDefault "Europe/Berlin";
+  i18n.defaultLocale = "C.UTF-8";
+  console.keyMap = "de-latin1-nodeadkeys";
+
+  systemd.enableUnifiedCgroupHierarchy = true;
+  users.mutableUsers = false;
+}
--- a/hosts/common/core/tmux.nix
+++ b/hosts/common/core/tmux.nix
@ -1,14 +0,0 @@
-{
-  programs.tmux = {
-    enable = true;
-    aggressiveResize = true;
-    clock24 = true;
-    escapeTime = 0;
-    historyLimit = 10000;
-    # breaks tmate
-    newSession = false;
-    secureSocket = false;
-    shortcut = "g";
-    terminal = "tmux-256color";
-  };
-}
--- a/hosts/common/hardware/cloud.nix
+++ b/hosts/common/hardware/cloud.nix
@ -0,0 +1,4 @@
+# Configuration for cloud-servers machines
+{
+  services.smartd.enable = true;
+}
--- a/hosts/common/hardware/physical.nix
+++ b/hosts/common/hardware/physical.nix
@ -0,0 +1,13 @@
+# Configuration for actual physical machines
+{config, ...}: {
+  hardware = {
+    enableRedistributableFirmware = true;
+    enableAllFirmware = true;
+  };
+
+  services = {
+    fwupd.enable = true;
+    smartd.enable = true;
+    thermald.enable = builtins.elem config.nixpkgs.system ["x86_64-linux"];
+  };
+}
--- a/hosts/nom/default.nix
+++ b/hosts/nom/default.nix
@ -14,6 +14,7 @@
    ../common/graphical

    ../common/hardware/intel.nix
+    ../common/hardware/physical.nix
    ../common/efi.nix
    ../common/initrd-ssh.nix
    ../common/laptop.nix
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@ -10,6 +10,7 @@

    ../common/core
    ../common/hardware/intel.nix
+    ../common/hardware/physical.nix
    ../common/initrd-ssh.nix
    ../common/efi.nix
    ../common/zfs.nix
--- a/hosts/zackbiene/default.nix
+++ b/hosts/zackbiene/default.nix
@ -9,6 +9,8 @@
    nixos-hardware.common-pc-ssd

    ../common/core
+    ../common/hardware/physical.nix
+    #../common/initrd-ssh.nix
    ../common/zfs.nix

    ../../users/root
--- a/users/common/git.nix
+++ b/users/common/git.nix
@ -5,14 +5,11 @@
    difftastic.enable = true;
    lfs.enable = lib.mkDefault false;
    extraConfig = {
-      #diff = {
-      #  colorMoved = "default";
-      #  age.textconv = "${pkgs.rage}/bin/rage -i ~/.ssh/username --decrypt";
-      #};
      difftool.prompt = true;
      init.defaultBranch = "main";
      merge.conflictstyle = "diff3";
      mergetool.prompt = true;
+      pull.rebase = true;
    };
    aliases = {
      unstash = "stash pop";