refactor: start removing digga

flake.nix

@@ -1,5 +1,5 @@
 {
-  description = "A highly structured configuration database.";
+  description = "b12f hosts";
 
   nixConfig.extra-experimental-features = "nix-command flakes";
 
@@ -11,19 +11,13 @@
     flake-compat.url = "github:edolstra/flake-compat";
     flake-compat.flake = false;
 
-    digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
+    nix-darwin.url = "github:lnl7/nix-darwin/master";
-    digga.inputs.nixpkgs.follows = "nixos";
+    nix-darwin.inputs.nixpkgs.follows = "nixos";
-    digga.inputs.nixlib.follows = "nixos";
+    home-manager.url = "github:nix-community/home-manager/release-23.05";
-    digga.inputs.home-manager.follows = "home";
+    home-manager.inputs.nixpkgs.follows = "nixos";
-    digga.inputs.deploy.follows = "deploy";
-    digga.inputs.darwin.follows = "darwin";
-    digga.inputs.flake-compat.follows = "flake-compat";
 
-    home.url = "github:nix-community/home-manager/release-23.05";
+    flake-parts.url = "github:hercules-ci/flake-parts";
-    home.inputs.nixpkgs.follows = "nixos";
+    nixos-flake.url = "github:srid/nixos-flake";
-
-    darwin.url = "github:LnL7/nix-darwin";
-    darwin.inputs.nixpkgs.follows = "nixos";
 
     deploy.url = "github:serokell/deploy-rs";
     deploy.inputs.nixpkgs.follows = "nixos";
@@ -48,6 +42,82 @@
     adblock-unbound.inputs.nixpkgs.follows = "nixos";
   };
 
+  outputs = inputs@{ self, ... }:
+    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+        "x86_64-darwin"
+        "aarch64-darwin"
+      ];
+
+      imports = [
+        inputs.nixos-flake.flakeModule
+      ];
+
+      perSystem = { config, ... }: { };
+
+      flake = {
+        # Configurations for Linux (NixOS) machines
+        nixosConfigurations = {
+          biolimo = self.nixos-flake.lib.mkLinuxSystem "x86_64-linux" {
+            imports = [
+              self.nixosModules.linux
+              self.nixosModules.home-manager
+              self.nixosModules.agenix
+              self.nixosModules.musnix
+              ./hosts/biolimo/default.nix
+            ];
+          };
+        };
+
+        nixosModules = rec {
+          arduino = import ./modules/arduino/default.nix;
+          audio = import ./modules/audio/default.nix;
+          ci-runner = import ./modules/ci-runner/default.nix;
+          core = import ./modules/core/default.nix;
+          crypto = import ./modules/crypto/default.nix;
+          devops = import ./modules/devops/default.nix;
+          docker = import ./modules/docker/default.nix;
+          docker-ci-runner = import ./modules/docker-ci-runner/default.nix;
+          email = import ./modules/email/default.nix;
+          factorio = import ./modules/factorio/default.nix;
+          gaming = import ./modules/gaming/default.nix;
+          graphical = import ./modules/graphical/default.nix;
+          mobile = import ./modules/mobile/default.nix;
+          nextcloud = import ./modules/nextcloud/default.nix;
+          office = import ./modules/office/default.nix;
+          paperless = import ./modules/paperless/default.nix;
+          paranoia = import ./modules/paranoia/default.nix;
+          printing = import ./modules/printing/default.nix;
+          social = import ./modules/social/default.nix;
+          sway = import ./modules/sway/default.nix;
+          terminal-life = import ./modules/terminal-life/default.nix;
+          uhk = import ./modules/uhk/default.nix;
+          user = import ./modules/user/default.nix;
+          virtualisation = import ./modules/virtualisation/default.nix;
+
+
+          base = [users.pub-solar users.root];
+          iso = base ++ [base-user graphical pub-solar-iso];
+          pubsolaros = [full-install base-user users.root];
+          anonymous = [pubsolaros users.pub-solar];
+
+          b12f = pubsolaros ++ [users.b12f social gaming mobile];
+          biolimo = b12f ++ [graphical];
+          chocolatebar = b12f ++ [graphical virtualisation];
+
+          yule = pubsolaros ++ [users.yule];
+          droppie = yule ++ [];
+          pie = yule ++ [];
+          maoam = b12f ++ [];
+        };
+
+        homeModules = { };
+      };
+    };
+}
+
   outputs = {
     self,
     digga,

hosts/biolimo/biolimo.nix

@@ -1,47 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-with lib; let
-  psCfg = config.pub-solar;
-  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
-  imports = [
-    ./configuration.nix
-  ];
-
-  config = {
-    pub-solar.paranoia.enable = true;
-    pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
-    pub-solar.core.hibernation.resumeOffset = 15296512;
-
-    hardware.cpu.intel.updateMicrocode = true;
-
-    networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
-
-    services.printing.drivers = [
-      pkgs.cups-brother-hl3140cw
-    ];
-
-    home-manager = with pkgs;
-      pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
-        xdg.configFile = mkIf psCfg.sway.enable {
-          "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
-          "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
-          "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
-          "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
-        };
-
-        home.packages = [
-          inkscape
-        ];
-      };
-
-    # For OpenProject development with https
-    security.pki.certificates = [
-      (builtins.readFile ./step-roots.pem)
-    ];
-  };
-}

hosts/biolimo/configuration.nix

@@ -1,20 +1,47 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
 {
   config,
   pkgs,
   ...
-}: {
+}:
-  imports = [
+with lib; let
-    # Include the results of the hardware scan.
+  psCfg = config.pub-solar;
-    ./hardware-configuration.nix
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-  ];
+in {
-
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
+  pub-solar.paranoia.enable = true;
+  pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
+  pub-solar.core.hibernation.resumeOffset = 15296512;
+
+  hardware.cpu.intel.updateMicrocode = true;
+
+  networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
+
+  services.printing.drivers = [
+    pkgs.cups-brother-hl3140cw
+  ];
+
+  home-manager = with pkgs;
+    pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
+      xdg.configFile = mkIf psCfg.sway.enable {
+        "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+        "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+        "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+        "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
+      };
+
+      home.packages = [
+        inkscape
+      ];
+    };
+
+  # For OpenProject development with https
+  security.pki.certificates = [
+    (builtins.readFile ./step-roots.pem)
+  ];
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

hosts/biolimo/default.nix

@@ -1,7 +1,6 @@
-{suites, ...}: {
+{...}: {
-  imports =
+  imports = [
-    [
+    ./configuration.nix
-      ./biolimo.nix
+    ./hardware-configuration.nix
-    ]
+  ];
-    ++ suites.biolimo;
 }

hosts/chocolatebar/chocolatebar.nix

@@ -1,109 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  self,
-  inputs,
-  ...
-}:
-with lib; let
-  psCfg = config.pub-solar;
-  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
-  imports = [
-    ./configuration.nix
-    ./virtualisation
-    ./factorio
-  ];
-
-  config = {
-    hardware.cpu.amd.updateMicrocode = true;
-
-    hardware.opengl.extraPackages = with pkgs; [
-      rocm-opencl-icd
-      rocm-opencl-runtime
-    ];
-
-    pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
-    pub-solar.core.hibernation.resumeOffset = 115075072;
-
-    pub-solar.paperless.sync.masterNode = true;
-
-    age.secrets."drone-runner-exec-config" = {
-      file = "${self}/secrets/drone-runner-exec-config";
-      mode = "400";
-      owner = psCfg.user.name;
-    };
-
-    pub-solar.docker-ci-runner = {
-      enable = true;
-      runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
-    };
-
-    pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
-
-    services.openssh.openFirewall = true;
-    networking.firewall.allowedTCPPorts =
-      [443]
-      ++ (
-        if psCfg.sway.vnc.enable
-        then [5901]
-        else []
-      );
-    networking.firewall.allowedUDPPorts = [43050];
-
-    environment.systemPackages = with pkgs; [
-      wayvnc
-      drone-docker-runner
-      stdenv.cc.cc.lib
-      pkgs.hplip
-    ];
-
-    age.secrets."vnc-key.pem" = {
-      file = "${self}/secrets/vnc-key-chocolatebar.pem";
-      mode = "400";
-      owner = psCfg.user.name;
-    };
-    age.secrets."vnc-cert.pem" = {
-      file = "${self}/secrets/vnc-cert-chocolatebar.pem";
-      mode = "400";
-      owner = psCfg.user.name;
-    };
-    pub-solar.sway.vnc.enable = true;
-
-    services.printing.drivers = [
-      pkgs.cups-brother-hl3140cw
-    ];
-
-    services.udev.extraRules = ''
-      SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
-    '';
-
-    home-manager.users."${psCfg.user.name}" = {
-      xdg.configFile = mkIf psCfg.sway.enable {
-        "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
-        "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
-        "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
-      };
-
-      home.sessionVariables = {
-        NIX_CC = "${pkgs.stdenv.cc}";
-      };
-
-      home.packages = with pkgs; [
-        lmms
-        audacity
-      ];
-    };
-
-    musnix = {
-      enable = true;
-      kernel.realtime = true;
-    };
-
-    # For OpenProject development with https
-    security.pki.certificates = [
-      (builtins.readFile ./step-roots.pem)
-    ];
-  };
-}

hosts/chocolatebar/configuration.nix

@@ -1,20 +1,106 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
 {
   config,
   pkgs,
   ...
-}: {
+}:
-  imports = [
+with lib; let
-    # Include the results of the hardware scan.
+  psCfg = config.pub-solar;
-    ./hardware-configuration.nix
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+  hardware.cpu.amd.updateMicrocode = true;
+
+  hardware.opengl.extraPackages = with pkgs; [
+    rocm-opencl-icd
+    rocm-opencl-runtime
   ];
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
+  pub-solar.paranoia.enable = true;
+  pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
+  pub-solar.core.hibernation.resumeOffset = 115075072;
+
+  pub-solar.paperless.sync.masterNode = true;
+
+  age.secrets."drone-runner-exec-config" = {
+    file = "${self}/secrets/drone-runner-exec-config";
+    mode = "400";
+    owner = psCfg.user.name;
+  };
+
+  pub-solar.docker-ci-runner = {
+    enable = true;
+    runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
+  };
+
+  pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
+
+  services.openssh.openFirewall = true;
+  networking.firewall.allowedTCPPorts =
+    [443]
+    ++ (
+      if psCfg.sway.vnc.enable
+      then [5901]
+      else []
+    );
+  networking.firewall.allowedUDPPorts = [43050];
+
+  environment.systemPackages = with pkgs; [
+    wayvnc
+    drone-docker-runner
+    stdenv.cc.cc.lib
+    pkgs.hplip
+  ];
+
+  age.secrets."vnc-key.pem" = {
+    file = "${self}/secrets/vnc-key-chocolatebar.pem";
+    mode = "400";
+    owner = psCfg.user.name;
+  };
+  age.secrets."vnc-cert.pem" = {
+    file = "${self}/secrets/vnc-cert-chocolatebar.pem";
+    mode = "400";
+    owner = psCfg.user.name;
+  };
+  pub-solar.sway.vnc.enable = true;
+
+  services.printing.drivers = [
+    pkgs.cups-brother-hl3140cw
+  ];
+
+  services.udev.extraRules = ''
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
+  '';
+
+  home-manager.users."${psCfg.user.name}" = {
+    xdg.configFile = mkIf psCfg.sway.enable {
+      "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+      "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+      "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+    };
+
+    home.sessionVariables = {
+      NIX_CC = "${pkgs.stdenv.cc}";
+    };
+
+    home.packages = with pkgs; [
+      lmms
+      audacity
+    ];
+  };
+
+  musnix = {
+    enable = true;
+    kernel.realtime = true;
+  };
+
+  # For OpenProject development with https
+  security.pki.certificates = [
+    (builtins.readFile ./step-roots.pem)
+  ];
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

hosts/chocolatebar/default.nix

@@ -1,7 +1,9 @@
-{suites, ...}: {
+{...}: {
-  imports =
+  imports = [
-    [
+    ./configuration.nix
-      ./chocolatebar.nix
+    ./hardware-configuration.nix
-    ]
+
-    ++ suites.chocolatebar;
+    ./virtualisation
+    ./factorio
+  ];
 }

hosts/droppie/configuration.nix

@@ -1,17 +1,13 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
 {
   config,
   pkgs,
   lib,
   ...
-}: {
+}:
-  imports = [
+with lib; let
-    # Include the results of the hardware scan.
+  psCfg = config.pub-solar;
-    ./hardware-configuration.nix
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-  ];
+in {
-
   boot.loader.systemd-boot.enable = lib.mkForce false;
   boot.loader.grub = {
     enable = true;
@@ -20,6 +16,47 @@
   };
   boot.loader.efi.canTouchEfiVariables = true;
 
+  hardware.cpu.intel.updateMicrocode = true;
+
+  pub-solar.core.disk-encryption-active = false;
+  pub-solar.core.lite = true;
+
+  security.sudo.extraRules = [
+    {
+      users = ["${psCfg.user.name}"];
+      commands = [
+        {
+          command = "ALL";
+          options = ["NOPASSWD"];
+        }
+      ];
+    }
+  ];
+
+  services.ddclient = {
+    enable = false;
+    ipv6 = true;
+    domains = ["backup.b12f.io"];
+    server = "ddns.hosting.de";
+    username = "b12f";
+    use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'";
+    passwordFile = "/run/agenix/dyndns-droppie.key";
+  };
+
+  age.secrets."dyndns-droppie.key" = {
+    file = "${self}/secrets/dyndns-droppie.key";
+    mode = "400";
+    owner = "root";
+  };
+
+  # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie
+  age.secrets."droppie-ssh-root.key" = {
+    file = "${self}/secrets/droppie-ssh-root.key";
+    path = "/home/${psCfg.user.name}/.ssh/id_ed25519";
+    mode = "400";
+    owner = psCfg.user.name;
+  };
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

hosts/droppie/default.nix

@@ -1,7 +1,9 @@
-{suites, ...}: {
+{...}: {
-  imports =
+  imports = [
-    [
+    ./configuration.nix
-      ./droppie.nix
+    ./hardware-configuration.nix
-    ]
+
-    ++ suites.droppie;
+    ./nextcloud-web-tunnel.nix
+    ./restic-backup.nix
+  ];
 }

hosts/droppie/droppie.nix

@@ -1,60 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  self,
-  ...
-}:
-with lib; let
-  psCfg = config.pub-solar;
-  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
-  imports = [
-    ./configuration.nix
-    ./nextcloud-web-tunnel.nix
-    ./restic-backup.nix
-  ];
-
-  config = {
-    hardware.cpu.intel.updateMicrocode = true;
-
-    pub-solar.core.disk-encryption-active = false;
-    pub-solar.core.lite = true;
-
-    security.sudo.extraRules = [
-      {
-        users = ["${psCfg.user.name}"];
-        commands = [
-          {
-            command = "ALL";
-            options = ["NOPASSWD"];
-          }
-        ];
-      }
-    ];
-
-    services.ddclient = {
-      enable = false;
-      ipv6 = true;
-      domains = ["backup.b12f.io"];
-      server = "ddns.hosting.de";
-      username = "b12f";
-      use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'";
-      passwordFile = "/run/agenix/dyndns-droppie.key";
-    };
-
-    age.secrets."dyndns-droppie.key" = {
-      file = "${self}/secrets/dyndns-droppie.key";
-      mode = "400";
-      owner = "root";
-    };
-
-    # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie
-    age.secrets."droppie-ssh-root.key" = {
-      file = "${self}/secrets/droppie-ssh-root.key";
-      path = "/home/${psCfg.user.name}/.ssh/id_ed25519";
-      mode = "400";
-      owner = psCfg.user.name;
-    };
-  };
-}

hosts/pie/configuration.nix

@@ -7,11 +7,11 @@
   lib,
   inputs,
   ...
-}: {
+}:
-  imports = [
+with lib; let
-    ./hardware-configuration.nix
+  psCfg = config.pub-solar;
-  ];
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-
+in {
   boot.loader.grub.enable = true;
   boot.loader.grub.efiSupport = true;
   boot.loader.grub.efiInstallAsRemovable = true;
@@ -27,6 +27,33 @@
 
   boot.kernelPackages = pkgs.linuxPackages_6_1;
 
+  pub-solar.core.disk-encryption-active = false;
+  pub-solar.core.lite = true;
+
+  networking.defaultGateway = {
+    address = "192.168.178.1";
+    interface = "enabcm6e4ei0";
+  };
+
+  networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
+    {
+      address = "192.168.178.2";
+      prefixLength = 24;
+    }
+  ];
+
+  security.sudo.extraRules = [
+    {
+      users = ["${psCfg.user.name}"];
+      commands = [
+        {
+          command = "ALL";
+          options = ["NOPASSWD"];
+        }
+      ];
+    }
+  ];
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

hosts/pie/default.nix

@@ -1,7 +1,10 @@
-{suites, ...}: {
+{...}: {
-  imports =
+  imports = [
-    [
+    ./configuration.nix
-      ./pie.nix
+    ./hardware-configuration.nix
-    ]
+
-    ++ suites.pie;
+    ./unbound.nix
+    ./dhcpd.nix
+    ./wake-droppie.nix
+  ];
 }

hosts/pie/pie.nix

@@ -1,47 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  self,
-  ...
-}:
-with lib; let
-  psCfg = config.pub-solar;
-  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in {
-  imports = [
-    ./configuration.nix
-    ./unbound.nix
-    ./dhcpd.nix
-    ./wake-droppie.nix
-  ];
-
-  config = {
-    pub-solar.core.disk-encryption-active = false;
-    pub-solar.core.lite = true;
-
-    networking.defaultGateway = {
-      address = "192.168.178.1";
-      interface = "enabcm6e4ei0";
-    };
-
-    networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
-      {
-        address = "192.168.178.2";
-        prefixLength = 24;
-      }
-    ];
-
-    security.sudo.extraRules = [
-      {
-        users = ["${psCfg.user.name}"];
-        commands = [
-          {
-            command = "ALL";
-            options = ["NOPASSWD"];
-          }
-        ];
-      }
-    ];
-  };
-}