From 100f02a2d84122e49f888766d3e92a5714839eff Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Tue, 3 Feb 2026 21:09:06 +0100 Subject: [PATCH] profiles: Introduce core, server and workstation profiles --- flake-parts/hosts.nix | 5 +-- flake-parts/profiles.nix | 12 ++++++++ hosts/desktop/default.nix | 39 +++--------------------- hosts/desktop/hardware.nix | 2 -- hosts/laptop/default.nix | 37 +++------------------- hosts/laptop/hardware.nix | 2 -- hosts/vps-monitor/default.nix | 28 ++--------------- hosts/vps-monitor/hardware.nix | 2 -- hosts/vps-private/default.nix | 28 +++-------------- hosts/vps-private/hardware.nix | 2 -- hosts/vps-public/default.nix | 44 ++++++--------------------- hosts/vps-public/hardware.nix | 2 -- hosts/common.nix => profiles/core.nix | 15 ++++++++- profiles/server.nix | 17 +++++++++++ profiles/workstation.nix | 22 ++++++++++++++ 15 files changed, 94 insertions(+), 163 deletions(-) create mode 100644 flake-parts/profiles.nix rename hosts/common.nix => profiles/core.nix (88%) create mode 100644 profiles/server.nix create mode 100644 profiles/workstation.nix diff --git a/flake-parts/hosts.nix b/flake-parts/hosts.nix index 399a6e5..a99ca4a 100644 --- a/flake-parts/hosts.nix +++ b/flake-parts/hosts.nix @@ -11,8 +11,9 @@ let specialArgs = { inherit inputs self; }; modules = [ { networking = { inherit hostName; }; } - "${self}/hosts/common.nix" - "${self}/hosts/${hostName}" + "${self}/hosts/${hostName}/default.nix" + "${self}/hosts/${hostName}/hardware.nix" + "${self}/hosts/${hostName}/disko.nix" "${self}/users/seb" ] ++ lib.optional (lib.pathExists "${self}/users/seb/@${hostName}") "${self}/users/seb/@${hostName}"; diff --git a/flake-parts/profiles.nix b/flake-parts/profiles.nix new file mode 100644 index 0000000..abb1413 --- /dev/null +++ b/flake-parts/profiles.nix @@ -0,0 +1,12 @@ +{ self, lib, ... }: +{ + flake.nixosModules = + "${self}/profiles" + |> builtins.readDir + |> lib.attrNames + |> lib.map (name: { + name = "profile-${name |> lib.removeSuffix ".nix"}"; + value = "${self}/profiles/${name}"; + }) + |> lib.listToAttrs; +} diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix index 6438e32..f246fdd 100644 --- a/hosts/desktop/default.nix +++ b/hosts/desktop/default.nix @@ -1,51 +1,22 @@ -{ inputs, pkgs, ... }: +{ self, ... }: { - imports = [ - ./hardware.nix - ./disko.nix - inputs.disko.nixosModules.default - ]; + imports = [ self.nixosModules.profile-workstation ]; system.stateVersion = "23.11"; - boot.kernelPackages = pkgs.linuxPackages_latest; custom = { - sops.enable = true; - - boot = { - loader.systemd-boot.enable = true; - silent = true; - }; - - dm.tuigreet = { - enable = true; - autoLogin = true; - }; - de.hyprland.enable = true; + boot.loader.systemd-boot.enable = true; networking = { - overlay = { - address = "10.254.250.1"; - role = "client"; - }; + overlay.address = "10.254.250.1"; underlay = { interface = "enp6s0"; useDhcp = true; }; }; - services = { - auto-gc.enable = true; - sound.enable = true; - sshd.enable = true; - syncthing = { - enable = true; - deviceId = "FAJS5WM-UAWGW2U-FXCGPSP-VAUOTGM-XUKSEES-D66PMCJ-WBODJLV-XTNCRA7"; - }; - }; + services.syncthing.deviceId = "FAJS5WM-UAWGW2U-FXCGPSP-VAUOTGM-XUKSEES-D66PMCJ-WBODJLV-XTNCRA7"; programs.steam.enable = true; }; - - programs.localsend.enable = true; } diff --git a/hosts/desktop/hardware.nix b/hosts/desktop/hardware.nix index f64a03d..a69b7d9 100644 --- a/hosts/desktop/hardware.nix +++ b/hosts/desktop/hardware.nix @@ -22,8 +22,6 @@ _: { ]; }; - zramSwap.enable = true; - # Prevent immediate wake-up from suspend caused by the logi bolt receiver services.udev.extraRules = '' ACTION=="add" SUBSYSTEM=="pci" ATTR{vendor}=="0x1022" ATTR{device}=="0x43ee" ATTR{power/wakeup}="disabled" diff --git a/hosts/laptop/default.nix b/hosts/laptop/default.nix index 7e72934..ecfa4b4 100644 --- a/hosts/laptop/default.nix +++ b/hosts/laptop/default.nix @@ -1,33 +1,14 @@ -{ inputs, pkgs, ... }: +{ self, ... }: { - imports = [ - ./hardware.nix - ./disko.nix - inputs.disko.nixosModules.default - ]; + imports = [ self.nixosModules.profile-workstation ]; system.stateVersion = "24.11"; - boot.kernelPackages = pkgs.linuxPackages_latest; custom = { - sops.enable = true; - - boot = { - loader.systemd-boot.enable = true; - silent = true; - }; - - dm.tuigreet = { - enable = true; - autoLogin = true; - }; - de.hyprland.enable = true; + boot.loader.systemd-boot.enable = true; networking = { - overlay = { - address = "10.254.250.3"; - role = "client"; - }; + overlay.address = "10.254.250.3"; underlay = { interface = "wlan0"; useDhcp = true; @@ -36,14 +17,8 @@ }; services = { - auto-gc.enable = true; bluetooth.enable = true; - sound.enable = true; - sshd.enable = true; - syncthing = { - enable = true; - deviceId = "Q4YPD3V-GXZPHSN-PT5X4PU-FBG4GX2-IASBX75-7NYMG75-4EJHBMZ-4WGDDAP"; - }; + syncthing.deviceId = "Q4YPD3V-GXZPHSN-PT5X4PU-FBG4GX2-IASBX75-7NYMG75-4EJHBMZ-4WGDDAP"; }; programs = { @@ -51,6 +26,4 @@ wireshark.enable = true; }; }; - - programs.localsend.enable = true; } diff --git a/hosts/laptop/hardware.nix b/hosts/laptop/hardware.nix index 211eb00..f3153a5 100644 --- a/hosts/laptop/hardware.nix +++ b/hosts/laptop/hardware.nix @@ -20,8 +20,6 @@ ]; }; - zramSwap.enable = true; - services = { fwupd.enable = true; fprintd.enable = true; # fwupdmgr refresh && fwupdmgr update diff --git a/hosts/vps-monitor/default.nix b/hosts/vps-monitor/default.nix index b1c07f9..6337872 100644 --- a/hosts/vps-monitor/default.nix +++ b/hosts/vps-monitor/default.nix @@ -1,25 +1,16 @@ -{ config, inputs, ... }: +{ config, self, ... }: { - imports = [ - ./hardware.nix - ./disko.nix - inputs.disko.nixosModules.default - ]; + imports = [ self.nixosModules.profile-server ]; system.stateVersion = "25.11"; custom = { - persistence.enable = true; - - sops.enable = true; - boot.loader.grub.enable = true; networking = { overlay = { address = "10.254.250.5"; isLighthouse = true; - role = "server"; }; underlay = { interface = "enp1s0"; @@ -29,15 +20,7 @@ }; }; - services = { - auto-gc = { - enable = true; - onlyCleanRoots = true; - }; - comin.enable = true; - sshd.enable = true; - dns.enable = true; - }; + services.dns.enable = true; web-services = let @@ -77,11 +60,6 @@ enable = true; domain = "logs.${privateDomain}"; }; - - alloy = { - enable = true; - domain = "alloy.${config.networking.hostName}.${privateDomain}"; - }; }; }; } diff --git a/hosts/vps-monitor/hardware.nix b/hosts/vps-monitor/hardware.nix index ea58368..073f92f 100644 --- a/hosts/vps-monitor/hardware.nix +++ b/hosts/vps-monitor/hardware.nix @@ -12,6 +12,4 @@ "sd_mod" "sr_mod" ]; - - zramSwap.enable = true; } diff --git a/hosts/vps-private/default.nix b/hosts/vps-private/default.nix index d394503..9d69043 100644 --- a/hosts/vps-private/default.nix +++ b/hosts/vps-private/default.nix @@ -1,10 +1,6 @@ -{ config, inputs, ... }: +{ config, self, ... }: { - imports = [ - ./hardware.nix - ./disko.nix - inputs.disko.nixosModules.default - ]; + imports = [ self.nixosModules.profile-server ]; system.stateVersion = "25.11"; @@ -13,17 +9,12 @@ privateDomain = config.custom.networking.overlay.domain; in { - persistence.enable = true; - - sops.enable = true; - boot.loader.systemd-boot.enable = true; networking = { overlay = { address = "10.254.250.2"; isLighthouse = true; - role = "server"; }; underlay = { interface = "enp1s0"; @@ -34,19 +25,13 @@ }; services = { - auto-gc = { - enable = true; - onlyCleanRoots = true; - }; - comin.enable = true; - sshd.enable = true; dns.enable = true; syncthing = { enable = true; - isServer = true; - doBackups = true; deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD"; + isServer = true; gui.domain = "syncthing.${privateDomain}"; + doBackups = true; }; }; @@ -62,11 +47,6 @@ domain = "budget.${privateDomain}"; doBackups = true; }; - - alloy = { - enable = true; - domain = "alloy.${config.networking.hostName}.${privateDomain}"; - }; }; }; } diff --git a/hosts/vps-private/hardware.nix b/hosts/vps-private/hardware.nix index ea58368..073f92f 100644 --- a/hosts/vps-private/hardware.nix +++ b/hosts/vps-private/hardware.nix @@ -12,6 +12,4 @@ "sd_mod" "sr_mod" ]; - - zramSwap.enable = true; } diff --git a/hosts/vps-public/default.nix b/hosts/vps-public/default.nix index 7fc8cb4..1af796d 100644 --- a/hosts/vps-public/default.nix +++ b/hosts/vps-public/default.nix @@ -1,10 +1,6 @@ -{ config, inputs, ... }: +{ config, self, ... }: { - imports = [ - ./hardware.nix - ./disko.nix - inputs.disko.nixosModules.default - ]; + imports = [ self.nixosModules.profile-server ]; system.stateVersion = "25.11"; @@ -13,17 +9,10 @@ sproutedDomain = "sprouted.cloud"; in { - persistence.enable = true; - - sops.enable = true; - boot.loader.systemd-boot.enable = true; networking = { - overlay = { - address = "10.254.250.4"; - role = "server"; - }; + overlay.address = "10.254.250.4"; underlay = { interface = "enp1s0"; cidr = "167.235.73.246/32"; @@ -32,25 +21,15 @@ }; }; - services = { - auto-gc = { - enable = true; - onlyCleanRoots = true; - }; - comin.enable = true; - sshd.enable = true; - - caddy.virtualHosts."dav.${sproutedDomain}" = { - inherit (config.custom.web-services.radicale) port; - extraConfig = '' - respond /.web/ "Access denied" 403 { close } - ''; - }; + services.caddy.virtualHosts."dav.${sproutedDomain}" = { + inherit (config.custom.web-services.radicale) port; + extraConfig = '' + respond /.web/ "Access denied" 403 { close } + ''; }; web-services = let - privateDomain = config.custom.networking.overlay.domain; sstorkDomain = "sstork.dev"; in { @@ -94,14 +73,9 @@ radicale = { enable = true; - domain = "dav.${privateDomain}"; + domain = "dav.${config.custom.networking.overlay.domain}"; doBackups = true; }; - - alloy = { - enable = true; - domain = "alloy.${config.networking.hostName}.${privateDomain}"; - }; }; }; } diff --git a/hosts/vps-public/hardware.nix b/hosts/vps-public/hardware.nix index ea58368..073f92f 100644 --- a/hosts/vps-public/hardware.nix +++ b/hosts/vps-public/hardware.nix @@ -12,6 +12,4 @@ "sd_mod" "sr_mod" ]; - - zramSwap.enable = true; } diff --git a/hosts/common.nix b/profiles/core.nix similarity index 88% rename from hosts/common.nix rename to profiles/core.nix index 97fbd32..6f0e790 100644 --- a/hosts/common.nix +++ b/profiles/core.nix @@ -7,7 +7,10 @@ ... }: { - imports = [ self.nixosModules.default ]; + imports = [ + self.nixosModules.default + inputs.disko.nixosModules.default + ]; nix = let @@ -74,6 +77,8 @@ vimAlias = true; }; + zramSwap.enable = true; + environment.systemPackages = [ (lib.hiPrio pkgs.uutils-coreutils-noprefix) pkgs.git @@ -90,4 +95,12 @@ inherit (pkgs.stdenv.hostPlatform) system; inherit (config.nixpkgs) config; }; + + custom = { + sops.enable = true; + services = { + auto-gc.enable = true; + sshd.enable = true; + }; + }; } diff --git a/profiles/server.nix b/profiles/server.nix new file mode 100644 index 0000000..48574a0 --- /dev/null +++ b/profiles/server.nix @@ -0,0 +1,17 @@ +{ config, self, ... }: +{ + imports = [ self.nixosModules.profile-core ]; + + custom = { + persistence.enable = true; + networking.overlay.role = "server"; + services = { + auto-gc.onlyCleanRoots = true; + comin.enable = true; + }; + web-services.alloy = { + enable = true; + domain = "alloy.${config.networking.hostName}.${config.custom.networking.overlay.domain}"; + }; + }; +} diff --git a/profiles/workstation.nix b/profiles/workstation.nix new file mode 100644 index 0000000..714740c --- /dev/null +++ b/profiles/workstation.nix @@ -0,0 +1,22 @@ +{ self, pkgs, ... }: +{ + imports = [ self.nixosModules.profile-core ]; + + boot.kernelPackages = pkgs.linuxPackages_latest; + + custom = { + networking.overlay.role = "client"; + boot.silent = true; + dm.tuigreet = { + enable = true; + autoLogin = true; + }; + de.hyprland.enable = true; + services = { + sound.enable = true; + syncthing.enable = true; + }; + }; + + programs.localsend.enable = true; +}