cute refactor

flake.nix

@@ -9,7 +9,7 @@
 
     vscode-server.url = "github:nix-community/nixos-vscode-server";
     agenix.url = "github:ryantm/agenix";
-    zen-browser = { 
+    zen-browser = {
       url = "github:0xc000022070/zen-browser-flake";
       inputs.nixpkgs.follows = "nixpkgs";
     };
@@ -21,75 +21,83 @@
     };
   };
 
-  outputs = inputs@{ self, nixpkgs, lix-module, vscode-server, agenix, zen-browser, catppuccin, home-manager, ... }: {
+  outputs =
-    nixosConfigurations = {
+    { self, ... }@inputs:
-      focalor = nixpkgs.lib.nixosSystem {
+    with inputs;
-        system = "x86_64-linux";
+    let
-        specialArgs = { inherit inputs; system = "x86_64-linux"; };
+      nixosModules = builtins.listToAttrs (
-        modules = [
+        map (module: {
-          ./hosts/focalor
+          name = module;
-          lix-module.nixosModules.default
+          value = import (./modules + "/${module}");
-          
+        }) (builtins.attrNames (builtins.readDir ./modules))
-          vscode-server.nixosModules.default
+      );
-          agenix.nixosModules.default
+    in
-          
+    {
-          ({ config, pkgs, ... }: {
+      nixosConfigurations = {
-            services.vscode-server.enable = true;
+        focalor = nixpkgs.lib.nixosSystem {
-            services.vscode-server.nodejsPackage = pkgs.nodejs_20;
+          system = "x86_64-linux";
-            environment.systemPackages = [ agenix.packages.x86_64-linux.default ];
+          specialArgs = {
-          })
+            inherit inputs;
+            system = "x86_64-linux";
+          };
+          modules = [
+            ./hosts/focalor
+            lix-module.nixosModules.default
 
-          catppuccin.nixosModules.catppuccin
+            vscode-server.nixosModules.default
+            agenix.nixosModules.default
 
-          home-manager.nixosModules.home-manager {
+            catppuccin.nixosModules.catppuccin
-            home-manager.useGlobalPkgs = true;
+
-            home-manager.backupFileExtension = "HMBackup";
+            home-manager.nixosModules.home-manager
-            home-manager.users.regent.imports = [
+            {
-              ./home/regent/home.nix
+              home-manager.useGlobalPkgs = true;
-              catppuccin.homeModules.catppuccin
+              home-manager.backupFileExtension = "HMBackup";
+              home-manager.users.regent.imports = [
+                ./home/regent/home.nix
+                catppuccin.homeModules.catppuccin
+              ];
+              home-manager.extraSpecialArgs = {
+                inherit inputs;
+                system = "x86_64-linux";
+              };
+            }
+          ];
+        };
+
+        valefar = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            ./hosts/valefar
+            lix-module.nixosModules.default
+
+            vscode-server.nixosModules.default
+            agenix.nixosModules.default
+
+            { imports = builtins.attrValues nixosModules; }
+          ];
+        };
+
+        buer = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            ./hosts/buer
+
+            agenix.nixosModules.default
+          ];
+        };
+
+        # Easy to add more hosts
+        /*
+          server2 = nixpkgs.lib.nixosSystem {
+            system = "x86_64-linux";
+            modules = [
+              ./hosts/server2
+              agenix.nixosModules.default
+              # different services for server2
             ];
-            home-manager.extraSpecialArgs = { inherit inputs; system = "x86_64-linux";};
+          };
-          }
+        */
-        ];
       };
-
-      valefar = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        modules = [
-          ./hosts/valefar  # imports configuration.nix automatically
-          lix-module.nixosModules.default
-          
-          # External modules
-          vscode-server.nixosModules.default
-          agenix.nixosModules.default
-          
-          # Global external module config
-          ({ config, pkgs, ... }: {
-            services.vscode-server.enable = true;
-            services.vscode-server.nodejsPackage = pkgs.nodejs_20;
-            environment.systemPackages = [ agenix.packages.x86_64-linux.default ];
-          })
-        ];
-      };
-
-      buer = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        modules = [
-          ./hosts/buer
-
-          agenix.nixosModules.default  
-        ];
-      };
-      
-      # Easy to add more hosts
-      /*server2 = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        modules = [
-          ./hosts/server2
-          agenix.nixosModules.default
-          # different services for server2
-        ];
-      };*/
     };
-  };
+}
-}

hosts/buer/default.nix

@@ -13,13 +13,15 @@
     ../../modules/common/services.nix
     
     # Services specific to this host
-    ../../services/garage.nix
     #../../services/forgejo.nix
 
     # Common secrets
     ../../host-secrets.nix
   ];
 
+  system.stateVersion = "24.11";
+  modules.garage.enable = true;
+
   # pin host platform & microcode
   nixpkgs.hostPlatform               = lib.mkDefault "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault

hosts/focalor/default.nix

@@ -20,13 +20,12 @@
     # Nvidia
     ../../modules/common/nvidia.nix
     
-    # Services specific to this host
-    #../../services/xyz.nix    
-
     # Common secrets
     #../../host-secrets.nix
   ];
 
+  system.stateVersion = "24.11";
+
   # pin host platform & microcode
   nixpkgs.hostPlatform               = lib.mkDefault "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault
@@ -62,6 +61,7 @@
   environment.systemPackages = with pkgs; [
     #lm_sensors
     code-server
+    agenix.packages.x86_64-linux.default
   ];
 
   environment.sessionVariables.WLR_RENDERER = "vulkan";

hosts/valefar/default.nix

@@ -14,14 +14,16 @@
     ../../modules/common/services.nix
     ../../modules/common/efi.nix
     
-    # Services specific to this host
-    ../../services/garage.nix
-    ../../services/forgejo.nix
-
     # Common secrets
     ../../host-secrets.nix
   ];
 
+  # Enable modules
+  modules.garage.enable = true;
+  modules.forgejo.enable = true;
+
+  system.stateVersion = "24.11";
+
   # pin host platform & microcode
   nixpkgs.hostPlatform               = lib.mkDefault "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault
@@ -83,9 +85,13 @@
   services.zfs.autoScrub.enable = true;
   services.zfs.trim.enable = true;
 
+  services.vscode-server.enable = true;
+  services.vscode-server.nodejsPackage = pkgs.nodejs_20;
+
   environment.systemPackages = with pkgs; [
     lm_sensors
     code-server
+    agenix.packages.x86_64-linux.default
   ];
 
   virtualisation.docker = {

modules/caddy/caddy.nix

@@ -0,0 +1,14 @@
+{lib, pkgs, config, ...}:
+
+{
+ 
+  services.caddy = {
+    enable = true;
+
+    virtualHosts = {
+      "s3.nekomimi.pet".extraConfig = ''
+        reverse_proxy http://127.0.0.1:3903
+      ''
+    };
+  };
+}

modules/common/system.nix

@@ -11,7 +11,5 @@
 
   time.timeZone     = "America/New_York";
   i18n.defaultLocale = "en_US.UTF-8";
-
-  system.stateVersion = "24.11";
 }
 

modules/forgejo/default.nix

@@ -0,0 +1,49 @@
+{ lib, pkgs, config, ... }:
+
+with lib;
+let
+  cfg = config.modules.forgejo;
+  sshPort = 2222;
+  httpPort = 5000;
+in
+{
+  options = {
+    modules = {
+      forgejo = {
+        enable = mkEnableOption "Deploy forgejo";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [
+      sshPort
+      httpPort
+    ];
+
+    services.forgejo = {
+      enable = true;
+      database = {
+        type = "sqlite3";
+        path = "/var/lib/forgejo/forgejo.db";
+      };
+      lfs.enable = true;
+      settings = {
+        server = {
+          domain = "git.nekomimi.pet";
+          ROOT_URL = "https://git.nekomimi.pet";
+          LANDING_PAGE = "explore";
+          HTTP_PORT = 5000;
+          SSH_LISTEN_PORT = 2222;
+          SSH_PORT = 2222;
+          START_SSH_SERVER = true;
+        };
+        # service.DISABLE_REGISTRATION = true;
+        actions = {
+          ENABLED = true;
+          DEFAULT_ACTIONS_URL = "github";
+        };
+      };
+    };
+  };
+}

modules/garage/default.nix

@@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.modules.garage;
+in
+{
+  options = {
+    modules = {
+      garage = {
+        enable = mkEnableOption "Deploy garage";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.garage = {
+      enable = true;
+      package = pkgs.garage;
+      settings = {
+        metadata_dir = "/garage/metadata";
+        data_dir = "/garage/data";
+        db_engine = "lmdb";
+        replication_mode = "2";
+        rpc_bind_addr = "[::]:3901";
+        rpc_public_addr = "${config.networking.hostName}:3901";
+        rpc_secret_file = config.age.secrets."garage-rpc-secret".path;
+        s3_api = {
+          s3_region = config.networking.hostName;
+          api_bind_addr = "[::]:3900";
+          root_domain = ".s3.nekomimi.pet";
+        };
+        s3_web = {
+          bind_addr = "[::]:3902";
+          root_domain = ".web.nekomimi.pet";
+          index = "index.html";
+        };
+        admin = {
+          api_bind_addr = "[::]:3903";
+          admin_token_file = config.age.secrets."garage-admin-token".path;
+          metrics_token_file = config.age.secrets."garage-metrics-token".path;
+        };
+        bootstrap_peers = [
+          "d548d0c9ae9aec9e26fe0bd2ca3efe75f654fa350bad5cb02bc9aebc9850ba8f@[2a04:52c0:135:48d1::2]:3901" # buer
+          "5504cb25910dcef4a4312006691d651c099cde7c3a88df9ca79aa350571e6e65@[2601:5c2:8400:26c0:4ecc:6aff:fef7:98ca]:3901" #valefar
+        ];
+      };
+    };
+  };
+}

modules/github-runners/default.nix

@@ -0,0 +1,47 @@
+{ lib, pkgs, config, ... }:
+
+with lib;
+let
+  cfg = config.modules.github-runners;
+  extraPackages = 
+    let gtar = pkgs.runCommandNoCC "gtar" { } ''
+      mkdir -p $out/bin
+      ln -s ${lib.getExe pkgs.gnutar} $out/bin/gtar
+    '';
+    in
+    with pkgs; [
+      nix
+      nixci
+      cachix
+      coreutils
+      which
+      jq
+      gtar
+      docker
+      curl
+    ];
+in
+{
+  options = {
+    modules = {
+      github-runners = {
+        enable = mkEnableOption "Deploy github runners";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.github-runners = {
+      simplelink = {
+        enable     = true;
+        name       = "simplelink";
+        url        = "https://github.com/waveringana/simplelink";
+        token  = config.age.secrets."build-token".path;
+        user = "regent";
+        group = "docker";
+        extraPackages = extraPackages;
+       };
+    };
+  };
+}
+

services/forgejo.nix

@@ -1,32 +0,0 @@
-{lib, pkgs, config, ...}:
-
-let
-  cfg = config.services.forgejo;
-  srv = cfg.settings.server;
-in
-{
-  services.forgejo = {
-    enable = true;
-    database = {
-      type = "sqlite3";
-      path = "/var/lib/forgejo/forgejo.db";
-    };
-    lfs.enable = true;
-    settings = {
-      server = {
-        domain = "git.nekomimi.pet";
-        ROOT_URL = "https://git.nekomimi.pet";
-        LANDING_PAGE = "explore";
-        HTTP_PORT = 5000;
-        SSH_LISTEN_PORT = 2222;
-        SSH_PORT = 2222;
-        START_SSH_SERVER = true;
-      };
-      # service.DISABLE_REGISTRATION = true; 
-      actions = {
-        ENABLED = true;
-        DEFAULT_ACTIONS_URL = "github";
-      };
-    };
-  };
-}

services/garage.nix

@@ -1,36 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  services.garage = {
-    enable = true;
-    package = pkgs.garage;
-    settings = {
-      metadata_dir = "/garage/metadata";
-      data_dir = "/garage/data";
-      db_engine = "lmdb";
-      replication_mode = "2";
-      rpc_bind_addr = "[::]:3901";
-      rpc_public_addr = "${config.networking.hostName}:3901";
-      rpc_secret_file = config.age.secrets."garage-rpc-secret".path;
-      s3_api = {
-        s3_region = config.networking.hostName;
-        api_bind_addr = "[::]:3900";
-        root_domain = ".s3.nekomimi.pet";
-      };
-      s3_web = {
-        bind_addr = "[::]:3902";
-        root_domain = ".web.nekomimi.pet";
-        index = "index.html";
-      };
-      admin = {
-        api_bind_addr = "[::]:3903";
-        admin_token_file = config.age.secrets."garage-admin-token".path;
-        metrics_token_file = config.age.secrets."garage-metrics-token".path;
-      };
-      bootstrap_peers = [
-        "d548d0c9ae9aec9e26fe0bd2ca3efe75f654fa350bad5cb02bc9aebc9850ba8f@[2a04:52c0:135:48d1::2]:3901" # buer
-        "5504cb25910dcef4a4312006691d651c099cde7c3a88df9ca79aa350571e6e65@[2601:5c2:8400:26c0:4ecc:6aff:fef7:98ca]:3901" #valefar
-      ];
-    };
-  };
-}

services/github-runners.nix

@@ -1,35 +0,0 @@
-{ lib, pkgs, ... }:
-
-let extraPackages = 
-  let gtar = pkgs.runCommandNoCC "gtar" { } ''
-    mkdir -p $out/bin
-    ln -s ${lib.getExe pkgs.gnutar} $out/bin/gtar
-  '';
-  in
-  with pkgs; [
-    nix
-    nixci
-    cachix
-    coreutils
-    which
-    jq
-    gtar
-    docker
-    curl
-  ];
-
-in
-{
-  services.github-runners = {
-    simplelink = {
-      enable     = true;
-      name       = "simplelink";
-      url        = "https://github.com/waveringana/simplelink";
-      token  = config.age.secrets."build-token".path;
-      user = "regent";
-      group = "docker";
-      extraPackages = extraPackages;
-     };
-  };
-}
-