profile/core: migrate to nixosModule

2026-01-29 01:03:02 +01:00 · 2026-01-24 22:40:40 +01:00 · 2026-01-24 22:40:40 +01:00 · a16d497ebb
commit a16d497ebb
parent a4d422e059
10 changed files with 208 additions and 157 deletions
--- a/images/base-config.nix
+++ b/images/base-config.nix
@ -50,10 +50,8 @@
        };
  };

-  imports = [
-    ../profiles/core/core.nix
-    ../profiles/core/nix.nix
-  ];
+  my.profiles.core.nix.enable = true;
+  my.profiles.core.packages.enable = true;

  documentation = {
    enable = lib.mkDefault false;
--- a/images/flake-module.nix
+++ b/images/flake-module.nix
@ -1,10 +1,16 @@
 { self, ... }:
 let
-  inherit (self.inputs) nixos-generators;
-  defaultModule = {
-    imports = [ ./base-config.nix ];
-    _module.args.inputs = self.inputs;
-  };
+  inherit (self.inputs) nixos-generators sops-nix;
+  defaultModules = [
+    {
+      imports = [
+        ./base-config.nix
+        sops-nix.nixosModules.sops
+      ];
+      _module.args.inputs = self.inputs;
+    }
+    ../profiles
+  ];
 in
 {
  perSystem =
@ -14,16 +20,14 @@ in
        install-iso = nixos-generators.nixosGenerate {
          system = "x86_64-linux";
          inherit pkgs;
-          modules = [ defaultModule ];
+          modules = defaultModules;
          format = "install-iso";
        };

        # install-sd-aarch64 = nixos-generators.nixosGenerate {
        #   system = "aarch64-linux";
        #   inherit pkgs;
-        #   modules = [
-        #     defaultModule
-        #   ];
+        #   modules = defaultModules;
        #   format = "sd-aarch64-installer";
        # };
      };
@ -35,8 +39,7 @@ in
  #      {
  #        nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  #      }
-  #      defaultModule
-  #    ];
+  #    ] ++ defaultModules;
  #  };
  #};
 }
--- a/profiles/core/core.nix
+++ b/profiles/core/core.nix
@ -1,46 +0,0 @@
-{ pkgs, ... }:
-{
-  # Packages
-  environment.systemPackages = with pkgs; [
-    bandwhich # bandwidth monitor
-    bind # dns tools (dig, etc)
-    borgbackup # backup tool
-    cryptsetup # luks volume management
-    delta # git diff viewer
-    fd # find replacement in rust
-    file # show file type
-    fzf # fuzzy finder
-    gettext # localization tools
-    git # version control
-    gptfdisk # disk partitioning tools
-    htop # process monitor
-    jq # json processor
-    killall # kill processes by name
-    lsof # list open files
-    mosh # mobile shell
-    mtr # network diagnostic tool
-    multipath-tools # disk multipathing tools (kpartx)
-    neovim # text editor
-    nmap # network scanner
-    nmon # performance monitor
-    ouch # de-/compression tool
-    pciutils # lspci
-    progress # show progress of coreutils commands
-    pv # pipe viewer
-    reptyr # reparent process to new terminal
-    rsync # remote file sync
-    screen # terminal multiplexer
-    sd # sed replacement
-    stress-ng # stress testing
-    tmux # terminal multiplexer
-    unzip # unzip tools
-    usbutils # lsusb
-    vim # text editor
-    wget # file downloader
-    whois # domain lookup
-    xcp # rust cp replacement
-    zip # zip tools
-  ];
-
-  time.timeZone = "Europe/Berlin";
-}
--- a/profiles/core/default.nix
+++ b/profiles/core/default.nix
@ -1,23 +1,30 @@
 {
  config,
  lib,
-  pkgs,
-  inputs,
-  ...
-}@args:
+}:
 let
  cfg = config.my.profiles.core;
 in
 {
+  imports = [
+    ./kernel-modules.nix
+    ./network.nix
+    ./nix.nix
+    ./packages.nix
+    ./users.nix
+  ];
+
  options.my.profiles.core.enable = lib.mkEnableOption "core profile";

-  config = lib.mkIf cfg.enable (
-    lib.mkMerge [
-      (import ./core.nix args)
-      (import ./modules.nix args)
-      (import ./network.nix args)
-      (import ./nix.nix args)
-      (import ./users.nix args)
-    ]
-  );
+  config = lib.mkIf cfg.enable {
+    my.profiles.core = {
+      packages.enable = lib.mkDefault true;
+      kernel-modules.enable = lib.mkDefault true;
+      network.enable = lib.mkDefault true;
+      nix.enable = lib.mkDefault true;
+      users.enable = lib.mkDefault true;
+    };
+
+    time.timeZone = "Europe/Berlin";
+  };
 }
--- a/profiles/core/kernel-modules.nix
+++ b/profiles/core/kernel-modules.nix
@ -0,0 +1,21 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.profiles.core.kernel-modules;
+in
+{
+  options.my.profiles.core.kernel-modules.enable = lib.mkEnableOption "kernel module profile";
+
+  config = lib.mkIf cfg.enable {
+    boot.initrd.availableKernelModules = [
+      "ahci"
+      "e1000e"
+      "ehci_pci"
+      "nvme"
+      "sd_mod"
+      "uas"
+      "usbhid"
+      "usb_storage"
+      "xhci_pci"
+    ];
+  };
+}
--- a/profiles/core/modules.nix
+++ b/profiles/core/modules.nix
@ -1,15 +0,0 @@
-_: {
-  boot.initrd = {
-    availableKernelModules = [
-      "ahci"
-      "e1000e"
-      "ehci_pci"
-      "nvme"
-      "sd_mod"
-      "uas"
-      "usbhid"
-      "usb_storage"
-      "xhci_pci"
-    ];
-  };
-}
--- a/profiles/core/network.nix
+++ b/profiles/core/network.nix
@ -1,12 +1,20 @@
-_: {
-  networking.networkmanager = {
-    enable = true;
+{ config, lib, ... }:
+let
+  cfg = config.my.profiles.core.network;
+in
+{
+  options.my.profiles.core.network.enable = lib.mkEnableOption "core network profile";

-    unmanaged = [
-      "interface-name:br-*" # docker compose bridges
-      "interface-name:docker?" # docker default bridge
-      "interface-name:veth*" # docker veth devices
-      "interface-name:virbr?" # libvirt default bridge
-    ];
+  config = lib.mkIf cfg.enable {
+    networking.networkmanager = {
+      enable = true;
+
+      unmanaged = [
+        "interface-name:br-*" # docker compose bridges
+        "interface-name:docker?" # docker default bridge
+        "interface-name:veth*" # docker veth devices
+        "interface-name:virbr?" # libvirt default bridge
+      ];
+    };
  };
 }
--- a/profiles/core/nix.nix
+++ b/profiles/core/nix.nix
@ -1,36 +1,49 @@
-{ inputs, ... }:
 {
-  nix = {
-    daemonCPUSchedPolicy = "idle";
-    daemonIOSchedClass = "idle";
+  config,
+  lib,
+  inputs,
+  ...
+}:
+let
+  cfg = config.my.profiles.core.nix;
+in
+{
+  options.my.profiles.core.nix.enable = lib.mkEnableOption "core nix profile";

-    settings = {
-      trusted-users = [
-        "root"
-        "@wheel"
-      ];
-      auto-optimise-store = true;
-      builders-use-substitutes = true;
+  config = lib.mkIf cfg.enable {
+
+    nix = {
+      daemonCPUSchedPolicy = "idle";
+      daemonIOSchedClass = "idle";
+
+      settings = {
+        trusted-users = [
+          "root"
+          "@wheel"
+        ];
+        auto-optimise-store = true;
+        builders-use-substitutes = true;
+      };
+
+      gc = {
+        automatic = true;
+        options = "--delete-older-than 30d";
+      };
+
+      extraOptions = ''
+        experimental-features = nix-command flakes
+      '';
+
+      registry = {
+        nixpkgs.flake = inputs.nixpkgs;
+        unstable.flake = inputs.nixpkgs-unstable;
+      };
    };

-    gc = {
-      automatic = true;
-      options = "--delete-older-than 30d";
+    # auto upgrade with own flakes
+    system.autoUpgrade = {
+      enable = true;
+      flake = "github:Stunkymonkey/nixos";
    };
-
-    extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-
-    registry = {
-      nixpkgs.flake = inputs.nixpkgs;
-      unstable.flake = inputs.nixpkgs-unstable;
-    };
-  };
-
-  # auto upgrade with own flakes
-  system.autoUpgrade = {
-    enable = true;
-    flake = "github:Stunkymonkey/nixos";
  };
 }
--- a/profiles/core/packages.nix
+++ b/profiles/core/packages.nix
@ -0,0 +1,55 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.my.profiles.core.packages;
+in
+{
+  options.my.profiles.core.packages.enable = lib.mkEnableOption "core packages profile";
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      bandwhich # bandwidth monitor
+      bind # dns tools (dig, etc)
+      borgbackup # backup tool
+      cryptsetup # luks volume management
+      delta # git diff viewer
+      fd # find replacement in rust
+      file # show file type
+      fzf # fuzzy finder
+      gettext # localization tools
+      git # version control
+      gptfdisk # disk partitioning tools
+      htop # process monitor
+      jq # json processor
+      killall # kill processes by name
+      lsof # list open files
+      mosh # mobile shell
+      mtr # network diagnostic tool
+      multipath-tools # disk multipathing tools (kpartx)
+      neovim # text editor
+      nmap # network scanner
+      nmon # performance monitor
+      ouch # de-/compression tool
+      pciutils # lspci
+      progress # show progress of coreutils commands
+      pv # pipe viewer
+      reptyr # reparent process to new terminal
+      rsync # remote file sync
+      screen # terminal multiplexer
+      sd # sed replacement
+      stress-ng # stress testing
+      tmux # terminal multiplexer
+      unzip # unzip tools
+      usbutils # lsusb
+      vim # text editor
+      wget # file downloader
+      whois # domain lookup
+      xcp # rust cp replacement
+      zip # zip tools
+    ];
+  };
+}
--- a/profiles/core/users.nix
+++ b/profiles/core/users.nix
@ -1,35 +1,42 @@
-{ config, ... }:
+{ config, lib, ... }:
+let
+  cfg = config.my.profiles.core.users;
+in
 {
-  sops.secrets."users/felix/password".neededForUsers = true;
-  sops.secrets."users/felix/password" = { };
+  options.my.profiles.core.users.enable = lib.mkEnableOption "core users profile";

-  users.users.felix = {
-    isNormalUser = true;
-    home = "/home/felix";
-    group = "felix";
-    extraGroups = [
-      "adbusers" # adb control
-      "audio" # sound control
-      "cdrom" # emulate cds
-      "dialout" # serial-console
-      "docker" # usage of `docker` socket
-      "input" # mouse control
-      "libvirtd" # kvm control
-      "networkmanager" # wireless configuration
-      "podman" # usage of `podman` socket
-      "seat" # access to input devices
-      "video" # screen control
-      "wheel" # `sudo` for the user.
-    ];
-    hashedPasswordFile = config.sops.secrets."users/felix/password".path;
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@workman"
-      "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHhjrfqyOS+M9ATSTVr9JXPERBXOow/ZmkWICjbtbEgXAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0x ssh:felix-personal-1"
-      "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMHExVOrEevQ+bwrrW3cXCO7Y/SyA+7wG+b6ZvAWY4MJAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0y ssh:felix-personal-2"
-    ];
-  };
+  config = lib.mkIf cfg.enable {
+    sops.secrets."users/felix/password".neededForUsers = true;
+    sops.secrets."users/felix/password" = { };

-  users.groups.felix = {
-    gid = 1000;
+    users.users.felix = {
+      isNormalUser = true;
+      home = "/home/felix";
+      group = "felix";
+      extraGroups = [
+        "adbusers" # adb control
+        "audio" # sound control
+        "cdrom" # emulate cds
+        "dialout" # serial-console
+        "docker" # usage of `docker` socket
+        "input" # mouse control
+        "libvirtd" # kvm control
+        "networkmanager" # wireless configuration
+        "podman" # usage of `podman` socket
+        "seat" # access to input devices
+        "video" # screen control
+        "wheel" # `sudo` for the user.
+      ];
+      hashedPasswordFile = config.sops.secrets."users/felix/password".path;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@workman"
+        "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHhjrfqyOS+M9ATSTVr9JXPERBXOow/ZmkWICjbtbEgXAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0x ssh:felix-personal-1"
+        "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMHExVOrEevQ+bwrrW3cXCO7Y/SyA+7wG+b6ZvAWY4MJAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0y ssh:felix-personal-2"
+      ];
+    };
+
+    users.groups.felix = {
+      gid = 1000;
+    };
  };
 }