2026-03-13 03:24:05 +01:00
14 changed files with 175 additions and 228 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768923567,
-        "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=",
+        "lastModified": 1766150702,
+        "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28",
+        "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
        "type": "github"
      },
      "original": {
@ -114,11 +114,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1769069492,
-        "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=",
+        "lastModified": 1767281941,
+        "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
+        "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
        "type": "github"
      },
      "original": {
@ -222,11 +222,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1769086393,
-        "narHash": "sha256-3ymIZ8s3+hu7sDl/Y48o6bwMxorfKrmn97KuWiw1vjY=",
+        "lastModified": 1768584846,
+        "narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "9f7ba891ea5fc3ededd7804f1a23fafadbcb26ca",
+        "rev": "cce68f4a54fa4e3d633358364477f5cc1d782440",
        "type": "github"
      },
      "original": {
@ -237,11 +237,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1769089682,
-        "narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=",
+        "lastModified": 1768323494,
+        "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "078d69f03934859a181e81ba987c2bb033eebfc5",
+        "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a",
        "type": "github"
      },
      "original": {
@ -297,11 +297,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1769018530,
-        "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
+        "lastModified": 1768564909,
+        "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
+        "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
        "type": "github"
      },
      "original": {
@ -354,11 +354,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768863606,
-        "narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=",
+        "lastModified": 1768481291,
+        "narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2",
+        "rev": "e085e303dfcce21adcb5fec535d65aacb066f101",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -97,7 +97,6 @@
              keep-sorted.enable = true;
              markdownlint.enable = true;
              nil.enable = true;
-              nixf-diagnose.enable = true;
              nixfmt-rfc-style.enable = true;
              shellcheck.enable = true;
              statix.enable = true;
--- a/images/base-config.nix
+++ b/images/base-config.nix
@ -50,8 +50,10 @@
        };
  };

-  my.profiles.core.nix.enable = true;
-  my.profiles.core.packages.enable = true;
+  imports = [
+    ../profiles/core/core.nix
+    ../profiles/core/nix.nix
+  ];

  documentation = {
    enable = lib.mkDefault false;
--- a/images/flake-module.nix
+++ b/images/flake-module.nix
@ -1,16 +1,10 @@
 { self, ... }:
 let
-  inherit (self.inputs) nixos-generators sops-nix;
-  defaultModules = [
-    {
-      imports = [
-        ./base-config.nix
-        sops-nix.nixosModules.sops
-      ];
+  inherit (self.inputs) nixos-generators;
+  defaultModule = {
+    imports = [ ./base-config.nix ];
    _module.args.inputs = self.inputs;
-    }
-    ../profiles
-  ];
+  };
 in
 {
  perSystem =
@ -20,14 +14,16 @@ in
        install-iso = nixos-generators.nixosGenerate {
          system = "x86_64-linux";
          inherit pkgs;
-          modules = defaultModules;
+          modules = [ defaultModule ];
          format = "install-iso";
        };

        # install-sd-aarch64 = nixos-generators.nixosGenerate {
        #   system = "aarch64-linux";
        #   inherit pkgs;
-        #   modules = defaultModules;
+        #   modules = [
+        #     defaultModule
+        #   ];
        #   format = "sd-aarch64-installer";
        # };
      };
@ -39,7 +35,8 @@ in
  #      {
  #        nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  #      }
-  #    ] ++ defaultModules;
+  #      defaultModule
+  #    ];
  #  };
  #};
 }
--- a/modules/hardware/yubikey/default.nix
+++ b/modules/hardware/yubikey/default.nix
@ -1,6 +1,7 @@
 {
  config,
  lib,
+  pkgs,
  ...
 }:
 let
--- a/modules/services/remote-build/default.nix
+++ b/modules/services/remote-build/default.nix
@ -19,7 +19,6 @@ in
    users.users.nixremote = {
      isSystemUser = true;
      group = "nixremote";
-      shell = pkgs.zsh;
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYSzDdxqaNHmaaLqEvOK/vB65zvqoCebI3Nxzgg5smq root@workman"
      ];
--- a/profiles/core/core.nix
+++ b/profiles/core/core.nix
@ -0,0 +1,46 @@
+{ pkgs, ... }:
+{
+  # Packages
+  environment.systemPackages = with pkgs; [
+    bandwhich # bandwidth monitor
+    bind # dns tools (dig, etc)
+    borgbackup # backup tool
+    cryptsetup # luks volume management
+    delta # git diff viewer
+    fd # find replacement in rust
+    file # show file type
+    fzf # fuzzy finder
+    gettext # localization tools
+    git # version control
+    gptfdisk # disk partitioning tools
+    htop # process monitor
+    jq # json processor
+    killall # kill processes by name
+    lsof # list open files
+    mosh # mobile shell
+    mtr # network diagnostic tool
+    multipath-tools # disk multipathing tools (kpartx)
+    neovim # text editor
+    nmap # network scanner
+    nmon # performance monitor
+    ouch # de-/compression tool
+    pciutils # lspci
+    progress # show progress of coreutils commands
+    pv # pipe viewer
+    reptyr # reparent process to new terminal
+    rsync # remote file sync
+    screen # terminal multiplexer
+    sd # sed replacement
+    stress-ng # stress testing
+    tmux # terminal multiplexer
+    unzip # unzip tools
+    usbutils # lsusb
+    vim # text editor
+    wget # file downloader
+    whois # domain lookup
+    xcp # rust cp replacement
+    zip # zip tools
+  ];
+
+  time.timeZone = "Europe/Berlin";
+}
--- a/profiles/core/default.nix
+++ b/profiles/core/default.nix
@ -1,31 +1,23 @@
 {
  config,
  lib,
+  pkgs,
+  inputs,
  ...
-}:
+}@args:
 let
  cfg = config.my.profiles.core;
 in
 {
-  imports = [
-    ./kernel-modules.nix
-    ./network.nix
-    ./nix.nix
-    ./packages.nix
-    ./users.nix
-  ];
-
  options.my.profiles.core.enable = lib.mkEnableOption "core profile";

-  config = lib.mkIf cfg.enable {
-    my.profiles.core = {
-      packages.enable = lib.mkDefault true;
-      kernel-modules.enable = lib.mkDefault true;
-      network.enable = lib.mkDefault true;
-      nix.enable = lib.mkDefault true;
-      users.enable = lib.mkDefault true;
-    };
-
-    time.timeZone = "Europe/Berlin";
-  };
+  config = lib.mkIf cfg.enable (
+    lib.mkMerge [
+      (import ./core.nix args)
+      (import ./modules.nix args)
+      (import ./network.nix args)
+      (import ./nix.nix args)
+      (import ./users.nix args)
+    ]
+  );
 }
--- a/profiles/core/kernel-modules.nix
+++ b/profiles/core/kernel-modules.nix
@ -1,21 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.profiles.core.kernel-modules;
-in
-{
-  options.my.profiles.core.kernel-modules.enable = lib.mkEnableOption "kernel module profile";
-
-  config = lib.mkIf cfg.enable {
-    boot.initrd.availableKernelModules = [
-      "ahci"
-      "e1000e"
-      "ehci_pci"
-      "nvme"
-      "sd_mod"
-      "uas"
-      "usbhid"
-      "usb_storage"
-      "xhci_pci"
-    ];
-  };
-}
--- a/profiles/core/modules.nix
+++ b/profiles/core/modules.nix
@ -0,0 +1,15 @@
+_: {
+  boot.initrd = {
+    availableKernelModules = [
+      "ahci"
+      "e1000e"
+      "ehci_pci"
+      "nvme"
+      "sd_mod"
+      "uas"
+      "usbhid"
+      "usb_storage"
+      "xhci_pci"
+    ];
+  };
+}
--- a/profiles/core/network.nix
+++ b/profiles/core/network.nix
@ -1,11 +1,4 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.profiles.core.network;
-in
-{
-  options.my.profiles.core.network.enable = lib.mkEnableOption "core network profile";
-
-  config = lib.mkIf cfg.enable {
+_: {
  networking.networkmanager = {
    enable = true;

@ -16,5 +9,4 @@ in
      "interface-name:virbr?" # libvirt default bridge
    ];
  };
-  };
 }
--- a/profiles/core/nix.nix
+++ b/profiles/core/nix.nix
@ -1,17 +1,5 @@
+{ inputs, ... }:
 {
-  config,
-  lib,
-  inputs,
-  ...
-}:
-let
-  cfg = config.my.profiles.core.nix;
-in
-{
-  options.my.profiles.core.nix.enable = lib.mkEnableOption "core nix profile";
-
-  config = lib.mkIf cfg.enable {
-
  nix = {
    daemonCPUSchedPolicy = "idle";
    daemonIOSchedClass = "idle";
@ -45,5 +33,4 @@ in
    enable = true;
    flake = "github:Stunkymonkey/nixos";
  };
-  };
 }
--- a/profiles/core/packages.nix
+++ b/profiles/core/packages.nix
@ -1,55 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-let
-  cfg = config.my.profiles.core.packages;
-in
-{
-  options.my.profiles.core.packages.enable = lib.mkEnableOption "core packages profile";
-
-  config = lib.mkIf cfg.enable {
-    environment.systemPackages = with pkgs; [
-      bandwhich # bandwidth monitor
-      bind # dns tools (dig, etc)
-      borgbackup # backup tool
-      cryptsetup # luks volume management
-      delta # git diff viewer
-      fd # find replacement in rust
-      file # show file type
-      fzf # fuzzy finder
-      gettext # localization tools
-      git # version control
-      gptfdisk # disk partitioning tools
-      htop # process monitor
-      jq # json processor
-      killall # kill processes by name
-      lsof # list open files
-      mosh # mobile shell
-      mtr # network diagnostic tool
-      multipath-tools # disk multipathing tools (kpartx)
-      neovim # text editor
-      nmap # network scanner
-      nmon # performance monitor
-      ouch # de-/compression tool
-      pciutils # lspci
-      progress # show progress of coreutils commands
-      pv # pipe viewer
-      reptyr # reparent process to new terminal
-      rsync # remote file sync
-      screen # terminal multiplexer
-      sd # sed replacement
-      stress-ng # stress testing
-      tmux # terminal multiplexer
-      unzip # unzip tools
-      usbutils # lsusb
-      vim # text editor
-      wget # file downloader
-      whois # domain lookup
-      xcp # rust cp replacement
-      zip # zip tools
-    ];
-  };
-}
--- a/profiles/core/users.nix
+++ b/profiles/core/users.nix
@ -1,11 +1,5 @@
-{ config, lib, ... }:
-let
-  cfg = config.my.profiles.core.users;
-in
+{ config, ... }:
 {
-  options.my.profiles.core.users.enable = lib.mkEnableOption "core users profile";
-
-  config = lib.mkIf cfg.enable {
  sops.secrets."users/felix/password".neededForUsers = true;
  sops.secrets."users/felix/password" = { };

@ -38,5 +32,4 @@ in
  users.groups.felix = {
    gid = 1000;
  };
-  };
 }