service/remote-build: fix shell

flake: enable nixf-diagnose
treewide: fix nixf-diagnose
2026-03-13 03:24:05 +01:00 · 2026-01-24 23:22:57 +01:00 · 2026-01-24 23:22:57 +01:00 · 2026-01-24 23:22:57 +01:00 · 2026-01-24 23:22:57 +01:00 · 2026-01-23 23:39:25 +01:00
14 changed files with 228 additions and 175 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766150702,
-        "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
+        "lastModified": 1768923567,
+        "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
+        "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28",
        "type": "github"
      },
      "original": {
@ -114,11 +114,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767281941,
-        "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=",
+        "lastModified": 1769069492,
+        "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
+        "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
        "type": "github"
      },
      "original": {
@ -222,11 +222,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1768584846,
-        "narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=",
+        "lastModified": 1769086393,
+        "narHash": "sha256-3ymIZ8s3+hu7sDl/Y48o6bwMxorfKrmn97KuWiw1vjY=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "cce68f4a54fa4e3d633358364477f5cc1d782440",
+        "rev": "9f7ba891ea5fc3ededd7804f1a23fafadbcb26ca",
        "type": "github"
      },
      "original": {
@ -237,11 +237,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1768323494,
-        "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",
+        "lastModified": 1769089682,
+        "narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a",
+        "rev": "078d69f03934859a181e81ba987c2bb033eebfc5",
        "type": "github"
      },
      "original": {
@ -297,11 +297,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1768564909,
-        "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
+        "lastModified": 1769018530,
+        "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
+        "rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
        "type": "github"
      },
      "original": {
@ -354,11 +354,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768481291,
-        "narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=",
+        "lastModified": 1768863606,
+        "narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "e085e303dfcce21adcb5fec535d65aacb066f101",
+        "rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -97,6 +97,7 @@
              keep-sorted.enable = true;
              markdownlint.enable = true;
              nil.enable = true;
+              nixf-diagnose.enable = true;
              nixfmt-rfc-style.enable = true;
              shellcheck.enable = true;
              statix.enable = true;
--- a/images/base-config.nix
+++ b/images/base-config.nix
@ -50,10 +50,8 @@
        };
  };

-  imports = [
-    ../profiles/core/core.nix
-    ../profiles/core/nix.nix
-  ];
+  my.profiles.core.nix.enable = true;
+  my.profiles.core.packages.enable = true;

  documentation = {
    enable = lib.mkDefault false;
--- a/images/flake-module.nix
+++ b/images/flake-module.nix
@ -1,10 +1,16 @@
 { self, ... }:
 let
-  inherit (self.inputs) nixos-generators;
-  defaultModule = {
-    imports = [ ./base-config.nix ];
-    _module.args.inputs = self.inputs;
-  };
+  inherit (self.inputs) nixos-generators sops-nix;
+  defaultModules = [
+    {
+      imports = [
+        ./base-config.nix
+        sops-nix.nixosModules.sops
+      ];
+      _module.args.inputs = self.inputs;
+    }
+    ../profiles
+  ];
 in
 {
  perSystem =
@ -14,16 +20,14 @@ in
        install-iso = nixos-generators.nixosGenerate {
          system = "x86_64-linux";
          inherit pkgs;
-          modules = [ defaultModule ];
+          modules = defaultModules;
          format = "install-iso";
        };

        # install-sd-aarch64 = nixos-generators.nixosGenerate {
        #   system = "aarch64-linux";
        #   inherit pkgs;
-        #   modules = [
-        #     defaultModule
-        #   ];
+        #   modules = defaultModules;
        #   format = "sd-aarch64-installer";
        # };
      };
@ -35,8 +39,7 @@ in
  #      {
  #        nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  #      }
-  #      defaultModule
-  #    ];
+  #    ] ++ defaultModules;
  #  };
  #};
 }
--- a/modules/hardware/yubikey/default.nix
+++ b/modules/hardware/yubikey/default.nix
@ -1,7 +1,6 @@
 {
  config,
  lib,
-  pkgs,
  ...
 }:
 let
--- a/modules/services/remote-build/default.nix
+++ b/modules/services/remote-build/default.nix
@ -19,6 +19,7 @@ in
    users.users.nixremote = {
      isSystemUser = true;
      group = "nixremote";
+      shell = pkgs.zsh;
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYSzDdxqaNHmaaLqEvOK/vB65zvqoCebI3Nxzgg5smq root@workman"
      ];
--- a/profiles/core/core.nix
+++ b/profiles/core/core.nix
@ -1,46 +0,0 @@
-{ pkgs, ... }:
-{
-  # Packages
-  environment.systemPackages = with pkgs; [
-    bandwhich # bandwidth monitor
-    bind # dns tools (dig, etc)
-    borgbackup # backup tool
-    cryptsetup # luks volume management
-    delta # git diff viewer
-    fd # find replacement in rust
-    file # show file type
-    fzf # fuzzy finder
-    gettext # localization tools
-    git # version control
-    gptfdisk # disk partitioning tools
-    htop # process monitor
-    jq # json processor
-    killall # kill processes by name
-    lsof # list open files
-    mosh # mobile shell
-    mtr # network diagnostic tool
-    multipath-tools # disk multipathing tools (kpartx)
-    neovim # text editor
-    nmap # network scanner
-    nmon # performance monitor
-    ouch # de-/compression tool
-    pciutils # lspci
-    progress # show progress of coreutils commands
-    pv # pipe viewer
-    reptyr # reparent process to new terminal
-    rsync # remote file sync
-    screen # terminal multiplexer
-    sd # sed replacement
-    stress-ng # stress testing
-    tmux # terminal multiplexer
-    unzip # unzip tools
-    usbutils # lsusb
-    vim # text editor
-    wget # file downloader
-    whois # domain lookup
-    xcp # rust cp replacement
-    zip # zip tools
-  ];
-
-  time.timeZone = "Europe/Berlin";
-}
--- a/profiles/core/default.nix
+++ b/profiles/core/default.nix
@ -1,23 +1,31 @@
 {
  config,
  lib,
-  pkgs,
-  inputs,
  ...
-}@args:
+}:
 let
  cfg = config.my.profiles.core;
 in
 {
+  imports = [
+    ./kernel-modules.nix
+    ./network.nix
+    ./nix.nix
+    ./packages.nix
+    ./users.nix
+  ];
+
  options.my.profiles.core.enable = lib.mkEnableOption "core profile";

-  config = lib.mkIf cfg.enable (
-    lib.mkMerge [
-      (import ./core.nix args)
-      (import ./modules.nix args)
-      (import ./network.nix args)
-      (import ./nix.nix args)
-      (import ./users.nix args)
-    ]
-  );
+  config = lib.mkIf cfg.enable {
+    my.profiles.core = {
+      packages.enable = lib.mkDefault true;
+      kernel-modules.enable = lib.mkDefault true;
+      network.enable = lib.mkDefault true;
+      nix.enable = lib.mkDefault true;
+      users.enable = lib.mkDefault true;
+    };
+
+    time.timeZone = "Europe/Berlin";
+  };
 }
--- a/profiles/core/kernel-modules.nix
+++ b/profiles/core/kernel-modules.nix
@ -0,0 +1,21 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.profiles.core.kernel-modules;
+in
+{
+  options.my.profiles.core.kernel-modules.enable = lib.mkEnableOption "kernel module profile";
+
+  config = lib.mkIf cfg.enable {
+    boot.initrd.availableKernelModules = [
+      "ahci"
+      "e1000e"
+      "ehci_pci"
+      "nvme"
+      "sd_mod"
+      "uas"
+      "usbhid"
+      "usb_storage"
+      "xhci_pci"
+    ];
+  };
+}
--- a/profiles/core/modules.nix
+++ b/profiles/core/modules.nix
@ -1,15 +0,0 @@
-_: {
-  boot.initrd = {
-    availableKernelModules = [
-      "ahci"
-      "e1000e"
-      "ehci_pci"
-      "nvme"
-      "sd_mod"
-      "uas"
-      "usbhid"
-      "usb_storage"
-      "xhci_pci"
-    ];
-  };
-}
--- a/profiles/core/network.nix
+++ b/profiles/core/network.nix
@ -1,12 +1,20 @@
-_: {
-  networking.networkmanager = {
-    enable = true;
+{ config, lib, ... }:
+let
+  cfg = config.my.profiles.core.network;
+in
+{
+  options.my.profiles.core.network.enable = lib.mkEnableOption "core network profile";

-    unmanaged = [
-      "interface-name:br-*" # docker compose bridges
-      "interface-name:docker?" # docker default bridge
-      "interface-name:veth*" # docker veth devices
-      "interface-name:virbr?" # libvirt default bridge
-    ];
+  config = lib.mkIf cfg.enable {
+    networking.networkmanager = {
+      enable = true;
+
+      unmanaged = [
+        "interface-name:br-*" # docker compose bridges
+        "interface-name:docker?" # docker default bridge
+        "interface-name:veth*" # docker veth devices
+        "interface-name:virbr?" # libvirt default bridge
+      ];
+    };
  };
 }
--- a/profiles/core/nix.nix
+++ b/profiles/core/nix.nix
@ -1,36 +1,49 @@
-{ inputs, ... }:
 {
-  nix = {
-    daemonCPUSchedPolicy = "idle";
-    daemonIOSchedClass = "idle";
+  config,
+  lib,
+  inputs,
+  ...
+}:
+let
+  cfg = config.my.profiles.core.nix;
+in
+{
+  options.my.profiles.core.nix.enable = lib.mkEnableOption "core nix profile";

-    settings = {
-      trusted-users = [
-        "root"
-        "@wheel"
-      ];
-      auto-optimise-store = true;
-      builders-use-substitutes = true;
+  config = lib.mkIf cfg.enable {
+
+    nix = {
+      daemonCPUSchedPolicy = "idle";
+      daemonIOSchedClass = "idle";
+
+      settings = {
+        trusted-users = [
+          "root"
+          "@wheel"
+        ];
+        auto-optimise-store = true;
+        builders-use-substitutes = true;
+      };
+
+      gc = {
+        automatic = true;
+        options = "--delete-older-than 30d";
+      };
+
+      extraOptions = ''
+        experimental-features = nix-command flakes
+      '';
+
+      registry = {
+        nixpkgs.flake = inputs.nixpkgs;
+        unstable.flake = inputs.nixpkgs-unstable;
+      };
    };

-    gc = {
-      automatic = true;
-      options = "--delete-older-than 30d";
+    # auto upgrade with own flakes
+    system.autoUpgrade = {
+      enable = true;
+      flake = "github:Stunkymonkey/nixos";
    };
-
-    extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-
-    registry = {
-      nixpkgs.flake = inputs.nixpkgs;
-      unstable.flake = inputs.nixpkgs-unstable;
-    };
-  };
-
-  # auto upgrade with own flakes
-  system.autoUpgrade = {
-    enable = true;
-    flake = "github:Stunkymonkey/nixos";
  };
 }
--- a/profiles/core/packages.nix
+++ b/profiles/core/packages.nix
@ -0,0 +1,55 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.my.profiles.core.packages;
+in
+{
+  options.my.profiles.core.packages.enable = lib.mkEnableOption "core packages profile";
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      bandwhich # bandwidth monitor
+      bind # dns tools (dig, etc)
+      borgbackup # backup tool
+      cryptsetup # luks volume management
+      delta # git diff viewer
+      fd # find replacement in rust
+      file # show file type
+      fzf # fuzzy finder
+      gettext # localization tools
+      git # version control
+      gptfdisk # disk partitioning tools
+      htop # process monitor
+      jq # json processor
+      killall # kill processes by name
+      lsof # list open files
+      mosh # mobile shell
+      mtr # network diagnostic tool
+      multipath-tools # disk multipathing tools (kpartx)
+      neovim # text editor
+      nmap # network scanner
+      nmon # performance monitor
+      ouch # de-/compression tool
+      pciutils # lspci
+      progress # show progress of coreutils commands
+      pv # pipe viewer
+      reptyr # reparent process to new terminal
+      rsync # remote file sync
+      screen # terminal multiplexer
+      sd # sed replacement
+      stress-ng # stress testing
+      tmux # terminal multiplexer
+      unzip # unzip tools
+      usbutils # lsusb
+      vim # text editor
+      wget # file downloader
+      whois # domain lookup
+      xcp # rust cp replacement
+      zip # zip tools
+    ];
+  };
+}
--- a/profiles/core/users.nix
+++ b/profiles/core/users.nix
@ -1,35 +1,42 @@
-{ config, ... }:
+{ config, lib, ... }:
+let
+  cfg = config.my.profiles.core.users;
+in
 {
-  sops.secrets."users/felix/password".neededForUsers = true;
-  sops.secrets."users/felix/password" = { };
+  options.my.profiles.core.users.enable = lib.mkEnableOption "core users profile";

-  users.users.felix = {
-    isNormalUser = true;
-    home = "/home/felix";
-    group = "felix";
-    extraGroups = [
-      "adbusers" # adb control
-      "audio" # sound control
-      "cdrom" # emulate cds
-      "dialout" # serial-console
-      "docker" # usage of `docker` socket
-      "input" # mouse control
-      "libvirtd" # kvm control
-      "networkmanager" # wireless configuration
-      "podman" # usage of `podman` socket
-      "seat" # access to input devices
-      "video" # screen control
-      "wheel" # `sudo` for the user.
-    ];
-    hashedPasswordFile = config.sops.secrets."users/felix/password".path;
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@workman"
-      "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHhjrfqyOS+M9ATSTVr9JXPERBXOow/ZmkWICjbtbEgXAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0x ssh:felix-personal-1"
-      "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMHExVOrEevQ+bwrrW3cXCO7Y/SyA+7wG+b6ZvAWY4MJAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0y ssh:felix-personal-2"
-    ];
-  };
+  config = lib.mkIf cfg.enable {
+    sops.secrets."users/felix/password".neededForUsers = true;
+    sops.secrets."users/felix/password" = { };

-  users.groups.felix = {
-    gid = 1000;
+    users.users.felix = {
+      isNormalUser = true;
+      home = "/home/felix";
+      group = "felix";
+      extraGroups = [
+        "adbusers" # adb control
+        "audio" # sound control
+        "cdrom" # emulate cds
+        "dialout" # serial-console
+        "docker" # usage of `docker` socket
+        "input" # mouse control
+        "libvirtd" # kvm control
+        "networkmanager" # wireless configuration
+        "podman" # usage of `podman` socket
+        "seat" # access to input devices
+        "video" # screen control
+        "wheel" # `sudo` for the user.
+      ];
+      hashedPasswordFile = config.sops.secrets."users/felix/password".path;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@workman"
+        "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHhjrfqyOS+M9ATSTVr9JXPERBXOow/ZmkWICjbtbEgXAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0x ssh:felix-personal-1"
+        "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMHExVOrEevQ+bwrrW3cXCO7Y/SyA+7wG+b6ZvAWY4MJAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0y ssh:felix-personal-2"
+      ];
+    };
+
+    users.groups.felix = {
+      gid = 1000;
+    };
  };
 }
Author	SHA1	Message	Date
Felix Buehler	943e4c84d9	service/remote-build: fix shell Some checks failed / Build Nix targets (push) Has been cancelled Details	2026-01-24 23:22:57 +01:00
Felix Buehler	79f8a1589f	flake: enable nixf-diagnose	2026-01-24 23:22:57 +01:00
Felix Buehler	8556ec442f	treewide: fix nixf-diagnose	2026-01-24 23:22:57 +01:00
Felix Buehler	a16d497ebb	profile/core: migrate to nixosModule	2026-01-24 23:22:57 +01:00
Felix Buehler	a4d422e059	flake: update	2026-01-23 23:39:25 +01:00