refactor(nixos): move system config options to main nixos module

2025-06-16 19:17:47 +08:00 · 2025-06-16 19:17:47 +08:00 · 91c2790b62
commit 91c2790b62
parent bf63f44875
20 changed files with 124 additions and 149 deletions
--- a/modules/nixos/system/default.nix
+++ b/modules/nixos/system/default.nix
@ -7,25 +7,9 @@
 {
  imports = [
    ./boot.nix
-    ./users.nix
-    ./localisation.nix
-    ./nix-config.nix
-    ./secrets.nix
  ];

  options.system = {
-    hostname = lib.pantheon.mkStrOption;
-    mainUser.name = lib.pantheon.mkStrOption;
-    mainUser.publicKey = lib.pantheon.mkStrOption;
-    mainUser.email = lib.pantheon.mkStrOption;
    bootloader = lib.pantheon.mkStrOption;
  };
-
-  config = {
-    stylix = {
-      enable = true;
-      base16Scheme = "${pkgs.base16-schemes}/share/themes/atelier-cave.yaml";
-    };
-    system.stateVersion = "25.05"; # Did you read the comment?
-  };
 }
--- a/modules/nixos/system/localisation.nix
+++ b/modules/nixos/system/localisation.nix
@ -1,9 +0,0 @@
-{ config, lib, ... }:
-{
-  config = lib.mkMerge [
-    {
-      time.timeZone = "Asia/Singapore";
-      i18n.defaultLocale = "en_US.UTF-8";
-    }
-  ];
-}
--- a/modules/nixos/system/nix-config.nix
+++ b/modules/nixos/system/nix-config.nix
@ -1,17 +0,0 @@
-{ config, inputs, ... }:
-{
-  config = {
-    nixpkgs.config.allowUnfree = true;
-      nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
-
-    nix.settings = {
-      experimental-features = [
-        "nix-command"
-        "flakes"
-        "pipe-operators"
-      ];
-
-      trusted-users = [ "@wheel" ];
-    };
-  };
-}
--- a/modules/nixos/system/secrets.nix
+++ b/modules/nixos/system/secrets.nix
@ -1,37 +0,0 @@
-{ lib, config, ... }:
-{
-  sops = {
-    defaultSopsFile = lib.snowfall.fs.get-file "secrets/secrets.yaml";
-    age.sshKeyPaths = [ "/persist/home/rafiq/.ssh/id_ed25519" ];
-    secrets = {
-      "keys/openrouter" = { };
-      "keys/tailscale" = { };
-      "keys/gemini" = { };
-      "keys/cvt-jira" = { };
-      "keys/cloudflare" = { };
-      "keys/telegram_bot" = { };
-      "misc/cvt-jira-link" = { };
-      "rafiq/hashedPassword".neededForUsers = true;
-      "rafiq/personalEmailPassword" = { };
-      "rafiq/workEmailPassword" = { };
-      "rafiq/oldSMBCredentials" = { };
-      "librechat/creds_key" = { };
-      "librechat/creds_iv" = { };
-      "librechat/jwt_secret" = { };
-      "librechat/jwt_refresh_secret" = { };
-      "librechat/meili_master_key" = { };
-    };
-    templates = {
-      "smb-credentials".content = ''
-        username=rafiq
-        password=${config.sops.placeholder."rafiq/oldSMBCredentials"}
-      '';
-    };
-  };
-  environment.shellInit = # sh
-    ''
-      export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path})
-      export CVT_JIRA_KEY=$(sudo cat ${config.sops.secrets."keys/cvt-jira".path})
-      export CVT_JIRA_LINK=$(sudo cat ${config.sops.secrets."misc/cvt-jira-link".path})
-    '';
-}
--- a/modules/nixos/system/users.nix
+++ b/modules/nixos/system/users.nix
@ -1,27 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-{
-  config = lib.mkMerge [
-    {
-      users.mutableUsers = false;
-      users.groups.users = {
-        gid = 100;
-        members = [ "${config.system.mainUser.name}" ];
-      };
-      users.users."${config.system.mainUser.name}" = {
-        linger = true;
-        uid = 1000;
-        isNormalUser = true;
-        hashedPasswordFile = config.sops.secrets."${config.system.mainUser.name}/hashedPassword".path;
-        extraGroups = [ "wheel" ];
-        openssh.authorizedKeys.keys = [ config.system.mainUser.publicKey ];
-      };
-      users.users.root.openssh.authorizedKeys.keys = lib.singleton config.system.mainUser.publicKey;
-      services.getty.autologinUser = config.system.mainUser.name;
-      security.sudo.wheelNeedsPassword = false;
-    }
-  ];
-}