better machine conf, rework key/machines management

flake.nix

@@ -38,8 +38,8 @@
     stylix,
     ...
   }: let
-    laptop = import ./machines/laptop/machine.nix;
-    _173-249-5-230 = import ./machines/173-249-5-230/machine.nix;
+    machines = import ./machines.nix;
+    _173-249-5-230 = machines._173-249-5-230;
     configuration = machine: modules:
       nixpkgs.lib.nixosSystem {
         system = machine.system;
@@ -47,8 +47,7 @@
         modules =
           modules
           ++ [
-            machine.configuration
-            machine.hardware-configuration
+            ./machines/${machine.hostname}/configuration.nix
           ];
       };
     configurationWithHomeManager = machine: (configuration machine
@@ -67,7 +66,7 @@
             (name: value: value)
             (
               nixpkgs.legacyPackages.${machine.system}.lib.genAttrs
-              machine.usernames
+              machine.users
               (
                 name: {
                   imports = [
@@ -84,7 +83,9 @@
         noshell.nixosModules.default
       ]);
   in {
-    nixosConfigurations.${laptop.hostname} = configurationWithHomeManager laptop;
-    nixosConfigurations.${_173-249-5-230.hostname} = configurationWithHomeManager _173-249-5-230;
+    nixosConfigurations =
+      builtins.mapAttrs
+      (hostname: value: configurationWithHomeManager value)
+      machines;
   };
 }

machines.nix

@@ -0,0 +1,18 @@
+{
+  lenovo = {
+    hostname = "lenovo";
+    system = "x86_64-linux";
+    users = [
+      "andromeda"
+      "mtgmonkey"
+    ];
+  };
+  _173-249-5-230 = {
+    hostname = "_173-249-5-230";
+    system = "x86_64-linux";
+    users = [
+      "mtgmonkey"
+    ];
+    pub-keys.ssh = [];
+  };
+}

machines/173-249-5-230/hardware-configuration.nix

@@ -1,69 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "sdhci_pci"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
-
-  fileSystems."/" = {
-    #device = "none";
-    #fsType = "tmpfs";
-    #options = ["defaults" "size=60%" "mode=755"];
-    device = "/dev/disk/by-uuid/16c93673-4f0e-4010-a7f4-7ccffb20edb7";
-    fsType = "btrfs";
-    options = ["subvol=root"];
-  };
-
-  boot.initrd.postResumeCommands = lib.mkAfter ''
-    mkdir /btrfs_tmp
-    mount ${config.fileSystems."/".device} /btrfs_tmp
-    if [[ -e /btrfs_tmp/root ]]; then
-      mkdir -p /btrfs_tmp/old_roots
-      timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:$M:%S")
-      mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
-    fi
-
-    delete_subvolume_recursively() {
-      IFS=$'\n'
-      for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
-        delete_subvolume_recursively "/btrfs_tmp/$i"
-      done
-      btrfs subvolume delete "$1"
-    }
-
-    for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
-      delete_subvolume_recursively "$i"
-    done
-
-    btrfs subvolume create /btrfs_tmp/root
-    umount /btrfs_tmp
-  '';
-
-  fileSystems."/nix" = {
-    device = "/dev/disk/by-uuid/0e586651-36f4-42b0-99b3-3f0704a894d6";
-    fsType = "btrfs";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/F425-55BA";
-    fsType = "vfat";
-    options = ["fmask=0022" "dmask=0022"];
-  };
-
-  swapDevices = [];
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

machines/173-249-5-230/machine.nix

@@ -1,10 +0,0 @@
-{
-  hostname = "173-249-5-230";
-  usernames = ["mtgmonkey"];
-  system = "x86_64-linux";
-  configuration = ./configuration.nix;
-  hardware-configuration = ./hardware-configuration.nix;
-  pub-keys = {
-    ssh = [];
-  };
-}

machines/_173-249-5-230/configuration.nix

@@ -1,5 +1,7 @@
 {
   config,
+  lib,
+  modulesPath,
   machine,
   ...
 }: {
@@ -38,8 +40,9 @@
       allowedTCPPorts = [80 443];
       allowedUDPPorts = [80 443];
     };
-    hostName = machine.hostname;
+    hostName = lib.strings.removePrefix "_" machine.hostname;
     domain = "";
+    useDHCP = true;
   };
   nix.settings = {
     experimental-features = [
@@ -73,6 +76,52 @@
     description = "mtgmonkey";
     hashedPasswordFile = builtins.toString config.age.secrets.secret2.path;
     extraGroups = ["wheel"];
-    openssh.authorizedKeys.keys = machine.pub-keys.ssh;
+    openssh.authorizedKeys.keys = [(import ../../pub-keys.nix).ssh.andromeda];
   };
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+  fileSystems."/" = {
+    device = "none";
+    fsType = "tmpfs";
+    options = ["defaults" "size=30%" "mode=755"];
+  };
+  boot.initrd.postResumeCommands = lib.mkAfter ''
+    mkdir /btrfs_tmp
+    mount ${config.fileSystems."/".device} /btrfs_tmp
+    if [[ -e /btrfs_tmp/root ]]; then
+      mkdir -p /btrfs_tmp/old_roots
+      timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:$M:%S")
+      mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
+    fi
+
+    delete_subvolume_recursively() {
+      IFS=$'\n'
+      for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+        delete_subvolume_recursively "/btrfs_tmp/$i"
+      done
+      btrfs subvolume delete "$1"
+    }
+
+    for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
+      delete_subvolume_recursively "$i"
+    done
+
+    btrfs subvolume create /btrfs_tmp/root
+    umount /btrfs_tmp
+  '';
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/6b481376-9716-4559-946b-62097c2380f1";
+    fsType = "ext4";
+  };
+  fileSystems."/efi" = {
+    device = "systemd-1";
+    fsType = "autofs";
+  };
+  swapDevices = [];
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }

machines/laptop/hardware-configuration.nix

@@ -1,75 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "sdhci_pci"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
-
-  fileSystems."/" = {
-    #device = "none";
-    #fsType = "tmpfs";
-    #options = ["defaults" "size=60%" "mode=755"];
-    device = "/dev/disk/by-uuid/5455cfb4-0efd-4f55-b496-d2cab3f419b7";
-    fsType = "btrfs";
-    options = ["subvol=root"];
-  };
-
-  boot.initrd.postResumeCommands = lib.mkAfter ''
-    mkdir /btrfs_tmp
-    mount ${config.fileSystems."/".device} /btrfs_tmp
-    if [[ -e /btrfs_tmp/root ]]; then
-      mkdir -p /btrfs_tmp/old_roots
-      timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:$M:%S")
-      mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
-    fi
-
-    delete_subvolume_recursively() {
-      IFS=$'\n'
-      for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
-        delete_subvolume_recursively "/btrfs_tmp/$i"
-      done
-      btrfs subvolume delete "$1"
-    }
-
-    for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
-      delete_subvolume_recursively "$i"
-    done
-
-    btrfs subvolume create /btrfs_tmp/root
-    mkdir /btrfs_tmp/root/nix
-    mkdir /btrfs_tmp/root/etc
-    mount ${config.fileSystems."/nix".device} /btrfs_tmp/root/nix
-    cp /btrfs_tmp/root/nix/persist/etc/ssh /btrfs_tmp/root/etc/ssh -r
-    umount /btrfs_tmp/root/nix
-    rm -r /btrfs_tmp/root/nix
-    umount /btrfs_tmp
-  '';
-
-  fileSystems."/nix" = {
-    device = "/dev/disk/by-uuid/0e586651-36f4-42b0-99b3-3f0704a894d6";
-    fsType = "btrfs";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/F425-55BA";
-    fsType = "vfat";
-    options = ["fmask=0022" "dmask=0022"];
-  };
-
-  swapDevices = [];
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

machines/laptop/machine.nix

@@ -1,8 +0,0 @@
-{
-  hostname = "lenovo";
-  usernames = ["andromeda" "mtgmonkey"];
-  system = "x86_64-linux";
-  configuration = ./configuration.nix;
-  hardware-configuration = ./hardware-configuration.nix;
-  pub-keys.ssh = [];
-}

machines/lenovo/configuration.nix

@@ -1,6 +1,8 @@
 {
   config,
   lib,
+  pkgs,
+  modulesPath,
   machine,
   ...
 }: {
@@ -111,4 +113,68 @@
       "wheel"
     ];
   };
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "sdhci_pci"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    #device = "none";
+    #fsType = "tmpfs";
+    #options = ["defaults" "size=60%" "mode=755"];
+    device = "/dev/disk/by-uuid/5455cfb4-0efd-4f55-b496-d2cab3f419b7";
+    fsType = "btrfs";
+    options = ["subvol=root"];
+  };
+
+  boot.initrd.postResumeCommands = lib.mkAfter ''
+    mkdir /btrfs_tmp
+    mount ${config.fileSystems."/".device} /btrfs_tmp
+    if [[ -e /btrfs_tmp/root ]]; then
+      mkdir -p /btrfs_tmp/old_roots
+      timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:$M:%S")
+      mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
+    fi
+
+    delete_subvolume_recursively() {
+      IFS=$'\n'
+      for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+        delete_subvolume_recursively "/btrfs_tmp/$i"
+      done
+      btrfs subvolume delete "$1"
+    }
+
+    for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
+      delete_subvolume_recursively "$i"
+    done
+
+    btrfs subvolume create /btrfs_tmp/root
+    mkdir /btrfs_tmp/root/nix
+    mkdir /btrfs_tmp/root/etc
+    mount ${config.fileSystems."/nix".device} /btrfs_tmp/root/nix
+    cp /btrfs_tmp/root/nix/persist/etc/ssh /btrfs_tmp/root/etc/ssh -r
+    umount /btrfs_tmp/root/nix
+    rm -r /btrfs_tmp/root/nix
+    umount /btrfs_tmp
+  '';
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/0e586651-36f4-42b0-99b3-3f0704a894d6";
+    fsType = "btrfs";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/F425-55BA";
+    fsType = "vfat";
+    options = ["fmask=0022" "dmask=0022"];
+  };
+
+  swapDevices = [];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

pub-keys.nix

@@ -0,0 +1,6 @@
+{
+  ssh = {
+    andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo";
+    lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo";
+  };
+}

secrets/secrets.nix

@@ -1,6 +1,7 @@
 let
-  andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo";
-  lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo";
+  pub-keys = import ../pub-keys.nix;
+  andromeda = pub-keys.ssh.andromeda;
+  lenovo = pub-keys.ssh.lenovo;
 in {
   "secret0.age".publicKeys = [andromeda lenovo];
   "secret1.age".publicKeys = [andromeda lenovo];