feat: rework to modular

2026-04-10 17:25:08 +02:00
parent 28dad81816
commit 99658b27dc
39 changed files with 738 additions and 211 deletions
--- a/modules/base/core.nix
+++ b/modules/base/core.nix
@@ -0,0 +1,19 @@
+{ lib, pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    age
+    curl
+    fd
+    git
+    jq
+    just
+    ripgrep
+    sops
+  ];
+
+  programs.git = {
+    enable = true;
+    lfs.enable = true;
+    signing.format = lib.mkDefault "openpgp";
+  };
+}
--- a/modules/base/fonts.nix
+++ b/modules/base/fonts.nix
@@ -0,0 +1,11 @@
+{ lib, pkgs, ... }:
+let
+  jetbrainsMono = lib.attrByPath [ "nerd-fonts" "jetbrains-mono" ] null pkgs;
+in
+{
+  fonts.fontconfig.enable = pkgs.stdenv.isLinux;
+
+  home.packages = builtins.filter (pkg: pkg != null) [
+    jetbrainsMono
+  ];
+}
--- a/modules/base/nix.nix
+++ b/modules/base/nix.nix
@@ -0,0 +1,14 @@
+{ lib, pkgs, ... }:
+{
+  programs.home-manager.enable = true;
+
+  nix.package = lib.mkDefault pkgs.nix;
+
+  nix.settings = {
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    warn-dirty = false;
+  };
+}
--- a/modules/base/shell.nix
+++ b/modules/base/shell.nix
@@ -0,0 +1,20 @@
+{ ... }:
+{
+  programs.bash.enable = true;
+
+  programs.zsh = {
+    enable = true;
+    autocd = true;
+    enableCompletion = true;
+    shellAliases = {
+      l = "ls -CF";
+      la = "ls -A";
+      ll = "ls -alF";
+    };
+  };
+
+  programs.direnv = {
+    enable = true;
+    nix-direnv.enable = true;
+  };
+}
--- a/modules/dev/docker.nix
+++ b/modules/dev/docker.nix
@@ -0,0 +1,16 @@
+{ lib, pkgs, ... }:
+let
+  optionalPackage = path: lib.attrByPath path null pkgs;
+in
+{
+  home.packages = builtins.filter (pkg: pkg != null) (
+    [
+      (optionalPackage [ "docker-client" ])
+      (optionalPackage [ "docker-compose" ])
+      (optionalPackage [ "lazydocker" ])
+    ]
+    ++ lib.optionals pkgs.stdenv.isDarwin [
+      (optionalPackage [ "colima" ])
+    ]
+  );
+}
--- a/modules/dev/go.nix
+++ b/modules/dev/go.nix
@@ -0,0 +1,7 @@
+{ pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    go
+    gopls
+  ];
+}
--- a/modules/dev/node.nix
+++ b/modules/dev/node.nix
@@ -0,0 +1,10 @@
+{ lib, pkgs, ... }:
+let
+  nodejs = lib.attrByPath [ "nodejs_20" ] pkgs.nodejs pkgs;
+in
+{
+  home.packages = [
+    nodejs
+    pkgs.pnpm
+  ];
+}
--- a/modules/dev/rust.nix
+++ b/modules/dev/rust.nix
@@ -0,0 +1,13 @@
+{ lib, pkgs, ... }:
+let
+  optionalPackage = path: lib.attrByPath path null pkgs;
+in
+{
+  home.packages = builtins.filter (pkg: pkg != null) [
+    pkgs.cargo
+    pkgs.rustc
+    (optionalPackage [ "rust-analyzer" ])
+    (optionalPackage [ "rustfmt" ])
+    (optionalPackage [ "clippy" ])
+  ];
+}
--- a/modules/helpers/home.nix
+++ b/modules/helpers/home.nix
@@ -1,6 +0,0 @@
-{ pkgs, deployment, ... }:
-{
-  home.packages = [
-    deployment.packages.${pkgs.system}.nodeiwest-helper
-  ];
-}
--- a/modules/home.nix
+++ b/modules/home.nix
@@ -1,19 +1,9 @@
-{ pkgs, lib, ... }:
+{ pkgs, ... }:
 {
-  imports = [ ./helpers/home.nix ];
-
-  # Company env vars — available in all shells
-  home.sessionVariables = {
-    BAO_ADDR = "https://secrets.api.nodeiwest.se";
-    SOME_REGISTRY = "git.dgren.dev";
-    # etc.
-  };
-
-  home.packages = with pkgs; [
-    # Tools every dev needs
-    openbao
-    colmena
-    # etc.
-    sops
+  imports = [
+    ../profiles/minimal.nix
+    ./secrets/openbao.nix
  ];
+
+  home.packages = [ pkgs.colmena ];
 }
--- a/modules/optional/devtools.nix
+++ b/modules/optional/devtools.nix
@@ -0,0 +1,11 @@
+{ lib, pkgs, ... }:
+let
+  optionalPackage = path: lib.attrByPath path null pkgs;
+in
+{
+  home.packages = builtins.filter (pkg: pkg != null) [
+    (optionalPackage [ "nil" ])
+    (optionalPackage [ "nixd" ])
+    (optionalPackage [ "nixfmt" ])
+  ];
+}
--- a/modules/optional/gui.nix
+++ b/modules/optional/gui.nix
@@ -0,0 +1,9 @@
+{ lib, pkgs, ... }:
+let
+  wezterm = lib.attrByPath [ "wezterm" ] null pkgs;
+in
+{
+  home.packages = builtins.filter (pkg: pkg != null) [
+    wezterm
+  ];
+}
--- a/modules/optional/homebrew.nix
+++ b/modules/optional/homebrew.nix
@@ -0,0 +1,6 @@
+{ ... }:
+{
+  # Intentionally empty. This is the seam downstream workstations can use to
+  # compose nix-homebrew or Homebrew-specific activation without coupling it
+  # into the shared base roles.
+}
--- a/modules/roles/backend.nix
+++ b/modules/roles/backend.nix
@@ -0,0 +1,13 @@
+{ ... }:
+{
+  imports = [
+    ./minimal.nix
+    ../dev/node.nix
+    ../dev/go.nix
+    ../dev/docker.nix
+    ../services/ssh.nix
+    ../services/gpg.nix
+    ../secrets/openbao.nix
+    ../optional/devtools.nix
+  ];
+}
--- a/modules/roles/frontend.nix
+++ b/modules/roles/frontend.nix
@@ -0,0 +1,11 @@
+{ ... }:
+{
+  imports = [
+    ./minimal.nix
+    ../base/fonts.nix
+    ../dev/node.nix
+    ../services/gpg.nix
+    ../optional/devtools.nix
+    ../optional/gui.nix
+  ];
+}
--- a/modules/roles/infra.nix
+++ b/modules/roles/infra.nix
@@ -0,0 +1,15 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./minimal.nix
+    ../dev/go.nix
+    ../dev/docker.nix
+    ../services/ssh.nix
+    ../services/tailscale.nix
+    ../services/gpg.nix
+    ../secrets/openbao.nix
+    ../optional/devtools.nix
+  ];
+
+  home.packages = [ pkgs.colmena ];
+}
--- a/modules/roles/minimal.nix
+++ b/modules/roles/minimal.nix
@@ -0,0 +1,9 @@
+{ ... }:
+{
+  imports = [
+    ../base/nix.nix
+    ../base/core.nix
+    ../base/shell.nix
+    ../secrets/env.nix
+  ];
+}
--- a/modules/secrets/env.nix
+++ b/modules/secrets/env.nix
@@ -0,0 +1,7 @@
+{ lib, ... }:
+let
+  defaults = import ../../lib/defaults.nix { inherit lib; };
+in
+{
+  home.sessionVariables = defaults.companySessionVariables;
+}
--- a/modules/secrets/openbao.nix
+++ b/modules/secrets/openbao.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+  imports = [ ./env.nix ];
+
+  home.packages = [ pkgs.openbao ];
+}
--- a/modules/services/gpg.nix
+++ b/modules/services/gpg.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  programs.gpg.enable = true;
+
+  services.gpg-agent = {
+    enable = true;
+    enableBashIntegration = true;
+    enableZshIntegration = true;
+    pinentry.package = pkgs.pinentry-curses;
+  };
+}
--- a/modules/services/ssh.nix
+++ b/modules/services/ssh.nix
@@ -0,0 +1,22 @@
+{ lib, ... }:
+{
+  programs.ssh = {
+    enable = true;
+    enableDefaultConfig = false;
+
+    matchBlocks."*" = {
+      addKeysToAgent = lib.mkDefault "yes";
+      compression = lib.mkDefault false;
+      controlMaster = lib.mkDefault "no";
+      controlPath = lib.mkDefault "~/.ssh/master-%r@%n:%p";
+      controlPersist = lib.mkDefault "no";
+      forwardAgent = lib.mkDefault true;
+      hashKnownHosts = lib.mkDefault false;
+      serverAliveCountMax = lib.mkDefault 3;
+      serverAliveInterval = lib.mkDefault 0;
+      userKnownHostsFile = lib.mkDefault "~/.ssh/known_hosts";
+    };
+  };
+
+  services.ssh-agent.enable = true;
+}
--- a/modules/services/tailscale.nix
+++ b/modules/services/tailscale.nix
@@ -0,0 +1,9 @@
+{ lib, pkgs, ... }:
+let
+  tailscale = lib.attrByPath [ "tailscale" ] null pkgs;
+in
+{
+  home.packages = builtins.filter (pkg: pkg != null) [
+    tailscale
+  ];
+}