move user and additional module handling into flake.nix

flake.nix

@@ -63,23 +63,66 @@
     }:
     let
       devices = {
-        vinzenz-lpt2 = "x86_64-linux";
+        vinzenz-lpt2 = {
-        vinzenz-pc2 = "x86_64-linux";
+          system = "x86_64-linux";
-        ronja-pc = "x86_64-linux";
+          additional-modules = [
-        hetzner-vpn2 = "aarch64-linux";
+            self.nixosModules.user-vinzenz
-        forgejo-runner-1 = "aarch64-linux";
+
+            self.nixosModules.gnome
+            self.nixosModules.wine-gaming
+            self.nixosModules.steam
+            self.nixosModules.printing
+            self.nixosModules.podman
+            self.nixosModules.vinzenz-desktop-settings
+            self.nixosModules.intel-graphics
+          ];
+          home-manager-users = {
+            inherit (self.homeConfigurations) vinzenz;
+          };
+        };
+        vinzenz-pc2 = {
+          system = "x86_64-linux";
+          additional-modules = [
+            self.nixosModules.user-vinzenz
+            self.nixosModules.user-ronja
+
+            self.nixosModules.gnome
+            self.nixosModules.wine-gaming
+            self.nixosModules.steam
+            self.nixosModules.printing
+            self.nixosModules.podman
+            self.nixosModules.vinzenz-desktop-settings
+            self.nixosModules.amd-graphics
+          ];
+          home-manager-users = {
+            inherit (self.homeConfigurations) vinzenz ronja;
+          };
+        };
+        ronja-pc = {
+          system = "x86_64-linux";
+          additional-modules = [
+            self.nixosModules.user-ronja
+
+            self.nixosModules.gnome
+            self.nixosModules.steam
+            self.nixosModules.wine-gaming
+            self.nixosModules.vinzenz-desktop-settings
+          ];
+          home-manager-users = {
+            inherit (self.homeConfigurations) ronja;
+          };
+        };
+        hetzner-vpn2 = {
+          system = "aarch64-linux";
+        };
+        forgejo-runner-1 = {
+          system = "aarch64-linux";
+          additional-modules = [ self.nixosModules.podman ];
+        };
       };
-      homeDevices = [
-        "vinzenz-lpt2"
-        "vinzenz-pc2"
-        "ronja-pc"
-      ];
       lib = nixpkgs.lib;
-      forDevice = f: lib.mapAttrs f devices;
+      forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices;
-      supported-systems = [
+      supported-systems = lib.attrsets.mapAttrsToList (k: v: v.system) devices;
-        "x86_64-linux"
-        "aarch64-linux"
-      ];
       forAllSystems =
         f:
         lib.genAttrs supported-systems (
@@ -101,20 +144,21 @@
       };
 
       nixosConfigurations = forDevice (
-        device: system:
+        {
+          device,
+          system,
+          home-manager-users ? { },
+          additional-modules ? [ ],
+        }:
         let
-          commonSpecialArgs = {
+          specialArgs = {
             inherit device;
             vinzenzHomeModules = self.homeModules;
             vinzenzLib = self.lib;
           };
         in
         nixpkgs.lib.nixosSystem {
-          inherit system;
+          inherit system specialArgs;
-          specialArgs = commonSpecialArgs // {
-            vinzenzNixosModules = self.nixosModules;
-            vinzenzHomeConfigurations = self.homeConfigurations;
-          };
           modules = [
             {
               networking.hostName = device;
@@ -134,6 +178,7 @@
               nix.settings.experimental-features = [
                 "nix-command"
                 "flakes"
+                "repl-flake"
               ];
 
               documentation = {
@@ -144,6 +189,7 @@
 
             ./nixosConfigurations/${device}
 
+            self.nixosModules.default
             self.nixosModules.lix-is-nix
             self.nixosModules.globalinstalls
             self.nixosModules.autoupdate
@@ -155,10 +201,10 @@
 
             zerforschen-plus.nixosModules.default
           ]
-          ++ (nixpkgs.lib.optionals (builtins.elem device homeDevices) [
+          ++ (nixpkgs.lib.optionals (home-manager-users != { }) [
             {
               home-manager = {
-                extraSpecialArgs = commonSpecialArgs;
+                extraSpecialArgs = specialArgs;
                 useGlobalPkgs = true;
                 useUserPackages = true;
               };
@@ -174,6 +220,8 @@
                 self.homeModules.nano
                 self.homeModules.gnome-extensions
               ];
+
+              home-manager.users = home-manager-users;
             }
 
             self.nixosModules.pkgs-unstable
@@ -190,7 +238,8 @@
             home-manager.nixosModules.home-manager
             servicepoint-simulator.nixosModules.default
             servicepoint-cli.nixosModules.default
-          ]);
+          ])
+          ++ additional-modules;
         }
       );
 
@@ -214,6 +263,10 @@
         pkgs-vscode-extensions = {
           nixpkgs.overlays = [ nix-vscode-extensions.overlays.default ];
         };
+        # required modules to use other modules, should not do anything on their own
+        default = {
+          imports = [ self.nixosModules.allowed-unfree-list ];
+        };
       };
 
       homeModules = self.lib.importDir ./homeModules;

homeConfigurations/ronja/configuration.nix

@@ -1,60 +0,0 @@
-{ config, pkgs, ... }:
-{
-  config = {
-    home.packages = with pkgs; [
-      ## Apps
-      telegram-desktop
-      kdiff3
-    ];
-
-    programs = {
-      home-manager.enable = true;
-
-      zsh = {
-        history = {
-          size = 10000;
-          path = "${config.xdg.dataHome}/zsh/history";
-          expireDuplicatesFirst = true;
-        };
-
-        oh-my-zsh = {
-          enable = true;
-          theme = "agnoster";
-          plugins = [
-            "git"
-            "sudo"
-            "systemadmin"
-          ];
-        };
-        shellAliases = {
-          myos-update = ''echo "Enter sudo password" && sudo nixos-rebuild boot --flake git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git --show-trace --log-format internal-json -v |& ${pkgs.nix-output-monitor}/bin/nom --json'';
-          myos-apply = ''echo "Enter sudo password" && sudo nixos-rebuild switch --flake .# --show-trace --log-format internal-json -v |& ${pkgs.nix-output-monitor}/bin/nom --json'';
-        };
-      };
-
-      git = {
-        userName = "Ronja Spiegelberg";
-        userEmail = "ronja.spiegelberg@gmail.com";
-
-        extraConfig = {
-          pull.ff = "only";
-          merge.tool = "kdiff3";
-        };
-      };
-
-      chromium = {
-        enable = true;
-        extensions = [
-          {
-            # ublock origin
-            id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";
-          }
-          {
-            id = "dcpihecpambacapedldabdbpakmachpb";
-            updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml";
-          }
-        ];
-      };
-    };
-  };
-}

homeConfigurations/ronja/default.nix

@@ -1,25 +1,61 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 {
+  imports = [ ./vscode.nix ];
   config = {
-    # Define user account
+    home.packages = with pkgs; [
-    users.users.ronja = {
+      ## Apps
-      isNormalUser = true;
+      telegram-desktop
-      name = "ronja";
+      kdiff3
-      description = "Ronja";
-      home = "/home/ronja";
-      extraGroups = [
-        "networkmanager"
-        "wheel"
-        "games"
-        "podman"
-        "openvscode-server"
-      ];
-      shell = pkgs.zsh;
-    };
-
-    home-manager.users.ronja.imports = [
-      ./configuration.nix
-      ./vscode.nix
     ];
+
+    programs = {
+      home-manager.enable = true;
+
+      zsh = {
+        history = {
+          size = 10000;
+          path = "${config.xdg.dataHome}/zsh/history";
+          expireDuplicatesFirst = true;
+        };
+
+        oh-my-zsh = {
+          enable = true;
+          theme = "agnoster";
+          plugins = [
+            "git"
+            "sudo"
+            "systemadmin"
+          ];
+        };
+        shellAliases = {
+          myos-update = ''echo "Enter sudo password" && sudo nixos-rebuild boot --flake git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git --show-trace --log-format internal-json -v |& ${pkgs.nix-output-monitor}/bin/nom --json'';
+          myos-apply = ''echo "Enter sudo password" && sudo nixos-rebuild switch --flake .# --show-trace --log-format internal-json -v |& ${pkgs.nix-output-monitor}/bin/nom --json'';
+        };
+      };
+
+      git = {
+        userName = "Ronja Spiegelberg";
+        userEmail = "ronja.spiegelberg@gmail.com";
+
+        extraConfig = {
+          pull.ff = "only";
+          merge.tool = "kdiff3";
+        };
+      };
+
+      chromium = {
+        enable = true;
+        extensions = [
+          {
+            # ublock origin
+            id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";
+          }
+          {
+            id = "dcpihecpambacapedldabdbpakmachpb";
+            updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml";
+          }
+        ];
+      };
+    };
   };
 }

homeConfigurations/vinzenz/default.nix

@@ -1,51 +1,15 @@
-{ pkgs, ... }:
 {
-  config = {
+  imports = [
-    users.users.vinzenz = {
+    ./configuration.nix
-      isNormalUser = true;
+    ./editorconfig.nix
-      name = "vinzenz";
+    ./fuzzel.nix
-      description = "Vinzenz";
+    ./git.nix
-      home = "/home/vinzenz";
+    ./gnome.nix
-      extraGroups = [
+    #./niri.nix
-        "networkmanager"
+    ./ssh.nix
-        "wheel"
+    ./swaylock.nix
-        "games"
+    ./vscode.nix
-        "dialout"
+    ./waybar.nix
-        "podman"
+    ./zsh.nix
-        "nginx"
+  ];
-        "adbusers"
-        "kvm"
-        "input"
-        "video"
-      ];
-      shell = pkgs.zsh;
-      autoSubUidGidRange = true;
-    };
-
-    nix.settings.trusted-users = [ "vinzenz" ];
-
-    home-manager.users.vinzenz.imports = [
-      ./configuration.nix
-      ./editorconfig.nix
-      ./fuzzel.nix
-      ./git.nix
-      ./gnome.nix
-      #./niri.nix
-      ./ssh.nix
-      ./swaylock.nix
-      ./vscode.nix
-      ./waybar.nix
-      ./zsh.nix
-    ];
-
-    allowedUnfreePackages = [
-      "rider"
-      "pycharm-professional"
-      "jetbrains-toolbox"
-
-      "anydesk"
-
-      "vscode-extension-ms-dotnettools-csharp"
-    ];
-  };
 }

nixosConfigurations/forgejo-runner-1/default.nix

@@ -1,10 +1,7 @@
-{ vinzenzNixosModules, ... }:
 {
   imports = [
     ./configuration.nix
     ./hardware.nix
-
-    vinzenzNixosModules.podman
     ./forgejo-runner.nix
   ];
 }

nixosConfigurations/ronja-pc/default.nix

@@ -1,14 +1,6 @@
-{ vinzenzNixosModules, vinzenzHomeConfigurations, ... }:
 {
   imports = [
     ./configuration.nix
     ./hardware.nix
-
-    vinzenzNixosModules.gnome
-    vinzenzNixosModules.steam
-    vinzenzNixosModules.wine-gaming
-    vinzenzNixosModules.vinzenz-desktop-settings
-
-    vinzenzHomeConfigurations.ronja
   ];
 }

nixosConfigurations/vinzenz-lpt2/default.nix

@@ -1,17 +1,6 @@
-{ vinzenzNixosModules, vinzenzHomeConfigurations, ... }:
 {
   imports = [
     ./configuration.nix
     ./hardware.nix
-
-    vinzenzNixosModules.gnome
-    vinzenzNixosModules.wine-gaming
-    vinzenzNixosModules.steam
-    vinzenzNixosModules.printing
-    vinzenzNixosModules.podman
-    vinzenzNixosModules.vinzenz-desktop-settings
-
-    vinzenzHomeConfigurations.vinzenz
-    vinzenzHomeConfigurations.ronja
   ];
 }

nixosConfigurations/vinzenz-lpt2/hardware.nix

@@ -1,64 +1,56 @@
+{ pkgs, lib, ... }:
 {
-  vinzenzNixosModules,
+  # intel cpu
-  pkgs,
+  boot.kernelModules = [
-  lib,
+    "kvm-intel"
-  ...
+    "xe"
-}:
+  ];
-{
-  imports = [ vinzenzNixosModules.intel-graphics ];
-  config = {
-    # intel cpu
-    boot.kernelModules = [
-      "kvm-intel"
-      "xe"
-    ];
 
-    networking = {
+  networking = {
-      networkmanager.enable = true;
+    networkmanager.enable = true;
-      useDHCP = lib.mkDefault true;
+    useDHCP = lib.mkDefault true;
-    };
+  };
 
-    boot = {
+  boot = {
-      kernelPackages = pkgs.linuxPackages_zen;
+    kernelPackages = pkgs.linuxPackages_zen;
+    supportedFilesystems = [ "btrfs" ];
+    initrd = {
       supportedFilesystems = [ "btrfs" ];
-      initrd = {
+      availableKernelModules = [
-        supportedFilesystems = [ "btrfs" ];
+        "xhci_pci"
-        availableKernelModules = [
+        "thunderbolt"
-          "xhci_pci"
+        "nvme"
-          "thunderbolt"
+      ];
-          "nvme"
+      luks.devices = {
-        ];
+        "luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = {
-        luks.devices = {
+          device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3";
-          "luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = {
-            device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3";
-          };
         };
       };
     };
+  };
 
-    fileSystems = {
+  fileSystems = {
-      "/" = {
+    "/" = {
-        device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e";
+      device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e";
-        fsType = "btrfs";
+      fsType = "btrfs";
-        options = [ "subvol=@" ];
+      options = [ "subvol=@" ];
-      };
-
-      "/boot" = {
-        device = "/dev/disk/by-uuid/E2B7-2BC1";
-        fsType = "vfat";
-      };
     };
 
-    swapDevices = [
+    "/boot" = {
-      {
+      device = "/dev/disk/by-uuid/E2B7-2BC1";
-        device = "/var/lib/swapfile";
+      fsType = "vfat";
-        size = 32 * 1024;
+    };
-      }
-    ];
-
-    services.thermald.enable = true;
-    services.hardware.bolt.enable = true; # thunderbolt security
-
-    hardware.bluetooth.enable = true;
   };
+
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 32 * 1024;
+    }
+  ];
+
+  services.thermald.enable = true;
+  services.hardware.bolt.enable = true; # thunderbolt security
+
+  hardware.bluetooth.enable = true;
 }

nixosConfigurations/vinzenz-pc2/default.nix

@@ -1,19 +1,8 @@
-{ vinzenzNixosModules, vinzenzHomeConfigurations, ... }:
 {
   imports = [
     ./configuration.nix
     ./hardware.nix
     ./vscode-server.nix
     ./hass.nix
-
-    vinzenzNixosModules.gnome
-    vinzenzNixosModules.wine-gaming
-    vinzenzNixosModules.steam
-    vinzenzNixosModules.printing
-    vinzenzNixosModules.podman
-    vinzenzNixosModules.vinzenz-desktop-settings
-
-    vinzenzHomeConfigurations.vinzenz
-    vinzenzHomeConfigurations.ronja
   ];
 }

nixosConfigurations/vinzenz-pc2/hardware.nix

@@ -1,38 +1,30 @@
+{ pkgs, lib, ... }:
 {
-  vinzenzNixosModules,
+  # amd cpu
-  pkgs,
+  boot.kernelModules = [ "kvm-amd" ];
-  lib,
-  ...
-}:
-{
-  imports = [ vinzenzNixosModules.amd-graphics ];
-  config = {
-    # amd cpu
-    boot.kernelModules = [ "kvm-amd" ];
 
-    boot = {
+  boot = {
-      initrd.availableKernelModules = [
+    initrd.availableKernelModules = [
-        "nvme"
+      "nvme"
-        "xhci_pci"
+      "xhci_pci"
-        "ahci"
+      "ahci"
-        "usbhid"
+      "usbhid"
-        "sd_mod"
+      "sd_mod"
-      ]; # "usb_storage"
+    ]; # "usb_storage"
-      kernelPackages = pkgs.linuxPackages_zen;
+    kernelPackages = pkgs.linuxPackages_zen;
-      supportedFilesystems = [ "btrfs" ];
+    supportedFilesystems = [ "btrfs" ];
-      initrd.supportedFilesystems = [ "btrfs" ];
+    initrd.supportedFilesystems = [ "btrfs" ];
-      loader.efi.efiSysMountPoint = "/boot";
+    loader.efi.efiSysMountPoint = "/boot";
-    };
-
-    fileSystems = import ./fstab.nix;
-    swapDevices = [ ];
-
-    networking = {
-      networkmanager.enable = true;
-      useDHCP = lib.mkDefault true;
-      interfaces.eno1.wakeOnLan.enable = true;
-    };
-
-    hardware.bluetooth.enable = true;
   };
+
+  fileSystems = import ./fstab.nix;
+  swapDevices = [ ];
+
+  networking = {
+    networkmanager.enable = true;
+    useDHCP = lib.mkDefault true;
+    interfaces.eno1.wakeOnLan.enable = true;
+  };
+
+  hardware.bluetooth.enable = true;
 }

nixosModules/allowed-unfree-list.nix

@@ -9,7 +9,9 @@
   config = {
     nixpkgs.config = {
       # https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085
-      allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.allowedUnfreePackages;
+      allowUnfreePredicate = lib.mkDefault (
+        pkg: builtins.elem (lib.getName pkg) config.allowedUnfreePackages
+      );
     };
   };
 }

nixosModules/intel-graphics.nix

@@ -1,7 +1,5 @@
-{ pkgs, vinzenzNixosModules, ... }:
+{ pkgs, ... }:
 {
-  imports = [ vinzenzNixosModules.allowed-unfree-list ];
-
   config = {
     hardware.graphics = {
       extraPackages = with pkgs; [

nixosModules/steam.nix

@@ -1,7 +1,4 @@
-{ vinzenzNixosModules, ... }:
 {
-  imports = [ vinzenzNixosModules.allowed-unfree-list ];
-
   hardware.steam-hardware.enable = true;
 
   programs = {

nixosModules/user-ronja.nix

@@ -0,0 +1,19 @@
+{ pkgs, ... }:
+{
+  users.users.ronja = {
+    isNormalUser = true;
+    name = "ronja";
+    description = "Ronja";
+    home = "/home/ronja";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+      "games"
+      "podman"
+      "openvscode-server"
+    ];
+    shell = pkgs.zsh;
+  };
+
+  nix.settings.trusted-users = [ "ronja" ];
+}

nixosModules/user-vinzenz.nix

@@ -0,0 +1,35 @@
+{ pkgs, ... }:
+{
+  users.users.vinzenz = {
+    isNormalUser = true;
+    name = "vinzenz";
+    description = "Vinzenz";
+    home = "/home/vinzenz";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+      "games"
+      "dialout"
+      "podman"
+      "nginx"
+      "adbusers"
+      "kvm"
+      "input"
+      "video"
+    ];
+    shell = pkgs.zsh;
+    autoSubUidGidRange = true;
+  };
+
+  nix.settings.trusted-users = [ "vinzenz" ];
+
+  allowedUnfreePackages = [
+    "rider"
+    "pycharm-professional"
+    "jetbrains-toolbox"
+
+    "anydesk"
+
+    "vscode-extension-ms-dotnettools-csharp"
+  ];
+}