more trimming and tidying

hosts/hetzner-arm/containers/jellyfin/default.nix

@@ -1,15 +1,17 @@
 {
   self,
-  hostPath,
   tree,
   inputs,
   pkgs,
   config,
+  lib,
   ...
 }: let
+  inherit (lib.lists) flatten;
+
   containerName = "jellyfin";
 
-  containerAddresses = import "${hostPath}/data/containerAddresses.nix";
+  containerAddresses = import "../../data/containerAddresses.nix";
 
   hostIP = containerAddresses.host;
   containerIP = containerAddresses.containers.${containerName};
@@ -43,21 +45,21 @@ in {
       inherit inputs;
       inherit tree;
       inherit self;
-      inherit hostPath;
     };
 
     config = {...}: {
       nixpkgs.pkgs = pkgs;
 
-      imports = with tree;
-        [
+      imports = flatten (with tree; [
         presets.nixos.containerBase
-          ./secrets.nix
-        ]
-        ++ (with hosts.hetzner-arm.containers.jellyfin.profiles; [
+
+        (with hosts.hetzner-arm.containers.jellyfin.profiles; [
           mediaMount
           jellyfin
           restic
+        ])
+
+        ./secrets.nix
       ]);
 
       home-manager.users.root.home.stateVersion = "24.05";

hosts/hetzner-arm/containers/mail/default.nix

@@ -5,10 +5,10 @@
   inputs,
   config,
   pkgs,
-  hostPath,
   ...
 }: let
   inherit (lib.modules) mkMerge mkForce;
+  inherit (lib.lists) flatten;
 
   ports = [
     # SMTP
@@ -44,23 +44,22 @@ in {
       inherit inputs;
       inherit tree;
       inherit self;
-      inherit hostPath;
     };
 
     config = {...}: {
       nixpkgs.pkgs = pkgs;
 
-      imports = with tree;
-        [
+      imports = flatten (with tree; [
         presets.nixos.containerBase
 
-          ./secrets.nix
-        ]
-        ++ (with hosts.hetzner-arm.containers.mail; [
+        (with hosts.hetzner-arm.containers.mail; [
           modules.mailserver
 
           profiles.mailserver
           profiles.restic
+        ])
+
+        ./secrets.nix
       ]);
 
       systemd.tmpfiles.rules = [

hosts/hetzner-arm/containers/storage/default.nix

@@ -1,6 +1,5 @@
 {
   self,
-  hostPath,
   tree,
   lib,
   inputs,
@@ -8,8 +7,9 @@
   ...
 }: let
   inherit (lib.attrsets) attrValues;
+  inherit (lib.lists) flatten;
 
-  containerAddresses = import "${hostPath}/data/containerAddresses.nix";
+  containerAddresses = import "../../data/containerAddresses.nix";
   hostIP = containerAddresses.host;
   containerIP = containerAddresses.containers.storage;
 
@@ -47,26 +47,27 @@ in {
       inherit inputs;
       inherit tree;
       inherit self;
-      inherit hostPath;
     };
 
     config = {...}: {
       nixpkgs.pkgs = pkgs;
 
-      imports = with tree;
-        [
+      imports = flatten (with tree; [
         presets.nixos.containerBase
-          ./secrets.nix
-        ]
-        ++ (with hosts.hetzner-arm.containers.storage.profiles; [
+
+        (with hosts.hetzner-arm.containers.storage.profiles; [
           rcloneConfigs
           rcloneServe
           rcloneSync
           users
+        ])
+
+        ./secrets.nix
       ]);
 
       environment.systemPackages = with pkgs; [
         rclone
+
         fuse
         fuse3
       ];

hosts/hetzner-arm/hetzner-arm.nix

@@ -3,25 +3,24 @@
   lib,
   ...
 }: let
-  inherit (lib.lists) forEach;
+  inherit (lib.lists) forEach flatten;
 in {
-  imports = with tree;
-    [
-      presets.nixos.serverBase
-      presets.nixos.serverHetzner
-      presets.nixos.serverEncryptedDrive
+  imports = flatten (with tree; [
+    (with tree.presets.nixos; [
+      serverBase
+      serverHetzner
+      serverEncryptedDrive
+    ])
 
     profiles.nixos.nginx
 
-      ./hardware.nix
-      ./secrets.nix
-    ]
-    ++ (forEach [
+    (forEach [
       "storage"
       "mail"
       "jellyfin"
     ] (name: ./containers + "/${name}"))
-    ++ (with hosts.hetzner-arm.profiles; [
+
+    (with hosts.hetzner-arm.profiles; [
       staticSites
       gotosocial
       forgejo
@@ -29,6 +28,10 @@ in {
       radicale
       vault
       restic
+    ])
+
+    ./hardware.nix
+    ./secrets.nix
   ]);
 
   # TODO: environment.noXlibs = true;

hosts/lappy-t495/lappy-t495.nix

@@ -25,6 +25,7 @@ in {
     ])
 
     ./secrets.nix
+    ./hardware.nix
   ]);
 
   home-manager.users.root.home.stateVersion = "24.05";

hosts/nixos-live/nixos-live.nix

@@ -1,49 +0,0 @@
-{
-  config,
-  tree,
-  modulesPath,
-  lib,
-  ...
-}: let
-  inherit (lib.modules) mkForce;
-in {
-  imports = with tree; [
-    (modulesPath + "/installer/cd-dvd/installation-cd-graphical-gnome.nix")
-    (modulesPath + "/installer/cd-dvd/channel.nix")
-
-    users.root
-    profiles.base
-    profiles.sshd
-    profiles.connectivity.iOS
-    profiles.connectivity.networkManager
-  ];
-
-  # disable zfs
-  nixpkgs.overlays = [
-    (_final: super: {
-      zfs = super.zfs.overrideAttrs (_: {
-        meta.platforms = [];
-      });
-    })
-  ];
-
-  networking.wireless.enable = mkForce false;
-
-  nixpkgs.config.allowBroken = true;
-
-  home-manager.users.root = {
-    imports = with tree; [home.base home.dev];
-  };
-
-  home-manager.users.nixos = {
-    imports = with tree; [home.base home.dev];
-  };
-
-  isoImage = {
-    isoBaseName = "nixos-chaos";
-    compressImage = false;
-    squashfsCompression = "zstd -Xcompression-level 1";
-  };
-
-  services.openssh.settings.PermitRootLogin = mkForce "yes";
-}

hosts/nixos.nix

@@ -38,58 +38,18 @@
   ];
 
   nixosUnstableSystem = nixpkgs-unstable.lib.nixosSystem;
-
-  nixosX86_64LiveWithExtraDepsForMachines = machines:
-    nixosUnstableSystem {
-      specialArgs =
-        defaultSpecialArgs
-        // {
-          hostPath = ./nixos-live;
-        };
-      system = "x86_64-linux";
-      modules =
-        defaultModules
-        ++ [
-          ./nixos-live/nixos-live.nix
-          ({...}: {
-            system.extraDependencies =
-              forEach machines (system:
-                self.nixosConfigurations.${system}.config.system.build.toplevel);
-          })
-        ];
-    };
 in rec {
   lappy-t495 = nixosUnstableSystem {
     specialArgs =
-      defaultSpecialArgs
-      // {
-        hostPath = ./lappy-t495;
-      };
+      defaultSpecialArgs;
     system = "x86_64-linux";
-    modules = defaultModules ++ [./lappy-t495/lappy-t495.nix ./lappy-t495/hardware.nix];
+    modules = defaultModules ++ [./lappy-t495/lappy-t495.nix];
   };
 
   hetzner-arm = nixosUnstableSystem {
     specialArgs =
-      defaultSpecialArgs
-      // {
-        hostPath = ./hetzner-arm;
-      };
+      defaultSpecialArgs;
     system = "aarch64-linux";
     modules = defaultModules ++ [./hetzner-arm/hetzner-arm.nix];
   };
-
-  # nix build .#nixosConfigurations.nixos-live-x86_64.config.system.build.isoImage
-  nixos-live-x86_64 = nixosX86_64LiveWithExtraDepsForMachines ["lappy-t495"];
-
-  # nix --no-sandbox build .#nixosConfigurations.raspberry.config.system.build.sdImage
-  raspberry = nixosUnstableSystem {
-    specialArgs =
-      defaultSpecialArgs
-      // {
-        hostPath = ./raspberry;
-      };
-    system = "aarch64-linux";
-    modules = defaultModules ++ [./raspberry/raspberry.nix];
-  };
 }

hosts/raspberry/boot.nix

@@ -1,65 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  modulesPath,
-  ...
-}: let
-  inherit (lib.modules) mkForce mkDefault;
-  inherit (builtins) toFile;
-in {
-  imports = [
-    (modulesPath + "/installer/sd-card/sd-image.nix")
-  ];
-
-  boot = {
-    supportedFilesystems = mkForce ["vfat"];
-    consoleLogLevel = mkDefault 7;
-    kernelParams = ["console=tty0"];
-    loader = {
-      grub.enable = false;
-      generic-extlinux-compatible.enable = true;
-    };
-  };
-
-  sdImage = {
-    compressImage = mkForce false;
-    populateFirmwareCommands = let
-      configTxt = toFile "config.txt" ''
-        [pi3]
-        kernel=u-boot-rpi3.bin
-        [pi4]
-        kernel=u-boot-rpi4.bin
-        enable_gic=1
-        armstub=armstub8-gic.bin
-        # Otherwise the resolution will be weird in most cases, compared to
-        # what the pi3 firmware does by default.
-        disable_overscan=1
-        [all]
-        # Boot in 64-bit mode.
-        arm_64bit=1
-        # U-Boot needs this to work, regardless of whether UART is actually used or not.
-        # Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
-        # a requirement in the future.
-        enable_uart=1
-        # Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
-        # when attempting to show low-voltage or overtemperature warnings.
-        avoid_warnings=1
-      '';
-    in ''
-      (cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
-      # Add the config
-      cp ${configTxt} firmware/config.txt
-      # Add pi3 specific files
-      cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
-      # Add pi4 specific files
-      cp ${pkgs.ubootRaspberryPi4_64bit}/u-boot.bin firmware/u-boot-rpi4.bin
-      cp ${pkgs.raspberrypi-armstubs}/armstub8-gic.bin firmware/armstub8-gic.bin
-      cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-4-b.dtb firmware/
-    '';
-    populateRootCommands = ''
-      mkdir -p ./files/boot
-      ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
-    '';
-  };
-}

hosts/raspberry/raspberry.nix

@@ -1,19 +0,0 @@
-{tree, ...}: {
-  imports = with tree;
-    [
-      presets.nixos.serverBase
-
-      ./secrets.nix
-      ./boot.nix
-    ]
-    ++ (with hosts.raspberry.profiles; []);
-
-  networking.enableIPv6 = true;
-  networking.useDHCP = true;
-
-  networking.hostName = "raspberry";
-  time.timeZone = "Europe/London";
-
-  home-manager.users.root.home.stateVersion = "24.05";
-  system.stateVersion = "24.05";
-}

hosts/raspberry/secrets.nix

@@ -1,18 +0,0 @@
-{...}: {
-  services.secrets = {
-    enable = true;
-
-    vaultLogin = {
-      enable = true;
-      loginUsername = "raspberry";
-    };
-
-    requiredVaultPaths = [];
-
-    secrets = {
-      vault_password = {
-        manual = true;
-      };
-    };
-  };
-}

profiles/home-manager/base/ssh-aliases.nix

@@ -9,7 +9,7 @@ in {
           user = "root";
           hostname = "${hostname}.servers.genderfucked.monster";
         };
-      }) ["hetzner-arm" "hetzner-arm-decrypt" "vault" "vault-decrypt" "raspberry"]))
+      }) ["hetzner-arm" "hetzner-arm-decrypt"]))
       {
         "blahaj" = {
           user = "chaos";

profiles/nixos/base/home.nix

@@ -19,6 +19,7 @@ in {
       };
     });
   };
+  
   config = {
     home-manager = {
       useGlobalPkgs = true;

scripts/deploy/raspberry.sh

@@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-
-SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
-cd $SCRIPT_DIR
-cd $(git rev-parse --show-toplevel)
-
-DEFAULT_HOST="root@raspberry.servers.genderfucked.monster"
-TARGET_HOST=${HOST:-${DEFAULT_HOST}}
-nixos-rebuild switch --flake .#raspberry --target-host "$TARGET_HOST" --use-substitutes -s "$@"

scripts/deployAll.sh

@@ -1,14 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
-cd $SCRIPT_DIR
-cd $(git rev-parse --show-toplevel)
-
-HOSTNAME=$(hostname)
-
-[ "${NO_REBUILD}" == "" ] && ./scripts/rebuild.sh "$@"
-[ "${HOSTNAME}" != "hetzner-arm" ] && ./scripts/deploy/hetzner-arm.sh "$@"
-[ "${HOSTNAME}" != "vault" ] && ./scripts/deploy/vault.sh "$@"
-[ "${HOSTNAME}" != "raspberry" ] && ./scripts/deploy/raspberry.sh "$@"

scripts/deploySecrets.sh

@@ -1,21 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
-cd $SCRIPT_DIR
-cd $(git rev-parse --show-toplevel)
-
-ARCH=${1}
-HOSTNAME=${2}
-SSH=${3}
-CONTAINER=${4}
-
-OPTIONAL_CONTAINER=
-if [ -n "$CONTAINER" ]; then
-  OPTIONAL_CONTAINER="-container-${CONTAINER}"
-fi 
-
-nix build --system ${ARCH} ".#secrets-init-${HOSTNAME}${OPTIONAL_CONTAINER}"
-nix-copy-closure --to ${SSH} --use-substitutes $(readlink result)
-ssh ${SSH} "$(readlink result)/bin/secrets-init-${HOSTNAME}${OPTIONAL_CONTAINER}"