From 5a6daf52ca4655963f8424e6e41d926743201a39 Mon Sep 17 00:00:00 2001
From: unexplrd <unexplrd@linerds.us>
Date: Sat, 3 May 2025 23:13:28 +0300
Subject: [PATCH] hosts: source modules from workstation

Signed-off-by: unexplrd <unexplrd@linerds.us>
---
 hosts/dunamis/nix/ssh-serve.nix             |  1 +
 hosts/dunamis/users.nix                     |  1 -
 hosts/eldrid/configuration.nix              |  8 +--
 hosts/eldrid/networking/network-manager.nix |  2 +-
 hosts/eldrid/programs.nix                   | 18 ------
 hosts/eldrid/services.nix                   | 21 -------
 hosts/eldrid/sops.nix                       | 64 ---------------------
 hosts/eldrid/users.nix                      | 26 ---------
 hosts/sarien/configuration.nix              | 26 ++-------
 hosts/sarien/networking/network-manager.nix |  2 +-
 hosts/sarien/programs.nix                   | 13 -----
 hosts/sarien/services.nix                   | 21 -------
 hosts/sarien/sops.nix                       | 64 ---------------------
 hosts/sarien/users.nix                      | 26 ---------
 14 files changed, 12 insertions(+), 281 deletions(-)
 delete mode 100644 hosts/eldrid/programs.nix
 delete mode 100644 hosts/eldrid/services.nix
 delete mode 100644 hosts/eldrid/sops.nix
 delete mode 100644 hosts/eldrid/users.nix
 delete mode 100644 hosts/sarien/programs.nix
 delete mode 100644 hosts/sarien/services.nix
 delete mode 100644 hosts/sarien/sops.nix
 delete mode 100644 hosts/sarien/users.nix

diff --git a/hosts/dunamis/nix/ssh-serve.nix b/hosts/dunamis/nix/ssh-serve.nix
index a730ef0..1b270c1 100644
--- a/hosts/dunamis/nix/ssh-serve.nix
+++ b/hosts/dunamis/nix/ssh-serve.nix
@@ -2,6 +2,7 @@
   inherit (builtins) readFile;
   inherit (config.users.users) user;
 in {
+  nix.settings.trusted-users = ["nix-ssh"];
   nix.sshServe = {
     enable = true;
     write = true;
diff --git a/hosts/dunamis/users.nix b/hosts/dunamis/users.nix
index 5da6498..317133c 100644
--- a/hosts/dunamis/users.nix
+++ b/hosts/dunamis/users.nix
@@ -8,7 +8,6 @@
   inherit (inputs) mysecrets;
   sshKeys = f: "${mysecrets}/ssh/user/id_${f}_ed25519.pub";
 in {
-  nix.settings.trusted-users = ["user" "nix-ssh"];
   users.mutableUsers = false;
   users.users = {
     user = {
diff --git a/hosts/eldrid/configuration.nix b/hosts/eldrid/configuration.nix
index 7aca6ac..df6a93f 100644
--- a/hosts/eldrid/configuration.nix
+++ b/hosts/eldrid/configuration.nix
@@ -5,12 +5,12 @@
     ./boot
     ./disko
     ./hardware
-    ./networking.nix
+    ./networking
     ./nix
     ../dunamis/programs.nix
-    ./services.nix
-    ./sops.nix
-    ./users.nix
+    ../dunamis/services.nix
+    ../dunamis/sops.nix
+    ../dunamis/users.nix
   ];
 
   desktop.plasma.enable = true;
diff --git a/hosts/eldrid/networking/network-manager.nix b/hosts/eldrid/networking/network-manager.nix
index 7906860..d4f8410 100644
--- a/hosts/eldrid/networking/network-manager.nix
+++ b/hosts/eldrid/networking/network-manager.nix
@@ -3,7 +3,7 @@
     networkmanager = {
       enable = true;
       ethernet.macAddress = "stable";
-      networkmanager.wifi = {
+      wifi = {
         backend = "iwd";
         macAddress = "random";
         scanRandMacAddress = true;
diff --git a/hosts/eldrid/programs.nix b/hosts/eldrid/programs.nix
deleted file mode 100644
index 9cbccdc..0000000
--- a/hosts/eldrid/programs.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{pkgs, ...}: {
-  programs.neovim = {
-    enable = false;
-    viAlias = true;
-    vimAlias = true;
-  };
-  programs.nh = {
-    enable = true;
-    clean.enable = true;
-    clean.extraArgs = "--keep-since 7d --keep 3";
-    flake = "/home/user/.config/nixos";
-  };
-  programs.fish.enable = true;
-  environment.systemPackages = with pkgs; [
-    helix
-    # nushell
-  ];
-}
diff --git a/hosts/eldrid/services.nix b/hosts/eldrid/services.nix
deleted file mode 100644
index 5e70b70..0000000
--- a/hosts/eldrid/services.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  services = {
-    # flatpak.enable = true;
-    fstrim.enable = true;
-    openssh.enable = true;
-    power-profiles-daemon.enable = true;
-    syncthing.openDefaultPorts = true;
-    dnscrypt-proxy2 = {
-      enable = true;
-      settings = {
-        require_dnssec = true;
-        server_names = ["mullvad-doh"];
-        bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
-      };
-    };
-    scx = {
-      enable = true;
-      scheduler = "scx_flash";
-    };
-  };
-}
diff --git a/hosts/eldrid/sops.nix b/hosts/eldrid/sops.nix
deleted file mode 100644
index 68ca709..0000000
--- a/hosts/eldrid/sops.nix
+++ /dev/null
@@ -1,64 +0,0 @@
-{
-  config,
-  inputs,
-  ...
-}: let
-  inherit (inputs) mysecrets;
-  hostName =
-    if (config.networking.hostName == "vylxae")
-    then "sarien"
-    else config.networking.hostName;
-  sopsFile = mysecrets + "/hosts/${hostName}.yaml";
-  dotSsh = name: "/home/user/.ssh/" + name;
-  sshKey = {
-    mode = "0400";
-    owner = "user";
-  };
-in {
-  imports = with inputs; [
-    sops-nix.nixosModules.sops
-  ];
-
-  sops = {
-    age = {
-      sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-      keyFile = "/var/lib/sops-nix/key.txt";
-      generateKey = true;
-    };
-    defaultSopsFile = mysecrets + "/common.yaml";
-    secrets = {
-      "user-password-hashed".neededForUsers = true;
-      "ssh-config" = {
-        path = dotSsh "config";
-        mode = "0400";
-        owner = "user";
-      };
-      "ssh-${hostName}-user" = {
-        inherit sopsFile;
-        inherit (sshKey) mode owner;
-        path = dotSsh "id_ed25519";
-      };
-      "ssh-${hostName}-user.pub" = {
-        inherit sopsFile;
-        inherit (sshKey) mode owner;
-        path = dotSsh "id_ed25519.pub";
-      };
-      "ssh-unexplrd" = {
-        inherit (sshKey) mode owner;
-        path = dotSsh "id_unexplrd_ed25519";
-      };
-      "ssh-unexplrd.pub" = {
-        inherit (sshKey) mode owner;
-        path = dotSsh "id_unexplrd_ed25519.pub";
-      };
-      "ssh-uni" = {
-        inherit (sshKey) mode owner;
-        path = dotSsh "id_uni_ed25519";
-      };
-      "ssh-uni.pub" = {
-        inherit (sshKey) mode owner;
-        path = dotSsh "id_uni_ed25519.pub";
-      };
-    };
-  };
-}
diff --git a/hosts/eldrid/users.nix b/hosts/eldrid/users.nix
deleted file mode 100644
index 63a17e0..0000000
--- a/hosts/eldrid/users.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-  inputs,
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.sops) secrets;
-  inherit (inputs) mysecrets;
-in {
-  nix.settings.trusted-users = ["user"];
-  users.mutableUsers = false;
-  users.users = {
-    user = {
-      hashedPasswordFile = secrets."user-password-hashed".path;
-      extraGroups = ["wheel" "video" "libvirtd" "dialout"];
-      isNormalUser = true;
-      shell = pkgs.fish;
-      openssh.authorizedKeys.keyFiles = map (f: "${mysecrets}/ssh/user/id_${f}_ed25519.pub") [
-        "dunamis"
-        "eldrid"
-        "sarien"
-        "legion"
-      ];
-    };
-  };
-}
diff --git a/hosts/sarien/configuration.nix b/hosts/sarien/configuration.nix
index 95bd206..7ff7173 100644
--- a/hosts/sarien/configuration.nix
+++ b/hosts/sarien/configuration.nix
@@ -14,37 +14,21 @@
     ../dunamis/programs.nix
     ../dunamis/services.nix
     ../dunamis/sops.nix
-    ./users.nix
+    ../dunamis/users.nix
   ];
 
-  desktop.niri.enable = true;
-
-  locale.ukrainian.enable = true;
+  system.stateVersion = "25.05";
+  time.timeZone = "Europe/Kyiv";
 
   module.stylix = {
     enable = true;
     theme = "helios";
   };
 
-  opentabletdriver.enable = false;
+  desktop.niri.enable = true;
 
+  locale.ukrainian.enable = true;
   qmk-vial.enable = true;
-
   security.basic.enable = true;
-
-  system.stateVersion = "25.05";
-
-  time.timeZone = "Europe/Kyiv";
-
   virtual.libvirt.enable = true;
-
-  wireless = {
-    wifi.enable = true;
-    bluetooth.enable = true;
-  };
-  hardware.graphics.extraPackages = with pkgs; [
-    intel-compute-runtime
-    intel-media-driver
-    vpl-gpu-rt
-  ];
 }
diff --git a/hosts/sarien/networking/network-manager.nix b/hosts/sarien/networking/network-manager.nix
index 7906860..d4f8410 100644
--- a/hosts/sarien/networking/network-manager.nix
+++ b/hosts/sarien/networking/network-manager.nix
@@ -3,7 +3,7 @@
     networkmanager = {
       enable = true;
       ethernet.macAddress = "stable";
-      networkmanager.wifi = {
+      wifi = {
         backend = "iwd";
         macAddress = "random";
         scanRandMacAddress = true;
diff --git a/hosts/sarien/programs.nix b/hosts/sarien/programs.nix
deleted file mode 100644
index 4481e17..0000000
--- a/hosts/sarien/programs.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{pkgs, ...}: {
-  programs.nh = {
-    enable = true;
-    clean.enable = true;
-    clean.extraArgs = "--keep-since 7d --keep 3";
-    flake = "/home/user/.config/nixos";
-  };
-  programs.fish.enable = true;
-  environment.systemPackages = with pkgs; [
-    helix
-    nushell
-  ];
-}
diff --git a/hosts/sarien/services.nix b/hosts/sarien/services.nix
deleted file mode 100644
index 7fa3eab..0000000
--- a/hosts/sarien/services.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  services = {
-    flatpak.enable = true;
-    fstrim.enable = true;
-    openssh.enable = true;
-    power-profiles-daemon.enable = true;
-    syncthing.openDefaultPorts = true;
-    dnscrypt-proxy2 = {
-      enable = true;
-      settings = {
-        require_dnssec = true;
-        server_names = ["mullvad-doh"];
-        bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
-      };
-    };
-    scx = {
-      enable = true;
-      scheduler = "scx_flash";
-    };
-  };
-}
diff --git a/hosts/sarien/sops.nix b/hosts/sarien/sops.nix
deleted file mode 100644
index 68ca709..0000000
--- a/hosts/sarien/sops.nix
+++ /dev/null
@@ -1,64 +0,0 @@
-{
-  config,
-  inputs,
-  ...
-}: let
-  inherit (inputs) mysecrets;
-  hostName =
-    if (config.networking.hostName == "vylxae")
-    then "sarien"
-    else config.networking.hostName;
-  sopsFile = mysecrets + "/hosts/${hostName}.yaml";
-  dotSsh = name: "/home/user/.ssh/" + name;
-  sshKey = {
-    mode = "0400";
-    owner = "user";
-  };
-in {
-  imports = with inputs; [
-    sops-nix.nixosModules.sops
-  ];
-
-  sops = {
-    age = {
-      sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-      keyFile = "/var/lib/sops-nix/key.txt";
-      generateKey = true;
-    };
-    defaultSopsFile = mysecrets + "/common.yaml";
-    secrets = {
-      "user-password-hashed".neededForUsers = true;
-      "ssh-config" = {
-        path = dotSsh "config";
-        mode = "0400";
-        owner = "user";
-      };
-      "ssh-${hostName}-user" = {
-        inherit sopsFile;
-        inherit (sshKey) mode owner;
-        path = dotSsh "id_ed25519";
-      };
-      "ssh-${hostName}-user.pub" = {
-        inherit sopsFile;
-        inherit (sshKey) mode owner;
-        path = dotSsh "id_ed25519.pub";
-      };
-      "ssh-unexplrd" = {
-        inherit (sshKey) mode owner;
-        path = dotSsh "id_unexplrd_ed25519";
-      };
-      "ssh-unexplrd.pub" = {
-        inherit (sshKey) mode owner;
-        path = dotSsh "id_unexplrd_ed25519.pub";
-      };
-      "ssh-uni" = {
-        inherit (sshKey) mode owner;
-        path = dotSsh "id_uni_ed25519";
-      };
-      "ssh-uni.pub" = {
-        inherit (sshKey) mode owner;
-        path = dotSsh "id_uni_ed25519.pub";
-      };
-    };
-  };
-}
diff --git a/hosts/sarien/users.nix b/hosts/sarien/users.nix
deleted file mode 100644
index 4be57ae..0000000
--- a/hosts/sarien/users.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-  inputs,
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (config.sops) secrets;
-  inherit (inputs) mysecrets;
-in {
-  nix.settings.trusted-users = ["user"];
-  users.mutableUsers = false;
-  users.users = {
-    user = {
-      hashedPasswordFile = secrets."user-password-hashed".path;
-      isNormalUser = true;
-      extraGroups = ["wheel" "video" "libvirtd" "dialout"];
-      shell = pkgs.fish;
-      openssh.authorizedKeys.keyFiles = map (f: "${mysecrets}/ssh/user/id_${f}_ed25519.pub") [
-        "dunamis"
-        "eldrid"
-        "sarien"
-        "legion"
-      ];
-    };
-  };
-}