Organize hosts and home (#75)

* Reorganize host config

Host config got a bit mixed up, as well as having issues like
core and core-darwin having unnecessarily similar names, so
we regroup into better "bundles" by platform and purpose.

* Reorganize home config

Sort out home config into bundles for more opaque option selection
per host.

* Separate nixos-specific and darwin-specific options

Right now nixos rejects unfamiliar options and darwin may do the same. For now we separate into different bundles that are included. In the future this could potentially be further sorted out.

flake.nix

@@ -53,7 +53,13 @@
         ./hosts/elmira
         home-manager.darwinModules.home-manager
         {
-          home-manager.users.tuckershea = import ./home/tuckershea/elmira.nix;
+          home-manager.users.tuckershea.imports = [
+            ./home/tuckershea/shell
+            ./home/tuckershea/graphical
+            ./home/tuckershea/darwin
+            ./home/tuckershea/hosts/elmira
+          ];
+          home-manager.extraSpecialArgs = {inherit inputs outputs;};
         }
       ];
     };
@@ -68,7 +74,10 @@
         impermanence.nixosModules.impermanence
         disko.nixosModules.disko
         {
-          home-manager.users.tuckershea = import ./home/tuckershea/marlon.nix;
+          home-manager.users.tuckershea.imports = [
+            ./home/tuckershea/shell
+          ];
+          home-manager.extraSpecialArgs = {inherit inputs outputs;};
         }
       ];
     };
@@ -83,7 +92,10 @@
         impermanence.nixosModules.impermanence
         disko.nixosModules.disko
         {
-          home-manager.users.tuckershea = import ./home/tuckershea/roland.nix;
+          home-manager.users.tuckershea.imports = [
+            ./home/tuckershea/shell
+          ];
+          home-manager.extraSpecialArgs = {inherit inputs outputs;};
         }
       ];
     };
@@ -96,7 +108,11 @@
         sops-nix.nixosModules.sops
         home-manager.nixosModules.home-manager
         {
-          home-manager.users.tuckershea = import ./home/tuckershea/vic.nix;
+          home-manager.users.tuckershea.imports = [
+            ./home/tuckershea/shell
+            ./home/tuckershea/graphical
+          ];
+          home-manager.extraSpecialArgs = {inherit inputs outputs;};
         }
       ];
     };

home/tuckershea/darwin/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./defaults.nix
+  ];
+}

home/tuckershea/graphical/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./alacritty.nix
+    ./surfingkeys
+  ];
+}

home/tuckershea/common/core-darwin/default.nix → home/tuckershea/hosts/elmira/default.nix

@@ -1,4 +1,5 @@
 {
   imports = [
+    ./ssh.nix
   ];
 }

home/tuckershea/hosts/elmira/git.nix

@@ -0,0 +1,6 @@
+{ ... }:
+{
+  programs.git.extraConfig = {
+    "gpg \"ssh\"".program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign";
+  };
+}

home/tuckershea/common/optional/ssh/elmira.nix → home/tuckershea/hosts/elmira/ssh.nix

@@ -30,5 +30,5 @@
   };
 
   home.file.".ssh/.keep".text = "Managed by home-manager";
-  home.file.".ssh/id_tuckershea_elmira.pub".source = ../../../../../resources/publickeys/id_tuckershea_elmira.pub;
+  home.file.".ssh/id_tuckershea_elmira.pub".source = ../../../../resources/publickeys/id_tuckershea_elmira.pub;
 }

home/tuckershea/common/core/default.nix → home/tuckershea/shell/default.nix

@@ -5,13 +5,11 @@
   ...
 }: {
   imports = [
-    inputs.nix-index-database.hmModules.nix-index
-
     ./fzf.nix
     ./git.nix
     ./neovim.nix
-    ./pyenv.nix
-    ./surfingkeys
+    ./nix-index.nix
+    ./ripgrep.nix
     ./thefuck.nix
     ./tmux
     ./zsh
@@ -41,14 +39,4 @@
     tailscale
     wget
   ];
-
-  programs.ripgrep = {
-    enable = true;
-    arguments = [
-      "--max-columns=150"
-      "--smart-case"
-    ];
-  };
-
-  programs.nix-index-database.comma.enable = true;
 }

home/tuckershea/common/core/git.nix → home/tuckershea/shell/git.nix

@@ -1,4 +1,8 @@
-{lib, ...}: {
+{
+  lib,
+  pkgs,
+  ...
+}: {
   programs.git = {
     enable = true;
     delta.enable = true;
@@ -13,7 +17,7 @@
       "**/._.DS_Store"
     ];
     signing = {
-      key = lib.removeSuffix "\n" (builtins.readFile ../../../../resources/publickeys/id_norepercussions_github.pub);
+      key = lib.removeSuffix "\n" (builtins.readFile ../../../resources/publickeys/id_norepercussions_github.pub);
       signByDefault = true;
     };
     userEmail = "[email protected]";
@@ -22,9 +26,6 @@
       gpg.format = "ssh";
       core.autocrlf = "input";
       init.defaultBranch = "main";
-
-      # todo: change this for non-mac systems
-      "gpg \"ssh\"".program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign";
     };
   };
 }

home/tuckershea/shell/nix-index.nix

@@ -0,0 +1,8 @@
+{ inputs, ... }:
+{
+  imports = [
+    inputs.nix-index-database.hmModules.nix-index
+  ];
+
+  programs.nix-index-database.comma.enable = true;
+}

home/tuckershea/shell/ripgrep.nix

@@ -0,0 +1,9 @@
+{
+  programs.ripgrep = {
+    enable = true;
+    arguments = [
+      "--max-columns=150"
+      "--smart-case"
+    ];
+  };
+}

home/tuckershea/shell/ssh.nix

@@ -0,0 +1,26 @@
+{lib, ...}:
+{
+  programs.ssh = {
+    enable = true;
+    serverAliveInterval = 30;
+
+    matchBlocks = {
+      famat = lib.hm.dag.entryBefore ["*"] {
+        hostname = "ssh.pythonanywhere.com";
+        user = "famat";
+        identitiesOnly = true;
+      };
+      andrew = lib.hm.dag.entryBefore ["*"] {
+        hostname = "unix.andrew.cmu.edu";
+        user = "tshea";
+      };
+    };
+
+    extraConfig = lib.mkMerge [
+        "GSSAPIAuthentication yes"
+        "GSSAPIDelegateCredentials yes"
+    ];
+  };
+
+  home.file.".ssh/.keep".text = "Managed by home-manager";
+}

hosts/common/core/default.nix

@@ -7,16 +7,6 @@
     ./git.nix
     ./locale.nix
     ./nix.nix
-    ./openssh.nix
-    ./registry.nix
     ./zsh.nix
   ];
-
-  home-manager.extraSpecialArgs = {inherit inputs outputs;};
-
-  nixpkgs = {
-    config = {
-      allowUnfree = true;
-    };
-  };
 }

hosts/common/core/nix.nix

@@ -5,40 +5,48 @@
   options,
   ...
 }:
-lib.mkMerge [
-  {
-    nix = {
-      settings = {
-        #        auto-optimise-store = true;
-        experimental-features = ["nix-command" "flakes"];
-        warn-dirty = false;
+{
+  nix = {
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = ["nix-command" "flakes"];
+      warn-dirty = false;
+
+      trusted-public-keys = [
+        "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
+        "tuckershea.cachix.org-1:a9DdtLF8DyqAHFV7VHlA7YvasP6wUMHdOygVyks3JGM="
+      ];
 
-        # Maybe make this darwin-specific?
-        extra-platforms = ["x86_64-darwin" "aarch64-darwin"];
+      substituters = [
+        "https://cache.nixos.org/"
+        "https://tuckershea.cachix.org"
+      ];
+    };
 
-        trusted-public-keys = [
-          "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
-          "tuckershea.cachix.org-1:a9DdtLF8DyqAHFV7VHlA7YvasP6wUMHdOygVyks3JGM="
-        ];
+    gc = {
+      automatic = true;
 
-        substituters = [
-          "https://cache.nixos.org/"
-          "https://tuckershea.cachix.org"
-        ];
-      };
+      # GC every Monday morning
+      # customized in hosts/common/darwin/nix.nix
+      # and hosts/common/nixos/nix.nix
 
-      gc = {
-        automatic = true;
-        # nixos and darwin have different ways to configure
-        # this interval, so instead we just leave it to
-        # the default of 3:15 daily, which is fine.
-        options = "--delete-older-than 7d";
+      # keep profile generations around for one week
+      options = "--delete-older-than 7d";
+    };
+
+    registry = {
+      # Lock nixpkgs so we don't need to download it
+      # every time we want to do nix run/develop/etc
+      nixpkgs = {
+        from = { id = "nixpkgs"; type = "indirect"; };
+        flake = inputs.nixpkgs;
       };
     };
-  }
+  };
 
-  # nix-daemon only on darwin, check option to avoid recursion
-  (lib.optionalAttrs (lib.hasAttr "nix-daemon" options.services) {
-    services.nix-daemon.enable = true;
-  })
-]
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+    };
+  };
+}

hosts/common/core-darwin/default.nix → hosts/common/darwin/default.nix

@@ -1,6 +1,7 @@
 {
   imports = [
-    ./auto-font-smoothing.nix
+    ./font-smoothing.nix
     ./keyboard.nix
+    ./nix.nix
   ];
 }

hosts/common/darwin/nix.nix

@@ -0,0 +1,10 @@
+{
+  nix.settings.extra-platforms = ["x86_64-darwin" "aarch64-darwin"];
+  services.nix-daemon.enable = true;
+
+  nix.gc.interval = [{
+    Hour = 3;
+    Minute = 15;
+    Weekday = 1;
+  }];
+}

hosts/common/graphical/default.nix

@@ -0,0 +1,5 @@
+{ ... }: {
+  imports = [
+    ./fonts.nix
+  ];
+}

hosts/common/core-nixos/default.nix → hosts/common/nixos/default.nix

@@ -1,8 +1,11 @@
 {
   imports = [
+    ./auto-upgrade.nix
     ./network.nix
+    ./nix.nix
     ./no-wait-online.nix # mitigate NetworkManager Wait-Online failure
     ./node-exporter.nix
+    ./openssh.nix
     ./sudo-no-password.nix # don't require password for sudo
     ./tailscale.nix
   ];

hosts/common/nixos/nix.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  nix.gc.dates = "Mon *-*-* 03:15:00";
+}

hosts/common/core/openssh.nix → hosts/common/nixos/openssh.nix

@@ -2,8 +2,9 @@
   lib,
   pkgs,
   ...
-}: {
-  services.openssh = lib.optionalAttrs pkgs.stdenv.isLinux {
+}:
+{
+  services.openssh = {
     enable = true;
     ports = [22]; # change this later?