feat!: dynamically create hosts

This commit completely restructures the flake. Hosts are now seperate
from profile configuration files in hosts/[system]. Nixos and Darwin
configurations will be built when present in the respective folders in hosts/

profiles/darwin/nixos/default.nix

@@ -4,7 +4,7 @@ let
 in
 {
   imports = [
-    "${profilesPath}/common/nixos/home-manager.nix"
+    "${profilesPath}/nixos/home-manager.nix"
   ];
 
   nix.settings.experimental-features = "nix-command flakes";

profiles/home-manager/default.nix

@@ -1,55 +0,0 @@
-{ inputs, outputs, config, ... }:
-{
-
-  imports = builtins.attrValues outputs.homeManagerModules;
-
-  nixpkgs = {
-    overlays = outputs.overlaysList;
-    config = {
-      allowUnfree = true;
-    };
-  };
-
-  services.xcape = {
-    enable = true;
-    mapExpression = {
-      Control_L = "Escape";
-    };
-  };
-
-  programs.zsh.initExtra = "
-  export GPG_TTY=\"$(tty)\"
-  export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
-  gpgconf --launch gpg-agent
-        ";
-
-  swarselsystems = {
-    isLaptop = true;
-    isNixos = false;
-    wallpaper = ../../wallpaper/surfacewp.png;
-    temperatureHwmon = {
-      isAbsolutePath = true;
-      path = "/sys/devices/platform/thinkpad_hwmon/hwmon/";
-      input-filename = "temp1_input";
-    };
-    monitors = {
-      main = {
-        name = "California Institute of Technology 0x1407 Unknown";
-        mode = "1920x1080"; # TEMPLATE
-        scale = "1";
-        position = "2560,0";
-        workspace = "2:二";
-        output = "eDP-1";
-      };
-    };
-    inputs = {
-      "1:1:AT_Translated_Set_2_keyboard" = {
-        xkb_layout = "us";
-        xkb_options = "grp:win_space_toggle";
-        xkb_variant = "altgr-intl";
-      };
-    };
-    keybindings = { };
-  };
-
-}

profiles/iso/minimal.nix

@@ -1,4 +1,4 @@
-{ self, lib, pkgs, config, ... }:
+{ lib, pkgs, ... }:
 {
 
   nix.settings = {
@@ -45,6 +45,7 @@
     ssh-to-age
     sops
     vim
+    just
   ];
 
   programs = {

profiles/live/default.nix

@@ -1,68 +0,0 @@
-{ self, inputs, config, pkgs, lib, ... }:
-let
-  pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
-in
-{
-
-  imports = [
-
-    inputs.lanzaboote.nixosModules.lanzaboote
-    inputs.disko.nixosModules.disko
-    inputs.impermanence.nixosModules.impermanence
-    inputs.sops-nix.nixosModules.sops
-
-    ../optional/nixos/minimal.nix
-
-  ];
-
-
-  isoImage = {
-    makeEfiBootable = true;
-    makeUsbBootable = true;
-    squashfsCompression = "zstd -Xcompression-level 3";
-  };
-
-  nixpkgs = {
-    hostPlatform = lib.mkDefault "x86_64-linux";
-    config.allowUnfree = true;
-  };
-
-  services.getty.autologinUser = lib.mkForce "swarsel";
-
-  users = {
-    groups.swarsel = { };
-    users = {
-      swarsel = {
-        name = "swarsel";
-        group = "swarsel";
-        isNormalUser = true;
-        shell = pkgs.zsh;
-        password = "setup"; # this is overwritten after install
-        openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
-      };
-      root = {
-        shell = pkgs.zsh;
-        password = lib.mkForce config.users.users.swarsel.password; # this is overwritten after install
-        openssh.authorizedKeys.keys = config.users.users.swarsel.openssh.authorizedKeys.keys;
-      };
-    };
-  };
-
-  systemd = {
-    services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
-    targets = {
-      sleep.enable = false;
-      suspend.enable = false;
-      hibernate.enable = false;
-      hybrid-sleep.enable = false;
-    };
-  };
-
-  system.stateVersion = lib.mkForce "23.05";
-
-  networking = {
-    hostName = "live";
-    wireless.enable = false;
-  };
-
-}

profiles/magicant/default.nix

@@ -1,40 +0,0 @@
-{ pkgs, ... }: {
-  environment = {
-    packages = with pkgs; [
-      vim
-      git
-      openssh
-      # toybox
-      dig
-      man
-      gnupg
-    ];
-
-    etcBackupExtension = ".bak";
-    extraOutputsToInstall = [
-      "doc"
-      "info"
-      "devdoc"
-    ];
-    motd = null;
-  };
-
-
-  android-integration = {
-    termux-open.enable = true;
-    xdg-open.enable = true;
-    termux-open-url.enable = true;
-    termux-reload-settings.enable = true;
-    termux-setup-storage.enable = true;
-  };
-
-  # Backup etc files instead of failing to activate generation if a file already exists in /etc
-
-  # Read the changelog before changing this value
-  system.stateVersion = "23.05";
-
-  # Set up nix for flakes
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-}

profiles/mysticant/configuration.nix

@@ -1,43 +0,0 @@
-{ pkgs, ... }: {
-  environment = {
-    packages = with pkgs; [
-      vim
-      git
-      openssh
-      toybox
-      dig
-      man
-      gnupg
-    ];
-
-    etcBackupExtension = ".bak";
-    extraOutputsToInstall = [
-      "doc"
-      "info"
-      "devdoc"
-    ];
-    motd = null;
-  };
-
-  home-manager.config = {
-    services.ssh-agent.enable = true;
-  };
-
-  android-integration = {
-    termux-open.enable = true;
-    termux-xdg-open.enable = true;
-    termux-open-url.enable = true;
-    termux-reload-settings.enable = true;
-    termux-setup-storage.enable = true;
-  };
-
-  # Backup etc files instead of failing to activate generation if a file already exists in /etc
-
-  # Read the changelog before changing this value
-  system.stateVersion = "23.05";
-
-  # Set up nix for flakes
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-}

profiles/mysticant/default.nix

@@ -1,40 +0,0 @@
-{ pkgs, ... }: {
-  environment = {
-    packages = with pkgs; [
-      vim
-      git
-      openssh
-      # toybox
-      dig
-      man
-      gnupg
-    ];
-
-    etcBackupExtension = ".bak";
-    extraOutputsToInstall = [
-      "doc"
-      "info"
-      "devdoc"
-    ];
-    motd = null;
-  };
-
-
-  android-integration = {
-    termux-open.enable = true;
-    xdg-open.enable = true;
-    termux-open-url.enable = true;
-    termux-reload-settings.enable = true;
-    termux-setup-storage.enable = true;
-  };
-
-  # Backup etc files instead of failing to activate generation if a file already exists in /etc
-
-  # Read the changelog before changing this value
-  system.stateVersion = "23.05";
-
-  # Set up nix for flakes
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-}

profiles/nbl-imba-2/default.nix

@@ -1,216 +0,0 @@
-{ self, inputs, outputs, config, pkgs, lib, ... }:
-let
-  profilesPath = "${self}/profiles";
-in
-{
-
-  imports = [
-    inputs.nixos-hardware.nixosModules.framework-16-7040-amd
-    inputs.fw-fanctrl.nixosModules.default
-
-    ./hardware-configuration.nix
-    ./disk-config.nix
-
-    "${profilesPath}/optional/nixos/virtualbox.nix"
-    # "${profilesPath}/optional/nixos/vmware.nix"
-    "${profilesPath}/optional/nixos/autologin.nix"
-    "${profilesPath}/optional/nixos/nswitch-rcm.nix"
-    "${profilesPath}/optional/nixos/gaming.nix"
-    "${profilesPath}/optional/nixos/work.nix"
-
-    inputs.home-manager.nixosModules.home-manager
-    {
-      home-manager.users.swarsel.imports = outputs.mixedModules ++ [
-        "${profilesPath}/optional/home/gaming.nix"
-        "${profilesPath}/optional/home/work.nix"
-      ] ++ (builtins.attrValues outputs.homeManagerModules);
-    }
-  ] ++ (builtins.attrValues outputs.nixosModules);
-
-
-  nixpkgs = {
-    overlays = outputs.overlaysList;
-    config = {
-      allowUnfree = true;
-    };
-  };
-
-  networking.networkmanager.wifi.scanRandMacAddress = false;
-
-  boot = {
-    loader.systemd-boot.enable = lib.mkForce false;
-    loader.efi.canTouchEfiVariables = true;
-    lanzaboote = {
-      enable = true;
-      pkiBundle = "/etc/secureboot";
-    };
-    supportedFilesystems = [ "btrfs" ];
-    kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
-    kernelParams = [
-      "resume_offset=533760"
-    ];
-    resumeDevice = "/dev/disk/by-label/nixos";
-  };
-
-  hardware = {
-    amdgpu = {
-      opencl.enable = true;
-      amdvlk = {
-        enable = true;
-        support32Bit.enable = true;
-      };
-    };
-  };
-
-  programs.fw-fanctrl.enable = true;
-
-  networking = {
-    hostName = "nbl-imba-2";
-    fqdn = "nbl-imba-2.imp.univie.ac.at";
-    firewall.enable = true;
-  };
-
-
-  services = {
-    fwupd.enable = true;
-    udev.extraRules = ''
-      ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", ATTR{power/autosuspend}="20"
-    '';
-  };
-
-  swarselsystems = {
-    wallpaper = self + /wallpaper/lenovowp.png;
-    hasBluetooth = true;
-    hasFingerprint = true;
-    impermanence = false;
-    isBtrfs = true;
-  };
-
-  home-manager.users.swarsel.swarselsystems = {
-    isLaptop = true;
-    isNixos = true;
-    isBtrfs = true;
-    # temperatureHwmon = {
-    #   isAbsolutePath = true;
-    #   path = "/sys/devices/platform/thinkpad_hwmon/hwmon/";
-    #   input-filename = "temp1_input";
-    # };
-    #  ------   -----
-    # | DP-4 | |eDP-1|
-    #  ------   -----
-    startup = [
-      { command = "nextcloud --background"; }
-      { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; }
-      { command = "element-desktop --hidden  --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
-      { command = "ANKI_WAYLAND=1 anki"; }
-      { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
-      { command = "nm-applet"; }
-      { command = "teams-for-linux"; }
-      { command = "1password"; }
-      { command = "feishin"; }
-    ];
-    sharescreen = "eDP-2";
-    lowResolution = "1280x800";
-    highResolution = "2560x1600";
-    monitors = {
-      main = {
-        name = "BOE 0x0BC9 Unknown";
-        mode = "2560x1600"; # TEMPLATE
-        scale = "1";
-        position = "2560,0";
-        workspace = "15:L";
-        output = "eDP-2";
-      };
-      homedesktop = {
-        name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
-        mode = "2560x1440";
-        scale = "1";
-        position = "0,0";
-        workspace = "1:一";
-        output = "DP-11";
-      };
-      work_back_middle = {
-        name = "LG Electronics LG Ultra HD 0x000305A6";
-        mode = "2560x1440";
-        scale = "1";
-        position = "5120,0";
-        workspace = "1:一";
-        output = "DP-10";
-      };
-      work_front_left = {
-        name = "LG Electronics LG Ultra HD 0x0007AB45";
-        mode = "3840x2160";
-        scale = "1";
-        position = "5120,0";
-        workspace = "1:一";
-        output = "DP-7";
-      };
-      work_back_right = {
-        name = "HP Inc. HP Z32 CN41212T55";
-        mode = "3840x2160";
-        scale = "1";
-        position = "5120,0";
-        workspace = "1:一";
-        output = "DP-3";
-      };
-      work_middle_middle_main = {
-        name = "HP Inc. HP 732pk CNC4080YL5";
-        mode = "3840x2160";
-        scale = "1";
-        position = "-1280,0";
-        workspace = "11:M";
-        output = "DP-8";
-      };
-      work_middle_middle_side = {
-        name = "Hewlett Packard HP Z24i CN44250RDT";
-        mode = "1920x1200";
-        transform = "270";
-        scale = "1";
-        position = "-2480,0";
-        workspace = "12:S";
-        output = "DP-9";
-      };
-      work_seminary = {
-        name = "Applied Creative Technology Transmitter QUATTRO201811";
-        mode = "1280x720";
-        scale = "1";
-        position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse
-        workspace = "12:S";
-        output = "DP-4";
-      };
-    };
-    inputs = {
-      "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = {
-        xkb_layout = "us";
-        xkb_variant = "altgr-intl";
-      };
-      "1133:45081:MX_Master_2S_Keyboard" = {
-        xkb_layout = "us";
-        xkb_variant = "altgr-intl";
-      };
-      "2362:628:PIXA3854:00_093A:0274_Touchpad" = {
-        dwt = "enabled";
-        tap = "enabled";
-        natural_scroll = "enabled";
-        middle_emulation = "enabled";
-      };
-      "1133:50504:Logitech_USB_Receiver" = {
-        xkb_layout = "us";
-        xkb_variant = "altgr-intl";
-      };
-      "1133:45944:MX_KEYS_S" = {
-        xkb_layout = "us";
-        xkb_variant = "altgr-intl";
-      };
-    };
-    keybindings = {
-      "Mod4+Ctrl+Shift+p" = "exec screenshare";
-    };
-    shellAliases = {
-      ans2-15_3-9 = ". ~/.venvs/ansible39_2_15_0/bin/activate";
-      ans3-9 = ". ~/.venvs/ansible39/bin/activate";
-      ans = ". ~/.venvs/ansible/bin/activate";
-      ans2-15 = ". ~/.venvs/ansible2.15.0/bin/activate";
-    };
-  };
-}

profiles/nbl-imba-2/disk-config.nix

@@ -1,77 +0,0 @@
-{
-  disko.devices = {
-    disk = {
-      nvme0n1 = {
-        type = "disk";
-        device = "/dev/nvme0n1";
-        content = {
-          type = "gpt";
-          partitions = {
-            ESP = {
-              label = "boot";
-              name = "ESP";
-              size = "512M";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-                mountOptions = [
-                  "defaults"
-                ];
-              };
-            };
-            luks = {
-              size = "100%";
-              label = "luks";
-              content = {
-                type = "luks";
-                name = "cryptroot";
-                extraOpenArgs = [
-                  "--allow-discards"
-                  "--perf-no_read_workqueue"
-                  "--perf-no_write_workqueue"
-                ];
-                # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
-                settings = { crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10" ]; };
-                content = {
-                  type = "btrfs";
-                  extraArgs = [ "-L" "nixos" "-f" ];
-                  subvolumes = {
-                    "/root" = {
-                      mountpoint = "/";
-                      mountOptions = [ "subvol=root" "compress=zstd" "noatime" ];
-                    };
-                    "/home" = {
-                      mountpoint = "/home";
-                      mountOptions = [ "subvol=home" "compress=zstd" "noatime" ];
-                    };
-                    "/nix" = {
-                      mountpoint = "/nix";
-                      mountOptions = [ "subvol=nix" "compress=zstd" "noatime" ];
-                    };
-                    "/persist" = {
-                      mountpoint = "/persist";
-                      mountOptions = [ "subvol=persist" "compress=zstd" "noatime" ];
-                    };
-                    "/log" = {
-                      mountpoint = "/var/log";
-                      mountOptions = [ "subvol=log" "compress=zstd" "noatime" ];
-                    };
-                    "/swap" = {
-                      mountpoint = "/swap";
-                      swap.swapfile.size = "64G";
-                    };
-                  };
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-  };
-
-  fileSystems."/persist".neededForBoot = true;
-  fileSystems."/var/log".neededForBoot = true;
-}

profiles/nbl-imba-2/hardware-configuration.nix

@@ -1,84 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, modulesPath, ... }:
-
-{
-  imports =
-    [
-      (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "cryptd" "usbhid" "sd_mod" "r8152" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-  boot.initrd.luks.devices."cryptroot" = {
-    # improve performance on ssds
-    bypassWorkqueues = true;
-    preLVM = true;
-  };
-
-  # fileSystems."/" =
-  #   {
-  #     device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
-  #     fsType = "btrfs";
-  #     options = [ "subvol=root" ];
-  #   };
-
-  # boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/98b9bf76-ca01-49f5-91ee-1884ae9ce383";
-
-  # fileSystems."/boot" =
-  #   {
-  #     device = "/dev/disk/by-uuid/5236-F44A";
-  #     fsType = "vfat";
-  #   };
-
-  # fileSystems."/home" =
-  #   {
-  #     device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
-  #     fsType = "btrfs";
-  #     options = [ "subvol=home" ];
-  #   };
-
-  # fileSystems."/nix" =
-  #   {
-  #     device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
-  #     fsType = "btrfs";
-  #     options = [ "subvol=nix" ];
-  #   };
-
-  # fileSystems."/persist" =
-  #   {
-  #     device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
-  #     fsType = "btrfs";
-  #     options = [ "subvol=persist" ];
-  #   };
-
-  # fileSystems."/swap" =
-  #   {
-  #     device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
-  #     fsType = "btrfs";
-  #     options = [ "subvol=swap" ];
-  #   };
-
-  # fileSystems."/var/log" =
-  #   {
-  #     device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
-  #     fsType = "btrfs";
-  #     options = [ "subvol=log" ];
-  #   };
-
-  # swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp196s0f3u1c2.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

profiles/nbm-imba-166/default.nix

@@ -1,33 +0,0 @@
-{ self, inputs, outputs, ... }:
-let
-  profilesPath = "${self}/profiles";
-in
-{
-  imports = [
-    "${profilesPath}/darwin/common/nixos"
-
-    inputs.home-manager.darwinModules.home-manager
-    {
-      home-manager.users."leon.schwarzaeugl".imports = [
-        "${profilesPath}/darwin/common/home"
-      ] ++ (builtins.attrValues outputs.homeManagerModules);
-    }
-  ] ++ (builtins.attrValues outputs.nixosModules);
-
-
-  # Auto upgrade nix package and the daemon service.
-  services.nix-daemon.enable = true;
-  services.karabiner-elements.enable = true;
-
-  home-manager.users."leon.schwarzaeugl".home = {
-    username = lib.mkForce "leon.schwarzaeugl";
-    swarselsystems = {
-      isDarwin = true;
-      isLaptop = true;
-      isNixos = false;
-      isBtrfs = false;
-    };
-  };
-
-
-}

profiles/remote/oracle/sync/hardware-configuration.nix

@@ -1,38 +0,0 @@
-{ config
-, lib
-, modulesPath
-, ...
-}: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/4b47378a-02eb-4548-bab8-59cbf379252a";
-    fsType = "xfs";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/2B75-2AD5";
-    fsType = "vfat";
-  };
-
-  swapDevices = [
-    { device = "/dev/disk/by-uuid/f0126a93-753e-4769-ada8-7499a1efb3a9"; }
-  ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

profiles/remote/oracle/sync/nixos.nix

@@ -1,164 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./hardware-configuration.nix
-  ];
-
-  environment.systemPackages = with pkgs; [
-    git
-    gnupg
-    ssh-to-age
-  ];
-
-  services.xserver.xkb = {
-    layout = "us";
-    variant = "altgr-intl";
-  };
-
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
-  sops = {
-    age.sshKeyPaths = [ "/etc/ssh/sops" ];
-    defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml";
-    validateSopsFiles = false;
-    secrets.swarsel = { owner = "root"; };
-    secrets.dnstokenfull = { owner = "acme"; };
-    templates."certs.secret".content = ''
-      CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
-    '';
-  };
-
-  security.acme = {
-    acceptTerms = true;
-    preliminarySelfsigned = false;
-    defaults.email = "mrswarsel@gmail.com";
-    defaults.dnsProvider = "cloudflare";
-    defaults.environmentFile = "${config.sops.templates."certs.secret".path}";
-  };
-
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    recommendedOptimisation = true;
-    recommendedGzipSettings = true;
-    virtualHosts = {
-
-      "synki.swarsel.win" = {
-        enableACME = true;
-        forceSSL = true;
-        acmeRoot = null;
-        locations = {
-          "/" = {
-            proxyPass = "http://localhost:27701";
-            extraConfig = ''
-              client_max_body_size 0;
-            '';
-          };
-        };
-      };
-
-      "sync.swarsel.win" = {
-        enableACME = true;
-        forceSSL = true;
-        acmeRoot = null;
-        locations = {
-          "/" = {
-            proxyPass = "http://localhost:8384/";
-            extraConfig = ''
-              client_max_body_size 0;
-            '';
-          };
-        };
-      };
-
-      "swagit.swarsel.win" = {
-        enableACME = true;
-        forceSSL = true;
-        acmeRoot = null;
-        locations = {
-          "/" = {
-            proxyPass = "http://localhost:3000";
-            extraConfig = ''
-              client_max_body_size 0;
-            '';
-          };
-        };
-      };
-    };
-  };
-
-  boot.tmp.cleanOnBoot = true;
-  zramSwap.enable = false;
-  networking = {
-    hostName = "sync";
-    enableIPv6 = false;
-    domain = "subnet03112148.vcn03112148.oraclevcn.com";
-    firewall.extraCommands = ''
-      iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-      iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
-      iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT
-      iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT
-      iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT
-      iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT
-      iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT
-      iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT
-    '';
-  };
-  services.openssh = {
-    enable = true;
-    # settings.PermitRootLogin = "yes";
-  };
-  users.users.root.openssh.authorizedKeys.keyFiles = [
-    ../../../../secrets/keys/ssh/nbl-imba-2.pub
-  ];
-
-  system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change
-
-  environment.shellAliases = {
-    nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
-  };
-
-  boot.loader.grub.device = "nodev";
-
-  services.anki-sync-server = {
-    enable = true;
-    port = 27701;
-    address = "0.0.0.0";
-    openFirewall = true;
-    users = [
-      {
-        username = "Swarsel";
-        passwordFile = config.sops.secrets.swarsel.path;
-      }
-    ];
-  };
-
-  services.syncthing = {
-    enable = true;
-    guiAddress = "0.0.0.0:8384";
-    openDefaultPorts = true;
-  };
-
-  services.forgejo = {
-    enable = true;
-    settings = {
-      DEFAULT = {
-        APP_NAME = "~SwaGit~";
-      };
-      server = {
-        PROTOCOL = "http";
-        HTTP_PORT = 3000;
-        HTTP_ADDR = "0.0.0.0";
-        DOMAIN = "swagit.swarsel.win";
-        ROOT_URL = "https://swagit.swarsel.win";
-      };
-      service = {
-        DISABLE_REGISTRATION = true;
-        SHOW_REGISTRATION_BUTTON = false;
-      };
-    };
-  };
-
-}

profiles/server/winters/default.nix

@@ -1,72 +0,0 @@
-{ self, inputs, outputs, config, ... }:
-let
-  profilesPath = "${self}/profiles";
-in
-{
-
-  imports = [
-    inputs.sops-nix.nixosModules.sops
-
-    ./hardware-configuration.nix
-
-    "${profilesPath}/optional/nixos/autologin.nix"
-    "${profilesPath}/server/common/nixos"
-
-    inputs.home-manager.nixosModules.home-manager
-    {
-      home-manager.users.swarsel.imports = [
-        "${profilesPath}/server/common/home"
-      ] ++ (builtins.attrValues outputs.homeManagerModules);
-    }
-
-  ] ++ (builtins.attrValues outputs.nixosModules);
-
-
-  nixpkgs = {
-    overlays = outputs.overlaysList;
-    config = {
-      allowUnfree = true;
-    };
-  };
-
-
-  boot = {
-    loader.systemd-boot.enable = true;
-    loader.efi.canTouchEfiVariables = true;
-  };
-
-  networking = {
-    hostName = "winters";
-    hostId = "b7778a4a";
-    firewall.enable = true;
-    enableIPv6 = false;
-    firewall.allowedTCPPorts = [ 80 443 ];
-  };
-
-
-  swarselsystems = {
-    hasBluetooth = false;
-    hasFingerprint = false;
-    impermanence = false;
-    isBtrfs = false;
-    flakePath = "/home/swarsel/.dotfiles";
-    server = {
-      enable = true;
-      kavita = true;
-      navidrome = true;
-      jellyfin = true;
-      spotifyd = true;
-      mpd = false;
-      matrix = true;
-      nextcloud = true;
-      immich = true;
-      paperless = true;
-      transmission = true;
-      syncthing = true;
-      monitoring = true;
-      jenkins = false;
-      emacs = false;
-    };
-  };
-
-}

profiles/server/winters/hardware-configuration.nix

@@ -1,44 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, modulesPath, ... }:
-
-{
-  imports =
-    [
-      (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  boot.supportedFilesystems = [ "zfs" ];
-  boot.zfs.extraPools = [ "Vault" ];
-
-  fileSystems."/" =
-    {
-      device = "/dev/disk/by-uuid/30e2f96a-b01d-4c27-9ebb-d5d7e9f0031f";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    {
-      device = "/dev/disk/by-uuid/F0D8-8BD1";
-      fsType = "vfat";
-    };
-
-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/a8eb6f3b-69bf-4160-90aa-9247abc108e0"; }];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}