wip: continue migration

2026-04-14 21:29:12 +02:00 · 2026-04-03 22:55:16 +02:00 · 2026-04-03 22:55:16 +02:00 · fa9bd32b0b
commit fa9bd32b0b
parent 7ce27d5d2f
129 changed files with 6252 additions and 106 deletions
--- a/aspects/boot.nix
+++ b/aspects/boot.nix
@ -0,0 +1,22 @@
+{ inputs, ... }:
+{
+  den.aspects.boot = { pkgs, ... }: {
+    nixos = {
+      imports = [
+        inputs.lanzaboote.nixosModules.lanzaboote
+      ];
+
+      environment.systemPackages = [
+        pkgs.sbctl
+      ];
+
+      boot = {
+        lanzaboote = {
+          enable = true;
+          pkiBundle = "/var/lib/sbctl";
+          configurationLimit = 6;
+        };
+      };
+    };
+  };
+}
--- a/aspects/defaults.nix
+++ b/aspects/defaults.nix
@ -13,6 +13,7 @@
      };
      includes = [
        den.provides.define-user
+        den.provides.nixpkgs
      ];
    };
  };
--- a/aspects/hosts/pyramid.nix
+++ b/aspects/hosts/pyramid.nix
@ -1,29 +1,11 @@
 { mkNixos, lib, den, ... }:
 let
-  hostContext = { host }:
+  hostContext = { host, ... }:
    let
      inherit (host) mainUser;
    in
    {
-      nixos = { self, inputs, lib, ... }: {
-
-        imports = [
-          inputs.nixos-hardware.nixosModules.framework-16-7040-amd
-
-          "${self}/hosts/nixos/x86_64-linux/pyramid/disk-config.nix"
-          "${self}/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix"
-
-          "${self}/modules/nixos/optional/amdcpu.nix"
-          "${self}/modules/nixos/optional/amdgpu.nix"
-          "${self}/modules/nixos/optional/framework.nix"
-          "${self}/modules/nixos/optional/gaming.nix"
-          "${self}/modules/nixos/optional/hibernation.nix"
-          "${self}/modules/nixos/optional/nswitch-rcm.nix"
-          "${self}/modules/nixos/optional/virtualbox.nix"
-          "${self}/modules/nixos/optional/work.nix"
-          "${self}/modules/nixos/optional/niri.nix"
-          "${self}/modules/nixos/optional/noctalia.nix"
-        ];
+      nixos = { self, lib, ... }: {

        topology.self = {
          interfaces = {
@ -55,7 +37,7 @@ let
        };
      };

-      home-manager = { lib, minimal, ... }: {
+      home-manager = _: {
        users."${mainUser}" = {
          swarselsystems = {
            isSecondaryGpu = true;
@ -79,7 +61,7 @@ let
            };
          };
        };
-      } // lib.optionalAttrs (!minimal) {
+      } // {
        swarselprofiles = {
          personal = true;
        };
@ -99,6 +81,7 @@ lib.recursiveUpdate
    includes = [
      hostContext
      den.aspects.work
+      den.aspects.boot
    ];
  };
 }
--- a/aspects/nixpkgs.nix
+++ b/aspects/nixpkgs.nix
@ -0,0 +1,58 @@
+{ self, den, lib, ... }:
+let
+  nixpkgsModule = from:
+    let
+      config = if (from ? host) then from.host else if (from ? home) then from.home else { };
+    in
+    {
+      nixpkgs = {
+        overlays = [
+          self.outputs.overlays.default
+          self.outputs.overlays.stables
+          self.outputs.overlays.modifications
+        ] ++ lib.optionals ((from ? user) || (from ? home)) [
+          (final: prev:
+            let
+              additions = final: _: import "${self}/pkgs/config" {
+                inherit self config lib;
+                pkgs = final;
+                homeConfig = if (from ? user) then from.user else if (from ? home) then from.home else { };
+              };
+            in
+            additions final prev
+          )
+        ];
+        config = lib.mkIf (!config.isMicroVM) {
+          allowUnfree = true;
+        };
+      };
+    };
+
+  hostAspect =
+    { host }:
+    {
+      ${host.class} = nixpkgsModule { inherit host; };
+    };
+
+  hostUserAspect =
+    { host, user }:
+    {
+      ${host.class} = nixpkgsModule { inherit host user; };
+    };
+
+  homeAspect =
+    { home }:
+    {
+      ${home.class} = nixpkgsModule { inherit home; };
+    };
+
+in
+{
+  den.provides.nixpkgs = den.lib.parametric.exactly {
+    includes = [
+      hostAspect
+      hostUserAspect
+      homeAspect
+    ];
+  };
+}
--- a/aspects/shared.nix
+++ b/aspects/shared.nix
@ -1,12 +1,32 @@
 {
  den = {
-    schema.conf = { lib, ... }: {
-      options = {
-        isPublic = lib.mkEnableOption "mark this as a public config (= without secrets)";
-        isMicroVM = lib.mkEnableOption "mark this config as a microvm";
-        mainUser = lib.mkOption {
-          type = lib.types.str;
-          default = "swarsel";
+    schema = {
+      host = _: { };
+      conf = { config, lib, ... }: {
+        options = {
+          isPublic = lib.mkEnableOption "mark this as a public config (= without secrets)";
+          isMicroVM = lib.mkEnableOption "mark this config as a microvm";
+          mainUser = lib.mkOption {
+            type = lib.types.str;
+            default = "swarsel";
+          };
+          node = {
+            secretsDir = lib.mkOption {
+              description = "Path to the secrets directory for this node.";
+              type = lib.types.path;
+              default = ../hosts/${config.class}/${config.system}/${config.name}/secrets;
+            };
+            configDir = lib.mkOption {
+              description = "Path to the base directory for this node.";
+              type = lib.types.path;
+              default = ../hosts/${config.class}/${config.system}/${config.name};
+            };
+            lockFromBootstrapping = lib.mkOption {
+              description = "Whether this host should be marked to not be bootstrapped again using swarsel-bootstrap.";
+              type = lib.types.bool;
+              default = true;
+            };
+          };
        };
      };
    };