cleanup more nix code

flake-parts/nixos.nix

@@ -13,7 +13,7 @@ in
 
     specialArgs = { inherit nixpkgs-unstable machines machine dns agenix nixos-hardware kubenix disko; };
     modules = [
-      ../.
+      ../configuration.nix
       { networking.hostName = name; }
       {
         nixpkgs.overlays = [

flake.nix

@@ -39,14 +39,14 @@
     let
       hostSystem = "x86_64-linux";
       hostPkgs = import nixpkgs { system = hostSystem; };
-      machines = (hostPkgs.lib.modules.evalModules { modules = [ (import ./nix/machines) ]; }).config.machines;
+      machines = (hostPkgs.lib.modules.evalModules { modules = [ (import ./machines) ]; }).config.machines;
     in
     flake-utils.lib.meld (inputs // { inherit hostPkgs machines; }) [
-      ./nix/flake/scripts
+      ./flake-parts/scripts
-      ./nix/flake/checks.nix
+      ./flake-parts/checks.nix
-      ./nix/flake/deploy.nix
+      ./flake-parts/deploy.nix
-      ./nix/flake/nixos.nix
+      ./flake-parts/nixos.nix
-      ./nix/flake/kubenix
+      ./flake-parts/kubenix
     ] // (flake-utils.lib.eachDefaultSystem (system: {
       formatter = nixpkgs.legacyPackages.${system}.nixfmt;
     }));

machines/lewis.nix

@@ -5,7 +5,6 @@
     nixosModule.lab = {
       backups.enable = true;
       data-sharing.enable = true;
-      networking.dmz.allowConnectivity = true;
 
       storage = {
         osDisk = "/dev/sda";

modules/backups.nix

@@ -18,10 +18,10 @@ let
       - path: ${cfg.repoLocation}
         label: nfs
       - path: ssh://s6969ym3@s6969ym3.repo.borgbase.com/./repo
-        label: ec2
+        label: borgbase
       exclude_patterns:
         - ${cfg.snapshotLocation}/media
-      ssh_command: "${pkgs.openssh}/bin/ssh -i ${config.age.secrets."ec2_borg_server.pem".path} -o StrictHostKeychecking=no"
+      ssh_command: "${pkgs.openssh}/bin/ssh -i ${config.age.secrets."borgbase.pem".path} -o StrictHostKeychecking=no"
       keep_daily: 7
       keep_weekly: 4
       keep_monthly: 6
@@ -123,7 +123,7 @@ in
     age.secrets = {
       "database_passwords.env".file = ../secrets/database_passwords.env.age;
       "borg_passphrase".file = ../secrets/borg_passphrase.age;
-      "ec2_borg_server.pem".file = ../secrets/ec2_borg_server.pem.age;
+      "borgbase.pem".file = ../secrets/borgbase.pem.age;
     };
   };
 }

modules/networking/default.nix

@@ -0,0 +1,38 @@
+{ lib, machine, ... }: {
+  config = {
+    networking = {
+      domain = "dmz";
+      nftables.enable = true;
+      useDHCP = false;
+
+      firewall = {
+        enable = true;
+      };
+    };
+
+    systemd.network = {
+      enable = true;
+
+      networks = lib.attrsets.mergeAttrsList [
+        (lib.optionalAttrs (! machine.isRaspberryPi) {
+          "30-main-nic" = {
+            matchConfig.Name = "en*";
+
+            networkConfig = {
+              DHCP = "yes";
+            };
+          };
+        })
+        (lib.optionalAttrs machine.isRaspberryPi {
+          "30-main-nic" = {
+            matchConfig.Name = "end*";
+            networkConfig = {
+              IPv6AcceptRA = true;
+              DHCP = "yes";
+            };
+          };
+        })
+      ];
+    };
+  };
+}

nix/modules/networking/default.nix

@@ -1,84 +0,0 @@
-{ lib, config, machine, ... }:
-let cfg = config.lab.networking;
-in {
-  options.lab.networking = {
-    dmz = {
-      allowConnectivity = lib.mkOption {
-        default = false;
-        type = lib.types.bool;
-        description = ''
-          Whether to allow networking on the DMZ bridge interface.
-        '';
-      };
-
-      bridgeName = lib.mkOption {
-        default = "bridgedmz";
-        type = lib.types.str;
-        description = ''
-          The name of the DMZ bridge.
-        '';
-      };
-    };
-
-    staticNetworking = lib.mkOption {
-      default = false;
-      type = lib.types.bool;
-      description = ''
-        Whether this machine has static networking configuration applied.
-        Routing is prepopulated, but IP addresses have to be set.
-      '';
-    };
-
-    staticIPv4 = lib.mkOption {
-      type = lib.types.str;
-      description = ''
-        Static IPv4 address for the machine.
-      '';
-    };
-
-    staticIPv6 = lib.mkOption {
-      type = lib.types.str;
-      description = ''
-        Static IPv6 address for the machine.
-      '';
-    };
-  };
-
-  config = {
-    networking = {
-      domain = "dmz";
-      nftables.enable = true;
-      useDHCP = false;
-
-      firewall = {
-        enable = true;
-        checkReversePath = false;
-      };
-    };
-
-    systemd.network = {
-      enable = true;
-
-      networks = lib.attrsets.mergeAttrsList [
-        (lib.optionalAttrs (! machine.isRaspberryPi) {
-          "30-main-nic" = {
-            matchConfig.Name = "en*";
-
-            networkConfig = {
-              DHCP = "yes";
-            };
-          };
-        })
-        (lib.optionalAttrs machine.isRaspberryPi {
-          "30-main-nic" = {
-            matchConfig.Name = "end*";
-            networkConfig = {
-              IPv6AcceptRA = true;
-              DHCP = "yes";
-            };
-          };
-        })
-      ];
-    };
-  };
-}

secrets/secrets.nix

@@ -10,7 +10,7 @@ let
   encryptedFileNames = [
     "database_passwords.env.age"
     "borg_passphrase.age"
-    "ec2_borg_server.pem.age"
+    "borgbase.pem.age"
   ];
 
   machinePublicKeys = [