From e19e738b04ecac66c9290c38d997d5282e87b4f4 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Wed, 22 Nov 2023 18:28:55 +0100
Subject: [PATCH] create custom module system

---
 agenix.nix                                 | 10 -----
 configuration.nix                          | 13 ++++--
 flake.nix                                  |  5 ++-
 hardware-configuration.nix                 |  4 +-
 machines/default.nix                       | 13 +++++-
 modules/agenix.nix                         | 10 +++++
 modules/custom.nix                         | 50 ++++++++++++++++++++++
 disk-config.nix => modules/disk-config.nix |  0
 8 files changed, 86 insertions(+), 19 deletions(-)
 delete mode 100644 agenix.nix
 create mode 100644 modules/agenix.nix
 create mode 100644 modules/custom.nix
 rename disk-config.nix => modules/disk-config.nix (100%)

diff --git a/agenix.nix b/agenix.nix
deleted file mode 100644
index afaaeb7..0000000
--- a/agenix.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ machine, ... }: {
-  age = {
-    identityPaths = [ "/root/age_ed25519" ];
-
-    secrets = {
-      "host_ed25519".file = ./secrets/${machine.name}_host_ed25519.age;
-      "user_ed25519".file = ./secrets/${machine.name}_user_ed25519.age;
-    };
-  };
-}
diff --git a/configuration.nix b/configuration.nix
index b38911e..e3e78b9 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,5 +1,10 @@
-{ pkgs, config, machine, ... }: {
-  imports = [ ./hardware-configuration.nix ./disk-config.nix ./agenix.nix ];
+{ pkgs, config, ... }: {
+  imports = [
+    ./hardware-configuration.nix
+    ./modules/disk-config.nix
+    ./modules/agenix.nix
+    ./modules/custom.nix
+  ];
 
   boot.loader = {
     systemd-boot.enable = true;
@@ -33,7 +38,7 @@
       };
       extraConfig = ''
         HostCertificate ${
-          builtins.toFile "host_ed25519-cert.pub" machine.host-cert
+          builtins.toFile "host_ed25519-cert.pub" config.custom.ssh.hostCert
         }
         HostKey ${config.age.secrets.host_ed25519.path}
       '';
@@ -70,7 +75,7 @@
 
       extraConfig = ''
         CertificateFile ${
-          builtins.toFile "user_ed25519-cert.pub" machine.user-cert
+          builtins.toFile "user_ed25519-cert.pub" config.custom.ssh.userCert
         }
         HostKey ${config.age.secrets.user_ed25519.path}
       '';
diff --git a/flake.nix b/flake.nix
index e034fd9..566dce8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -46,11 +46,14 @@
 
       nixosConfigurations = mkNixosSystems (machine: {
         inherit system;
-        specialArgs = { inherit machine; };
         modules = [
+          machine.specificConfig
           disko.nixosModules.disko
           agenix.nixosModules.default
           ./configuration.nix
+          {
+            networking.hostName = machine.name;
+          }
         ];
       });
 
diff --git a/hardware-configuration.nix b/hardware-configuration.nix
index 0d22d9d..056148a 100644
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@@ -1,4 +1,5 @@
-{ config, lib, modulesPath, machine, ... }: {
+# TODO: merge with configuration.nix
+{ config, lib, modulesPath, ... }: {
   imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
 
   boot.initrd.availableKernelModules =
@@ -8,7 +9,6 @@
   boot.extraModulePackages = [ ];
 
   networking.useDHCP = false;
-  networking.hostName = machine.name;
 
   nixpkgs.hostPlatform = "x86_64-linux";
   hardware.cpu.intel.updateMicrocode =
diff --git a/machines/default.nix b/machines/default.nix
index c9ebbe4..83fc5db 100644
--- a/machines/default.nix
+++ b/machines/default.nix
@@ -2,7 +2,16 @@
   jefke = {
     name = "jefke";
     hostname = "jefke.hyp";
-    user-cert = builtins.readFile ./jefke_user_ed25519-cert.pub;
-    host-cert = builtins.readFile ./jefke_host_ed25519-cert.pub;
+
+    specificConfig = {
+      custom = {
+        dataDisk.enable = true;
+
+        ssh = {
+          hostCert = builtins.readFile ./jefke_host_ed25519-cert.pub;
+          userCert = builtins.readFile ./jefke_user_ed25519-cert.pub;
+        };
+      };
+    };
   };
 }
diff --git a/modules/agenix.nix b/modules/agenix.nix
new file mode 100644
index 0000000..de2b883
--- /dev/null
+++ b/modules/agenix.nix
@@ -0,0 +1,10 @@
+{ config, ... }: {
+  age = {
+    identityPaths = [ "/root/age_ed25519" ];
+
+    secrets = {
+      "host_ed25519".file = config.custom.ssh.hostKey;
+      "user_ed25519".file = config.custom.ssh.userKey;
+    };
+  };
+}
diff --git a/modules/custom.nix b/modules/custom.nix
new file mode 100644
index 0000000..ea7e381
--- /dev/null
+++ b/modules/custom.nix
@@ -0,0 +1,50 @@
+{ lib, config, ... }: {
+  options = {
+    custom = {
+      dataDisk.enable = lib.mkOption {
+        default = false;
+        type = lib.types.bool;
+        description = ''
+          Whether to automatically mount /dev/sda1 on /mnt/data
+        '';
+      };
+
+      ssh = {
+        hostCert = lib.mkOption {
+          type = lib.types.str;
+          description = ''
+            SSH host certificate
+          '';
+        };
+
+        userCert = lib.mkOption {
+          type = lib.types.str;
+          description = ''
+            SSH user certificate
+          '';
+        };
+
+        hostKey = lib.mkOption {
+          default = ../secrets/${config.networking.hostName}_host_ed25519.age;
+          type = lib.types.path;
+          description = ''
+            SSH host key
+          '';
+        };
+
+        userKey = lib.mkOption {
+          default = ../secrets/${config.networking.hostName}_user_ed25519.age;
+          type = lib.types.path;
+          description = ''
+            SSH user key
+          '';
+        };
+      };
+    };
+  };
+
+  config = {
+    fileSystems."/dev/data" =
+      lib.mkIf config.custom.dataDisk.enable { device = "/dev/sda1"; };
+  };
+}
diff --git a/disk-config.nix b/modules/disk-config.nix
similarity index 100%
rename from disk-config.nix
rename to modules/disk-config.nix