9 changed files with 33 additions and 83 deletions
--- a/README.md
+++ b/README.md
@ -12,17 +12,10 @@ run `rg /etc/secrets/` to see where you need to add secret files when deploying

 unfortunately, as a consequence of this secret method, you need to do impure builds

-## hosts
-
-each host should have these files:
-
-  - `default.nix`, contains everything relating to the basic system
-  - `hardware.nix`, hardware-specific configuration
-  - `meta.nix`, extra things passed thru to `mkHost`
-
 ## todo

  - find a better way to do cloudflare ips
+  - per-host architecture selection, atm it is hardcoded to `aarch64`
  - swap back to hardened kernel
  - wtaf is going on w/ our user management??
  - Jellyfin... yea,,,
--- a/flake.lock
+++ b/flake.lock
@ -21,7 +21,7 @@
    },
    "flake-utils": {
      "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1681202837,
@ -124,7 +124,6 @@
        "hardware": "hardware",
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs_2",
-        "systems": "systems_2",
        "vscode-server": "vscode-server"
      }
    },
@ -144,21 +143,6 @@
      }
    },
    "systems_2": {
-      "locked": {
-        "lastModified": 1689347949,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "type": "github"
-      }
-    },
-    "systems_3": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
--- a/flake.nix
+++ b/flake.nix
@ -3,7 +3,6 @@

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    systems.url = "github:nix-systems/default-linux";

    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
@ -15,50 +14,41 @@
    vscode-server.url = "github:nix-community/nixos-vscode-server";
  };

-  outputs = inputs @ { self, nixpkgs, systems, ... }:
+  outputs = inputs @ { self, nixpkgs, ... }:
    let
      inherit (lib.my) mapModules mapModulesRec mapHosts;
-      eachSystem = nixpkgs.lib.genAttrs (import systems);
+      system = "aarch64-linux";

-      lib = nixpkgs.lib.extend (final: prev: {
-        my = import ./lib {
-          inherit inputs;
-          lib = final;
-          pkgs = null;
-        };
-      });
-
-      mkPkgs = system: pkgs: extraOverlays:
+      mkPkgs = pkgs: extraOverlays:
        import pkgs {
          inherit system;
          config.allowUnfree = true;
          config.allowAliases = true;
          overlays = extraOverlays ++ (lib.attrValues self.overlays);
        };
+      pkgs = mkPkgs nixpkgs [ self.overlays.default ];

-      pkgsFor = eachSystem (system:
-        mkPkgs system nixpkgs [
-          self.overlays.default
-          inputs.niri.overlays.niri
-        ]
-      );
+      lib = nixpkgs.lib.extend (final: prev: {
+        my = import ./lib {
+          inherit pkgs inputs;
+          lib = final;
+        };
+      });
    in {
      lib = lib.my;

-      overlays = (mapModules ./overlays import) // {
-        default = final: prev: {
-          my = self.packages.${final.stdenv.hostPlatform.system};
+      overlays =
+        (mapModules ./overlays import)
+        // {
+          default = final: prev: {
+            my = self.packages.${system};
+          };
        };
-      };

-      packages = eachSystem (system: let
-        pkgs = pkgsFor.${system};
-      in
-        mapModules ./packages (p: pkgs.callPackage p {})
-      );
+      packages."${system}" = mapModules ./packages (p: pkgs.callPackage p {});

      nixosModules = mapModulesRec ./modules import;

-      nixosConfigurations = mapHosts ./hosts { inherit pkgsFor; };
+      nixosConfigurations = mapHosts ./hosts {};
    };
 }
--- a/hosts/nixos-server-reid/hardware.nix
+++ b/hosts/nixos-server-reid/hardware.nix
@ -25,7 +25,7 @@

  # needed for initial framebuffer logs to appear on raspberry pi
  # i think. this fixes it but idk if they are all required
-  boot.kernelParams = [
+  boot.kernelParams = [ 
    "8250.nr_uarts=1"
    "cma=128M"
    "console=tty0"
@ -44,4 +44,6 @@
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
 }
--- a/hosts/nixos-server-reid/meta.nix
+++ b/hosts/nixos-server-reid/meta.nix
@ -1,3 +0,0 @@
-{
-  system = "aarch64-linux";
-}
--- a/lib/attrs.nix
+++ b/lib/attrs.nix
@ -4,7 +4,7 @@
 in rec {
  # attrsToList
  attrsToList = attrs:
-    mapAttrsToList (name: value: { inherit name value; }) attrs;
+    mapAttrsToList (name: value: {inherit name value;}) attrs;

  # mapFilterAttrs ::
  #   (name -> value -> bool)
--- a/lib/nixos.nix
+++ b/lib/nixos.nix
@ -1,42 +1,35 @@
 {
  inputs,
  lib,
+  pkgs,
  self,
  ...
 }: let
  inherit (inputs.nixpkgs.lib) nixosSystem;
+  inherit (builtins) baseNameOf elem;
+  inherit (lib.attrsets) filterAttrs;
  inherit (lib.modules) mkDefault;
  inherit (lib.strings) removeSuffix;
  inherit (self.modules) mapModules;
 in rec {
-  mkHost = path: {
-    system,
-    pkgsFor,
-    ...
-  }:
+  mkHost = path: attrs @ {system ? "aarch64-linux", ...}:
    nixosSystem {
      inherit system;

-      specialArgs = { inherit lib inputs system; };
+      specialArgs = {inherit lib inputs system;};

      modules = [
        {
-          nixpkgs.pkgs = pkgsFor.${system};
-          nixpkgs.hostPlatform = lib.mkDefault system;
+          nixpkgs.pkgs = pkgs;
          networking.hostName =
            mkDefault (removeSuffix ".nix" (baseNameOf path));
        }
+        (filterAttrs (n: v: !elem n ["system"]) attrs)
        ../. # /default.nix
        (import path)
      ];
    };

-  mapHosts = dir: attrs:
-    mapModules dir (hostPath:
-      let
-        metaPath = "${hostPath}/meta.nix";
-        meta = import metaPath;
-      in
-        mkHost hostPath (attrs // meta)
-      );
+  mapHosts = dir: attrs @ {system ? system, ...}:
+    mapModules dir (hostPath: mkHost hostPath attrs);
 }
--- a/lib/options.nix
+++ b/lib/options.nix
@ -1,7 +0,0 @@
-{lib, ...}: let
-  inherit (lib.options) mkOption;
-in {
-  mkOpt = type: default: mkOption { inherit type default; };
-
-  mkOpt' = type: default: description: mkOption { inherit type default description; };
-}
--- a/modules/security.nix
+++ b/modules/security.nix
@ -59,8 +59,6 @@ in {

    # while this is on by default, i am going to explicitly specify this
    networking.firewall.enable = true;
-
-    services.fwupd.enable = true;
  } // (mkIf cfg.useDoas {
    security.sudo.enable = false;
    security.doas.enable = true;