abstract away architectures

README.md

@@ -12,10 +12,17 @@ run `rg /etc/secrets/` to see where you need to add secret files when deploying
 
 unfortunately, as a consequence of this secret method, you need to do impure builds
 
+## hosts
+
+each host should have these files:
+
+  - `default.nix`, contains everything relating to the basic system
+  - `hardware.nix`, hardware-specific configuration
+  - `meta.nix`, extra things passed thru to `mkHost`
+
 ## todo
 
   - find a better way to do cloudflare ips
-  - per-host architecture selection, atm it is hardcoded to `aarch64`
   - swap back to hardened kernel
   - wtaf is going on w/ our user management??
   - Jellyfin... yea,,,

flake.lock

@@ -21,7 +21,7 @@
     },
     "flake-utils": {
       "inputs": {
-        "systems": "systems_2"
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1681202837,
@@ -124,6 +124,7 @@
         "hardware": "hardware",
         "home-manager": "home-manager",
         "nixpkgs": "nixpkgs_2",
+        "systems": "systems_2",
         "vscode-server": "vscode-server"
       }
     },
@@ -143,6 +144,21 @@
       }
     },
     "systems_2": {
+      "locked": {
+        "lastModified": 1689347949,
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "type": "github"
+      }
+    },
+    "systems_3": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

flake.nix

@@ -3,6 +3,7 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    systems.url = "github:nix-systems/default-linux";
 
     home-manager.url = "github:nix-community/home-manager";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
@@ -14,41 +15,50 @@
     vscode-server.url = "github:nix-community/nixos-vscode-server";
   };
 
-  outputs = inputs @ { self, nixpkgs, ... }:
+  outputs = inputs @ { self, nixpkgs, systems, ... }:
     let
       inherit (lib.my) mapModules mapModulesRec mapHosts;
-      system = "aarch64-linux";
+      eachSystem = nixpkgs.lib.genAttrs (import systems);
 
-      mkPkgs = pkgs: extraOverlays:
+      lib = nixpkgs.lib.extend (final: prev: {
+        my = import ./lib {
+          inherit inputs;
+          lib = final;
+          pkgs = null;
+        };
+      });
+
+      mkPkgs = system: pkgs: extraOverlays:
         import pkgs {
           inherit system;
           config.allowUnfree = true;
           config.allowAliases = true;
           overlays = extraOverlays ++ (lib.attrValues self.overlays);
         };
-      pkgs = mkPkgs nixpkgs [ self.overlays.default ];
 
-      lib = nixpkgs.lib.extend (final: prev: {
+      pkgsFor = eachSystem (system:
-        my = import ./lib {
+        mkPkgs system nixpkgs [
-          inherit pkgs inputs;
+          self.overlays.default
-          lib = final;
+          inputs.niri.overlays.niri
-        };
+        ]
-      });
+      );
     in {
       lib = lib.my;
 
-      overlays =
+      overlays = (mapModules ./overlays import) // {
-        (mapModules ./overlays import)
-        // {
         default = final: prev: {
-            my = self.packages.${system};
+          my = self.packages.${final.stdenv.hostPlatform.system};
         };
       };
 
-      packages."${system}" = mapModules ./packages (p: pkgs.callPackage p {});
+      packages = eachSystem (system: let
+        pkgs = pkgsFor.${system};
+      in
+        mapModules ./packages (p: pkgs.callPackage p {})
+      );
 
       nixosModules = mapModulesRec ./modules import;
 
-      nixosConfigurations = mapHosts ./hosts {};
+      nixosConfigurations = mapHosts ./hosts { inherit pkgsFor; };
     };
 }

hosts/nixos-server-reid/hardware.nix

@@ -44,6 +44,4 @@
   networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.end0.useDHCP = lib.mkDefault true;
   # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
 }

hosts/nixos-server-reid/meta.nix

@@ -0,0 +1,3 @@
+{
+  system = "aarch64-linux";
+}

lib/nixos.nix

@@ -1,18 +1,19 @@
 {
   inputs,
   lib,
-  pkgs,
   self,
   ...
 }: let
   inherit (inputs.nixpkgs.lib) nixosSystem;
-  inherit (builtins) baseNameOf elem;
-  inherit (lib.attrsets) filterAttrs;
   inherit (lib.modules) mkDefault;
   inherit (lib.strings) removeSuffix;
   inherit (self.modules) mapModules;
 in rec {
-  mkHost = path: attrs @ {system ? "aarch64-linux", ...}:
+  mkHost = path: {
+    system,
+    pkgsFor,
+    ...
+  }:
     nixosSystem {
       inherit system;
 
@@ -20,16 +21,22 @@ in rec {
 
       modules = [
         {
-          nixpkgs.pkgs = pkgs;
+          nixpkgs.pkgs = pkgsFor.${system};
+          nixpkgs.hostPlatform = lib.mkDefault system;
           networking.hostName =
             mkDefault (removeSuffix ".nix" (baseNameOf path));
         }
-        (filterAttrs (n: v: !elem n ["system"]) attrs)
         ../. # /default.nix
         (import path)
       ];
     };
 
-  mapHosts = dir: attrs @ {system ? system, ...}:
+  mapHosts = dir: attrs:
-    mapModules dir (hostPath: mkHost hostPath attrs);
+    mapModules dir (hostPath:
+      let
+        metaPath = "${hostPath}/meta.nix";
+        meta = import metaPath;
+      in
+        mkHost hostPath (attrs // meta)
+      );
 }

lib/options.nix

@@ -0,0 +1,7 @@
+{lib, ...}: let
+  inherit (lib.options) mkOption;
+in {
+  mkOpt = type: default: mkOption { inherit type default; };
+
+  mkOpt' = type: default: description: mkOption { inherit type default description; };
+}

modules/security.nix

@@ -59,6 +59,8 @@ in {
 
     # while this is on by default, i am going to explicitly specify this
     networking.firewall.enable = true;
+
+    services.fwupd.enable = true;
   } // (mkIf cfg.useDoas {
     security.sudo.enable = false;
     security.doas.enable = true;