refactor: reduce duplication and improve consistency across hosts

- Centralize home-manager _module.args in profiles/nixos.nix via sharedModules - Add lib/secrets.nix with mkSyncthingSecrets helper for DRY secret definitions - Move syncthing device IDs to lib/constants.nix - Standardize hostname handling (Darwin hosts now use hostname arg) - Add missing networking.hostName to tahani - Fix redundant string interpolations
2025-12-23 14:13:47 +00:00
parent 4f93e60f3c
commit 1d8a0c660c
14 changed files with 95 additions and 85 deletions
--- a/hosts/chidi/default.nix
+++ b/hosts/chidi/default.nix
@@ -2,7 +2,7 @@
 	inputs,
 	pkgs,
 	user,
-	constants,
+	hostname,
 	...
 }: {
 	imports = [
@@ -18,8 +18,8 @@
 		inputs.sops-nix.darwinModules.sops
 	];

-	networking.hostName = "chidi";
-	networking.computerName = "Chidi";
+	networking.hostName = hostname;
+	networking.computerName = hostname;

 	home-manager.users.${user} = {
 		imports = [
--- a/hosts/chidi/secrets.nix
+++ b/hosts/chidi/secrets.nix
@@ -1,18 +1,14 @@
-{user, ...}: {
+{
+	user,
+	hostname,
+	...
+}: let
+	secrets = import ../../lib/secrets.nix;
+in {
 	sops.age.keyFile = "/Users/${user}/.config/sops/age/keys.txt";

-	sops.secrets = {
-		chidi-syncthing-cert = {
-			sopsFile = ../../secrets/chidi-syncthing-cert;
-			format = "binary";
-			owner = user;
-			path = "/Users/${user}/.config/syncthing/cert.pem";
-		};
-		chidi-syncthing-key = {
-			sopsFile = ../../secrets/chidi-syncthing-key;
-			format = "binary";
-			owner = user;
-			path = "/Users/${user}/.config/syncthing/key.pem";
-		};
+	sops.secrets = secrets.mkSyncthingSecrets {
+		inherit hostname user;
+		isDarwin = true;
 	};
 }
--- a/hosts/jason/default.nix
+++ b/hosts/jason/default.nix
@@ -1,6 +1,7 @@
 {
 	inputs,
 	user,
+	hostname,
 	...
 }: {
 	imports = [
@@ -16,8 +17,8 @@
 		inputs.sops-nix.darwinModules.sops
 	];

-	networking.hostName = "jason";
-	networking.computerName = "Jason";
+	networking.hostName = hostname;
+	networking.computerName = hostname;

 	home-manager.users.${user} = {
 		imports = [
--- a/hosts/jason/secrets.nix
+++ b/hosts/jason/secrets.nix
@@ -1,20 +1,16 @@
-{user, ...}: {
+{
+	user,
+	hostname,
+	...
+}: let
+	secrets = import ../../lib/secrets.nix;
+in {
 	sops.age.keyFile = "/Users/${user}/.config/sops/age/keys.txt";
 	sops.age.sshKeyPaths = [];
 	sops.gnupg.sshKeyPaths = [];

-	sops.secrets = {
-		jason-syncthing-cert = {
-			sopsFile = ../../secrets/jason-syncthing-cert;
-			format = "binary";
-			owner = user;
-			path = "/Users/${user}/.config/syncthing/cert.pem";
-		};
-		jason-syncthing-key = {
-			sopsFile = ../../secrets/jason-syncthing-key;
-			format = "binary";
-			owner = user;
-			path = "/Users/${user}/.config/syncthing/key.pem";
-		};
+	sops.secrets = secrets.mkSyncthingSecrets {
+		inherit hostname user;
+		isDarwin = true;
 	};
 }
--- a/hosts/michael/default.nix
+++ b/hosts/michael/default.nix
@@ -3,7 +3,6 @@
 	hostname,
 	inputs,
 	user,
-	constants,
 	...
 }: {
 	imports = [
@@ -23,11 +22,6 @@
 	];

 	home-manager.users.${user} = {
-		pkgs,
-		lib,
-		...
-	}: {
-		_module.args = {inherit user constants inputs;};
 		imports = [
 			inputs.nixvim.homeModules.nixvim
 			../../profiles/bash.nix
--- a/hosts/mindy/default.nix
+++ b/hosts/mindy/default.nix
@@ -3,7 +3,6 @@
 	hostname,
 	inputs,
 	user,
-	constants,
 	...
 }: {
 	imports = [
@@ -25,11 +24,6 @@
 	];

 	home-manager.users.${user} = {
-		pkgs,
-		lib,
-		...
-	}: {
-		_module.args = {inherit user constants inputs;};
 		imports = [
 			inputs.nixvim.homeModules.nixvim
 			../../profiles/bash.nix
--- a/hosts/tahani/default.nix
+++ b/hosts/tahani/default.nix
@@ -2,7 +2,7 @@
 	inputs,
 	pkgs,
 	user,
-	constants,
+	hostname,
 	...
 }: {
 	imports = [
@@ -20,11 +20,6 @@
 	];

 	home-manager.users.${user} = {
-		pkgs,
-		lib,
-		...
-	}: {
-		_module.args = {inherit user constants inputs;};
 		imports = [
 			inputs.nixvim.homeModules.nixvim
 			../../profiles/atuin.nix
@@ -60,4 +55,6 @@
 	};

 	virtualisation.docker.enable = true;
+
+	networking.hostName = hostname;
 }
--- a/hosts/tahani/secrets.nix
+++ b/hosts/tahani/secrets.nix
@@ -1,20 +1,19 @@
-{user, ...}: {
-	sops.secrets = {
-		tahani-syncthing-cert = {
-			sopsFile = ../../secrets/tahani-syncthing-cert;
-			format = "binary";
-			owner = user;
-			path = "/home/${user}/.config/syncthing/cert.pem";
+{
+	user,
+	hostname,
+	...
+}: let
+	secrets = import ../../lib/secrets.nix;
+in {
+	sops.secrets =
+		secrets.mkSyncthingSecrets {
+			inherit hostname user;
+			isDarwin = false;
+		}
+		// {
+			tahani-paperless-password = {
+				sopsFile = ../../secrets/tahani-paperless-password;
+				format = "binary";
+			};
 		};
-		tahani-syncthing-key = {
-			sopsFile = ../../secrets/tahani-syncthing-key;
-			format = "binary";
-			owner = user;
-			path = "/home/${user}/.config/syncthing/key.pem";
-		};
-		tahani-paperless-password = {
-			sopsFile = ../../secrets/tahani-paperless-password;
-			format = "binary";
-		};
-	};
 }