refactor(modules): reduce host repetition

modules/_lib/caddy.nix

@@ -0,0 +1,19 @@
+let
+	local = import ./local.nix;
+in {
+	inherit (local) tailscaleHost;
+
+	mkTailscaleVHost = {
+		name,
+		configText,
+	}: {
+		"${local.tailscaleHost name}" = {
+			extraConfig = ''
+				tls {
+					get_certificate tailscale
+				}
+				${configText}
+			'';
+		};
+	};
+}

modules/_lib/hosts.nix

@@ -0,0 +1,34 @@
+{
+	den,
+	lib,
+}: {
+	mkUserHost = {
+		system,
+		host,
+		user,
+		userAspect ? "${host}-${user}",
+		includes ? [],
+		homeManager ? null,
+	}:
+		(lib.setAttrByPath ["den" "hosts" system host "users" user "aspect"] userAspect)
+		// (lib.setAttrByPath ["den" "aspects" userAspect] ({inherit includes;}
+				// lib.optionalAttrs (homeManager != null) {
+					inherit homeManager;
+				}));
+
+	mkPerHostAspect = {
+		host,
+		includes ? [],
+		darwin ? null,
+		nixos ? null,
+	}:
+		lib.setAttrByPath ["den" "aspects" host "includes"] [
+			(den.lib.perHost ({inherit includes;}
+					// lib.optionalAttrs (darwin != null) {
+						inherit darwin;
+					}
+					// lib.optionalAttrs (nixos != null) {
+						inherit nixos;
+					}))
+		];
+}

modules/_lib/local.nix

@@ -0,0 +1,33 @@
+rec {
+	user = {
+		name = "cschmatzler";
+		fullName = "Christoph Schmatzler";
+		emails = {
+			personal = "christoph@schmatzler.com";
+			work = "christoph@tuist.dev";
+			icloud = "christoph.schmatzler@icloud.com";
+		};
+	};
+
+	secretPath = name: "/run/secrets/${name}";
+
+	mkHome = system:
+		if builtins.match ".*-darwin" system != null
+		then "/Users/${user.name}"
+		else "/home/${user.name}";
+
+	mkHost = system: {
+		inherit system;
+		home = mkHome system;
+	};
+
+	hosts = {
+		chidi = mkHost "aarch64-darwin";
+		janet = mkHost "aarch64-darwin";
+		michael = mkHost "x86_64-linux";
+		tahani = mkHost "x86_64-linux";
+	};
+
+	tailscaleDomain = "manticore-hippocampus.ts.net";
+	tailscaleHost = name: "${name}.${tailscaleDomain}";
+}

modules/_lib/secrets.nix

@@ -0,0 +1,44 @@
+{lib}: let
+	local = import ./local.nix;
+in rec {
+	mkBinarySecret = {
+		name,
+		sopsFile,
+		owner ? null,
+		group ? null,
+		path ? local.secretPath name,
+	}:
+		{
+			inherit path sopsFile;
+			format = "binary";
+		}
+		// lib.optionalAttrs (owner != null) {
+			inherit owner;
+		}
+		// lib.optionalAttrs (group != null) {
+			inherit group;
+		};
+
+	mkUserBinarySecret = {
+		name,
+		sopsFile,
+		owner ? local.user.name,
+		path ? local.secretPath name,
+	}:
+		mkBinarySecret {
+			inherit name owner path sopsFile;
+		};
+
+	mkServiceBinarySecret = {
+		name,
+		sopsFile,
+		serviceUser,
+		serviceGroup ? serviceUser,
+		path ? local.secretPath name,
+	}:
+		mkBinarySecret {
+			inherit name path sopsFile;
+			group = serviceGroup;
+			owner = serviceUser;
+		};
+}