feat: intro profiles mechanism

default.nix

@@ -7,10 +7,12 @@ let
       version = "nixos-unstable";
     };
   };
-  lib = (import "${inputs.nixpkgs}/lib").extend (import ./lib inputs_final);
+  lib = (import "${inputs.nixpkgs}/lib").extend (import ./lib inputs_final self.profiles);
   mkLibForMachine =
     machine:
-    (import "${lib.snowfield.${machine}.nixpkgs_version}/lib").extend (import ./lib inputs_final);
+    (import "${lib.snowfield.${machine}.nixpkgs_version}/lib").extend (
+      import ./lib inputs_final self.profiles
+    );
   machines_plats = lib.lists.unique (
     lib.mapAttrsToList (_name: value: value.arch) (
       lib.filterAttrs (_n: v: builtins.hasAttr "arch" v) lib.snowfield
@@ -33,12 +35,19 @@ let
       }) (builtins.attrNames (builtins.readDir ./modules))
     );
 
+    profiles = builtins.listToAttrs (
+      map (x: {
+        name = lib.strings.removeSuffix ".nix" x;
+        value = import (./profiles + "/${x}");
+      }) (builtins.attrNames (builtins.readDir ./profiles))
+    );
+
     nixosConfigurations = builtins.mapAttrs (
       name: value:
       (mkMachine {
         inherit name self;
         host-config = value;
-        modules = nixosModules;
+        modules = builtins.attrValues nixosModules ++ lib.snowfield.${name}.profiles;
         nixpkgs = lib.snowfield.${name}.nixpkgs_version;
         system = lib.snowfield.${name}.arch;
         home-manager = lib.snowfield.${name}.hm_version;

lib/default.nix

@@ -1,4 +1,4 @@
-inputs: final: _prev:
+inputs: profiles: final: _prev:
 
 with builtins;
 let
@@ -9,6 +9,9 @@ let
         (import ../modules/meta/default.nix)
         { machine.meta = raw; }
       ];
+      specialArgs = {
+        inherit profiles;
+      };
     }).config.machine.meta;
 
   non_local_machines = (import ./snowfield.nix).machines;

lib/mkmachine.nix

@@ -21,13 +21,12 @@ let
 in
 import "${nixpkgs}/nixos/lib/eval-config.nix" {
   inherit system;
-  lib = pkgs.lib.extend (import ./default.nix inputs);
+  lib = pkgs.lib.extend (import ./default.nix inputs self.profiles);
   specialArgs = {
     inherit inputs;
-    inherit (self) nixosConfigurations;
+    inherit (self) nixosConfigurations profiles;
   };
-  modules = builtins.attrValues modules ++ [
-    ../machines/base.nix
+  modules = modules ++ [
     host-config
     (import "${home-manager}/nixos")
     (import "${inputs.nixos-mailserver}")

modules/meta/default.nix

@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, profiles, ... }:
 {
   options.machine.meta = lib.mkOption {
     description = "Machine metadata";
@@ -33,6 +33,10 @@
               description = "tld for local addressing of the machine";
               default = "luj";
             };
+            profiles = mkOption {
+              description = "profiles applied to the machine";
+              default = with profiles; [ base ];
+            };
 
           };
         }

profiles/base.nix

@@ -0,0 +1,105 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+
+{
+
+  imports = [
+    ../users/default.nix
+    ../users/julien.nix
+  ];
+
+  luj.nix.enable = true;
+  luj.secrets.enable = true;
+  luj.ssh-server.enable = true;
+  luj.programs.mosh.enable = true;
+  luj.deployment.enable = true;
+
+  time.timeZone = "Europe/Paris";
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "fr_FR.UTF-8";
+    LC_IDENTIFICATION = "fr_FR.UTF-8";
+    LC_MEASUREMENT = "fr_FR.UTF-8";
+    LC_MONETARY = "fr_FR.UTF-8";
+    LC_NAME = "fr_FR.UTF-8";
+    LC_NUMERIC = "fr_FR.UTF-8";
+    LC_PAPER = "fr_FR.UTF-8";
+    LC_TELEPHONE = "fr_FR.UTF-8";
+    LC_TIME = "fr_FR.UTF-8";
+  };
+
+  console = {
+    keyMap = lib.mkForce "fr";
+    font = null;
+    useXkbConfig = true;
+  };
+
+  services.xserver.xkb = {
+    layout = "fr";
+    variant = "";
+  };
+
+  programs.gnupg.agent.enable = true;
+  networking.firewall.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    neovim
+    attic-client
+    kitty
+    tailscale
+    step-cli
+  ];
+
+  environment.variables.EDITOR = "nvim";
+
+  networking.networkmanager.dns = "systemd-resolved";
+  services.resolved.enable = true;
+
+  networking.firewall.checkReversePath = "loose";
+
+  services.tailscale.enable = true;
+
+  age.identityPaths = [
+    "/etc/ssh/ssh_host_ed25519_key"
+    "/persistent/etc/ssh/ssh_host_ed25519_key"
+  ];
+
+  system.nixos.label = "${config.system.nixos.release}-${
+    let
+      repo = builtins.fetchGit ../.;
+    in
+    repo.dirtyShortRev or repo.shortRev
+  }";
+
+  security.pki.certificates = [
+    ''
+      -----BEGIN CERTIFICATE-----
+      MIIByzCCAXKgAwIBAgIQAcJCOR+99m5v3dHWQw5m9jAKBggqhkjOPQQDAjAwMRIw
+      EAYDVQQKEwlTYXVtb25OZXQxGjAYBgNVBAMTEVNhdW1vbk5ldCBSb290IENBMB4X
+      DTIyMDQyNDIwMDE1MFoXDTMyMDQyMTIwMDE1MFowODESMBAGA1UEChMJU2F1bW9u
+      TmV0MSIwIAYDVQQDExlTYXVtb25OZXQgSW50ZXJtZWRpYXRlIENBMFkwEwYHKoZI
+      zj0CAQYIKoZIzj0DAQcDQgAE5Sk6vYJcYlh4aW0vAN84MWr84TTVTTdsM2s8skH6
+      7fDsqNMb7FMwUMEAFwQRiADjYy3saU2Dogh2ESuB1dDFFqNmMGQwDgYDVR0PAQH/
+      BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFO5iTfZiutpsM7ja
+      mP3yuMIy6iNTMB8GA1UdIwQYMBaAFBWOQHe4eAeothQTmTNKiG/pAowGMAoGCCqG
+      SM49BAMCA0cAMEQCICu8u19I7RMfnQ7t3QXHP5fdUm/fX/puqF+jYSf9SZEoAiBc
+      oVcd0OfuAExWHhOMUZ0OV4bws9WCax333I+Pg4nDNw==
+      -----END CERTIFICATE-----''
+    ''
+      -----BEGIN CERTIFICATE-----
+      MIIBpTCCAUqgAwIBAgIRALevKnnElllot/cRNGjnUqUwCgYIKoZIzj0EAwIwMDES
+      MBAGA1UEChMJU2F1bW9uTmV0MRowGAYDVQQDExFTYXVtb25OZXQgUm9vdCBDQTAe
+      Fw0yMjA0MjQyMDAxNDlaFw0zMjA0MjEyMDAxNDlaMDAxEjAQBgNVBAoTCVNhdW1v
+      bk5ldDEaMBgGA1UEAxMRU2F1bW9uTmV0IFJvb3QgQ0EwWTATBgcqhkjOPQIBBggq
+      hkjOPQMBBwNCAAQG356Ui437dBTSOiJILKjVkwrJMsXN3eba/T1N+IJeqRBfigo7
+      BW9YZfs1xIbMZ5wL0Zc/DsSEo5xCC7j4YaXro0UwQzAOBgNVHQ8BAf8EBAMCAQYw
+      EgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUFY5Ad7h4B6i2FBOZM0qIb+kC
+      jAYwCgYIKoZIzj0EAwIDSQAwRgIhALdsEqiRa4ak5Cnin6Tjnel5uOiHSjoC6LKf
+      VfXtULncAiEA2gmqdr+ugFz5tvPdKwanroTiMTUMhhCRYVlQlyTApyQ=
+      -----END CERTIFICATE-----''
+  ];
+}