plumjam/nixos - Change 4R56PJDQPYZ5FLFAMZSNY7UI5TKF6N5YCHCJU3ZBV5FHB46GYM5QC

hosts: centralise nix config and consolidate hosts

Created by James Plummer on September 10, 2025

4R56PJDQPYZ5FLFAMZSNY7UI5TKF6N5YCHCJU3ZBV5FHB46GYM5QC

Dependencies

In channels

main

Change contents

File addition: system.nix (----------)

[15.2]

{ config, lib, ... }: let
  inherit (lib) last mkConst mkValue splitString;
in {
  options = {
    os = mkConst <| last <| splitString "-" config.nixpkgs.hostPlatform.system;
    isLinux  = mkConst <| config.os == "linux";
    isDarwin = mkConst <| config.os == "darwin";
    type = mkValue "server";
    isDesktop = mkConst <| config.type == "desktop";
    isServer  = mkConst <| config.type == "server";
  };
}

File addition: shared.nix (----------)

[15.2]

{ self, config, inputs, lib, pkgs, keys, ... }: let
  inherit (lib) enabled mkIf optionalAttrs;
in {
  # Common user configuration
  users.users.james = {
    shell = pkgs.nushell;
  } // optionalAttrs config.isLinux {
    isNormalUser = true;
    extraGroups  = [ "wheel" ];
    openssh.authorizedKeys.keys = [ keys.james ];
  } // optionalAttrs config.isDarwin {
    name = "james";
    home = "/Users/james";
  };
  # Home Manager common config (Linux only)
  home-manager = mkIf config.isLinux {
    users.james = {};
    sharedModules = [{
      home.stateVersion     = "24.11";
      programs.home-manager = enabled;
    }];
  };
}

File addition: nix.nix (----------)

[15.2]

{ self, config, inputs, lib, pkgs, ... }: let
  inherit (lib) attrsToList concatStringsSep const disabled filter filterAttrs flip id isType mapAttrs mapAttrsToList merge mkAfter optionalAttrs optionals removeAttrs;
  registryMap = inputs
    |> filterAttrs (const <| isType "flake");
in {
  # will do later
  # nix.distributedBuilds = true;
  # nix.buildMachines = self.nixosConfigurations
  #   |> attrsToList
  #   |> filter ({ name, value }:
  #     name != (config.networking.hostName or config.networking.computerName or "") &&
  #     value.config.users.users ? build)
  #   |> map ({ name, value }: {
  #     hostName = name;
  #     maxJobs = 20;
  #     protocol = "ssh-ng";
  #     sshUser = "build";
  #     supportedFeatures = [ "benchmark" "big-parallel" "kvm" "nixos-test" ];
  #     system = value.config.nixpkgs.hostPlatform.system;
  #   });
  nix.channel = disabled;
  nix.gc = merge {
    automatic = true;
    options = "--delete-older-than 7d";
  } <| optionalAttrs (pkgs.stdenv.isLinux) {
    dates = "weekly";
    persistent = true;
  };
  nix.nixPath = registryMap
    |> mapAttrsToList (name: value: "${name}=${value}")
    |> (if pkgs.stdenv.isDarwin then concatStringsSep ":" else id);
  nix.registry = registryMap // { default = inputs.nixpkgs; }
    |> mapAttrs (_: flake: { inherit flake; });
  nix.settings = (import <| self + /flake.nix).nixConfig
    |> flip removeAttrs (optionals pkgs.stdenv.isDarwin [ "use-cgroups" "cgroups" ]);
  nix.optimise.automatic = true;
}

Insertion in lib/system.nix at line 2 [16.508]
[16.534]
[16.534]
```
  flakeOutputs = inputs.self;
```
Insertion in lib/system.nix at line 32 [16.508]
[17.331]
[16.1405]
```
    self = flakeOutputs;
```
File deletion: configuration.nix
BF:BFD[18.7] → [18.2644:2685]
BF:BFD[18.2685] → [18.1247:1247]
∅:D[19.600] → [18.1281:1407]
∅:D[20.1081] → [18.1281:1407]
B:BD[18.1281] → [18.1281:1407]
∅:D[21.272] → [18.1407:1412]
∅:D[22.949] → [18.1407:1412]
∅:D[23.3566] → [18.1407:1412]
∅:D[24.4115] → [18.1407:1412]
∅:D[25.5488] → [18.1407:1412]
∅:D[26.6176] → [18.1407:1412]
B:BD[18.1407] → [18.1407:1412]
∅:D[20.1222] → [18.1412:1491]
B:BD[18.1412] → [18.1412:1491]
∅:D[27.118] → [18.1491:1515]
∅:D[19.647] → [18.1491:1515]
∅:D[8.755] → [18.1491:1515]
∅:D[20.1299] → [18.1491:1515]
B:BD[18.1491] → [18.1491:1515]
∅:D[20.1330] → [18.1515:1617]
B:BD[18.1515] → [18.1515:1617]
∅:D[28.112] → [18.1853:1859]
∅:D[29.1007] → [18.1853:1859]
B:BD[18.1853] → [18.1853:1859]
∅:D[19.866] → [18.1998:1999]
B:BD[18.1998] → [18.1998:1999]
∅:D[30.45] → [18.2041:2058]
B:BD[18.2041] → [18.2041:2058]
∅:D[31.191] → [18.2162:2169]
B:BD[18.2162] → [18.2162:2169]
∅:D[20.1631] → [18.2194:2199]
B:BD[18.2194] → [18.2194:2199]
∅:D[32.131] → [18.2199:2240]
B:BD[18.2199] → [18.2199:2240]
∅:D[33.302] → [18.2310:2317]
B:BD[18.2310] → [18.2310:2317]
∅:D[19.960] → [18.2317:2643]
B:BD[18.2317] → [18.2317:2643]
B:BD[18.2317] → [19.905:960]
∅:D[30.124] → [32.132:170]
B:BD[18.2257] → [32.132:170]
B:BD[32.170] → [33.263:302]
B:BD[18.2240] → [25.5489:5514]
∅:D[25.5514] → [30.99:124]
B:BD[18.2240] → [30.99:124]
∅:D[27.177] → [32.34:35]
∅:D[34.182] → [32.34:35]
∅:D[7.233] → [32.34:35]
B:BD[18.2199] → [32.34:35]
B:BD[32.35] → [30.46:98]
∅:D[30.98] → [32.35:131]
B:BD[32.35] → [32.35:131]
B:BD[18.2194] → [20.1540:1631]
B:BD[18.2058] → [31.70:191]
B:BD[18.1999] → [30.14:45]
∅:D[20.1539] → [19.823:862]
B:BD[18.1998] → [19.823:862]
∅:D[31.69] → [19.862:866]
B:BD[19.862] → [19.862:866]
B:BD[19.862] → [31.14:18]
B:BD[31.18] → [10.94:202]
∅:D[10.202] → [31.18:69]
B:BD[31.18] → [31.18:69]
B:BD[18.1859] → [20.1331:1353]
∅:D[28.161] → [20.1478:1539]
∅:D[29.1051] → [20.1478:1539]
B:BD[20.1478] → [20.1478:1539]
B:BD[20.1353] → [28.113:161]
B:BD[18.1617] → [19.648:736]
B:BD[19.736] → [28.62:112]
B:BD[18.1515] → [20.1300:1330]
∅:D[6.35] → [19.601:602]
B:BD[18.1491] → [19.601:602]
B:BD[19.602] → [20.1223:1265]
∅:D[20.1265] → [19.602:647]
B:BD[19.602] → [19.602:647]
B:BD[19.647] → [8.722:755]
B:BD[18.1491] → [6.13:35]
B:BD[18.1412] → [20.1082:1222]
B:BD[18.1407] → [33.240:262]
B:BD[33.262] → [23.3482:3521]
B:BD[23.3521] → [13.990:1006]
∅:D[33.262] → [21.148:272]
∅:D[13.1006] → [21.148:272]
∅:D[23.3521] → [21.148:272]
B:BD[18.1407] → [21.148:272]
B:BD[21.272] → [23.3522:3566]
∅:D[28.61] → [20.1050:1078]
∅:D[21.147] → [20.1050:1078]
B:BD[19.600] → [20.1050:1078]
∅:D[32.33] → [20.1078:1081]
B:BD[20.1078] → [20.1078:1081]
∅:D[29.961] → [32.12:33]
B:BD[20.1078] → [32.12:33]
B:BD[18.1247] → [21.94:147]
```
{
	imports = [
		(modulesPath + "/installer/scan/not-detected.nix")
		(modulesPath + "/profiles/qemu-guest.nix")
		./disk.nix
	];
	boot.loader.grub = {
		efiSupport = true;
		efiInstallAsRemovable = true;
	};
  # user configuration
  users.users.james = {
    isNormalUser = true;
    shell = pkgs.nushell; # nushell as default shell
  };
    settings = {
    };
  };
  networking = {
    hostName = "plum";
    };
  };
  time.timeZone = "Europe/Warsaw";
  i18n.defaultLocale = "en_US.UTF-8";
  # this value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. Don't change this after installation.
  system.stateVersion = "24.11";
}
    useDHCP = lib.mkDefault true;
    interfaces = {};
			trustedInterfaces = [ interface ];
      allowedTCPPorts = [ 22 80 443 ];
    domain = "plumj.am";
    firewall = enabled {
	services.resolved.domains = ["taild29fec.ts.net"];
	services.tailscale = enabled {
		useRoutingFeatures = "both";
		interfaceName = interface;
	};
    hostKeys = [{
      type = "ed25519";
      path = config.age.secrets.id.path;
    }];
      PasswordAuthentication       = false;
			KbdInteractiveAuthentication = false;
			AcceptEnv = "SHELLS COLORTERM";
  services.openssh = enabled {
	home-manager.users = {
		james = {};
	};
	};
	home-manager.sharedModules = [{
		home.stateVersion = "24.11";
		programs.home-manager.enable = true;
	}];
	programs.mosh = enabled {
		openFirewall = true;
	users.users.root = {
		hashedPasswordFile = config.age.secrets.password.path;
	};
		openssh.authorizedKeys.keys = [ keys.james ];
		hashedPasswordFile = config.age.secrets.password.path;
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [ keys.james ];
  users.mutableUsers = false;
	age.identityPaths = [ "/root/.ssh/id" ];
	age.secrets.password.file = ./password.age;
	age.secrets.id.file = ./id.age;
	zramSwap = enabled;
	nix.settings.experimental-features = [ "nix-command" "flakes" "pipe-operators" ];
	security.sudo = enabled {
		execWheelOnly = true;
	};
		./cache/default.nix
		./grafana
		./grafana/prometheus.nix
		./uptime-kuma
		(self + /modules/forgejo.nix)
		(self + /modules/site.nix)
		(self + /modules/matrix.nix)
		(self + /modules/element.nix)
		(self + /modules/linux/node-exporter.nix)
let
	inherit (lib) enabled;
in
	interface = "ts0";
{ pkgs, lib, modulesPath, config, keys, self, ... }:
```
Replacement in hosts/plum/default.nix at line 1 [17.987]
B:BD[17.987] → [17.988:994]
```
lib: 
```
[17.987]
[17.994]
```
lib:
```
Replacement in hosts/plum/default.nix at line 3 [17.987]
B:BD[17.998] → [11.146:188]
```
  inherit (lib) inputs collectNix remove;
```
[17.998]
[17.1022]
```
  inherit (lib) inputs enabled;
  interface = "ts0";
```
Replacement in hosts/plum/default.nix at line 6 [17.987]
B:BD[17.1027] → [17.1027:1046]
```
  class = "nixos";
```
[17.1027]
[17.1046]
```
  class  = "nixos";
```
Replacement in hosts/plum/default.nix at line 8 [17.987]
B:BD[17.1076] → [17.1076:1105]
```
    system = "x86_64-linux";
```
[17.1076]
[17.1105]
```
    system  = "x86_64-linux";
```

Replacement in hosts/plum/default.nix at line 11 [17.987]

B:BD[17.1159] → [11.189:240]

    ] ++ (collectNix ./. |> remove ./default.nix);

[17.1159]

[17.1192]

      ({ pkgs, lib, modulesPath, config, keys, self, ... }: {
        imports = [
          # hetzner
          (modulesPath + "/installer/scan/not-detected.nix")
          (modulesPath + "/profiles/qemu-guest.nix")
          ./disk.nix
          ./cache/default.nix
          ./grafana
          ./grafana/prometheus.nix
          ./uptime-kuma
          (self + /modules/forgejo.nix)
          (self + /modules/site.nix)
          (self + /modules/matrix.nix)
          (self + /modules/element.nix)
          (self + /modules/linux/node-exporter.nix)
          (self + /modules/system.nix)
          (self + /modules/nix.nix)
          (self + /modules/shared.nix)
        ];
        security.sudo = enabled {
          execWheelOnly = true;
        };
        nixpkgs.hostPlatform.system = "x86_64-linux";
        time.timeZone      = "Europe/Warsaw";
        i18n.defaultLocale = "en_US.UTF-8";
        services.openssh = enabled {
          hostKeys = [{
            type = "ed25519";
            path = config.age.secrets.id.path;
          }];
          settings = {
            PasswordAuthentication       = false;
            KbdInteractiveAuthentication = false;
            AcceptEnv                    = "SHELLS COLORTERM";
          };
        };
        boot.loader.grub = {
          efiSupport            = true;
          efiInstallAsRemovable = true;
        };
        zramSwap = enabled;
        age.identityPaths         = [ "/root/.ssh/id" ];
        age.secrets.password.file = ./password.age;
        age.secrets.id.file       = ./id.age;
        users.mutableUsers = false;
        users.users.james.hashedPasswordFile = config.age.secrets.password.path;
        users.users.root = {
          openssh.authorizedKeys.keys = [ keys.james ];
          hashedPasswordFile          = config.age.secrets.password.path;
        };
        programs.mosh = enabled {
          openFirewall = true;
        };
        services.resolved.domains = ["taild29fec.ts.net"];
        services.tailscale = enabled {
          useRoutingFeatures = "both";
          interfaceName      = interface;
        };
        networking = {
          hostName   = "plum";
          domain     = "plumj.am";
          firewall   = enabled {
            trustedInterfaces = [ interface ];
            allowedTCPPorts   = [ 22 80 443 ];
          };
          useDHCP    = lib.mkDefault true;
          interfaces = {};
        };
        system.stateVersion = "24.11";
      })
    ];

Replacement in hosts/plum/default.nix at line 99 [17.987]
B:BD[17.1197] → [17.1197:1198]
```
}
```
[17.1197]
```
}
```

File deletion: configuration.nix, configuration.nix, configuration.nix

BFD:BFD[35.813] → [35.832:873]

BF:BFD[35.873] → [37.83451:83451]

BF:BFD[36.169] → [36.949:990]

BF:BFD[36.990] → [37.83451:83451]

BFD:BFD[37.2] → [37.85031:85072]

BF:BFD[37.85072] → [37.83451:83451]

B:BD[37.83451] → [37.83452:83454]

B:BD[37.83471] → [37.83471:83479]

∅:D[38.73] → [37.83479:83488]

∅:D[36.1001] → [37.83479:83488]

∅:D[17.1498] → [37.83479:83488]

B:BD[37.83479] → [37.83479:83488]

∅:D[36.1034] → [37.83488:83528]

B:BD[37.83488] → [37.83488:83528]

∅:D[38.124] → [37.83528:83529]

B:BD[37.83528] → [37.83528:83529]

∅:D[36.1138] → [37.83529:83738]

B:BD[37.83529] → [37.83529:83738]

∅:D[38.212] → [37.83817:83824]

B:BD[37.83817] → [37.83817:83824]

∅:D[38.423] → [37.83824:84179]

B:BD[37.83824] → [37.83824:84179]

∅:D[2.91] → [37.84179:84222]

B:BD[37.84179] → [37.84179:84222]

∅:D[3.38] → [37.84222:84330]

B:BD[37.84222] → [37.84222:84330]

∅:D[5.28] → [37.84330:84549]

B:BD[37.84330] → [37.84330:84549]

∅:D[38.440] → [37.84549:84556]

B:BD[37.84549] → [37.84549:84556]

∅:D[17.1549] → [29.1142:1171]

B:BD[29.1142] → [29.1142:1171]

B:BD[29.1171] → [17.1550:1600]

B:BD[17.1600] → [10.207:254]

∅:D[10.254] → [37.84556:84561]

∅:D[29.1216] → [37.84556:84561]

∅:D[17.1600] → [37.84556:84561]

B:BD[37.84556] → [37.84556:84561]

∅:D[10.369] → [37.84561:84562]

B:BD[37.84561] → [37.84561:84562]

∅:D[31.249] → [37.84577:84583]

B:BD[37.84577] → [37.84577:84583]

∅:D[30.251] → [37.84625:84631]

∅:D[36.1282] → [37.84625:84631]

B:BD[37.84625] → [37.84625:84631]

∅:D[32.341] → [37.84631:84648]

B:BD[37.84631] → [37.84631:84648]

∅:D[9.83] → [37.84704:85030]

∅:D[39.83] → [37.84704:85030]

B:BD[37.84704] → [37.84704:85030]

B:BD[37.84648] → [36.1283:1306]

B:BD[36.1306] → [39.15:78]

B:BD[39.78] → [30.305:334]

∅:D[30.334] → [39.78:83]

B:BD[39.78] → [39.78:83]

B:BD[39.83] → [9.32:83]

B:BD[37.84631] → [30.252:304]

∅:D[30.304] → [32.196:292]

B:BD[37.84631] → [32.196:292]

B:BD[32.340] → [32.340:341]

B:BD[37.84583] → [30.129:160]

B:BD[30.160] → [31.250:388]

∅:D[31.388] → [30.160:251]

B:BD[30.160] → [30.160:251]

B:BD[37.84562] → [31.196:249]

B:BD[37.84561] → [10.255:369]

B:BD[37.84556] → [17.1499:1549]

B:BD[37.84549] → [38.424:440]

B:BD[37.84330] → [5.3:28]

B:BD[37.84222] → [3.3:38]

B:BD[37.84179] → [2.66:91]

B:BD[37.83824] → [38.213:423]

B:BD[37.83738] → [38.125:212]

B:BD[37.83529] → [36.1035:1138]

B:BD[37.83528] → [38.74:124]

B:BD[37.83488] → [36.1002:1031]

∅:D[32.195] → [36.1031:1034]

B:BD[36.1031] → [36.1031:1034]

∅:D[29.1096] → [32.174:195]

B:BD[36.1031] → [32.174:195]

B:BD[37.83479] → [38.66:73]

B:BD[38.73] → [36.991:1001]

B:BD[36.1001] → [17.1490:1498]

{
  pkgs,
  ...
}:
{
  nixpkgs.config.allowUnfree = true;
  wsl = {
    enable = true;
    defaultUser = "james";
    startMenuLaunchers = true;
    useWindowsDriver = true;
    docker-desktop.enable = true;
    # usb passthrough
    usbip = {
      enable = true;
    };
    wslConf = {
      automount.root = "/mnt";
      automount.options = "metadata,uid=1000,gid=100,noatime";
      boot.systemd = true;
      interop.enabled = true;
      interop.appendWindowsPath = true;
      network.generateHosts = true;
    };
  };
  nix = {
    settings = {
      experimental-features = [
        "nix-command"
        "flakes"
      ];
      auto-optimise-store = true;
    };
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };
  };
  # user configuration
  users.users.james = {
    isNormalUser = true;
    shell = pkgs.nushell; # nushell as default shell
    extraGroups = [
      "wheel" # sudo access
      "docker" # if using Docker
    ];
  };
  users.users.root = {
    openssh.authorizedKeys.keys = [ keys.james ];
  };
  home-manager.users = {
    james = {};
  };
  };
  };
  networking = {
  };
  time.timeZone = "Europe/Warsaw";
  i18n.defaultLocale = "en_US.UTF-8";
  # this value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. Don't change this after installation.
  system.stateVersion = "24.11";
}
    hostName = "pear";
    firewall = enabled {
			trustedInterfaces = [ interface ];
			allowedTCPPorts = [ 22 ];
		};
		useDHCP = lib.mkDefault true;
		interfaces = {};
	services.resolved.domains = ["taild29fec.ts.net"];
	services.tailscale = enabled {
		useRoutingFeatures = "both";
		interfaceName = interface;
	};
  services.openssh = enabled {
		settings = {
			PasswordAuthentication       = false;
			KbdInteractiveAuthentication = false;
			AcceptEnv = "SHELLS COLORTERM";
		};
    hostKeys = [{
      type = "ed25519";
      path = config.age.secrets.id.path;
    }];
  programs.mosh = enabled {
    openFirewall = true;
  home-manager.sharedModules = [{
    home.stateVersion = "24.11";
    programs.home-manager.enable = true;
  }];
    openssh.authorizedKeys.keys = [ keys.james ];
      "dialout"
      persistent = true;
      trusted-users = [ "james" ];
        "pipe-operators"
    # for usbip
    extraBin = [
      { src = "${lib.getExe' pkgs.coreutils-full "ls"}"; }
      { src = "${lib.getExe pkgs.bash}"; }
      { src = "${lib.getExe' pkgs.linuxPackages.usbip "usbip"}"; }
    ];
      # autoAttach = [ "1-9" ]; # add device IDs like "4-1" to auto-attach USB devices
  # agenix configuration
  age.identityPaths = [ "/root/.ssh/id" ];
  age.secrets.id.file = ./id.age;
  # nixpkgs.config.allowUnsupportedSystem = true;
let
  inherit (lib) enabled;
in
	interface = "ts0";
  lib,
  config,
  keys,

Replacement in hosts/pear/default.nix at line 1 [17.1239]
B:BD[17.1239] → [17.1240:1246]
```
lib: 
```
[17.1239]
[17.1246]
```
lib:
```
Replacement in hosts/pear/default.nix at line 3 [17.1239]
B:BD[17.1250] → [11.245:287]
```
  inherit (lib) inputs collectNix remove;
```
[17.1250]
[17.1274]
```
  inherit (lib) inputs enabled;
  interface = "ts0";
```
Replacement in hosts/pear/default.nix at line 6 [17.1239]
B:BD[17.1279] → [17.1279:1298]
```
  class = "nixos";
```
[17.1279]
[17.1298]
```
  class  = "nixos";
```
Replacement in hosts/pear/default.nix at line 8 [17.1239]
B:BD[17.1328] → [17.1328:1357]
```
    system = "x86_64-linux";
```
[17.1328]
[17.1357]
```
    system  = "x86_64-linux";
```

Replacement in hosts/pear/default.nix at line 11 [17.1239]

B:BD[17.1413] → [11.288:339]

    ] ++ (collectNix ./. |> remove ./default.nix);

[17.1413]

[17.1446]

      ({ pkgs, lib, config, keys, self, ... }: {
        imports = [
          (self + /modules/system.nix)
          (self + /modules/nix.nix)
          (self + /modules/shared.nix)
        ];
        security.sudo = enabled {
          execWheelOnly = true;
        };
        nixpkgs.hostPlatform.system = "x86_64-linux";
        nixpkgs.config.allowUnfree  = true;
        type = "desktop";
        time.timeZone      = "Europe/Warsaw";
        i18n.defaultLocale = "en_US.UTF-8";
        services.openssh = enabled {
          hostKeys = [{
            type = "ed25519";
            path = config.age.secrets.id.path;
          }];
          settings = {
            PasswordAuthentication       = false;
            KbdInteractiveAuthentication = false;
            AcceptEnv                    = "SHELLS COLORTERM";
          };
        };
        age.identityPaths   = [ "/root/.ssh/id" ];
        age.secrets.id.file = ./id.age;
        wsl = enabled {
          defaultUser = "james";
          startMenuLaunchers    = true;
          useWindowsDriver      = true;
          docker-desktop.enable = true;
          # usb passthrough
          usbip = enabled {
            # autoAttach = [ "1-9" ]; # add device IDs like "4-1" to auto-attach USB devices
          };
          # for usbip
          extraBin = [
            { src = "${lib.getExe' pkgs.coreutils-full "ls"}"; }
            { src = "${lib.getExe pkgs.bash}"; }
            { src = "${lib.getExe' pkgs.linuxPackages.usbip "usbip"}"; }
          ];
          wslConf = {
            automount.root            = "/mnt";
            automount.options         = "metadata,uid=1000,gid=100,noatime";
            boot.systemd              = true;
            interop.enabled           = true;
            interop.appendWindowsPath = true;
            network.generateHosts     = true;
          };
        };
        users.users.james.extraGroups = [ "docker" "dialout" ];
        users.users.root.openssh.authorizedKeys.keys = [ keys.james ];
        programs.mosh = enabled {
          openFirewall = true;
        };
        services.resolved.domains = ["taild29fec.ts.net"];
        services.tailscale = enabled {
          useRoutingFeatures = "both";
          interfaceName      = interface;
        };
        networking = {
          hostName   = "pear";
          firewall   = enabled {
            trustedInterfaces = [ interface ];
            allowedTCPPorts   = [ 22 ];
          };
          useDHCP    = lib.mkDefault true;
          interfaces = {};
        };
        system.stateVersion = "24.11";
      })
    ];

Replacement in hosts/pear/default.nix at line 104 [17.1239]
B:BD[17.1451] → [17.1451:1452]
```
}
```
[17.1451]
```
}
```

File deletion: configuration.nix, configuration.nix

BF:BFD[40.16] → [40.34:75]

BF:BFD[40.75] → [35.895:895]

BFD:BFD[35.875] → [35.3116:3157]

BF:BFD[35.3157] → [35.895:895]

B:BD[35.895] → [35.896:961]

∅:D[4.89] → [35.961:3115]

B:BD[35.961] → [35.961:3115]

B:BD[35.961] → [4.5:89]

{
  pkgs,
  lib,
  ...
}:
{
  nixpkgs.config.allowUnfree = true;
  nix = {
    settings = {
      experimental-features = [
        "nix-command"
        "flakes"
        "pipe-operators"
      ];
    };
    optimise.automatic = true;
    gc = {
      automatic = true;
      interval = {
        Weekday = 1;
        Hour = 0;
        Minute = 0;
      };
      options = "--delete-older-than 7d";
    };
  };
  users.users.james = {
    name = "james";
    home = "/Users/james";
    shell = pkgs.nushell;
  };
  system.primaryUser = "james";
  # thanks github/rgbcube for the stuff below
  security.pam.services.sudo_local = {
    enable = true;
    touchIdAuth = true;
  };
  system.defaults.CustomSystemPreferences."com.apple.AdLib" = {
    allowApplePersonalizedAdvertising = false;
    allowIdentifierForAdvertising = false;
    forceLimitAdTracking = true;
    personalizedAdsMigrated = false;
  };
  system.defaults.SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true;
  system.defaults.loginwindow = {
    DisableConsoleAccess = true;
    GuestEnabled = false;
  };
  system.defaults.trackpad = {
    Clicking = false; # no touch-to-click
    Dragging = false; # no tap-to-drag
  };
  system.defaults.dock = {
    autohide = true;
    showhidden = true; # translucent
    mouse-over-hilite-stack = true;
    show-recents = false;
    mru-spaces = false;
    tilesize = 48;
    magnification = false;
    enable-spring-load-actions-on-all-items = true;
    persistent-apps = [
      { app = "/Users/james/Applications/Home Manager Apps/Alacritty.app"; }
      { app = "/Users/james/Applications/Home Manager Apps/Arc.app"; }
      {
        app = "/Users/james/Applications/Home Manager Apps/Karabiner-Elements.app";
      }
    ];
  };
  system.defaults.CustomSystemPreferences."com.apple.dock" = {
    autohide-time-modifier = 0.0;
    autohide-delay = 0.0;
    expose-animation-duration = 0.0;
    springboard-show-duration = 0.0;
    springboard-hide-duration = 0.0;
    springboard-page-duration = 0.0;
    # Disable hot corners.
    wvous-tl-corner = 0;
    wvous-tr-corner = 0;
    wvous-bl-corner = 0;
    wvous-br-corner = 0;
    launchanim = 0;
  };
  system.stateVersion = 5;
}
  nixpkgs.config.permittedInsecurePackages = [
    "arc-browser-1.106.0-66192"
  ];

Replacement in hosts/lime/default.nix at line 1 [17.1603]
B:BD[17.1603] → [17.1604:1611]
```
lib: {
```
[17.1603]
[17.1611]
```
lib:
let
  inherit (lib) enabled;
in {
```
Replacement in hosts/lime/default.nix at line 7 [17.1603]
B:BD[17.1662] → [17.1662:1693]
```
    system = "aarch64-darwin";
```
[17.1662]
[17.1693]
```
    system  = "aarch64-darwin";
```

Replacement in hosts/lime/default.nix at line 9 [17.1603]

B:BD[17.1709] → [17.1709:1735]

      ./configuration.nix

[17.1709]

[17.1735]

      ({ pkgs, lib, self, ... }: {
        imports = [
          (self + /modules/system.nix)
          (self + /modules/nix.nix)
          (self + /modules/shared.nix)
        ];
        nixpkgs.hostPlatform.system              = "aarch64-darwin";
        nixpkgs.config.allowUnfree               = true;
        nixpkgs.config.permittedInsecurePackages = [ "arc-browser-1.106.0-66192" ];
        system.primaryUser = "james";
        type               = "desktop";
        # thanks github/rgbcube for the stuff below
        security.pam.services.sudo_local = enabled {
          touchIdAuth = true;
        };
        system.defaults.CustomSystemPreferences."com.apple.AdLib" = {
          allowApplePersonalizedAdvertising = false;
          allowIdentifierForAdvertising     = false;
          forceLimitAdTracking              = true;
          personalizedAdsMigrated           = false;
        };
        system.defaults.SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true;
        system.defaults.loginwindow = {
          DisableConsoleAccess = true;
          GuestEnabled         = false;
        };
        system.defaults.trackpad = {
          Clicking = false; # no touch-to-click
          Dragging = false; # no tap-to-drag
        };
        system.defaults.dock = {
          autohide   = true;
          showhidden = true; # translucent
          mouse-over-hilite-stack = true;
          show-recents = false;
          mru-spaces   = false;
          tilesize      = 48;
          magnification = false;
          enable-spring-load-actions-on-all-items = true;
          persistent-apps = [
            { app = "/Users/james/Applications/Home Manager Apps/Alacritty.app"; }
            { app = "/Users/james/Applications/Home Manager Apps/Arc.app"; }
            { app = "/Users/james/Applications/Home Manager Apps/Karabiner-Elements.app"; }
          ];
        };
        system.defaults.CustomSystemPreferences."com.apple.dock" = {
          autohide-time-modifier    = 0.0;
          autohide-delay            = 0.0;
          expose-animation-duration = 0.0;
          springboard-show-duration = 0.0;
          springboard-hide-duration = 0.0;
          springboard-page-duration = 0.0;
          # Disable hot corners.
          wvous-tl-corner = 0;
          wvous-tr-corner = 0;
          wvous-bl-corner = 0;
          wvous-br-corner = 0;
          launchanim = 0;
        };
        system.stateVersion = 5;
      })

Replacement in hosts/lime/default.nix at line 88 [17.1603]
B:BD[17.1747] → [17.1747:1748]
```
}
```
[17.1747]
```
}
```

File deletion: configuration.nix

BF:BFD[41.2123] → [41.6534:6575]

BF:BFD[41.6575] → [41.4566:4566]

∅:D[28.222] → [41.4608:4636]

∅:D[21.343] → [41.4608:4636]

B:BD[41.4608] → [41.4608:4636]

∅:D[32.370] → [41.4636:4752]

B:BD[41.4636] → [41.4636:4752]

∅:D[42.1449] → [41.4752:4765]

B:BD[41.4752] → [41.4752:4765]

∅:D[12.224] → [41.4765:4989]

∅:D[21.377] → [41.4765:4989]

∅:D[43.4370] → [41.4765:4989]

B:BD[41.4765] → [41.4765:4989]

∅:D[6.68] → [41.4989:5354]

B:BD[41.4989] → [41.4989:5354]

∅:D[28.273] → [41.5486:5514]

∅:D[29.1310] → [41.5486:5514]

B:BD[41.5486] → [41.5486:5514]

∅:D[28.322] → [41.5639:5739]

∅:D[29.1354] → [41.5639:5739]

B:BD[41.5639] → [41.5639:5739]

∅:D[31.453] → [41.5739:5744]

B:BD[41.5739] → [41.5739:5744]

∅:D[30.375] → [41.5786:5803]

B:BD[41.5786] → [41.5786:5803]

∅:D[31.575] → [41.5906:5913]

B:BD[41.5906] → [41.5906:5913]

B:BD[41.5938] → [41.5938:6035]

∅:D[32.516] → [41.6035:6075]

B:BD[41.6035] → [41.6035:6075]

∅:D[43.4399] → [41.6075:6092]

B:BD[41.6075] → [41.6075:6092]

∅:D[39.129] → [41.6092:6113]

B:BD[41.6092] → [41.6092:6113]

∅:D[43.4439] → [41.6145:6533]

B:BD[41.6145] → [41.6145:6533]

B:BD[41.6113] → [43.4400:4439]

B:BD[41.6092] → [39.91:129]

B:BD[41.6075] → [43.4371:4399]

B:BD[41.6035] → [30.376:428]

∅:D[30.428] → [32.371:467]

B:BD[41.6035] → [32.371:467]

B:BD[32.515] → [32.515:516]

B:BD[41.5803] → [31.454:575]

B:BD[41.5744] → [30.344:375]

B:BD[41.5739] → [31.398:402]

∅:D[10.491] → [31.402:453]

B:BD[31.402] → [31.402:453]

B:BD[31.402] → [10.383:491]

B:BD[41.5514] → [28.274:322]

B:BD[41.5354] → [28.223:273]

B:BD[41.4989] → [6.46:68]

B:BD[41.4765] → [21.344:377]

B:BD[21.377] → [12.180:224]

B:BD[41.4752] → [42.1411:1449]

∅:D[29.1264] → [32.349:370]

B:BD[41.4636] → [32.349:370]

B:BD[41.4566] → [21.290:343]

let
	inherit (lib) enabled;
in
{
	imports = [
		(modulesPath + "/installer/scan/not-detected.nix")
		(modulesPath + "/profiles/qemu-guest.nix")
		./disk.nix
	];
	nix.settings.experimental-features = [ "nix-command" "flakes" "pipe-operators" ];
	security.sudo = enabled {
		execWheelOnly = true;
	};
	boot.loader.grub = {
		efiSupport = true;
		efiInstallAsRemovable = true;
	};
	age.identityPaths = [ "/root/.ssh/id" ];
	age.secrets.password.file = ./password.age;
	age.secrets.id.file = ./id.age;
  # user configuration
  users.mutableUsers = false;
  users.users.james = {
    isNormalUser = true;
    shell = pkgs.nushell; # nushell as default shell
		hashedPasswordFile = config.age.secrets.password.path;
    extraGroups = [ "wheel" ];
  };
	users.users.root = {
		hashedPasswordFile = config.age.secrets.password.path;
	};
	home-manager.users = {
		james = {};
	};
    settings = {
    };
    hostKeys = [{
      type = "ed25519";
      path = config.age.secrets.id.path;
    }];
  };
  networking = {
    hostName = "kiwi";
    firewall = {
      enable = true;
    };
    useDHCP = lib.mkDefault true;
    interfaces = {};
  };
  time.timeZone = "Europe/Warsaw";
  i18n.defaultLocale = "en_US.UTF-8";
  # this value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. Don't change this after installation.
  system.stateVersion = "24.11";
}
      allowedTCPPorts = [ 22 80 443 ];
			trustedInterfaces = [ interface ];
    domain = "dr-radka.pl";
	services.resolved.domains = ["taild29fec.ts.net"];
	services.tailscale = enabled {
		useRoutingFeatures = "both";
		interfaceName = interface;
	};
      PasswordAuthentication       = false;
			KbdInteractiveAuthentication = false;
			AcceptEnv = "SHELLS COLORTERM";
  services.openssh = enabled {
	};
	programs.mosh = enabled {
		openFirewall = true;
	home-manager.sharedModules = [{
		home.stateVersion = "24.11";
		programs.home-manager.enable = true;
	}];
		openssh.authorizedKeys.keys = [ keys.james ];
    openssh.authorizedKeys.keys = [ keys.james ];
	zramSwap = enabled;
		(self + /modules/dr-radka.nix)
		(self + /modules/linux/node-exporter.nix)
		./github2forgejo/github2forgejo.nix
	interface = "ts0";
{ pkgs, lib, modulesPath, config, keys, self, ... }:

Replacement in hosts/kiwi/default.nix at line 1 [17.1791]
B:BD[17.1791] → [17.1792:1798]
```
lib: 
```
[17.1791]
[17.1798]
```
lib:
```
Replacement in hosts/kiwi/default.nix at line 3 [17.1791]
B:BD[17.1802] → [11.353:395]
```
  inherit (lib) inputs collectNix remove;
```
[17.1802]
[17.1826]
```
  inherit (lib) inputs enabled;
  interface = "ts0";
```
Replacement in hosts/kiwi/default.nix at line 6 [17.1791]
B:BD[17.1831] → [17.1831:1850]
```
  class = "nixos";
```
[17.1831]
[17.1850]
```
  class  = "nixos";
```
Replacement in hosts/kiwi/default.nix at line 8 [17.1791]
B:BD[17.1880] → [17.1880:1909]
```
    system = "x86_64-linux";
```
[17.1880]
[17.1909]
```
    system  = "x86_64-linux";
```

Replacement in hosts/kiwi/default.nix at line 11 [17.1791]

B:BD[17.1963] → [11.396:447]

    ] ++ (collectNix ./. |> remove ./default.nix);

[17.1963]

[17.1996]

      ({ pkgs, lib, modulesPath, config, keys, self, ... }: {
        imports = [
          # hetzner
          (modulesPath + "/installer/scan/not-detected.nix")
          (modulesPath + "/profiles/qemu-guest.nix")
          ./github2forgejo/github2forgejo.nix
          ./disk.nix
          (self + /modules/dr-radka.nix)
          (self + /modules/linux/node-exporter.nix)
          (self + /modules/system.nix)
          (self + /modules/nix.nix)
          (self + /modules/shared.nix)
        ];
        security.sudo = enabled {
          execWheelOnly = true;
        };
        nixpkgs.hostPlatform.system = "x86_64-linux";
        time.timeZone      = "Europe/Warsaw";
        i18n.defaultLocale = "en_US.UTF-8";
        services.openssh = enabled {
          hostKeys = [{
            type = "ed25519";
            path = config.age.secrets.id.path;
          }];
          settings = {
            PasswordAuthentication       = false;
            KbdInteractiveAuthentication = false;
            AcceptEnv                    = "SHELLS COLORTERM";
          };
        };
        boot.loader.grub = {
          efiSupport            = true;
          efiInstallAsRemovable = true;
        };
        zramSwap = enabled;
        age.identityPaths         = [ "/root/.ssh/id" ];
        age.secrets.password.file = ./password.age;
        age.secrets.id.file       = ./id.age;
        users.mutableUsers = false;
        users.users.james.hashedPasswordFile = config.age.secrets.password.path;
        users.users.root = {
          openssh.authorizedKeys.keys = [ keys.james ];
          hashedPasswordFile          = config.age.secrets.password.path;
        };
        programs.mosh = enabled {
          openFirewall = true;
        };
        services.resolved.domains = ["taild29fec.ts.net"];
        services.tailscale = enabled {
          useRoutingFeatures = "both";
          interfaceName      = interface;
        };
        networking = {
          hostName   = "kiwi";
          domain     = "dr-radka.pl";
          firewall   = enabled {
            trustedInterfaces = [ interface ];
            allowedTCPPorts   = [ 22 80 443 ];
          };
          useDHCP    = lib.mkDefault true;
          interfaces = {};
        };
        system.stateVersion = "24.11";
      })
    ];

Replacement in hosts/kiwi/default.nix at line 93 [17.1791]
B:BD[17.2001] → [17.2001:2002]
```
}
```
[17.2001]
```
}
```
Insertion in flake.nix at line 20 [37.24075]
[44.438]
[44.438]
```
      "cgroups"
```
Deletion in flake.nix at line 29 [37.24075]
∅:D[14.281] → [45.175:212]
B:BD[45.175] → [45.175:212]
```
    lazy-trees               = true;
```
Insertion in flake.nix at line 30 [37.24075]
[46.423]
[45.212]
```
    use-cgroups              = true;
```

hosts: centralise nix config and consolidate hosts

Dependencies

In channels

Change contents

File addition: system.nix (----------)

File addition: shared.nix (----------)

File addition: nix.nix (----------)

Insertion in lib/system.nix at line 2 [16.508]

Insertion in lib/system.nix at line 32 [16.508]

File deletion: configuration.nix

Replacement in hosts/plum/default.nix at line 1 [17.987]

Replacement in hosts/plum/default.nix at line 3 [17.987]

Replacement in hosts/plum/default.nix at line 6 [17.987]

Replacement in hosts/plum/default.nix at line 8 [17.987]

Replacement in hosts/plum/default.nix at line 11 [17.987]

Replacement in hosts/plum/default.nix at line 99 [17.987]

File deletion: configuration.nix, configuration.nix, configuration.nix

Replacement in hosts/pear/default.nix at line 1 [17.1239]

Replacement in hosts/pear/default.nix at line 3 [17.1239]

Replacement in hosts/pear/default.nix at line 6 [17.1239]

Replacement in hosts/pear/default.nix at line 8 [17.1239]

Replacement in hosts/pear/default.nix at line 11 [17.1239]

Replacement in hosts/pear/default.nix at line 104 [17.1239]

File deletion: configuration.nix, configuration.nix

Replacement in hosts/lime/default.nix at line 1 [17.1603]

Replacement in hosts/lime/default.nix at line 7 [17.1603]

Replacement in hosts/lime/default.nix at line 9 [17.1603]

Replacement in hosts/lime/default.nix at line 88 [17.1603]

File deletion: configuration.nix

Replacement in hosts/kiwi/default.nix at line 1 [17.1791]

Replacement in hosts/kiwi/default.nix at line 3 [17.1791]

Replacement in hosts/kiwi/default.nix at line 6 [17.1791]

Replacement in hosts/kiwi/default.nix at line 8 [17.1791]

Replacement in hosts/kiwi/default.nix at line 11 [17.1791]

Replacement in hosts/kiwi/default.nix at line 93 [17.1791]

Insertion in flake.nix at line 20 [37.24075]

Deletion in flake.nix at line 29 [37.24075]

Insertion in flake.nix at line 30 [37.24075]