Commit 035c0472e035

@@ -41,6 +41,43 @@
       ];
     };
 
+  newMkHost =
+    {
+      hostname,
+      system ? "x86_64-linux",
+      pkgsInput ? inputs.nixpkgs,
+    }:
+    let
+      globals = import ../globals.nix {
+        inherit (pkgsInput) lib;
+        inherit hostname;
+      };
+      specialArgs = {
+        inherit
+          self
+          inputs
+          outputs
+          stateVersion
+          hostname
+          globals
+          system
+          ;
+        libx = import ./functions.nix { inherit (pkgsInput) lib; };
+      };
+    in
+    pkgsInput.lib.nixosSystem {
+      inherit specialArgs;
+      inherit system;
+      modules = [
+        self.nixosModules.wireguard-client
+        self.nixosModules.wireguard-server
+        self.nixosModules.govanityurl
+        self.nixosModules.gosmee
+        inputs.agenix.nixosModules.default
+        ../systems/new.nix
+      ];
+    };
+
   # Function for generating host configs
   mkHost =
     {

@@ -1,28 +1,6 @@
-{ pkgs, lib, ... }:
+{ pkgs, ... }:
 {
-  environment.systemPackages = with pkgs; [
-    sbctl
-  ];
-
   boot = {
-    # Secure boot configuration
-    bootspec.enable = true;
-    # First boot systemd-boot has to be enabled, then switch to lanzaboote
-    loader.systemd-boot.enable = lib.mkForce false;
-    lanzaboote = {
-      enable = true;
-      pkiBundle = "/var/lib/sbctl";
-    };
-
-    initrd = {
-      luks.devices."cryptroot" = {
-        crypttabExtraOpts = [ "fido2-device=auto" ];
-      };
-      systemd = {
-        fido2.enable = true;
-      };
-    };
-
     # extraModprobeConfig = ''
     #   options snd_hda_intel power_save=1
     # '';

@@ -0,0 +1,10 @@
+{ ... }:
+{
+  imports = [
+    ../common/hardware/acpid.nix
+  ];
+
+  hardware = {
+    # opengl.extraPackages = with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl intel-media-driver ];
+  };
+}

@@ -1,16 +0,0 @@
-{ inputs, lib, ... }:
-{
-  imports = [
-    inputs.disko.nixosModules.disko
-    (import ./disks.nix { inherit lib; })
-
-    inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-12th-gen
-
-    ../common/hardware/acpid.nix
-    ../common/hardware/bluetooth.nix
-  ];
-
-  hardware = {
-    # opengl.extraPackages = with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl intel-media-driver ];
-  };
-}

@@ -0,0 +1,93 @@
+{
+  config,
+  hostname,
+  inputs,
+  lib,
+  stateVersion,
+  ...
+}:
+{
+  imports = [
+    (./. + "/${hostname}/boot.nix")
+    (./. + "/${hostname}/hardware.nix")
+  ]
+  ++ lib.optional (builtins.pathExists (./. + "/${hostname}/extra.nix")) ./${hostname}/extra.nix;
+
+  nixpkgs.config.allowUnfree = true;
+
+  nix = {
+
+    # This will add each flake input as a registry
+    # To make nix3 commands consistent with your flake
+    registry = lib.mkForce (lib.mapAttrs (_: value: { flake = value; }) inputs);
+
+    # This will additionally add your inputs to the system's legacy channels
+    # Making legacy nix commands consistent as well, awesome!
+    nixPath = lib.mkForce (
+      lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry
+    );
+
+    optimise = {
+      automatic = true;
+      dates = [
+        "01:10"
+        "12:10"
+      ];
+    };
+
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+      sandbox = true;
+      allowed-users = [
+        "@wheel"
+      ];
+      trusted-users = [
+        "root"
+        "@wheel"
+      ];
+      # See https://nixos.org/manual/nix/stable/command-ref/conf-file#conf-use-xdg-base-directories
+      use-xdg-base-directories = true;
+
+      # Add some "caches" (substituters)
+      substituters = [
+        "https://cache.nixos.org/"
+        "https://r-ryantm.cachix.org"
+        "https://shortbrain.cachix.org"
+        "https://vdemeester.cachix.org"
+        "https://chapeau-rouge.cachix.org"
+        "https://nixos-raspberrypi.cachix.org"
+      ];
+      trusted-public-keys = [
+        "r-ryantm.cachix.org-1:gkUbLkouDAyvBdpBX0JOdIiD2/DP1ldF3Z3Y6Gqcc4c="
+        "shortbrain.cachix.org-1:dqXcXzM0yXs3eo9ChmMfmob93eemwNyhTx7wCR4IjeQ="
+        "chapeau-rouge.cachix.org-1:r34IG766Ez4Eeanr7Zx+egzXLE2Zgvc+XRspYZPDAn8="
+        "vdemeester.cachix.org-1:eZWNOrLR9A9szeMahn9ENaoT9DB3WgOos8va+d2CU44="
+        "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
+      ];
+    };
+
+    extraOptions = ''
+      connect-timeout = 20
+      build-cores = 0
+      keep-outputs = true
+      keep-derivations = true
+      builders-use-substitutes = true
+    '';
+
+    # On laptops at least, make the daemon and builders low priority
+    # to have a responding system while building
+    daemonIOSchedClass = "idle";
+    daemonCPUSchedPolicy = "idle";
+  };
+
+  # `nix-daemon` will hit the stack limit when using `nixFlakes`.
+  systemd.services.nix-daemon.serviceConfig."LimitSTACK" = "infinity";
+
+  system = {
+    inherit stateVersion;
+  };
+}

@@ -71,11 +71,6 @@
           # desktop = "sway";
           desktop = "niri";
         };
-        # Test VM, name is..
-        foobar = libx.mkHost {
-          hostname = "foobar";
-          desktop = "niri";
-        };
         # Servers (unstable)
         aomi = libx.mkHost {
           hostname = "aomi";
@@ -128,6 +123,10 @@
           pkgsInput = inputs.nixpkgs-25_05;
           homeInput = inputs.home-manager-25_05;
         };
+        # NOTE: experimentations
+        foo = libx.newMkHost {
+          hostname = "foo";
+        };
       };
 
       nixosModules = {