try to configure using nixosModules

doesn't seem like there's that much benefit?

flake.nix

@@ -110,10 +110,20 @@
 
   };
 
-  outputs = { nixpkgs, ... }@inputs:
+  outputs = { self, nixpkgs, ... }@inputs:
 
     let
 
+      # Common overlays to always use
+      overlays = [
+        inputs.nur.overlay
+        inputs.nix2vim.overlay
+        (import ./overlays/neovim-plugins.nix inputs)
+        (import ./overlays/calibre-web.nix)
+        (import ./overlays/disko.nix inputs)
+        (import ./overlays/tree-sitter.nix inputs)
+      ];
+
       # Global configuration for my systems
       globals = let baseName = "masu.rs";
       in rec {
@@ -125,6 +135,7 @@
         mail.imapHost = "imap.purelymail.com";
         mail.smtpHost = "smtp.purelymail.com";
         dotfilesRepo = "git@github.com:nmasur/dotfiles";
+        nixpkgs.overlays = overlays;
         hostnames = {
           git = "git.${baseName}";
           metrics = "metrics.${baseName}";
@@ -137,16 +148,6 @@
         };
       };
 
-      # Common overlays to always use
-      overlays = [
-        inputs.nur.overlay
-        inputs.nix2vim.overlay
-        (import ./overlays/neovim-plugins.nix inputs)
-        (import ./overlays/calibre-web.nix)
-        (import ./overlays/disko.nix inputs)
-        (import ./overlays/tree-sitter.nix inputs)
-      ];
-
       # System types to support.
       supportedSystems =
         [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
@@ -156,20 +157,26 @@
 
     in rec {
 
+      nixosModules = {
+        globals = { config }: { config = globals; };
+        common = import ./modules/common;
+        nixos = import ./modules/nixos;
+        darwin = import ./modules/darwin;
+      };
+
       # Contains my full system builds, including home-manager
       # nixos-rebuild switch --flake .#tempest
       nixosConfigurations = {
-        tempest = import ./hosts/tempest { inherit inputs globals overlays; };
-        hydra = import ./hosts/hydra { inherit inputs globals overlays; };
-        flame = import ./hosts/flame { inherit inputs globals overlays; };
-        swan = import ./hosts/swan { inherit inputs globals overlays; };
+        tempest = import ./hosts/tempest { inherit self; };
+        hydra = import ./hosts/hydra { inherit self; };
+        flame = import ./hosts/flame { inherit self; };
+        swan = import ./hosts/swan { inherit self; };
       };
 
       # Contains my full Mac system builds, including home-manager
       # darwin-rebuild switch --flake .#lookingglass
       darwinConfigurations = {
-        lookingglass =
-          import ./hosts/lookingglass { inherit inputs globals overlays; };
+        lookingglass = import ./hosts/lookingglass { inherit self; };
       };
 
       # For quickly applying home-manager settings with:
@@ -185,10 +192,8 @@
       diskoConfigurations = { root = import ./disks/root.nix; };
 
       packages = let
-        aws = system:
-          import ./hosts/aws { inherit inputs globals overlays system; };
-        staff = system:
-          import ./hosts/staff { inherit inputs globals overlays system; };
+        aws = system: import ./hosts/aws { inherit self system; };
+        staff = system: import ./hosts/staff { inherit self system; };
         neovim = system:
           let pkgs = import nixpkgs { inherit system overlays; };
           in import ./modules/common/neovim/package {

hosts/aws/default.nix

@@ -1,17 +1,14 @@
-{ inputs, system, globals, overlays, ... }:
+{ self, system, ... }:
 
-inputs.nixos-generators.nixosGenerate {
+self.inputs.nixos-generators.nixosGenerate {
   inherit system;
   format = "amazon";
   modules = [
-    inputs.home-manager.nixosModules.home-manager
+    self.inputs.home-manager.nixosModules.home-manager
+    self.nixosModules.globals
+    self.nixosModules.common
+    self.nixosModules.nixos
     {
-      nixpkgs.overlays = overlays;
-      user = globals.user;
-      fullName = globals.fullName;
-      dotfilesRepo = globals.dotfilesRepo;
-      gitName = globals.gitName;
-      gitEmail = globals.gitEmail;
       networking.hostName = "sheep";
       gui.enable = false;
       theme.colors = (import ../../colorscheme/gruvbox).dark;
@@ -21,9 +18,6 @@ inputs.nixos-generators.nixosGenerate {
       # AWS settings require this
       permitRootLogin = "prohibit-password";
     }
-    ../../modules/common
-    ../../modules/nixos
-    ../../modules/nixos/services/sshd.nix
   ] ++ [
     # Required to fix diskSize errors during build
     ({ ... }: { amazonImage.sizeMB = 16 * 1024; })

hosts/flame/default.nix

@@ -4,24 +4,23 @@
 # How to install:
 # https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
 
-{ inputs, globals, overlays, ... }:
+{ self, ... }:
 
-inputs.nixpkgs.lib.nixosSystem {
+self.inputs.nixpkgs.lib.nixosSystem {
   system = "aarch64-linux";
   specialArgs = { };
   modules = [
-    globals
-    inputs.home-manager.nixosModules.home-manager
-    ../../modules/common
-    ../../modules/nixos
+    self.inputs.home-manager.nixosModules.home-manager
+    self.nixosModules.globals
+    self.nixosModules.common
+    self.nixosModules.nixos
     {
-      nixpkgs.overlays = overlays;
-
       # Hardware
       server = true;
       networking.hostName = "flame";
 
-      imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
+      imports =
+        [ (self.inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
       boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
 
       fileSystems."/" = {
@@ -62,6 +61,8 @@ inputs.nixpkgs.lib.nixosSystem {
           "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
       };
 
+      giteaRunner.enable = true;
+
       # Nextcloud backup config
       backup.s3 = {
         endpoint = "s3.us-west-002.backblazeb2.com";
@@ -69,9 +70,6 @@ inputs.nixpkgs.lib.nixosSystem {
         accessKeyId = "0026b0e73b2e2c80000000005";
       };
 
-      # # Grant access to Jellyfin directories from Nextcloud
-      # users.users.nextcloud.extraGroups = [ "jellyfin" ];
-
       # # Wireguard config for Transmission
       # wireguard.enable = true;
       # networking.wireguard.interfaces.wg0 = {

hosts/hydra/default.nix

@@ -1,21 +1,20 @@
 # The Hydra
 # System configuration for WSL
 
-{ inputs, globals, overlays, ... }:
+{ self, ... }:
 
-inputs.nixpkgs.lib.nixosSystem {
+self.inputs.nixpkgs.lib.nixosSystem {
   system = "x86_64-linux";
   specialArgs = { };
   modules = [
-    ../../modules/common
-    ../../modules/nixos
-    ../../modules/wsl
-    globals
-    inputs.wsl.nixosModules.wsl
-    inputs.home-manager.nixosModules.home-manager
+    self.inputs.wsl.nixosModules.wsl
+    self.inputs.home-manager.nixosModules.home-manager
+    self.nixosModules.globals
+    self.nixosModules.common
+    self.nixosModules.nixos
+    self.nixosModules.wsl
     {
       networking.hostName = "hydra";
-      nixpkgs.overlays = overlays;
       identityFile = "/home/${globals.user}/.ssh/id_ed25519";
       gui.enable = false;
       theme = {

hosts/lookingglass/default.nix

@@ -1,46 +1,46 @@
 # The Looking Glass
 # System configuration for my work Macbook
 
-{ inputs, globals, overlays, ... }:
+{ self, ... }:
 
-inputs.darwin.lib.darwinSystem {
+self.inputs.darwin.lib.darwinSystem {
   system = "x86_64-darwin";
   specialArgs = { };
   modules = [
-    ../../modules/common
-    ../../modules/darwin
-    (globals // rec {
-      user = "Noah.Masur";
-      gitName = "Noah-Masur_1701";
-      gitEmail = "${user}@take2games.com";
-    })
-    inputs.home-manager.darwinModules.home-manager
-    {
-      nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays;
-      networking.hostName = "lookingglass";
-      identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
-      gui.enable = true;
-      theme = {
-        colors = (import ../../colorscheme/gruvbox-dark).dark;
-        dark = true;
+    self.inputs.home-manager.darwinModules.home-manager
+    self.nixosModules.common
+    self.nixosModules.darwin
+    ({ config, lib, ... }: {
+      config = rec {
+        user = lib.mkForce "Noah.Masur";
+        gitName = lib.mkForce "Noah-Masur_1701";
+        gitEmail = lib.mkForce "${user}@take2games.com";
+        nixpkgs.overlays = [ self.inputs.firefox-darwin.overlay ];
+        networking.hostName = "lookingglass";
+        identityFile = "/Users/${user}/.ssh/id_ed25519";
+        gui.enable = true;
+        theme = {
+          colors = (import ../../colorscheme/gruvbox-dark).dark;
+          dark = true;
+        };
+        mail.user = globals.user;
+        charm.enable = true;
+        neovim.enable = true;
+        mail.enable = true;
+        mail.aerc.enable = true;
+        mail.himalaya.enable = false;
+        kitty.enable = true;
+        discord.enable = true;
+        firefox.enable = true;
+        dotfiles.enable = true;
+        nixlang.enable = true;
+        terraform.enable = true;
+        python.enable = true;
+        lua.enable = true;
+        kubernetes.enable = true;
+        _1password.enable = true;
+        slack.enable = true;
       };
-      mail.user = globals.user;
-      charm.enable = true;
-      neovim.enable = true;
-      mail.enable = true;
-      mail.aerc.enable = true;
-      mail.himalaya.enable = false;
-      kitty.enable = true;
-      discord.enable = true;
-      firefox.enable = true;
-      dotfiles.enable = true;
-      nixlang.enable = true;
-      terraform.enable = true;
-      python.enable = true;
-      lua.enable = true;
-      kubernetes.enable = true;
-      _1password.enable = true;
-      slack.enable = true;
-    }
+    })
   ];
 }

hosts/staff/default.nix

@@ -1,31 +1,32 @@
 # The Staff
 # ISO configuration for my USB drive
 
-{ inputs, system, overlays, ... }:
+{ self, system, ... }:
 
-inputs.nixos-generators.nixosGenerate {
+self.inputs.nixos-generators.nixosGenerate {
   inherit system;
   format = "install-iso";
-  modules = [{
-    nixpkgs.overlays = overlays;
-    networking.hostName = "staff";
-    users.extraUsers.root.openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
-    ];
-    services.openssh = {
-      enable = true;
-      ports = [ 22 ];
-      allowSFTP = true;
-      settings = {
-        GatewayPorts = "no";
-        X11Forwarding = false;
-        PasswordAuthentication = false;
-        PermitRootLogin = "yes";
+  modules = [
+    self.nixosModules.global
+    self.nixosModules.common
+    self.nixosModules.nixos
+    ({ config, pkgs, ... }: {
+      networking.hostName = "staff";
+      users.extraUsers.root.openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
+      ];
+      services.openssh = {
+        enable = true;
+        ports = [ 22 ];
+        allowSFTP = true;
+        settings = {
+          GatewayPorts = "no";
+          X11Forwarding = false;
+          PasswordAuthentication = false;
+          PermitRootLogin = "yes";
+        };
       };
-    };
-    environment.systemPackages =
-      let pkgs = import inputs.nixpkgs { inherit system overlays; };
-      in with pkgs; [
+      environment.systemPackages = with pkgs; [
         git
         vim
         wget
@@ -35,9 +36,10 @@ inputs.nixos-generators.nixosGenerate {
           colors = (import ../../colorscheme/gruvbox).dark;
         })
       ];
-    nix.extraOptions = ''
-      experimental-features = nix-command flakes
-      warn-dirty = false
-    '';
-  }];
+      nix.extraOptions = ''
+        experimental-features = nix-command flakes
+        warn-dirty = false
+      '';
+    })
+  ];
 }

hosts/swan/default.nix

@@ -1,17 +1,17 @@
 # The Swan
 # System configuration for my home NAS server
 
-{ inputs, globals, overlays, ... }:
+{ self, ... }:
 
-inputs.nixpkgs.lib.nixosSystem {
+self.inputs.nixpkgs.lib.nixosSystem {
   system = "x86_64-linux";
   specialArgs = { };
   modules = [
-    globals
-    inputs.home-manager.nixosModules.home-manager
-    inputs.disko.nixosModules.disko
-    ../../modules/common
-    ../../modules/nixos
+    self.inputs.home-manager.nixosModules.home-manager
+    self.inputs.disko.nixosModules.disko
+    self.nixosModules.globals
+    self.nixosModules.common
+    self.nixosModules.nixos
     {
       # Hardware
       server = true;
@@ -46,7 +46,6 @@ inputs.nixpkgs.lib.nixosSystem {
 
       gui.enable = false;
       theme = { colors = (import ../../colorscheme/gruvbox).dark; };
-      nixpkgs.overlays = overlays;
       neovim.enable = true;
       cloudflare.enable = true;
       dotfiles.enable = true;

hosts/tempest/default.nix

@@ -1,18 +1,16 @@
 # The Tempest
 # System configuration for my desktop
 
-{ inputs, globals, overlays, ... }:
+{ self, ... }:
 
-inputs.nixpkgs.lib.nixosSystem {
+self.inputs.nixpkgs.lib.nixosSystem {
   system = "x86_64-linux";
   modules = [
-    globals
-    inputs.home-manager.nixosModules.home-manager
-    ../../modules/common
-    ../../modules/nixos
+    self.inputs.home-manager.nixosModules.home-manager
+    self.nixosModules.globals
+    self.nixosModules.common
+    self.nixosModules.nixos
     {
-      nixpkgs.overlays = overlays;
-
       # Hardware
       physical = true;
       networking.hostName = "tempest";
@@ -53,7 +51,7 @@ inputs.nixpkgs.lib.nixosSystem {
 
       # Must be prepared ahead
       identityFile = "/home/${globals.user}/.ssh/id_ed25519";
-      passwordHash = inputs.nixpkgs.lib.fileContents ../../password.sha512;
+      passwordHash = self.inputs.nixpkgs.lib.fileContents ../../password.sha512;
 
       # Theming
       gui.enable = true;
@@ -61,8 +59,8 @@ inputs.nixpkgs.lib.nixosSystem {
         colors = (import ../../colorscheme/gruvbox-dark).dark;
         dark = true;
       };
-      wallpaper = "${inputs.wallpapers}/gruvbox/road.jpg";
-      gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
+      wallpaper = "${self.inputs.wallpapers}/gruvbox/road.jpg";
+      gtk.theme.name = self.inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
 
       # Programs and services
       charm.enable = true;

modules/common/shell/fish/functions/fish_user_key_bindings.fish

@@ -14,7 +14,7 @@ bind -M insert \cp projects
 bind -M default \cp projects
 bind -M insert \x1F accept-autosuggestion
 bind -M default \x1F accept-autosuggestion
-bind -M insert \cn 'commandline -r "nix run nixpkgs#"'
-bind -M default \cn 'commandline -r "nix run nixpkgs#"'
+bind -M insert \cn 'commandline -r "nix shell nixpkgs#"'
+bind -M default \cn 'commandline -r "nix shell nixpkgs#"'
 bind -M insert \x11F nix-fzf
 bind -M default \x11F nix-fzf

modules/nixos/services/default.nix

@@ -7,6 +7,7 @@
     ./calibre.nix
     ./cloudflare-tunnel.nix
     ./cloudflare.nix
+    ./gitea-runner.nix
     ./gitea.nix
     ./gnupg.nix
     ./grafana.nix

modules/nixos/services/gitea-runner.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, lib, ... }:
+
+{
+  options.giteaRunner.enable =
+    lib.mkEnableOption "Enable Gitea Actions runner.";
+
+  config = lib.mkIf config.giteaRunner.enable {
+
+    services.gitea-actions-runner.instances.${config.networking.hostName} = {
+      enable = true;
+      labels = [
+        # Provide a Debian base with NodeJS for actions
+        "debian-latest:docker://node:18-bullseye"
+        # Fake the Ubuntu name, because Node provides no Ubuntu builds
+        "ubuntu-latest:docker://node:18-bullseye"
+        # Provide native execution on the host using below packages
+        "native:host"
+      ];
+      hostPackages = with pkgs; [
+        bash
+        coreutils
+        curl
+        gawk
+        gitMinimal
+        gnused
+        nodejs
+        wget
+      ];
+      name = config.networking.hostName;
+      url = "https://${config.hostnames.git}";
+      tokenFile = config.secrets.giteaRunnerToken.dest;
+    };
+
+  };
+
+}

modules/nixos/services/gitea.nix

@@ -8,6 +8,7 @@ in {
     services.gitea = {
       database.type = "sqlite3";
       settings = {
+        actions.ENABLED = true;
         repository = {
           DEFAULT_PUSH_CREATE_PRIVATE = true;
           DISABLE_HTTP_GIT = false;