try to configure using nixosModules

doesn't seem like there's that much benefit?

flake.nix

@@ -110,10 +110,20 @@
 
   };
 
-  outputs = { nixpkgs, ... }@inputs:
+  outputs = { self, nixpkgs, ... }@inputs:
 
     let
 
+      # Common overlays to always use
+      overlays = [
+        inputs.nur.overlay
+        inputs.nix2vim.overlay
+        (import ./overlays/neovim-plugins.nix inputs)
+        (import ./overlays/calibre-web.nix)
+        (import ./overlays/disko.nix inputs)
+        (import ./overlays/tree-sitter.nix inputs)
+      ];
+
       # Global configuration for my systems
       globals = let baseName = "masu.rs";
       in rec {
@@ -125,6 +135,7 @@
         mail.imapHost = "imap.purelymail.com";
         mail.smtpHost = "smtp.purelymail.com";
         dotfilesRepo = "git@github.com:nmasur/dotfiles";
+        nixpkgs.overlays = overlays;
         hostnames = {
           git = "git.${baseName}";
           metrics = "metrics.${baseName}";
@@ -137,16 +148,6 @@
         };
       };
 
-      # Common overlays to always use
-      overlays = [
-        inputs.nur.overlay
-        inputs.nix2vim.overlay
-        (import ./overlays/neovim-plugins.nix inputs)
-        (import ./overlays/calibre-web.nix)
-        (import ./overlays/disko.nix inputs)
-        (import ./overlays/tree-sitter.nix inputs)
-      ];
-
       # System types to support.
       supportedSystems =
         [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
@@ -156,20 +157,26 @@
 
     in rec {
 
+      nixosModules = {
+        globals = { config }: { config = globals; };
+        common = import ./modules/common;
+        nixos = import ./modules/nixos;
+        darwin = import ./modules/darwin;
+      };
+
       # Contains my full system builds, including home-manager
       # nixos-rebuild switch --flake .#tempest
       nixosConfigurations = {
-        tempest = import ./hosts/tempest { inherit inputs globals overlays; };
+        tempest = import ./hosts/tempest { inherit self; };
-        hydra = import ./hosts/hydra { inherit inputs globals overlays; };
+        hydra = import ./hosts/hydra { inherit self; };
-        flame = import ./hosts/flame { inherit inputs globals overlays; };
+        flame = import ./hosts/flame { inherit self; };
-        swan = import ./hosts/swan { inherit inputs globals overlays; };
+        swan = import ./hosts/swan { inherit self; };
       };
 
       # Contains my full Mac system builds, including home-manager
       # darwin-rebuild switch --flake .#lookingglass
       darwinConfigurations = {
-        lookingglass =
+        lookingglass = import ./hosts/lookingglass { inherit self; };
-          import ./hosts/lookingglass { inherit inputs globals overlays; };
       };
 
       # For quickly applying home-manager settings with:
@@ -185,10 +192,8 @@
       diskoConfigurations = { root = import ./disks/root.nix; };
 
       packages = let
-        aws = system:
+        aws = system: import ./hosts/aws { inherit self system; };
-          import ./hosts/aws { inherit inputs globals overlays system; };
+        staff = system: import ./hosts/staff { inherit self system; };
-        staff = system:
-          import ./hosts/staff { inherit inputs globals overlays system; };
         neovim = system:
           let pkgs = import nixpkgs { inherit system overlays; };
           in import ./modules/common/neovim/package {

hosts/aws/default.nix

@@ -1,17 +1,14 @@
-{ inputs, system, globals, overlays, ... }:
+{ self, system, ... }:
 
-inputs.nixos-generators.nixosGenerate {
+self.inputs.nixos-generators.nixosGenerate {
   inherit system;
   format = "amazon";
   modules = [
-    inputs.home-manager.nixosModules.home-manager
+    self.inputs.home-manager.nixosModules.home-manager
+    self.nixosModules.globals
+    self.nixosModules.common
+    self.nixosModules.nixos
     {
-      nixpkgs.overlays = overlays;
-      user = globals.user;
-      fullName = globals.fullName;
-      dotfilesRepo = globals.dotfilesRepo;
-      gitName = globals.gitName;
-      gitEmail = globals.gitEmail;
       networking.hostName = "sheep";
       gui.enable = false;
       theme.colors = (import ../../colorscheme/gruvbox).dark;
@@ -21,9 +18,6 @@ inputs.nixos-generators.nixosGenerate {
       # AWS settings require this
       permitRootLogin = "prohibit-password";
     }
-    ../../modules/common
-    ../../modules/nixos
-    ../../modules/nixos/services/sshd.nix
   ] ++ [
     # Required to fix diskSize errors during build
     ({ ... }: { amazonImage.sizeMB = 16 * 1024; })

hosts/flame/default.nix

@@ -4,24 +4,23 @@
 # How to install:
 # https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
 
-{ inputs, globals, overlays, ... }:
+{ self, ... }:
 
-inputs.nixpkgs.lib.nixosSystem {
+self.inputs.nixpkgs.lib.nixosSystem {
   system = "aarch64-linux";
   specialArgs = { };
   modules = [
-    globals
+    self.inputs.home-manager.nixosModules.home-manager
-    inputs.home-manager.nixosModules.home-manager
+    self.nixosModules.globals
-    ../../modules/common
+    self.nixosModules.common
-    ../../modules/nixos
+    self.nixosModules.nixos
     {
-      nixpkgs.overlays = overlays;
-
       # Hardware
       server = true;
       networking.hostName = "flame";
 
-      imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
+      imports =
+        [ (self.inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
       boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
 
       fileSystems."/" = {
@@ -49,7 +48,6 @@ inputs.nixpkgs.lib.nixosSystem {
 
       services.caddy.enable = true;
       services.grafana.enable = true;
-      services.openssh.enable = true;
       services.prometheus.enable = true;
       services.gitea.enable = true;
       services.vaultwarden.enable = true;
@@ -72,9 +70,6 @@ inputs.nixpkgs.lib.nixosSystem {
         accessKeyId = "0026b0e73b2e2c80000000005";
       };
 
-      # # Grant access to Jellyfin directories from Nextcloud
-      # users.users.nextcloud.extraGroups = [ "jellyfin" ];
-
       # # Wireguard config for Transmission
       # wireguard.enable = true;
       # networking.wireguard.interfaces.wg0 = {

hosts/hydra/default.nix

@@ -1,21 +1,20 @@
 # The Hydra
 # System configuration for WSL
 
-{ inputs, globals, overlays, ... }:
+{ self, ... }:
 
-inputs.nixpkgs.lib.nixosSystem {
+self.inputs.nixpkgs.lib.nixosSystem {
   system = "x86_64-linux";
   specialArgs = { };
   modules = [
-    ../../modules/common
+    self.inputs.wsl.nixosModules.wsl
-    ../../modules/nixos
+    self.inputs.home-manager.nixosModules.home-manager
-    ../../modules/wsl
+    self.nixosModules.globals
-    globals
+    self.nixosModules.common
-    inputs.wsl.nixosModules.wsl
+    self.nixosModules.nixos
-    inputs.home-manager.nixosModules.home-manager
+    self.nixosModules.wsl
     {
       networking.hostName = "hydra";
-      nixpkgs.overlays = overlays;
       identityFile = "/home/${globals.user}/.ssh/id_ed25519";
       gui.enable = false;
       theme = {

hosts/lookingglass/default.nix

@@ -1,46 +1,46 @@
 # The Looking Glass
 # System configuration for my work Macbook
 
-{ inputs, globals, overlays, ... }:
+{ self, ... }:
 
-inputs.darwin.lib.darwinSystem {
+self.inputs.darwin.lib.darwinSystem {
   system = "x86_64-darwin";
   specialArgs = { };
   modules = [
-    ../../modules/common
+    self.inputs.home-manager.darwinModules.home-manager
-    ../../modules/darwin
+    self.nixosModules.common
-    (globals // rec {
+    self.nixosModules.darwin
-      user = "Noah.Masur";
+    ({ config, lib, ... }: {
-      gitName = "Noah-Masur_1701";
+      config = rec {
-      gitEmail = "${user}@take2games.com";
+        user = lib.mkForce "Noah.Masur";
-    })
+        gitName = lib.mkForce "Noah-Masur_1701";
-    inputs.home-manager.darwinModules.home-manager
+        gitEmail = lib.mkForce "${user}@take2games.com";
-    {
+        nixpkgs.overlays = [ self.inputs.firefox-darwin.overlay ];
-      nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays;
+        networking.hostName = "lookingglass";
-      networking.hostName = "lookingglass";
+        identityFile = "/Users/${user}/.ssh/id_ed25519";
-      identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
+        gui.enable = true;
-      gui.enable = true;
+        theme = {
-      theme = {
+          colors = (import ../../colorscheme/gruvbox-dark).dark;
-        colors = (import ../../colorscheme/gruvbox-dark).dark;
+          dark = true;
-        dark = true;
+        };
+        mail.user = globals.user;
+        charm.enable = true;
+        neovim.enable = true;
+        mail.enable = true;
+        mail.aerc.enable = true;
+        mail.himalaya.enable = false;
+        kitty.enable = true;
+        discord.enable = true;
+        firefox.enable = true;
+        dotfiles.enable = true;
+        nixlang.enable = true;
+        terraform.enable = true;
+        python.enable = true;
+        lua.enable = true;
+        kubernetes.enable = true;
+        _1password.enable = true;
+        slack.enable = true;
       };
-      mail.user = globals.user;
+    })
-      charm.enable = true;
-      neovim.enable = true;
-      mail.enable = true;
-      mail.aerc.enable = true;
-      mail.himalaya.enable = false;
-      kitty.enable = true;
-      discord.enable = true;
-      firefox.enable = true;
-      dotfiles.enable = true;
-      nixlang.enable = true;
-      terraform.enable = true;
-      python.enable = true;
-      lua.enable = true;
-      kubernetes.enable = true;
-      _1password.enable = true;
-      slack.enable = true;
-    }
   ];
 }

hosts/staff/default.nix

@@ -1,31 +1,32 @@
 # The Staff
 # ISO configuration for my USB drive
 
-{ inputs, system, overlays, ... }:
+{ self, system, ... }:
 
-inputs.nixos-generators.nixosGenerate {
+self.inputs.nixos-generators.nixosGenerate {
   inherit system;
   format = "install-iso";
-  modules = [{
+  modules = [
-    nixpkgs.overlays = overlays;
+    self.nixosModules.global
-    networking.hostName = "staff";
+    self.nixosModules.common
-    users.extraUsers.root.openssh.authorizedKeys.keys = [
+    self.nixosModules.nixos
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
+    ({ config, pkgs, ... }: {
-    ];
+      networking.hostName = "staff";
-    services.openssh = {
+      users.extraUsers.root.openssh.authorizedKeys.keys = [
-      enable = true;
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
-      ports = [ 22 ];
+      ];
-      allowSFTP = true;
+      services.openssh = {
-      settings = {
+        enable = true;
-        GatewayPorts = "no";
+        ports = [ 22 ];
-        X11Forwarding = false;
+        allowSFTP = true;
-        PasswordAuthentication = false;
+        settings = {
-        PermitRootLogin = "yes";
+          GatewayPorts = "no";
+          X11Forwarding = false;
+          PasswordAuthentication = false;
+          PermitRootLogin = "yes";
+        };
       };
-    };
+      environment.systemPackages = with pkgs; [
-    environment.systemPackages =
-      let pkgs = import inputs.nixpkgs { inherit system overlays; };
-      in with pkgs; [
         git
         vim
         wget
@@ -35,9 +36,10 @@ inputs.nixos-generators.nixosGenerate {
           colors = (import ../../colorscheme/gruvbox).dark;
         })
       ];
-    nix.extraOptions = ''
+      nix.extraOptions = ''
-      experimental-features = nix-command flakes
+        experimental-features = nix-command flakes
-      warn-dirty = false
+        warn-dirty = false
-    '';
+      '';
-  }];
+    })
+  ];
 }

hosts/swan/default.nix

@@ -1,17 +1,17 @@
 # The Swan
 # System configuration for my home NAS server
 
-{ inputs, globals, overlays, ... }:
+{ self, ... }:
 
-inputs.nixpkgs.lib.nixosSystem {
+self.inputs.nixpkgs.lib.nixosSystem {
   system = "x86_64-linux";
   specialArgs = { };
   modules = [
-    globals
+    self.inputs.home-manager.nixosModules.home-manager
-    inputs.home-manager.nixosModules.home-manager
+    self.inputs.disko.nixosModules.disko
-    inputs.disko.nixosModules.disko
+    self.nixosModules.globals
-    ../../modules/common
+    self.nixosModules.common
-    ../../modules/nixos
+    self.nixosModules.nixos
     {
       # Hardware
       server = true;
@@ -46,7 +46,6 @@ inputs.nixpkgs.lib.nixosSystem {
 
       gui.enable = false;
       theme = { colors = (import ../../colorscheme/gruvbox).dark; };
-      nixpkgs.overlays = overlays;
       neovim.enable = true;
       cloudflare.enable = true;
       dotfiles.enable = true;
@@ -56,7 +55,6 @@ inputs.nixpkgs.lib.nixosSystem {
       services.jellyfin.enable = true;
       services.nextcloud.enable = true;
       services.calibre-web.enable = true;
-      services.openssh.enable = true;
       services.prometheus.enable = true;
       services.samba.enable = true;
 

hosts/tempest/default.nix

@@ -1,18 +1,16 @@
 # The Tempest
 # System configuration for my desktop
 
-{ inputs, globals, overlays, ... }:
+{ self, ... }:
 
-inputs.nixpkgs.lib.nixosSystem {
+self.inputs.nixpkgs.lib.nixosSystem {
   system = "x86_64-linux";
   modules = [
-    globals
+    self.inputs.home-manager.nixosModules.home-manager
-    inputs.home-manager.nixosModules.home-manager
+    self.nixosModules.globals
-    ../../modules/common
+    self.nixosModules.common
-    ../../modules/nixos
+    self.nixosModules.nixos
     {
-      nixpkgs.overlays = overlays;
-
       # Hardware
       physical = true;
       networking.hostName = "tempest";
@@ -53,7 +51,7 @@ inputs.nixpkgs.lib.nixosSystem {
 
       # Must be prepared ahead
       identityFile = "/home/${globals.user}/.ssh/id_ed25519";
-      passwordHash = inputs.nixpkgs.lib.fileContents ../../password.sha512;
+      passwordHash = self.inputs.nixpkgs.lib.fileContents ../../password.sha512;
 
       # Theming
       gui.enable = true;
@@ -61,8 +59,8 @@ inputs.nixpkgs.lib.nixosSystem {
         colors = (import ../../colorscheme/gruvbox-dark).dark;
         dark = true;
       };
-      wallpaper = "${inputs.wallpapers}/gruvbox/road.jpg";
+      wallpaper = "${self.inputs.wallpapers}/gruvbox/road.jpg";
-      gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
+      gtk.theme.name = self.inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
 
       # Programs and services
       charm.enable = true;
@@ -92,7 +90,6 @@ inputs.nixpkgs.lib.nixosSystem {
         ryujinx.enable = true;
       };
 
-      services.openssh.enable = true; # Required for Cloudflare tunnel
       cloudflareTunnel = {
         enable = true;
         id = "ac133a82-31fb-480c-942a-cdbcd4c58173";

modules/nixos/hardware/zfs.nix

@@ -10,12 +10,6 @@
         config.boot.zfs.package.latestCompatibleLinuxPackages;
       boot.kernelParams = [ "nohibernate" ];
       boot.supportedFilesystems = [ "zfs" ];
-      services.prometheus.exporters.zfs.enable = true;
-      scrapeTargets = [
-        "127.0.0.1:${
-          builtins.toString config.services.prometheus.exporters.zfs.port
-        }"
-      ];
 
     };
 

modules/nixos/services/nextcloud.nix

@@ -3,7 +3,7 @@
   config = lib.mkIf config.services.nextcloud.enable {
 
     services.nextcloud = {
-      package = pkgs.nextcloud27; # Required to specify
+      package = pkgs.nextcloud26; # Required to specify
       datadir = "/data/nextcloud";
       https = true;
       hostName = "localhost";
@@ -11,7 +11,6 @@
       config = {
         adminpassFile = config.secrets.nextcloud.dest;
         extraTrustedDomains = [ config.hostnames.content ];
-        trustedProxies = [ "127.0.0.1" ];
       };
     };
 
@@ -75,21 +74,6 @@
       requires = [ "phpfpm-nextcloud.service" ];
     };
 
-    # Log metrics to prometheus
-    services.prometheus.exporters.nextcloud = {
-      enable = true;
-      username = config.services.nextcloud.config.adminuser;
-      url = "http://localhost:8080";
-      passwordFile = config.services.nextcloud.config.adminpassFile;
-    };
-    scrapeTargets = [
-      "127.0.0.1:${
-        builtins.toString config.services.prometheus.exporters.nextcloud.port
-      }"
-    ];
-    # Allows nextcloud-exporter to read passwordFile
-    users.users.nextcloud-exporter.extraGroups = [ "nextcloud" ];
-
   };
 
 }

modules/nixos/services/prometheus.nix

@@ -1,11 +1,5 @@
 { config, pkgs, lib, ... }: {
 
-  options.scrapeTargets = lib.mkOption {
-    type = lib.types.listOf lib.types.str;
-    description = "Prometheus scrape targets";
-    default = [ ];
-  };
-
   config = let
 
     # If hosting Grafana, host local Prometheus and listen for inbound jobs. If
@@ -14,33 +8,11 @@
 
   in lib.mkIf config.services.prometheus.enable {
 
-    scrapeTargets = [
-      "127.0.0.1:${
-        builtins.toString config.services.prometheus.exporters.node.port
-      }"
-      "127.0.0.1:${
-        builtins.toString config.services.prometheus.exporters.systemd.port
-      }"
-      "127.0.0.1:${
-        builtins.toString config.services.prometheus.exporters.process.port
-      }"
-    ];
-
     services.prometheus = {
       exporters.node.enable = true;
-      exporters.systemd.enable = true;
-      exporters.process.enable = true;
-      exporters.process.settings.process_names = [
-        # Remove nix store path from process name
-        {
-          name = "{{.Matches.Wrapped}} {{ .Matches.Args }}";
-          cmdline = [ "^/nix/store[^ ]*/(?P<Wrapped>[^ /]*) (?P<Args>.*)" ];
-        }
-      ];
-      extraFlags = lib.mkIf isServer [ "--web.enable-remote-write-receiver" ];
       scrapeConfigs = [{
-        job_name = config.networking.hostName;
+        job_name = "local";
-        static_configs = [{ targets = config.scrapeTargets; }];
+        static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
       }];
       webExternalUrl =
         lib.mkIf isServer "https://${config.hostnames.prometheus}";
@@ -56,7 +28,7 @@
         });
       remoteWrite = lib.mkIf (!isServer) [{
         name = config.networking.hostName;
-        url = "https://${config.hostnames.prometheus}/api/v1/write";
+        url = "https://${config.hostnames.prometheus}";
         basic_auth = {
           # Uses password hashed with bcrypt above
           username = "prometheus";

modules/nixos/services/sshd.nix

@@ -13,8 +13,9 @@
     };
   };
 
-  config = lib.mkIf config.services.openssh.enable {
+  config = lib.mkIf (config.publicKey != null) {
     services.openssh = {
+      enable = true;
       ports = [ 22 ];
       allowSFTP = true;
       settings = {
@@ -26,7 +27,7 @@
     };
 
     users.users.${config.user}.openssh.authorizedKeys.keys =
-      lib.mkIf (config.publicKey != null) [ config.publicKey ];
+      [ config.publicKey ];
 
     # Implement a simple fail2ban service for sshd
     services.sshguard.enable = true;