feat : Refractor my host specific to be more generic

.gitignore

@@ -1 +0,0 @@
-hardware-configuration.nix

configuration.nix

@@ -1,18 +1,44 @@
-{ config,pkgs,lib, ... }:
+{ config,pkgs,lib,hostName, ... }:
 
 {
   system.stateVersion = "25.11";
 
   imports = [
-    ./hardware-configuration.nix
-    ./package.nix
-    ./host.nix
-    ./default.nix
+    ./host
     ./module
   ];
 
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    micro
+    git
+    cloudflared
+    cloudflare-warp
+    zoxide
+    fzf
+    sqlite
+  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+  #  wget
+  ];
 
+  environment.variables = {
+    TERM = "xterm-256color";
+  };
+
+  programs = {
+    zsh.enable = true; # Mandatory for the user manager
+
+    # Some programs need SUID wrappers, can be configured further or are
+    # started in user sessions.
+    #mtr.enable = true;
+    #gnupg.agent = {
+    #   enable = true;
+    #   enableSSHSupport = true;
+    # };
+  };
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   boot = {
     loader = {
@@ -23,7 +49,7 @@
   };
 
   networking = {
-    hostName = "ThinkCentre-Server-004"; # Define your hostname.
+    hostName = hostName; # Define your hostname.
     #wireless.enable = true;  # Enables wireless support via wpa_supplicant.
     #proxy.default = "http://user:password@proxy:port/";
     #proxy.noProxy = "127.0.0.1,localhost,internal.domain";
@@ -49,10 +75,25 @@
     };
   };
 
-  services.xserver.xkb = {
+  services = {
+    xserver.xkb = {
       layout = "fr";
       variant = "azerty";
     };
+    openssh = {
+      enable = true;
+      settings.Macs = [
+        # Current defaults:
+        "hmac-sha2-512-etm@openssh.com"
+        "hmac-sha2-256-etm@openssh.com"
+        "umac-128-etm@openssh.com"
+        # Cloudfare:
+        "hmac-sha2-256"
+      ];
+    };
+  };
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
 
   users.users.manager = {
     isNormalUser = true;
@@ -98,32 +139,4 @@
       });
     '';
   };
-
-  programs = {
-    zsh.enable = true; # Mandatory for the user manager
-
-    # Some programs need SUID wrappers, can be configured further or are
-    # started in user sessions.
-    #mtr.enable = true;
-    #gnupg.agent = {
-    #   enable = true;
-    #   enableSSHSupport = true;
-    # };
-  };
-
-  environment.variables = {
-    TERM = "xterm-256color";
-  };
-
-  services.openssh = {
-    enable = true;
-    settings.Macs = [
-      # Current defaults:
-      "hmac-sha2-512-etm@openssh.com"
-      "hmac-sha2-256-etm@openssh.com"
-      "umac-128-etm@openssh.com"
-      # Cloudfare:
-      "hmac-sha2-256"
-    ];
-  };
 }

default.nix

@@ -1,81 +0,0 @@
-{ config, lib, ... }:
-
-with lib;
-
-let
-  mkServiceOption = { desc, defaultEnabled ? false, extraOpts ? {} }: mkOption {
-    description = "Configuration for the ${desc}";
-    default = {};
-    type = types.submodule {
-      options = {
-        enable = mkEnableOption desc // { default = defaultEnabled; };
-      } // extraOpts;
-    };
-  };
-
-  mkPortOption = default: mkOption {
-    type = types.port;
-    default = default;
-    description = "Port for the service to listen on.";
-  };
-
-in {
-  options.module = {
-    domain = mkOption {
-      type = types.str;
-      default = "wateir.fr";
-    };
-
-    hostName = mkOption {
-      type = types.str;
-      default = "${config.networking.hostName}.${config.module.domain}";
-      description = "Global FQDN for all hosted services.";
-    };
-
-    smtpServer = mkServiceOption {
-      desc = "Mail Service with Environment Credentials";
-      extraOpts = {
-        username = lib.mkOption { type = lib.types.str; };
-        password = lib.mkOption { type = lib.types.str; };
-
-        host = lib.mkOption {
-          type = types.str;
-          default = "tls://smtp.purelymail.com";
-        };
-
-        port = lib.mkOption { type = lib.types.port; default = 465; };
-      };
-    };
-
-    acme = mkServiceOption {
-      desc = "ACME DNS Challenge";
-    };
-
-    tailscale = mkServiceOption {
-      desc = "Tailscale VPN";
-      defaultEnabled = true;
-    };
-
-    newt = mkServiceOption {
-      desc = "Newt custom wireguard tunnel";
-    };
-
-    roundcube = mkServiceOption {
-      desc = "Roundcube webapp";
-      extraOpts = { port = mkPortOption 1984; };
-    };
-
-    vaultwarden = mkServiceOption {
-      desc = "Vaultwarden password manager";
-      extraOpts = {
-        externalPort = mkPortOption 8000;
-        internalPort = mkPortOption 8222;
-      };
-    };
-
-    searxng = mkServiceOption {
-      desc = "SearXNG meta-search engine";
-      extraOpts = { port = mkPortOption 1692; };
-    };
-  };
-}

flake.nix

@@ -9,16 +9,20 @@
   outputs = { self, nixpkgs, agenix, ... }:
     let
       system = "x86_64-linux";
-    in {
-    nixosConfigurations.ThinkCentre-Server-004 = nixpkgs.lib.nixosSystem {
+      mkHost = hostName: nixpkgs.lib.nixosSystem {
         inherit system;
+        specialArgs = { inherit hostName; };
         modules = [
           ./configuration.nix
+          (./. + "/host/hard-${hostName}.nix")
           agenix.nixosModules.default
-        {
-          environment.systemPackages = [ agenix.packages.${system}.default ];
-        }
+          { networking.hostName = hostName; }
         ];
       };
+    in {
+      nixosConfigurations = {
+        "ThinkCentre-Server-004" = mkHost "ThinkCentre-Server-004";
+        "VPS-Server-005" = mkHost "VPS-Server-005";
+      };
     };
 }

host.nix

@@ -1,11 +0,0 @@
-{ config, lib, ... }:
-
-{
-  config = lib.mkIf (config.networking.hostName == "ThinkCentre-Server-004") {
-    module.vaultwarden.enable = true;
-    module.roundcube.enable   = true;
-    module.searxng.enable     = true;
-    module.acme.enable        = true;
-    module.newt.enable        = true;
-  };
-}

host/default.nix

@@ -0,0 +1,14 @@
+{ config, lib, hostName, ... }:
+let
+  hostConfigs = {
+    ThinkCentre-Server-004 = {
+      module.vaultwarden.enable = true;
+      module.roundcube.enable   = true;
+      module.searxng.enable     = true;
+      module.acme.enable        = true;
+      module.newt.enable        = true;
+    };
+  };
+in {
+  config = hostConfigs.${hostName};
+}

host/hard-ThinkCentre-Server-004.nix

@@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "ehci_pci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/d0cdb124-21fc-444d-847f-addf3561ce7f";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/9A69-F2F6";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/d5604472-7e21-4894-b30b-d4c4a0cdd945"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

module/default.nix

@@ -1,5 +1,25 @@
-{ ... }:
-{
+{ config, lib, ... }:
+
+with lib;
+
+let
+  mkServiceOption = { desc, defaultEnabled ? false, extraOpts ? {} }: mkOption {
+    description = "Configuration for the ${desc}";
+    default = {};
+    type = types.submodule {
+      options = {
+        enable = mkEnableOption desc // { default = defaultEnabled; };
+      } // extraOpts;
+    };
+  };
+
+  mkPortOption = default: mkOption {
+    type = types.port;
+    default = default;
+    description = "Port for the service to listen on.";
+  };
+
+in {
   imports = [
     ./nginx.nix
     ./newt.nix
@@ -9,4 +29,48 @@
     ./roundcube.nix
     ./vaultWarden.nix
   ];
+
+  options.module = {
+    domain = mkOption {
+      type = types.str;
+      default = "wateir.fr";
+    };
+
+    hostName = mkOption {
+      type = types.str;
+      default = "${config.networking.hostName}.${config.module.domain}";
+      description = "Global FQDN for all hosted services.";
+    };
+
+    acme = mkServiceOption {
+      desc = "ACME DNS Challenge";
+    };
+
+    tailscale = mkServiceOption {
+      desc = "Tailscale VPN";
+      defaultEnabled = true;
+    };
+
+    newt = mkServiceOption {
+      desc = "Newt custom wireguard tunnel";
+    };
+
+    roundcube = mkServiceOption {
+      desc = "Roundcube webapp";
+      extraOpts = { port = mkPortOption 1984; };
+    };
+
+    vaultwarden = mkServiceOption {
+      desc = "Vaultwarden password manager";
+      extraOpts = {
+        externalPort = mkPortOption 8000;
+        internalPort = mkPortOption 8222;
+      };
+    };
+
+    searxng = mkServiceOption {
+      desc = "SearXNG meta-search engine";
+      extraOpts = { port = mkPortOption 1692; };
+    };
+  };
 }

module/forgejo.nix

@@ -0,0 +1,18 @@
+{ config,lib, ... }:
+
+lib.mkIf config.module.forgejo.enable {
+  services.forgejo = {
+    enable = true;
+    database.type = "postgres";
+    # Enable support for Git Large File Storage
+    lfs.enable = true;
+    settings = {
+      server = {
+        DOMAIN = "git.example.com";
+        # You need to specify this to remove the port from URLs in the web UI.
+        ROOT_URL = "https://${srv.DOMAIN}/";
+        HTTP_PORT = 3000;
+      };
+    };
+  };
+}

package.nix

@@ -1,20 +0,0 @@
-{ pkgs, ... }:
-
-{
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    micro
-    git
-    cloudflared
-    cloudflare-warp
-    zoxide
-    fzf
-    sqlite
-  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-  #  wget
-  ];
-}