feat: simplify flake.nix

modules/nixos/core-desktop.nix

@@ -1,6 +1,8 @@
-{ lib, pkgs, ... }:
-
 {
+  lib,
+  pkgs,
+  ...
+}: {
   ###################################################################################
   #
   #  NixOS's core configuration suitable for my desktop computer
@@ -17,20 +19,6 @@
   # Enable CUPS to print documents.
   services.printing.enable = true;
 
-  # DO NOT promote ryan to input password for `nix-store` and `nix-copy-closure`
-  security.sudo.extraRules = [
-    { users = [ "ryan" ];
-      commands = [
-        { command = "/run/current-system/sw/bin/nix-store" ;
-          options = [ "NOPASSWD" ];
-        }
-        { command = "/run/current-system/sw/bin/nix-copy-closure" ;
-          options = [ "NOPASSWD" ];
-        }
-      ];
-    }
-  ];
-
   # all fonts are linked to /nix/var/nix/profiles/system/sw/share/X11/fonts
   fonts = {
     # use fonts specified by user rather than default ones
@@ -65,17 +53,17 @@
         ];
       })
 
-      (pkgs.callPackage ../../fonts/icomoon-feather-icon-font.nix { })
+      (pkgs.callPackage ../../fonts/icomoon-feather-icon-font.nix {})
     ];
 
     # user defined fonts
     # the reason there's Noto Color Emoji everywhere is to override DejaVu's
     # B&W emojis that would sometimes show instead of some Color emojis
     fontconfig.defaultFonts = {
-      serif = [ "Noto Serif" "Noto Color Emoji" ];
-      sansSerif = [ "Noto Sans" "Noto Color Emoji" ];
-      monospace = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" ];
-      emoji = [ "Noto Color Emoji" ];
+      serif = ["Noto Serif" "Noto Color Emoji"];
+      sansSerif = ["Noto Sans" "Noto Color Emoji"];
+      monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"];
+      emoji = ["Noto Color Emoji"];
     };
   };
 
@@ -99,7 +87,7 @@
   };
 
   # The OpenSSH agent remembers private keys for you
-  # so that you don’t have to type in passphrases every time you make an SSH connection. 
+  # so that you don’t have to type in passphrases every time you make an SSH connection.
   # Use `ssh-add` to add a key to the agent.
   programs.ssh.startAgent = true;
 
@@ -107,18 +95,19 @@
   # $ nix search wget
   environment.systemPackages = with pkgs; [
     # python, some times I may need to use python with root permission.
-    (python310.withPackages (ps: with ps; [
-      ipython
-      pandas
-      requests
-      pyquery
-      pyyaml
-    ]))
+    (python310.withPackages (ps:
+      with ps; [
+        ipython
+        pandas
+        requests
+        pyquery
+        pyyaml
+      ]))
   ];
 
   # PipeWire is a new low-level multimedia framework.
   # It aims to offer capture and playback for both audio and video with minimal latency.
-  # It support for PulseAudio-, JACK-, ALSA- and GStreamer-based applications. 
+  # It support for PulseAudio-, JACK-, ALSA- and GStreamer-based applications.
   # PipeWire has a great bluetooth support, it can be a good alternative to PulseAudio.
   #     https://nixos.wiki/wiki/PipeWire
   services.pipewire = {
@@ -167,28 +156,27 @@
   services.gnome.gnome-keyring.enable = true;
   security.pam.services.greetd.enableGnomeKeyring = true;
 
-
-  # A key remapping daemon for linux. 
+  # A key remapping daemon for linux.
   # https://github.com/rvaiya/keyd
   services.keyd = {
     enable = true;
     settings = {
       main = {
-        # overloads the capslock key to function as both escape (when tapped) and control (when held) 
+        # overloads the capslock key to function as both escape (when tapped) and control (when held)
         capslock = "overload(control, esc)";
       };
     };
   };
 
   services = {
-    dbus.packages = [ pkgs.gcr ];
+    dbus.packages = [pkgs.gcr];
 
     geoclue2.enable = true;
 
     udev.packages = with pkgs; [
       gnome.gnome-settings-daemon
       platformio # udev rules for platformio
-      openocd    # required by paltformio, see https://github.com/NixOS/nixpkgs/issues/224895
+      openocd # required by paltformio, see https://github.com/NixOS/nixpkgs/issues/224895
       android-udev-rules
     ];
   };

modules/nixos/core-server.nix

@@ -1,6 +1,8 @@
-{ lib, pkgs, ... }:
-
 {
+  lib,
+  pkgs,
+  ...
+}: {
   ###################################################################################
   #
   #  NixOS's core configuration suitable for all my machines
@@ -22,8 +24,7 @@
   nix.settings.auto-optimise-store = true;
 
   # enable flakes globally
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-  
+  nix.settings.experimental-features = ["nix-command" "flakes"];
 
   # Allow unfree packages
   nixpkgs.config.allowUnfree = lib.mkDefault false;
@@ -74,14 +75,17 @@
 
     # create a fhs environment by command `fhs`, so we can run non-nixos packages in nixos!
     (
-      let base = pkgs.appimageTools.defaultFhsEnvArgs; in
-      pkgs.buildFHSUserEnv (base // {
-        name = "fhs";
-        targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [ pkgs.pkg-config ];
-        profile = "export FHS=1";
-        runScript = "bash";
-        extraOutputsToInstall = [ "dev" ];
-      })
+      let
+        base = pkgs.appimageTools.defaultFhsEnvArgs;
+      in
+        pkgs.buildFHSUserEnv (base
+          // {
+            name = "fhs";
+            targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [pkgs.pkg-config];
+            profile = "export FHS=1";
+            runScript = "bash";
+            extraOutputsToInstall = ["dev"];
+          })
     )
   ];
 

modules/nixos/fhs-fonts.nix

@@ -1,33 +1,33 @@
-{ config, pkgs, ... }:
-
 {
+  config,
+  pkgs,
+  ...
+}: {
   ###################################################################################
   #
   #  Copy from https://github.com/NixOS/nixpkgs/issues/119433#issuecomment-1326957279
   #  Mainly for flatpak
-  #    1. bindfs resolves all symlink, 
+  #    1. bindfs resolves all symlink,
   #    2. allowing all fonts to be accessed at `/usr/share/fonts`
   #    3. without letting /nix into the sandbox.
   #
   ###################################################################################
 
-  system.fsPackages = [ pkgs.bindfs ];
-  fileSystems =
-    let
-      mkRoSymBind = path: {
-        device = path;
-        fsType = "fuse.bindfs";
-        options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
-      };
-      aggregatedFonts = pkgs.buildEnv {
-        name = "system-fonts";
-        paths = config.fonts.fonts;
-        pathsToLink = [ "/share/fonts" ];
-      };
-    in
-    {
-      # Create an FHS mount to support flatpak host icons/fonts
-      "/usr/share/icons" = mkRoSymBind (config.system.path + "/share/icons");
-      "/usr/share/fonts" = mkRoSymBind (aggregatedFonts + "/share/fonts");
+  system.fsPackages = [pkgs.bindfs];
+  fileSystems = let
+    mkRoSymBind = path: {
+      device = path;
+      fsType = "fuse.bindfs";
+      options = ["ro" "resolve-symlinks" "x-gvfs-hide"];
     };
+    aggregatedFonts = pkgs.buildEnv {
+      name = "system-fonts";
+      paths = config.fonts.fonts;
+      pathsToLink = ["/share/fonts"];
+    };
+  in {
+    # Create an FHS mount to support flatpak host icons/fonts
+    "/usr/share/icons" = mkRoSymBind (config.system.path + "/share/icons");
+    "/usr/share/fonts" = mkRoSymBind (aggregatedFonts + "/share/fonts");
+  };
 }

modules/nixos/hyprland.nix

@@ -1,8 +1,4 @@
-{ pkgs, ... }:
-
-
-{
-
+{pkgs, ...}: {
   ##########################################################################################################
   #
   #  NixOS's Configuration for Hyprland Window Manager
@@ -13,8 +9,7 @@
   #
   ##########################################################################################################
 
-
-  environment.pathsToLink = [ "/libexec" ]; # links /libexec from derivations to /run/current-system/sw
+  environment.pathsToLink = ["/libexec"]; # links /libexec from derivations to /run/current-system/sw
   services.xserver = {
     enable = true;
 
@@ -44,7 +39,6 @@
   };
   programs.light.enable = true; # monitor backlight control
 
-
   # thunar file manager(part of xfce) related options
   programs.thunar.plugins = with pkgs.xfce; [
     thunar-archive-plugin
@@ -74,12 +68,12 @@
     yad # a fork of zenity, for creating dialogs
 
     # audio
-    alsa-utils  # provides amixer/alsamixer/...
-    cava  # for visualizing audio
+    alsa-utils # provides amixer/alsamixer/...
+    cava # for visualizing audio
     mpd # for playing system sounds
     mpc-cli # command-line mpd client
     ncmpcpp # a mpd client with a UI
-    networkmanagerapplet # provide GUI app: nm-connection-editor 
+    networkmanagerapplet # provide GUI app: nm-connection-editor
 
     xfce.thunar # xfce4's file manager
   ];

modules/nixos/i3.nix

@@ -1,6 +1,4 @@
-{ pkgs, ... }:
-
-{
+{pkgs, ...}: {
   ####################################################################
   #
   #  NixOS's Configuration for I3 Window Manager
@@ -8,7 +6,7 @@
   ####################################################################
 
   # i3 related options
-  environment.pathsToLink = [ "/libexec" ]; # links /libexec from derivations to /run/current-system/sw
+  environment.pathsToLink = ["/libexec"]; # links /libexec from derivations to /run/current-system/sw
   services.xserver = {
     enable = true;
 
@@ -42,7 +40,7 @@
         xorg.xdpyinfo # get screen information
         scrot # minimal screen capture tool, used by i3 blur lock to take a screenshot
         sysstat # get system information
-        alsa-utils  # provides amixer/alsamixer/...
+        alsa-utils # provides amixer/alsamixer/...
 
         xfce.thunar # xfce4's file manager
       ];

modules/nixos/libvirt.nix

@@ -1,7 +1,8 @@
-
-{ lib, pkgs, ... }:
-
 {
+  lib,
+  pkgs,
+  ...
+}: {
   ###################################################################################
   #
   #  Enable Libvirt(QEMU/KVM), install qemu-system-riscv64/qemu-system-loongarch64/...)
@@ -11,7 +12,7 @@
   virtualisation = {
     libvirtd = {
       enable = true;
-      # hanging this option to false may cause file permission issues for existing guests. 
+      # hanging this option to false may cause file permission issues for existing guests.
       # To fix these, manually change ownership of affected files in /var/lib/libvirt/qemu to qemu-libvirtd.
       qemu.runAsRoot = true;
     };
@@ -37,12 +38,11 @@
     qemu_full
   ];
 
-  boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
+  boot.kernelModules = ["kvm-amd" "kvm-intel"];
   # Enable nested virsualization, required by security containers and nested vm.
-  boot.extraModprobeConfig = "options kvm_intel nested=1";  # for intel cpu
+  boot.extraModprobeConfig = "options kvm_intel nested=1"; # for intel cpu
   # boot.extraModprobeConfig = "options kvm_amd nested=1";  # for amd cpu
 
-
   # NixOS VM should enable this:
   # services.qemuGuest = {
   #   enable = true;

modules/nixos/proxmox-hardware-configuration.nix

@@ -1,24 +1,28 @@
-{ config, lib, ... }:
-
+{
+  config,
+  lib,
+  username,
+  ...
+}:
 ##############################################################################
 #
 #  Template for Proxmox's VM, mainly based on:
 #    https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/virtualisation/proxmox-image.nix
 #
 #  the url above is used by `nixos-generator` to generate the Proxmox's VMA image file.
-# 
+#
 ##############################################################################
-
 {
-
   # DO NOT promote ryan to input password for sudo.
   # this is a workaround for the issue of remote deploy:
   #   https://github.com/NixOS/nixpkgs/issues/118655
   security.sudo.extraRules = [
-    { users = [ "ryan" ];
+    {
+      users = [ username ];
       commands = [
-        { command = "ALL" ;
-          options = [ "NOPASSWD" ];
+        {
+          command = "ALL";
+          options = ["NOPASSWD"];
         }
       ];
     }
@@ -27,7 +31,7 @@
   boot = {
     # after resize the disk, it will grow partition automatically.
     growPartition = true;
-    kernelParams = [ "console=ttyS0" ];
+    kernelParams = ["console=ttyS0"];
     loader.grub = {
       device = "/dev/vda";
 
@@ -36,8 +40,8 @@
       efiInstallAsRemovable = false;
     };
 
-    loader.timeout = 3;  # wait for 3 seconds to select the boot entry
-    initrd.availableKernelModules = [ "uas" "virtio_blk" "virtio_pci" ];
+    loader.timeout = lib.mkForce 3; # wait for 3 seconds to select the boot entry
+    initrd.availableKernelModules = ["uas" "virtio_blk" "virtio_pci"];
   };
 
   fileSystems."/" = {
@@ -47,7 +51,6 @@
   };
   # we do not have a /boot partition, so do not mount it.
 
-
   # it alse had qemu-guest-agent installed by default.
   services.qemuGuest.enable = lib.mkDefault true;
 }

modules/nixos/remote-building.nix

@@ -1,5 +1,5 @@
-{ ... }: {
-
+{ username, ... }:
+{
   ####################################################################
   #
   #  NixOS's Configuration for Remote Building / Distributed Building
@@ -8,68 +8,67 @@
   #    1. https://github.com/NixOS/nix/issues/7380
   #    2. https://nixos.wiki/wiki/Distributed_build
   #    3. https://github.com/NixOS/nix/issues/2589
+  #
   ####################################################################
 
   # set local's max-job to 0 to force remote building(disable local building)
   # nix.settings.max-jobs = 0;
   nix.distributedBuilds = true;
-  nix.buildMachines = 
-    let
-      sshUser = "ryan";
-      # ssh key's path on local machine
-      sshKey = "/home/ryan/.ssh/ai-idols";
-      systems = [
-        # native arch
-        "x86_64-linux"
+  nix.buildMachines = let
+    sshUser = username;
+    # ssh key's path on local machine
+    sshKey = "/home/${username}/.ssh/ai-idols";
+    systems = [
+      # native arch
+      "x86_64-linux"
 
-        # emulated arch using binfmt_misc and qemu-user
-        "aarch64-linux"
-        "riscv64-linux"
-      ];
-      # all available system features are poorly documentd here:
-      #  https://github.com/NixOS/nix/blob/e503ead/src/libstore/globals.hh#L673-L687
-      supportedFeatures = [
-        "benchmark"
-        "big-parallel"
-        "kvm"
-      ];
-    in
-      [
-        # Nix seems always try to build on the machine remotely
-        # to make use of the local machine's high-performance CPU, do not set remote builder's maxJobs too high.
-        {
-          # some of my remote builders are running NixOS
-          # and has the same sshUser, sshKey, systems, etc.
-          inherit sshUser sshKey systems supportedFeatures;
+      # emulated arch using binfmt_misc and qemu-user
+      "aarch64-linux"
+      "riscv64-linux"
+    ];
+    # all available system features are poorly documentd here:
+    #  https://github.com/NixOS/nix/blob/e503ead/src/libstore/globals.hh#L673-L687
+    supportedFeatures = [
+      "benchmark"
+      "big-parallel"
+      "kvm"
+    ];
+  in [
+    # Nix seems always try to build on the machine remotely
+    # to make use of the local machine's high-performance CPU, do not set remote builder's maxJobs too high.
+    {
+      # some of my remote builders are running NixOS
+      # and has the same sshUser, sshKey, systems, etc.
+      inherit sshUser sshKey systems supportedFeatures;
 
-          # the hostName should be:
-          #   1. a hostname that can be resolved by DNS
-          #   2. the ip address of the remote builder
-          #   3. a host alias defined globally in /etc/ssh/ssh_config
-          hostName = "aquamarine";
-          # remote builder's max-job
-          maxJobs = 3;
-          # speedFactor's a signed integer
-          # but it seems that it's not used by Nix, takes no effect
-          speedFactor = 1;
-        }
-        {
-          inherit sshUser sshKey systems supportedFeatures;
-          hostName = "ruby";
-          maxJobs = 2;
-          speedFactor = 1;
-        }
-        {
-          inherit sshUser sshKey systems supportedFeatures;
-          hostName = "kana";
-          maxJobs = 2;
-          speedFactor = 1;
-        }
-      ];
+      # the hostName should be:
+      #   1. a hostname that can be resolved by DNS
+      #   2. the ip address of the remote builder
+      #   3. a host alias defined globally in /etc/ssh/ssh_config
+      hostName = "aquamarine";
+      # remote builder's max-job
+      maxJobs = 3;
+      # speedFactor's a signed integer
+      # but it seems that it's not used by Nix, takes no effect
+      speedFactor = 1;
+    }
+    {
+      inherit sshUser sshKey systems supportedFeatures;
+      hostName = "ruby";
+      maxJobs = 2;
+      speedFactor = 1;
+    }
+    {
+      inherit sshUser sshKey systems supportedFeatures;
+      hostName = "kana";
+      maxJobs = 2;
+      speedFactor = 1;
+    }
+  ];
   # optional, useful when the builder has a faster internet connection than yours
-	nix.extraOptions = ''
-		builders-use-substitutes = true
-	'';
+  nix.extraOptions = ''
+    builders-use-substitutes = true
+  '';
 
   # define the host alias for remote builders
   # this config will be written to /etc/ssh/ssh_config
@@ -77,11 +76,11 @@
     Host ai
       HostName 192.168.5.100
       Port 22
-    
+
     Host aquamarine
       HostName 192.168.5.101
       Port 22
-    
+
     Host ruby
       HostName 192.168.5.102
       Port 22
@@ -96,19 +95,19 @@
   programs.ssh.knownHosts = {
     # 星野 愛久愛海, Hoshino Aquamarine
     aquamarine = {
-      hostNames = [ "aquamarine" "192.168.5.101" ];
+      hostNames = ["aquamarine" "192.168.5.101"];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnCQXlllHoLX5EvU+t6yP/npsmuxKt0skHVeJashizE";
     };
 
     # 星野 瑠美衣, Hoshino Rubii
     ruby = {
-      hostNames = [ "ruby" "192.168.5.102" ];
+      hostNames = ["ruby" "192.168.5.102"];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7n11XxB8B3HjdyAsL3PuLVDZxWCzEOUTJAY8+goQmW";
     };
 
     # 有馬 かな, Arima Kana
     kana = {
-      hostNames = [ "kana" "192.168.5.103" ];
+      hostNames = ["kana" "192.168.5.103"];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3dDLOZERP1nZfRz3zIeVDm1q2Trer+fWFVvVXrgXM1";
     };
   };

modules/nixos/user-group.nix

@@ -1,24 +1,24 @@
-{ ... }:
+{ username, ... }: 
 
 {
-  nix.settings.trusted-users = ["ryan"];
+  nix.settings.trusted-users = [username];
 
   users.groups = {
-    ryan = { };
-    docker = { };
-    wireshark = { };
+    "${username}" = {};
+    docker = {};
+    wireshark = {};
   };
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.ryan = {
+  users.users."${username}" = {
     # the hashed password with salt is generated by run `mkpasswd`.
     hashedPassword = "$y$j9T$YQu5vhlnogjDFDWp9QkPh0$Eu85OiwllqvLg5fzRVMLVHNO7InA3ro8grTJJIepyH1";
-    home = "/home/ryan";
+    home = "/home/${username}";
     isNormalUser = true;
-    description = "ryan";
-    extraGroups = [ 
-      "ryan" 
+    description = username;
+    extraGroups = [
+      username
       "users"
-      "networkmanager" 
+      "networkmanager"
       "wheel"
       "docker"
       "wireshark"
@@ -29,4 +29,21 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiipi59EnVbi6bK1bGrcbfEM263wgdNfbrt6VBC1rHx ryan@ai-idols"
     ];
   };
+
+  # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
+  security.sudo.extraRules = [
+    {
+      users = [username];
+      commands = [
+        {
+          command = "/run/current-system/sw/bin/nix-store";
+          options = ["NOPASSWD"];
+        }
+        {
+          command = "/run/current-system/sw/bin/nix-copy-closure";
+          options = ["NOPASSWD"];
+        }
+      ];
+    }
+  ];
 }