Merge pull request #79 from ryan4yin/filesystem-based-modules

refactor: flake outputs & hosts

Justfile

@@ -11,21 +11,21 @@ set shell := ["nu", "-c"]
 
 i3 mode="default":
   use utils.nu *; \
-  nixos-switch ai_i3 {{mode}}
+  nixos-switch ai-i3 {{mode}}
 
 hypr mode="default":
   use utils.nu *; \
-  nixos-switch ai_hyprland {{mode}}
+  nixos-switch ai-hyprland {{mode}}
 
 
 s-i3 mode="default":
   use utils.nu *; \
-  nixos-switch shoukei_i3 {{mode}}
+  nixos-switch shoukei-i3 {{mode}}
 
 
 s-hypr mode="default":
   use utils.nu *; \
-  nixos-switch shoukei_hyprland {{mode}}
+  nixos-switch shoukei-hyprland {{mode}}
 
 
 up:
@@ -122,7 +122,7 @@ ruby:
 kana:
   colmena apply --on '@kana' --verbose --show-trace
 
-tsgw:
+tailscale:
   colmena apply --on '@tailscale-gw' --verbose --show-trace
 
 # pve-aqua:
@@ -138,8 +138,8 @@ tsgw:
 #   rsync -avz --progress --copy-links result root@gtr5:/var/lib/vz/dump/vzdump-qemu-kana.vma.zst
 #
 # pve-tsgw:
-#   nom build .#tailscale_gw
+#   nom build .#tailscale-gw
-#   rsync -avz --progress --copy-links result root@um560:/var/lib/vz/dump/vzdump-qemu-tailscale_gw.vma.zst
+#   rsync -avz --progress --copy-links result root@um560:/var/lib/vz/dump/vzdump-qemu-tailscale-gw.vma.zst
 #
 
 ############################################################################
@@ -148,33 +148,33 @@ tsgw:
 #
 ############################################################################
 
-k8s:
+k3s:
-  colmena apply --on '@k8s-*' --verbose --show-trace
+  colmena apply --on '@k3s-*' --verbose --show-trace
 
 master:
-  colmena apply --on '@k8s-prod-master-*' --verbose --show-trace
+  colmena apply --on '@k3s-prod-1-master-*' --verbose --show-trace
 
 worker:
-  colmena apply --on '@k8s-prod-worker-*' --verbose --show-trace
+  colmena apply --on '@k3s-prod-1-worker-*' --verbose --show-trace
 
 # pve-k8s:
-#   nom build .#k3s_prod_1_master_1
+#   nom build .#k3s-prod-1-master-1
-#   rsync -avz --progress --copy-links result root@um560:/var/lib/vz/dump/vzdump-qemu-k3s_prod_1_master_1.vma.zst
+#   rsync -avz --progress --copy-links result root@um560:/var/lib/vz/dump/vzdump-qemu-k3s-prod-1-master-1.vma.zst
 #
-#   nom build .#k3s_prod_1_master_2
+#   nom build .#k3s-prod-1-master-2
-#   rsync -avz --progress --copy-links result root@gtr5:/var/lib/vz/dump/vzdump-qemu-k3s_prod_1_master_2.vma.zst
+#   rsync -avz --progress --copy-links result root@gtr5:/var/lib/vz/dump/vzdump-qemu-k3s-prod-1-master-2.vma.zst
 #
-#   nom build .#k3s_prod_1_master_3
+#   nom build .#k3s-prod-1-master-3
-#   rsync -avz --progress --copy-links result root@s500plus:/var/lib/vz/dump/vzdump-qemu-k3s_prod_1_master_3.vma.zst
+#   rsync -avz --progress --copy-links result root@s500plus:/var/lib/vz/dump/vzdump-qemu-k3s-prod-1-master-3.vma.zst
 #
-#   nom build .#k3s_prod_1_worker_1
+#   nom build .#k3s-prod-1-worker-1
-#   rsync -avz --progress --copy-links result root@gtr5:/var/lib/vz/dump/vzdump-qemu-k3s_prod_1_worker_1.vma.zst
+#   rsync -avz --progress --copy-links result root@gtr5:/var/lib/vz/dump/vzdump-qemu-k3s-prod-1-worker-1.vma.zst
 #
-#   nom build .#k3s_prod_1_worker_2
+#   nom build .#k3s-prod-1-worker-2
-#   rsync -avz --progress --copy-links result root@s500plus:/var/lib/vz/dump/vzdump-qemu-k3s_prod_1_worker_2.vma.zst
+#   rsync -avz --progress --copy-links result root@s500plus:/var/lib/vz/dump/vzdump-qemu-k3s-prod-1-worker-2.vma.zst
 #
-#   nom build .#k3s_prod_1_worker_3
+#   nom build .#k3s-prod-1-worker-3
-#   rsync -avz --progress --copy-links result root@s500plus:/var/lib/vz/dump/vzdump-qemu-k3s_prod_1_worker_3.vma.zst
+#   rsync -avz --progress --copy-links result root@s500plus:/var/lib/vz/dump/vzdump-qemu-k3s-prod-1-worker-3.vma.zst
 #
 
 ############################################################################

README.md

@@ -91,7 +91,7 @@ See [./secrets](./secrets) for details.
 ## How to Deploy this Flake?
 
 > :red_circle: **IMPORTANT**: **You should NOT deploy this flake directly on your machine :exclamation: It will not succeed.** 
-> This flake contains my hardware configuration(such as [hardware-configuration.nix](hosts/idols_ai/hardware-configuration.nix), [cifs-mount.nix](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols_ai/cifs-mount.nix), [Nvidia Support](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols_ai/default.nix#L77-L91), etc.) which is not suitable for your hardwares,
+> This flake contains my hardware configuration(such as [hardware-configuration.nix](hosts/idols-ai/hardware-configuration.nix), [cifs-mount.nix](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols_ai/cifs-mount.nix), [Nvidia Support](https://github.com/ryan4yin/nix-config/blob/v0.1.1/hosts/idols-ai/default.nix#L77-L91), etc.) which is not suitable for your hardwares,
 > and requires my private secrets repository [ryan4yin/nix-secrets](https://github.com/ryan4yin/nix-config/tree/main/secrets) to deploy.
 > You may use this repo as a reference to build your own configuration.
 
@@ -104,7 +104,7 @@ For NixOS:
 ```bash
 # deploy one of the configuration based on the hostname
 sudo nixos-rebuild switch --flake .#ai_i3
-# sudo nixos-rebuild switch --flake .#ai_hyprland
+# sudo nixos-rebuild switch --flake .#ai-hyprland
 
 # deploy via `just`(a command runner with similar syntax to make) & Justfile
 just i3    # deploy my pc with i3 window manager

constants.nix

@@ -1,17 +0,0 @@
-rec {
-  # user information
-  username = "ryan";
-  userfullname = "Ryan Yin";
-  useremail = "xiaoyin_c@qq.com";
-
-  allSystemAttrs = {
-    # linux systems
-    x64_system = "x86_64-linux";
-    riscv64_system = "riscv64-linux";
-    aarch64_system = "aarch64-linux";
-    #darwin systems
-    x64_darwin = "x86_64-darwin";
-    aarch64_darwin = "aarch64-darwin";
-  };
-  allSystems = builtins.attrValues allSystemAttrs;
-}

flake.lock

@@ -568,6 +568,27 @@
         "type": "github"
       }
     },
+    "haumea": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1685133229,
+        "narHash": "sha256-FePm/Gi9PBSNwiDFq3N+DWdfxFq0UKsVVTJS3cQPn94=",
+        "owner": "nix-community",
+        "repo": "haumea",
+        "rev": "34dd58385092a23018748b50f9b23de6266dffc2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "v0.2.2",
+        "repo": "haumea",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -1357,6 +1378,7 @@
         "daeuniverse": "daeuniverse",
         "disko": "disko",
         "doomemacs": "doomemacs",
+        "haumea": "haumea",
         "home-manager": "home-manager_2",
         "hyprland": "hyprland",
         "impermanence": "impermanence",

flake.nix

@@ -8,68 +8,7 @@
   #
   ##################################################################################################################
 
-  # The `outputs` function will return all the build results of the flake.
+  outputs = inputs: import ./outputs inputs;
-  # A flake can have many use cases and different types of outputs,
-  # parameters in `outputs` are defined in `inputs` and can be referenced by their names.
-  # However, `self` is an exception, this special parameter points to the `outputs` itself (self-reference)
-  # The `@` syntax here is used to alias the attribute set of the inputs's parameter, making it convenient to use inside the function.
-  outputs = inputs @ {
-    self,
-    nixpkgs,
-    pre-commit-hooks,
-    ...
-  }: let
-    constants = import ./constants.nix;
-
-    # `lib.genAttrs [ "foo" "bar" ] (name: "x_" + name)` => `{ foo = "x_foo"; bar = "x_bar"; }`
-    forEachSystem = func: (nixpkgs.lib.genAttrs constants.allSystems func);
-
-    allSystemConfigurations = import ./systems {inherit self inputs constants;};
-  in
-    allSystemConfigurations
-    // {
-      # format the nix code in this flake
-      # alejandra is a nix formatter with a beautiful output
-      formatter = forEachSystem (
-        system: nixpkgs.legacyPackages.${system}.alejandra
-      );
-
-      # pre-commit hooks for nix code
-      checks = forEachSystem (
-        system: {
-          pre-commit-check = pre-commit-hooks.lib.${system}.run {
-            src = ./.;
-            hooks = {
-              alejandra.enable = true; # formatter
-              # deadnix.enable = true; # detect unused variable bindings in `*.nix`
-              # statix.enable = true; # lints and suggestions for Nix code(auto suggestions)
-              # prettier = {
-              #   enable = true;
-              #   excludes = [".js" ".md" ".ts"];
-              # };
-            };
-          };
-        }
-      );
-      devShells = forEachSystem (
-        system: let
-          pkgs = nixpkgs.legacyPackages.${system};
-        in {
-          default = pkgs.mkShell {
-            packages = with pkgs; [
-              # fix https://discourse.nixos.org/t/non-interactive-bash-errors-from-flake-nix-mkshell/33310
-              bashInteractive
-              # fix `cc` replaced by clang, which causes nvim-treesitter compilation error
-              gcc
-            ];
-            name = "dots";
-            shellHook = ''
-              ${self.checks.${system}.pre-commit-check.shellHook}
-            '';
-          };
-        }
-      );
-    };
 
   # the nixConfig here only affects the flake itself, not the system configuration!
   # for more information, see:
@@ -174,6 +113,11 @@
 
     attic.url = "github:zhaofengli/attic";
 
+    haumea = {
+      url = "github:nix-community/haumea/v0.2.2";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     ########################  Some non-flake repositories  #########################################
 
     # AstroNvim is an aesthetic and feature-rich neovim config.

home/base/core.nix

@@ -1,8 +1,8 @@
-{username, ...}: {
+{myvars, ...}: {
   # Home Manager needs a bit of information about you and the
   # paths it should manage.
   home = {
-    inherit username;
+    inherit (myvars) username;
 
     # This value determines the Home Manager release that your
     # configuration is compatible with. This helps avoid breakage

home/base/desktop/cloud/default.nix

@@ -5,20 +5,17 @@
 }: {
   home.packages = with pkgs;
     [
-      # general tools
-      packer # machine image builder
-
       # infrastructure as code
-      pulumi
+      # pulumi
-      pulumictl
+      # pulumictl
-      tf2pulumi
+      # tf2pulumi
-      crd2pulumi
+      # crd2pulumi
-      pulumiPackages.pulumi-random
+      # pulumiPackages.pulumi-random
-      pulumiPackages.pulumi-command
+      # pulumiPackages.pulumi-command
-      pulumiPackages.pulumi-aws-native
+      # pulumiPackages.pulumi-aws-native
-      pulumiPackages.pulumi-language-go
+      # pulumiPackages.pulumi-language-go
-      pulumiPackages.pulumi-language-python
+      # pulumiPackages.pulumi-language-python
-      pulumiPackages.pulumi-language-nodejs
+      # pulumiPackages.pulumi-language-nodejs
 
       # aws
       awscli2
@@ -34,6 +31,7 @@
         # cloud tools that nix do not have cache for.
         terraform
         terraformer # generate terraform configs from existing cloud resources
+        packer # machine image builder
       ]
     );
 }

home/base/server/git.nix

@@ -2,8 +2,7 @@
   config,
   lib,
   pkgs,
-  userfullname,
+  myvars,
-  useremail,
   ...
 }: {
   # `programs.git` will generate the config file: ~/.config/git/config
@@ -21,8 +20,8 @@
     enable = true;
     lfs.enable = true;
 
-    userName = userfullname;
+    userName = myvars.userfullname;
-    userEmail = useremail;
+    userEmail = myvars.useremail;
 
     includes = [
       {

home/darwin/core.nix

@@ -1,3 +1,3 @@
-{username, ...}: {
+{myvars, ...}: {
-  home.homeDirectory = "/Users/${username}";
+  home.homeDirectory = "/Users/${myvars.username}";
 }

home/darwin/ssh.nix

@@ -1,3 +1,3 @@
-{vars_networking, ...}: {
+{myvars, ...}: {
-  programs.ssh.extraConfig = vars_networking.ssh.extraConfig;
+  programs.ssh.extraConfig = myvars.networking.ssh.extraConfig;
 }

home/linux/base/shell.nix

@@ -1,13 +1,13 @@
 {
   config,
-  username,
+  myvars,
   ...
 }: let
   d = config.xdg.dataHome;
   c = config.xdg.configHome;
   cache = config.xdg.cacheHome;
 in rec {
-  home.homeDirectory = "/home/${username}";
+  home.homeDirectory = "/home/${myvars.username}";
 
   # environment variables that always set at login
   home.sessionVariables = {

hosts/12kingdoms-rakushun/default.nix

@@ -1,7 +1,7 @@
 {
   disko,
   nixos-rk3588,
-  vars_networking,
+  myvars,
   ...
 }:
 #############################################################
@@ -11,7 +11,7 @@
 #############################################################
 let
   hostName = "rakushun"; # Define your hostname.
-  hostAddress = vars_networking.hostAddress.${hostName};
+  hostAddress = myvars.networking.hostAddress.${hostName};
 in {
   imports = [
     # import the rk3588 module, which contains the configuration for bootloader/kernel/firmware
@@ -24,7 +24,7 @@ in {
 
   networking = {
     inherit hostName;
-    inherit (vars_networking) defaultGateway nameservers;
+    inherit (myvars.networking) defaultGateway nameservers;
 
     networkmanager.enable = false;
     # RJ45 port 1

hosts/12kingdoms-shoukei/default.nix

@@ -1,6 +1,6 @@
 {
   nixos-hardware,
-  vars_networking,
+  myvars,
   ...
 }:
 #############################################################
@@ -18,7 +18,7 @@ in {
     {hardware.myapple-t2.enableAppleSetOsLoader = true;}
 
     ./hardware-configuration.nix
-    ../idols_ai/impermanence.nix
+    ../idols-ai/impermanence.nix
   ];
 
   boot.kernelModules = ["kvm-amd"];
@@ -26,7 +26,7 @@ in {
 
   networking = {
     inherit hostName;
-    inherit (vars_networking) defaultGateway nameservers;
+    inherit (myvars.networking) defaultGateway nameservers;
 
     # configures the network interface(include wireless) via `nmcli` & `nmtui`
     networkmanager.enable = true;

hosts/12kingdoms-shoukei/hardware-configuration.nix

@@ -53,11 +53,10 @@
       # whether to allow TRIM requests to the underlying device.
       # it's less secure, but faster.
       allowDiscards = true;
-      # Whether to bypass dm-crypt’s internal read and write workqueues. 
+      # Whether to bypass dm-crypt’s internal read and write workqueues.
-      # Enabling this should improve performance on SSDs; 
+      # Enabling this should improve performance on SSDs;
       # https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance
       bypassWorkqueues = true;
-
     };
   };
 

hosts/12kingdoms-suzu/default.nix

@@ -1,7 +1,7 @@
 {
   disko,
   nixos-rk3588,
-  vars_networking,
+  myvars,
   ...
 }:
 #############################################################
@@ -11,7 +11,7 @@
 #############################################################
 let
   hostName = "suzu"; # Define your hostname.
-  hostAddress = vars_networking.hostAddress.${hostName};
+  hostAddress = myvars.networking.hostAddress.${hostName};
 in {
   imports = [
     # import the rk3588 module, which contains the configuration for bootloader/kernel/firmware
@@ -24,7 +24,7 @@ in {
 
   networking = {
     inherit hostName;
-    inherit (vars_networking) defaultGateway nameservers;
+    inherit (myvars.networking) defaultGateway nameservers;
 
     networkmanager.enable = false;
     interfaces.end1 = {

hosts/homelab-tailscale-gw/default.nix

@@ -1,4 +1,8 @@
-{vars_networking, mylib, ...}:
+{
+  myvars,
+  mylib,
+  ...
+}:
 #############################################################
 #
 #  Tailscale Gateway(homelab subnet router) - a NixOS VM running on Proxmox
@@ -6,7 +10,7 @@
 #############################################################
 let
   hostName = "tailscale-gw"; # Define your hostname.
-  hostAddress = vars_networking.hostAddress.${hostName};
+  hostAddress = myvars.networking.hostAddress.${hostName};
 in {
   imports = mylib.scanPaths ./.;
 
@@ -22,10 +26,10 @@ in {
 
   networking = {
     inherit hostName;
-    inherit (vars_networking) nameservers;
+    inherit (myvars.networking) nameservers;
 
     # Use mainGateway instead of defaultGateway to make NAT Traversal work
-    defaultGateway = vars_networking.mainGateway;
+    defaultGateway = myvars.networking.mainGateway;
 
     networkmanager.enable = false;
     interfaces.ens18 = {

hosts/idols-ai/cifs-mount.nix

@@ -1,10 +1,10 @@
 {
   config,
-  username,
+  myvars,
   ...
 }: {
   # mount a smb/cifs share
-  fileSystems."/home/${username}/SMB-Downloads" = {
+  fileSystems."/home/${myvars.username}/SMB-Downloads" = {
     device = "//192.168.5.194/Downloads";
     fsType = "cifs";
     options = [

hosts/idols-ai/default.nix

@@ -1,4 +1,4 @@
-{vars_networking, ...}:
+{myvars, ...}:
 #############################################################
 #
 #  Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
@@ -6,7 +6,7 @@
 #############################################################
 let
   hostName = "ai"; # Define your hostname.
-  hostAddress = vars_networking.hostAddress.${hostName};
+  hostAddress = myvars.networking.hostAddress.${hostName};
 in {
   imports = [
     ./cifs-mount.nix
@@ -19,7 +19,7 @@ in {
 
   networking = {
     inherit hostName;
-    inherit (vars_networking) defaultGateway nameservers;
+    inherit (myvars.networking) defaultGateway nameservers;
 
     wireless.enable = false; # Enables wireless support via wpa_supplicant.
     # configures the network interface(include wireless) via `nmcli` & `nmtui`

hosts/idols-ai/hardware-configuration.nix

@@ -56,8 +56,8 @@
       # whether to allow TRIM requests to the underlying device.
       # it's less secure, but faster.
       allowDiscards = true;
-      # Whether to bypass dm-crypt’s internal read and write workqueues. 
+      # Whether to bypass dm-crypt’s internal read and write workqueues.
-      # Enabling this should improve performance on SSDs; 
+      # Enabling this should improve performance on SSDs;
       # https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance
       bypassWorkqueues = true;
     };

hosts/idols-aquamarine/default.nix

@@ -1,4 +1,4 @@
-{vars_networking, ...}:
+{myvars, ...}:
 #############################################################
 #
 #  Aquamarine - A NixOS VM running on Proxmox
@@ -27,7 +27,7 @@ in {
 
   networking = {
     inherit hostName;
-    inherit (vars_networking) nameservers;
+    inherit (myvars.networking) nameservers;
   };
 
   # This value determines the NixOS release from which the default

hosts/idols-kana/caddy.nix

@@ -1,4 +1,4 @@
-{useremail, ...}: {
+{myvars, ...}: {
   services.caddy = {
     enable = true;
     # Reload Caddy instead of restarting it when configuration file changes.
@@ -16,7 +16,7 @@
     '';
 
     # ACME related settings.
-    # email = useremail;
+    # email = myvars.useremail;
     # acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
 
     virtualHosts."http://dashy.writefor.fun".extraConfig = ''

hosts/idols-kana/default.nix

@@ -1,5 +1,5 @@
 {
-  vars_networking,
+  myvars,
   mylib,
   ...
 }:
@@ -10,7 +10,7 @@
 #############################################################
 let
   hostName = "kana"; # Define your hostname.
-  hostAddress = vars_networking.hostAddress.${hostName};
+  hostAddress = myvars.networking.hostAddress.${hostName};
 in {
   imports = mylib.scanPaths ./.;
 
@@ -32,7 +32,7 @@ in {
 
   networking = {
     inherit hostName;
-    inherit (vars_networking) defaultGateway nameservers;
+    inherit (myvars.networking) defaultGateway nameservers;
 
     networkmanager.enable = false;
     interfaces.ens18 = {

hosts/idols-kana/transmission.nix

@@ -1,6 +1,6 @@
 {
   config,
-  username,
+  myvars,
   ...
 }: let
   dataDir = "/var/lib/transmission";
@@ -60,8 +60,8 @@ in {
       # Wildcards allowed using '*'. Example: "*.foo.org,example.com",
       rpc-host-whitelist-enabled = true;
       rpc-host-whitelist = "*.writefor.fun,localhost,192.168.5.*";
-      rpc-user = username;
+      rpc-user = myvars.username;
-      rpc-username = username;
+      rpc-username = myvars.username;
       # rpc-password = "test"; # you'd better use the credentialsFile for this.
 
       incomplete-dir-enabled = true;

hosts/idols-ruby/caddy.nix

@@ -1,4 +1,4 @@
-{useremail, ...}: {
+{myvars, ...}: {
   services.caddy = {
     enable = true;
     # Reload Caddy instead of restarting it when configuration file changes.
@@ -16,7 +16,7 @@
     '';
 
     # ACME related settings.
-    # email = useremail;
+    # email = myvars.useremail;
     # acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
 
     virtualHosts."http://grafana.writefor.fun".extraConfig = ''

hosts/idols-ruby/default.nix

@@ -1,5 +1,5 @@
 {
-  vars_networking,
+  myvars,
   mylib,
   ...
 }:
@@ -10,7 +10,7 @@
 #############################################################
 let
   hostName = "ruby"; # Define your hostname.
-  hostAddress = vars_networking.hostAddress.${hostName};
+  hostAddress = myvars.networking.hostAddress.${hostName};
 in {
   imports = mylib.scanPaths ./.;
 
@@ -32,7 +32,7 @@ in {
 
   networking = {
     inherit hostName;
-    inherit (vars_networking) defaultGateway nameservers;
+    inherit (myvars.networking) defaultGateway nameservers;
 
     networkmanager.enable = false;
     interfaces.ens18 = {

hosts/idols-ruby/grafana/default.nix

@@ -1,8 +1,6 @@
 {
   config,
-  pkgs,
+  myvars,
-  username,
-  useremail,
   ...
 }: {
   services.grafana = {
@@ -28,8 +26,8 @@
       };
 
       security = {
-        admin_user = username;
+        admin_user = myvars.username;
-        admin_email = useremail;
+        admin_email = myvars.useremail;
         # Use file provider to read the admin password from a file.
         # https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider
         admin_password = "$__file{${config.age.secrets."grafana-admin-password".path}}";

hosts/idols-ruby/prometheus/default.nix

@@ -1,6 +1,6 @@
 {
   config,
-  vars_networking,
+  myvars,
   ...
 }: {
   # https://prometheus.io/docs/prometheus/latest/configuration/configuration/
@@ -56,7 +56,7 @@
             # All my NixOS hosts.
             targets =
               map (host: "${host.address}:9100")
-              (builtins.attrValues vars_networking.hostAddress);
+              (builtins.attrValues myvars.networking.hostAddress);
             labels.type = "node";
           }
         ];
@@ -70,7 +70,7 @@
         metrics_path = "/metrics";
         static_configs = [
           {
-            targets = ["${vars_networking.hostAddress.aquamarine.address}:9153"];
+            targets = ["${myvars.networking.hostAddress.aquamarine.address}:9153"];
             labels.type = "app";
             labels.app = "dnsmasq";
           }
@@ -83,7 +83,7 @@
         metrics_path = "/metrics";
         static_configs = [
           {
-            targets = ["${vars_networking.hostAddress.kana.address}:9153"];
+            targets = ["${myvars.networking.hostAddress.kana.address}:9153"];
             labels.type = "app";
             labels.app = "v2ray";
           }
@@ -96,7 +96,7 @@
         metrics_path = "/metrics";
         static_configs = [
           {
-            targets = ["${vars_networking.hostAddress.kana.address}:10000"];
+            targets = ["${myvars.networking.hostAddress.kana.address}:10000"];
             labels.type = "app";
             labels.app = "v2ray";
           }
@@ -122,7 +122,7 @@
         # The smarthost and SMTP sender used for mail notifications.
         smtp_smarthost = "smtp.qq.com:465";
         smtp_from = "$SMTP_SENDER_EMAIL";
-        smtp_auth_username = "$SMTP_AUTH_USERNAME";
+        smtp_auth_myvars.username = "$SMTP_AUTH_USERNAME";
         smtp_auth_password = "$SMTP_AUTH_PASSWORD";
         # smtp.qq.com:465 support SSL only, so we need to disable TLS here.
         # https://service.mail.qq.com/detail/0/310

hosts/k8s/k3s-prod-1-master-1/default.nix

@@ -1,13 +1,14 @@
 {
   pkgs,
-  vars_networking,
+  myvars,
   mylib,
   ...
 }: let
   hostName = "k3s-prod-1-master-1"; # Define your hostname.
   k8sLib = import ../lib.nix;
   coreModule = k8sLib.gencoreModule {
-    inherit pkgs hostName vars_networking;
+    inherit pkgs hostName;
+    inherit (myvars) networking;
   };
 in {
   imports =

hosts/k8s/k3s-prod-1-master-1/k3s.nix

@@ -1,7 +1,7 @@
 {
   config,
   pkgs,
-  username,
+  myvars,
   ...
 }: let
   package = pkgs.k3s_1_29;
@@ -29,7 +29,7 @@ in {
     tokenFile = config.age.secrets."k3s-prod-1-token".path;
     # https://docs.k3s.io/cli/server
     extraFlags =
-      " --write-kubeconfig /home/${username}/.kube/config"
+      " --write-kubeconfig /home/${myvars.username}/.kube/config"
       + " --write-kubeconfig-mode 644"
       + " --service-node-port-range 80-32767"
       + " --kube-apiserver-arg='--allow-privileged=true'" # required by kubevirt

hosts/k8s/k3s-prod-1-master-2/default.nix

@@ -1,13 +1,14 @@
 {
   pkgs,
-  vars_networking,
+  myvars,
   mylib,
   ...
 }: let
   hostName = "k3s-prod-1-master-2"; # define your hostname.
   k8sLib = import ../lib.nix;
   coreModule = k8sLib.gencoreModule {
-    inherit pkgs hostName vars_networking;
+    inherit pkgs hostName;
+    inherit (myvars) networking;
   };
 in {
   imports =

hosts/k8s/k3s-prod-1-master-2/k3s.nix

@@ -1,11 +1,11 @@
 {
   config,
   pkgs,
-  vars_networking,
+  myvars,
   ...
 }: let
   serverName = "k3s-prod-1-master-1";
-  serverIp = vars_networking.hostAddress.${serverName}.address;
+  serverIp = myvars.networking.hostAddress.${serverName}.address;
   package = pkgs.k3s_1_29;
 in {
   environment.systemPackages = [package];

hosts/k8s/k3s-prod-1-master-3/default.nix

@@ -1,13 +1,14 @@
 {
   pkgs,
-  vars_networking,
+  myvars,
   mylib,
   ...
 }: let
   hostName = "k3s-prod-1-master-3"; # define your hostname.
   k8sLib = import ../lib.nix;
   coreModule = k8sLib.gencoreModule {
-    inherit pkgs hostName vars_networking;
+    inherit pkgs hostName;
+    inherit (myvars) networking;
   };
 in {
   imports =

hosts/k8s/k3s-prod-1-master-3/k3s.nix

@@ -1,11 +1,11 @@
 {
   config,
   pkgs,
-  vars_networking,
+  myvars,
   ...
 }: let
   serverName = "k3s-prod-1-master-1";
-  serverIp = vars_networking.hostAddress.${serverName}.address;
+  serverIp = myvars.networking.hostAddress.${serverName}.address;
   package = pkgs.k3s_1_29;
 in {
   environment.systemPackages = [package];