fix: nix config optimizations

2026-04-04 16:45:00 +02:00 · 2026-04-04 16:45:00 +02:00 · de236e371e
commit de236e371e
parent 3e48221fbf
8 changed files with 39 additions and 57 deletions
--- a/flake.nix
+++ b/flake.nix
@ -13,54 +13,51 @@

  outputs = { self, nixpkgs, disko, agenix, ... }:
  let
-    pkgs = import nixpkgs { system = "x86_64-linux"; };
+    # Shared module list for both nixosConfigurations and colmena
+    hostModules = name: system: [
+      { nixpkgs.hostPlatform = system; }
+      disko.nixosModules.disko
+      agenix.nixosModules.default
+      ./modules/common.nix
+      ./hosts/${name}
+    ];

-    # Helper to build a NixOS host config from hosts/<name>/
    mkHost = name: system: nixpkgs.lib.nixosSystem {
-      modules = [
-        { nixpkgs.hostPlatform = system; }
-        disko.nixosModules.disko
-        agenix.nixosModules.default
-        ./modules/common.nix
-        ./hosts/${name}
-      ];
+      modules = hostModules name system;
    };

    hosts = {
-      telefonmann = { system = "x86_64-linux"; };
+      telefonmann = { system = "x86_64-linux"; targetHost = "telefonmann"; };
    };
+
+    systems = nixpkgs.lib.unique (nixpkgs.lib.mapAttrsToList (_: cfg: cfg.system) hosts);
  in {
    # nixosConfigurations is used by nixos-anywhere for initial install
    nixosConfigurations = nixpkgs.lib.mapAttrs
      (name: cfg: mkHost name cfg.system)
      hosts;

-    devShells.x86_64-linux.default = pkgs.mkShell {
-      packages = [
-        pkgs.colmena
-        agenix.packages.x86_64-linux.default
-      ];
-    };
+    devShells = nixpkgs.lib.genAttrs systems (system:
+      let pkgs = import nixpkgs { inherit system; }; in {
+        default = pkgs.mkShell {
+          packages = [
+            pkgs.colmena
+            agenix.packages.${system}.default
+          ];
+        };
+      });

    # colmena hive for ongoing deployments
    colmena = {
      meta = {
-        nixpkgs = pkgs;
-        specialArgs = { inherit disko; };
+        nixpkgs = import nixpkgs { system = (nixpkgs.lib.head systems); };
      };
    } // nixpkgs.lib.mapAttrs (name: cfg: {
      deployment = {
-        # Set targetHost per host in hosts/<name>/default.nix or override here
-        # targetHost = "telefonmann.example.com";
+        targetHost = cfg.targetHost;
        targetUser = "root";
      };
-      imports = [
-        { nixpkgs.hostPlatform = cfg.system; }
-        disko.nixosModules.disko
-        agenix.nixosModules.default
-        ./modules/common.nix
-        ./hosts/${name}
-      ];
+      imports = hostModules name cfg.system;
    }) hosts;
  };
 }
--- a/hosts/telefonmann/default.nix
+++ b/hosts/telefonmann/default.nix
@ -2,7 +2,6 @@
  imports = [
    ./hardware.nix
    ./disko.nix
-    ../../modules/vm-guest.nix
    ../../modules/voip
  ];

@ -153,8 +152,6 @@
    };
  };

-  deployment.targetHost = "telefonmann";
-
  # Age-encrypted secrets (decrypted on the host at activation time).
  age.secrets =
    let asteriskSecret = file: { inherit file; owner = "asterisk"; group = "voip-keys"; mode = "0640"; };
--- a/hosts/telefonmann/hardware.nix
+++ b/hosts/telefonmann/hardware.nix
@ -1,6 +1,9 @@
-{ modulesPath, ... }: {
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-
+{ ... }: {
+  services.qemuGuest.enable = true;
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };
  boot.initrd.availableKernelModules = [
    "virtio_pci"
    "virtio_scsi"  # use "virtio_blk" instead if disk is /dev/vda
--- a/modules/common.nix
+++ b/modules/common.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ ... }: {
  time.timeZone = "Europe/Berlin";

  nix.settings = {
--- a/modules/vm-guest.nix
+++ b/modules/vm-guest.nix
@ -1,7 +0,0 @@
-{ ... }: {
-  services.qemuGuest.enable = true;
-  boot.loader = {
-    systemd-boot.enable = true;
-    efi.canTouchEfiVariables = true;
-  };
-}
--- a/modules/voip/asterisk.nix
+++ b/modules/voip/asterisk.nix
@ -172,7 +172,8 @@ let
    context = internal
    transport = transport-tcp
    disallow = all
-    ${lib.concatMapStrings (c: "allow = ${c}\n    ") cfg.codecs.hardwarePhones}direct_media = no
+    ${lib.concatMapStrings (c: "allow = ${c}\n    ") cfg.codecs.hardwarePhones}
+    direct_media = no
    trust_id_inbound = yes
    send_pai = yes

@ -181,7 +182,8 @@ let
    context = internal
    transport = transport-tcp
    disallow = all
-    ${lib.concatMapStrings (c: "allow = ${c}\n    ") cfg.codecs.softClients}direct_media = no
+    ${lib.concatMapStrings (c: "allow = ${c}\n    ") cfg.codecs.softClients}
+    direct_media = no
    send_pai = yes

    [auth-userpass](!)
@ -245,7 +247,6 @@ let
    type = endpoint
    context = from-external
    transport = transport-${t.transport}
-    disallow = all
    outbound_auth = trunk-${name}-auth
    aors = trunk-${name}-aor
    trust_id_inbound = yes
--- a/modules/voip/default.nix
+++ b/modules/voip/default.nix
@ -57,6 +57,10 @@ let
  greetingDirs      = import ./greetings.nix    { inherit lib pkgs cfg; };
  intercomEntries   = import ./intercom.nix     { inherit lib cfg models allPhones; };
  confFiles         = import ./asterisk.nix     { inherit lib cfg models allPhones intercomEntries mohDirs greetingDirs; };
+  directory         = import ./directory.nix    { inherit lib pkgs cfg allPhones intercomEntries; };
+  backgroundEntries = import ./backgrounds.nix  { inherit lib pkgs cfg models allPhones; };
+  provisioningRoot  = import ./provisioning.nix { inherit lib pkgs cfg models allPhones backgroundEntries; };
+  diagram           = import ./diagram.nix      { inherit lib pkgs cfg models allPhones intercomEntries; };

  # True when any *File option is set — Asterisk's execincludes=yes is required in that case.
  hasRuntimeSecrets =
@ -81,11 +85,6 @@ let
    ngx.header.content_type = "text/html; charset=utf-8"
    ngx.print(html)
  '';
-  directory         = import ./directory.nix    { inherit lib pkgs cfg allPhones intercomEntries; };
-  backgroundEntries = import ./backgrounds.nix  { inherit lib pkgs cfg models allPhones; };
-  provisioningRoot  = import ./provisioning.nix { inherit lib pkgs cfg models allPhones backgroundEntries; };
-  diagram           = import ./diagram.nix      { inherit lib pkgs cfg models allPhones intercomEntries; };
-
  # Shared option set for a physical phone device.
  # isPersonPhone = true  → no extension/displayName fields (inherited from person)
  # isPersonPhone = false → includes extension and displayName
--- a/modules/voip/directory.nix
+++ b/modules/voip/directory.nix
@ -68,16 +68,8 @@ let
    </CiscoIPPhoneDirectory>
  '';

-  voicemailMenuXml = ''
-    <?xml version="1.0" encoding="UTF-8"?>
-    <CiscoIPPhoneExecute>
-     <ExecuteItem Priority="0" URL="Dial:*97"/>
-    </CiscoIPPhoneExecute>
-  '';
-
 in {
  menuFile      = pkgs.writeText "directory.xml"      menuXml;
  listFile      = pkgs.writeText "directory-list.xml" listXml;
  intercomFile  = pkgs.writeText "intercom.xml"       intercomXml;
-  voicemailFile = pkgs.writeText "voicemail.xml"      voicemailMenuXml;
 }