modules/nixos+darwin: make everything an actual module again

3 files changed, 58 insertions, 35 deletions

diff --git a/modules/nixos/server/acme.nix b/modules/nixos/server/acme.nix
index edb499c..a08c8ae 100644
--- a/modules/nixos/server/acme.nix
+++ b/modules/nixos/server/acme.nix
@@ -1,18 +1,25 @@
 {
   config,
+  lib,
   secretsDir,
   ...
-}: {
-  age.secrets = {
-    cloudflareApiKey.file = secretsDir + "/cloudflareApiKey.age";
-  };
+}: let
+  cfg = config.server.acme;
+in {
+  options.server.acme.enable = lib.mkEnableOption "ACME support";
+
+  config = lib.mkIf cfg.enable {
+    age.secrets = {
+      cloudflareApiKey.file = secretsDir + "/cloudflareApiKey.age";
+    };
 
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "[email protected]";
-      dnsProvider = "cloudflare";
-      credentialsFile = config.age.secrets.cloudflareApiKey.path;
+    security.acme = {
+      acceptTerms = true;
+      defaults = {
+        email = "[email protected]";
+        dnsProvider = "cloudflare";
+        credentialsFile = config.age.secrets.cloudflareApiKey.path;
+      };
     };
   };
 }
diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix
index d503eae..d412067 100644
--- a/modules/nixos/server/default.nix
+++ b/modules/nixos/server/default.nix
@@ -4,33 +4,38 @@
   pkgs,
   inputs,
   ...
-}: {
+}: let
+  cfg = config.server;
+in {
+  options.server.enable = lib.mkEnableOption "base server settings";
+
   imports = [
-    # disabled since i use cloudflare tunnels
-    #./acme.nix
+    ./acme.nix
     ./secrets.nix
   ];
 
-  _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system};
+  config = lib.mkIf cfg.enable {
+    _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system};
 
-  boot = {
-    tmp.cleanOnBoot = lib.mkDefault true;
-    kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
-  };
+    boot = {
+      tmp.cleanOnBoot = lib.mkDefault true;
+      kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
+    };
 
-  documentation = {
-    enable = false;
-    man.enable = false;
-  };
+    documentation = {
+      enable = false;
+      man.enable = false;
+    };
 
-  environment.defaultPackages = lib.mkForce [];
+    environment.defaultPackages = lib.mkForce [];
 
-  nix = {
-    gc = {
-      dates = "*-*-1,5,9,13,17,21,25,29 00:00:00";
-      options = "-d --delete-older-than 2d";
-    };
+    nix = {
+      gc = {
+        dates = "*-*-1,5,9,13,17,21,25,29 00:00:00";
+        options = "-d --delete-older-than 2d";
+      };
 
-    settings.allowed-users = [config.networking.hostName];
+      settings.allowed-users = [config.networking.hostName];
+    };
   };
 }
diff --git a/modules/nixos/server/secrets.nix b/modules/nixos/server/secrets.nix
index 1d572bd..0f38995 100644
--- a/modules/nixos/server/secrets.nix
+++ b/modules/nixos/server/secrets.nix
@@ -1,10 +1,21 @@
-{secretsDir, ...}: {
-  age = {
-    identityPaths = ["/etc/age/key"];
+{
+  config,
+  lib,
+  secretsDir,
+  ...
+}: let
+  cfg = config.server.secrets;
+in {
+  options.server.secrets.enable = lib.mkEnableOption "secrets management";
 
-    secrets = {
-      rootPassword.file = secretsDir + "/rootPassword.age";
-      userPassword.file = secretsDir + "/userPassword.age";
+  config = lib.mkIf cfg.enable {
+    age = {
+      identityPaths = ["/etc/age/key"];
+
+      secrets = {
+        rootPassword.file = secretsDir + "/rootPassword.age";
+        userPassword.file = secretsDir + "/userPassword.age";
+      };
     };
   };
 }