13 changed files with 164 additions and 89 deletions
--- a/infra/common/default.nix
+++ b/infra/common/default.nix
@ -1,4 +1,4 @@
-{ lib, pkgs, ... }:
+{ lib, ... }:

 let
  inherit (lib) mkDefault;
@ -15,23 +15,4 @@ in
  i18n.defaultLocale = "en_US.UTF-8";
  system.stateVersion = "24.05"; # do not change
  nixpkgs.hostPlatform = mkDefault "x86_64-linux";
-
-  environment.systemPackages = with pkgs; [
-    (pkgs.vim_configurable.customize {
-      name = "vim";
-      vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
-        start = [ vim-nix ]; # load plugin on startup
-      };
-      vimrcConfig.customRC = ''
-        " your custom vimrc
-        set nocompatible
-        set backspace=indent,eol,start
-        " Turn on syntax highlighting by default
-        syntax on
-        " ...
-      '';
-    })
-    wget
-    subversion
-  ];
 }
--- a/infra/common/users.nix
+++ b/infra/common/users.nix
@ -29,11 +29,9 @@

  security.sudo.wheelNeedsPassword = false;

-  nix.settings.trusted-users = [ "@wheel" ];
-
  ## FIXME: Remove direct root authentication once NixOps4 supports users with
  ## password-less sudo.
-  users.users.root.openssh.authorizedKeys.keys = [
+  users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJg5TlS1NGCRZwMjDgBkXeFUXqooqRlM8fJdBAQ4buPg"
  ];
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -17,7 +17,11 @@
          };
          nixpkgs = inputs.nixpkgs;
          nixos.module = {
-            imports = [ ./vm02116 ];
+            imports = [
+              ./vm02116/configuration.nix
+              ./vm02116/forgejo.nix
+              ./vm02116/hardware-configuration.nix
+            ];
          };
        };

@ -31,7 +35,11 @@
          };
          nixpkgs = inputs.nixpkgs;
          nixos.module = {
-            imports = [ ./vm02179 ];
+            imports = [
+              ./vm02179/configuration.nix
+              ./vm02179/hardware-configuration.nix
+              ./vm02179/gitea-runner.nix
+            ];
          };
        };

@ -45,7 +53,11 @@
          };
          nixpkgs = inputs.nixpkgs;
          nixos.module = {
-            imports = [ ./vm02186 ];
+            imports = [
+              ./vm02186/procolix-configuration.nix
+              ./vm02186/hardware-configuration.nix
+              ./vm02186/gitea-runner.nix
+            ];
          };
        };
      };
@ -67,7 +79,10 @@
          };
          nixpkgs = inputs.nixpkgs;
          nixos.module = {
-            imports = [ ./vm02187 ];
+            imports = [
+              ./vm02187/configuration.nix
+              ./vm02187/hardware-configuration.nix
+            ];
          };
        };
      };
--- a/infra/vm02116/configuration.nix
+++ b/infra/vm02116/configuration.nix
@ -0,0 +1,38 @@
+{ pkgs, ... }:
+
+{
+  imports = [ ../common ];
+
+  procolix.vm = {
+    name = "vm02116";
+    ip4 = "185.206.232.34";
+    ip6 = "2a00:51c0:12:1201::20";
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    (pkgs.vim_configurable.customize {
+      name = "vim";
+      vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
+        start = [ vim-nix ]; # load plugin on startup
+      };
+      vimrcConfig.customRC = ''
+        " your custom vimrc
+        set nocompatible
+        set backspace=indent,eol,start
+        " Turn on syntax highlighting by default
+        syntax on
+        " ...
+      '';
+    })
+    wget
+    subversion
+  ];
+
+  ## vm02116 is running on old hardware based on a Xen VM environment, so it
+  ## needs these extra options. Once the VM gets moved to a newer node, these
+  ## two options can safely be removed.
+  boot.initrd.availableKernelModules = [ "xen_blkfront" ];
+  services.xe-guest-utilities.enable = true;
+}
--- a/infra/vm02116/default.nix
+++ b/infra/vm02116/default.nix
@ -1,28 +0,0 @@
-{
-  imports = [
-    ../common
-    ./forgejo.nix
-  ];
-
-  procolix.vm = {
-    name = "vm02116";
-    ip4 = "185.206.232.34";
-    ip6 = "2a00:51c0:12:1201::20";
-  };
-
-  ## vm02116 is running on old hardware based on a Xen VM environment, so it
-  ## needs these extra options. Once the VM gets moved to a newer node, these
-  ## two options can safely be removed.
-  boot.initrd.availableKernelModules = [ "xen_blkfront" ];
-  services.xe-guest-utilities.enable = true;
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/3802a66d-e31a-4650-86f3-b51b11918853";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/2CE2-1173";
-    fsType = "vfat";
-  };
-}
--- a/infra/vm02116/forgejo.nix
+++ b/infra/vm02116/forgejo.nix
@ -5,7 +5,6 @@ in
 {
  services.forgejo = {
    enable = true;
-    lfs.enable = true;
    settings = {
      service = {
        DISABLE_REGISTRATION = true;
--- a/infra/vm02116/hardware-configuration.nix
+++ b/infra/vm02116/hardware-configuration.nix
@ -0,0 +1,11 @@
+{
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/3802a66d-e31a-4650-86f3-b51b11918853";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/2CE2-1173";
+    fsType = "vfat";
+  };
+}
--- a/infra/vm02179/configuration.nix
+++ b/infra/vm02179/configuration.nix
@ -0,0 +1,35 @@
+{ pkgs, ... }:
+
+{
+  imports = [ ../common ];
+
+  procolix.vm = {
+    name = "vm02179";
+    ip4 = "185.206.232.179";
+    ip6 = "2a00:51c0:12:1201::179";
+  };
+
+  nix = {
+    settings.trusted-users = [ "@wheel" ];
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    (pkgs.vim_configurable.customize {
+      name = "vim";
+      vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
+        start = [ vim-nix ]; # load plugin on startup
+      };
+      vimrcConfig.customRC = ''
+        " your custom vimrc
+        set nocompatible
+        set backspace=indent,eol,start
+        " Turn on syntax highlighting by default
+        syntax on
+        " ...
+      '';
+    })
+    wget
+  ];
+}
--- a/infra/vm02179/hardware-configuration.nix
+++ b/infra/vm02179/hardware-configuration.nix
@ -1,15 +1,4 @@
 {
-  imports = [
-    ../common
-    ./gitea-runner.nix
-  ];
-
-  procolix.vm = {
-    name = "vm02179";
-    ip4 = "185.206.232.179";
-    ip6 = "2a00:51c0:12:1201::179";
-  };
-
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/119863f8-55cf-4e2f-ac17-27599a63f241";
    fsType = "ext4";
--- a/infra/vm02186/hardware-configuration.nix
+++ b/infra/vm02186/hardware-configuration.nix
@ -1,15 +1,4 @@
 {
-  imports = [
-    ../common
-    ./gitea-runner.nix
-  ];
-
-  procolix.vm = {
-    name = "vm02186";
-    ip4 = "185.206.232.186";
-    ip6 = "2a00:51c0:12:1201::186";
-  };
-
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/833ac0f9-ad8c-45ae-a9bf-5844e378c44a";
    fsType = "ext4";
--- a/infra/vm02186/procolix-configuration.nix
+++ b/infra/vm02186/procolix-configuration.nix
@ -0,0 +1,31 @@
+{ pkgs, ... }:
+
+{
+  imports = [ ../common ];
+
+  procolix.vm = {
+    name = "vm02186";
+    ip4 = "185.206.232.186";
+    ip6 = "2a00:51c0:12:1201::186";
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    (pkgs.vim_configurable.customize {
+      name = "vim";
+      vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
+        start = [ vim-nix ]; # load plugin on startup
+      };
+      vimrcConfig.customRC = ''
+        " your custom vimrc
+        set nocompatible
+        set backspace=indent,eol,start
+        " Turn on syntax highlighting by default
+        syntax on
+        " ...
+      '';
+    })
+    wget
+  ];
+}
--- a/infra/vm02187/configuration.nix
+++ b/infra/vm02187/configuration.nix
@ -1,6 +1,14 @@
 { pkgs, ... }:

 {
+  imports = [ ../common ];
+
+  procolix.vm = {
+    name = "vm02187";
+    ip4 = "185.206.232.187";
+    ip6 = "2a00:51c0:12:1201::187";
+  };
+
  services.phpfpm.pools.mediawiki.phpOptions = ''
    upload_max_filesize = 1024M;
    post_max_size = 1024M;
@ -62,4 +70,24 @@
  };

  users.users.nginx.extraGroups = [ "acme" ];
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    (pkgs.vim_configurable.customize {
+      name = "vim";
+      vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
+        start = [ vim-nix ]; # load plugin on startup
+      };
+      vimrcConfig.customRC = ''
+        " your custom vimrc
+        set nocompatible
+        set backspace=indent,eol,start
+        " Turn on syntax highlighting by default
+        syntax on
+        " ...
+      '';
+    })
+    wget
+  ];
 }
--- a/infra/vm02187/hardware-configuration.nix
+++ b/infra/vm02187/hardware-configuration.nix
@ -1,15 +1,4 @@
 {
-  imports = [
-    ../common
-    ./wiki.nix
-  ];
-
-  procolix.vm = {
-    name = "vm02187";
-    ip4 = "185.206.232.187";
-    ip6 = "2a00:51c0:12:1201::187";
-  };
-
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/a46a9c46-e32b-4216-a4aa-8819b2cd0d49";
    fsType = "ext4";