provision/hosts/bulwark/configuration.nix

@@ -15,7 +15,6 @@
   # Modules
   modules = {
     base-plus.enable = true;
-    physical.enable = true;
     desktop = {
       enable = true;
       gnome.enable = true;

provision/hosts/bulwark/default.nix

@@ -6,7 +6,9 @@ in {
   inherit system;
   specialArgs = { inherit user hostname inputs home-manager jovian-nixos; };
   modules = [
-    ./configuration.nix
+    ../default                            # shared by all configs
+    ../default/physical/configuration.nix # shared by physical machines
+    ./configuration.nix                   # bulwark specific
     ./hardware.nix
     ../../modules
     agenix.nixosModules.default

provision/hosts/default/default.nix

@@ -0,0 +1,51 @@
+{ config, pkgs, user, lib, inputs, ... }:
+{
+  nix = {
+    package = pkgs.nixVersions.stable;
+    extraOptions = "experimental-features = nix-command flakes";
+    settings.auto-optimise-store = true;
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
+    };
+  };
+
+  # Add user age key to identity path
+  age.identityPaths = [ 
+    "/home/${user}/.ssh/keys/age"
+    "/etc/ssh/ssh_host_ed25519_key"
+    "/etc/ssh/ssh_host_rsa_key"
+  ];
+
+  # Add non-free packages
+  nixpkgs.config.allowUnfree = true;
+  nixpkgs.overlays = import ../../lib/overlays.nix;
+
+  # Set your time zone.
+  time.timeZone = "America/Los_Angeles";
+  i18n.defaultLocale = "en_US.UTF-8";
+  
+  environment.systemPackages = with pkgs; [
+    inputs.agenix.packages.x86_64-linux.default 
+  ];
+
+  # Define user account.
+  users.users.${user} = {
+    isNormalUser = true;
+    extraGroups = [ "dialout" "wheel" "docker" "libvirtd" ];
+    shell = pkgs.bash;
+  };
+
+  # Did you read the comment?
+  system.stateVersion = "23.11";
+
+  home-manager.users.${user} = {
+    home.username = "${user}";
+    home.homeDirectory = "/home/${user}";
+    programs.home-manager.enable = true;
+
+    # Did you read the comment?
+    home.stateVersion = "23.11";
+  };
+}

provision/hosts/default/physical/configuration.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, user, lib, inputs, ... }:
+{
+  nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" "openssl-1.1.1w" ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  home-manager.users.${user} = {
+    programs.vscode = {
+      enable = true;
+      package = pkgs.vscode.fhs;
+    };
+  };
+}

provision/hosts/htpc/configuration.nix

@@ -11,7 +11,6 @@
   # Modules 
   modules = {
     base-plus.enable = true;
-    physical.enable = true;
     desktop = {
       enable = true;
       gnome.enable = true;

provision/hosts/htpc/default.nix

@@ -6,7 +6,9 @@ in {
   inherit system;
   specialArgs = { inherit user hostname inputs home-manager; };
   modules = [
-    ./configuration.nix
+    ../default                            # shared by all configs
+    ../default/physical/configuration.nix # shared by physical machines
+    ./configuration.nix                   # htpc specific
     ../../modules
     /etc/nixos/hardware-configuration.nix
     agenix.nixosModules.default

provision/hosts/kestrel/configuration.nix

@@ -33,7 +33,6 @@
   # Modules 
   modules = {
     base-plus.enable = true;
-    physical.enable = true;
     desktop = {
       enable = true;
       gnome.enable = true;

provision/hosts/kestrel/default.nix

@@ -6,7 +6,9 @@ in {
   inherit system;
   specialArgs = { inherit user hostname inputs home-manager; };
   modules = [
-    ./configuration.nix
+    ../default                            # shared by all configs
+    ../default/physical/configuration.nix # shared by physical machines
+    ./configuration.nix                   # kestrel specific
     ./hardware.nix
     ../../modules
     agenix.nixosModules.default

provision/hosts/osprey/configuration.nix

@@ -29,7 +29,6 @@
   # Modules 
   modules = {
     base-plus.enable = true;
-    physical.enable = true;
     desktop = {
       enable = true;
       gnome.enable = true;

provision/hosts/osprey/default.nix

@@ -6,7 +6,9 @@ in {
   inherit system;
   specialArgs = { inherit user hostname inputs home-manager; };
   modules = [
-    ./configuration.nix
+    ../default                            # shared by all configs
+    ../default/physical/configuration.nix # shared by physical machines
+    ./configuration.nix                   # osprey specific
     ./hardware.nix
     ../../modules
     agenix.nixosModules.default

provision/hosts/shivan/configuration.nix

@@ -15,7 +15,6 @@
   # Modules
   modules = {
     base-plus.enable = true;
-    physical.enable = true;
     desktop = {
       enable = true;
       gnome.enable = true;

provision/hosts/shivan/default.nix

@@ -6,7 +6,9 @@ in {
   inherit system;
   specialArgs = { inherit user inputs home-manager; };
   modules = [
-    ./configuration.nix
+    ../default                            # shared by all configs
+    ../default/physical/configuration.nix # shared by physical machines
+    ./configuration.nix                   # shivan specific
     ./hardware.nix
     ../../modules
     agenix.nixosModules.default

provision/hosts/torus/configuration.nix

@@ -98,7 +98,6 @@
   # Modules
   modules = {
     base-plus.enable = true;
-    physical.enable = true;
     services = {
       ssh.enable = true;
       syncthing = {

provision/hosts/torus/default.nix

@@ -6,7 +6,9 @@ in {
   inherit system;
   specialArgs = { inherit user hostname inputs home-manager; };
   modules = [
-    ./configuration.nix
+    ../default                            # shared by all configs
+    ../default/physical/configuration.nix # shared by physical machines
+    ./configuration.nix                   # torus specific
     ./hardware.nix
     ../../modules
     agenix.nixosModules.default

provision/hosts/wsl/default.nix

@@ -6,7 +6,8 @@ in {
   inherit system;
   specialArgs = { inherit user hostname inputs nixos-wsl home-manager; };
   modules = [
-    ./configuration.nix
+    ../default          # shared by all configs
+    ./configuration.nix # wsl specific
     ../../modules
     agenix.nixosModules.default
     home-manager.nixosModules.home-manager {

provision/modules/base/default.nix

@@ -1,63 +1,10 @@
-{ config, lib, inputs, pkgs, user, home-manager, ... }:
+{ ... }:
 {
   imports = [
     ./terminal.nix
+    ./plus
     ../programs/chezmoi.nix
     ../programs/git.nix
     ../programs/nvim.nix
-    ./physical.nix
-    ./plus
   ];
-
-  # base nix options
-  nix = {
-    package = pkgs.nixVersions.stable;
-    extraOptions = "experimental-features = nix-command flakes";
-    settings.auto-optimise-store = true;
-    gc = {
-      automatic = true;
-      dates = "weekly";
-      options = "--delete-older-than 7d";
-    };
-  };
-
-  # Add user age key to identity path
-  age.identityPaths = [ 
-    "/home/${user}/.ssh/keys/age"
-    "/etc/ssh/ssh_host_ed25519_key"
-    "/etc/ssh/ssh_host_rsa_key"
-  ];
-
-  # Add non-free packages
-  nixpkgs.config.allowUnfree = true;
-  nixpkgs.overlays = import ../../lib/overlays.nix;
-
-  # Set your time zone.
-  time.timeZone = "America/Los_Angeles";
-  i18n.defaultLocale = "en_US.UTF-8";
-  
-  # system packages
-  environment.systemPackages = with pkgs; [
-    inputs.agenix.packages.x86_64-linux.default 
-  ];
-
-  # define user account.
-  users.users.${user} = {
-    isNormalUser = true;
-    extraGroups = [ "dialout" "wheel" "docker" "libvirtd" ];
-    shell = pkgs.bash;
-  };
-
-  # Did you read the comment?
-  system.stateVersion = "23.11";
-
-  # base home manager config
-  home-manager.users.${user} = {
-    home.username = "${user}";
-    home.homeDirectory = "/home/${user}";
-    programs.home-manager.enable = true;
-
-    # Did you read the comment?
-    home.stateVersion = "23.11";
-  };
 }

provision/modules/base/physical.nix

@@ -1,11 +0,0 @@
-{ config, pkgs, user, lib, inputs, ... }:
-
-let cfg = config.modules.physical;
-in {
-  options.modules.physical.enable = lib.mkEnableOption "physical";
-  config = lib.mkIf cfg.enable {
-    # use the systemd-boot EFI boot loader
-    boot.loader.systemd-boot.enable = true;
-    boot.loader.efi.canTouchEfiVariables = true;
-  };
-}