Clean up config & add comments.

flake.nix

@@ -25,38 +25,44 @@
     sops-nix,
     ...
   } @ inputs: let
-    flock.lib = import ./lib inputs;
+    # Import helpers & make functions available.
-    inherit (flock.lib) mergeHosts mkHost;
+    helpers = import ./helpers.nix inputs;
+    inherit (helpers) mergeHosts mkHost;
   in
     mergeHosts [
+      # ThinkPad T480.
       (mkHost "muskduck" {
         suite = "desktop";
-        extraModules = [
+        hostModules = [
           lanzaboote.nixosModules.lanzaboote
           nixos-hardware.nixosModules.lenovo-thinkpad-t480
         ];
       })
 
+      # Raspberry Pi 4B.
       (mkHost "weebill" {
         suite = "server";
         platform = "aarch64-linux";
-        extraModules = [
+        hostModules = [
           nixos-hardware.nixosModules.raspberry-pi-4
         ];
       })
 
+      # VM running a Minecraft server.
       (mkHost "minecraft" {
-        suite = "vm";
+        suite = "server/vm";
-        user = "docker";
+        docker = true;
       })
 
+      # Container running Technitium DNS Server.
       (mkHost "technitium" {
-        suite = "lxc";
+        suite = "server/lxc";
       })
 
+      # Container running Mozilla's syncstorage-rs
       (mkHost "firefox-syncserver" {
-        suite = "lxc";
+        suite = "server/lxc";
-        extraModules = [
+        hostModules = [
           sops-nix.nixosModules.sops
         ];
       })

helpers.nix

@@ -0,0 +1,95 @@
+inputs:
+with inputs;
+with inputs.nixpkgs.lib; {
+  # Merge NixOS hosts.
+  mergeHosts = lists.foldl' (
+    a: b: attrsets.recursiveUpdate a b
+  ) {};
+
+  # Create a NixOS host.
+  mkHost = hostname: {
+    platform ? "x86_64-linux",
+    suite ? "",
+    docker ? false,
+    hostModules ? [],
+  }: let
+    # System architecture.
+    system = platform;
+
+    # Secrets directory.
+    secrets = builtins.toString inputs.secrets;
+
+    # Extra modules to import.
+    extraModules =
+      hostModules # Host-specific modules.
+      ++ optionals (docker == true) [./suites/server/docker] # Enable docker if required.
+      ++ (filesystem.listFilesRecursive ./modules); # Custom modules.
+
+    # nixpkgs config.
+    pkgs = import nixpkgs {
+      inherit system;
+
+      config = {
+        # Allow installation of proprietary software.
+        allowUnfree = true;
+        # Allow the installation of packages marked as insecure in nixpkgs.
+        permittedInsecurePackages = [
+          "dotnet-sdk-6.0.428" # For WebOne.
+          "dotnet-runtime-6.0.36" # For WebOne.
+        ];
+      };
+
+      # Import my overlay.
+      overlays = [
+        (import ./overlay.nix {inherit inputs system;})
+      ];
+    };
+
+    # deploy-rs overlay.
+    deployPkgs = import nixpkgs {
+      inherit system;
+      overlays = [
+        deploy-rs.overlays.default
+        (self: super: {
+          deploy-rs = {
+            inherit (pkgs) deploy-rs;
+            lib = super.deploy-rs.lib;
+          };
+        })
+      ];
+    };
+  in
+    {
+      nixosConfigurations.${hostname} = nixosSystem {
+        inherit system pkgs;
+
+        specialArgs = {
+          # Make some variables accesible to modules.
+          inherit
+            hostname
+            platform
+            suite
+            secrets
+            ;
+        };
+
+        modules =
+          [
+            nixvim.nixosModules.nixvim # Neovim.
+            ./suites/${suite} # Collection of configuration options for different types of systems.
+            ./hosts/${hostname} # Host-specific config.
+          ]
+          ++ extraModules;
+      };
+    }
+    // optionalAttrs (strings.hasPrefix "server" suite) {
+      deploy.nodes.${hostname} = {
+        hostname = "${hostname}.local";
+        profiles.system = {
+          user = "root";
+          sshuser = "fern";
+          path = deploypkgs.deploy-rs.lib.activate.nixos self.nixosconfigurations.${hostname};
+        };
+      };
+    };
+}

hosts/docker/default.nix

@@ -1,14 +1,17 @@
 {
+  # Root filesystem.
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/cac60222-9b38-4938-8b17-5fddd67e8e26";
     fsType = "ext4";
   };
 
-  fileSystems."/home/docker/volumes" = {
+  # Docker data directory
+  fileSystems."/home/fern/docker/data" = {
     device = "/dev/disk/by-uuid/95461a94-ad91-43b9-b502-2b5d4496b84e";
     fsType = "ext4";
   };
 
+  # Swap.
   swapDevices = [
     {device = "/dev/disk/by-uuid/025beadb-a89b-4abe-8d0c-b55401316319";}
   ];

hosts/firefox-syncserver/default.nix

@@ -4,7 +4,7 @@
   secrets,
   ...
 }: {
-  # Secrets.
+  # Import secrets.
   sops = {
     age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
     defaultSopsFile = "${secrets}/sops.yaml";

hosts/minecraft/default.nix

@@ -1,14 +1,17 @@
 {
+  # Root filesystem.
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/cbd70e61-fcdc-4b1f-af03-d3da8a2866ea";
     fsType = "ext4";
   };
 
-  fileSystems."/home/docker/volumes" = {
+  # Docker data directory.
+  fileSystems."/home/fern/docker/data" = {
     device = "/dev/disk/by-uuid/3730e48a-8784-4c49-8692-473c9b4bc8c3";
     fsType = "ext4";
   };
 
+  # Swap.
   swapDevices = [
     {device = "/dev/disk/by-uuid/3123f58e-63a9-44fa-ac29-3e79dc520b8f";}
   ];

hosts/muskduck/default.nix

@@ -1,4 +1,5 @@
 {
+  # Kernel modules
   boot.initrd.availableKernelModules = [
     "xhci_pci"
     "nvme"
@@ -8,6 +9,7 @@
 
   boot.kernelModules = ["kvm-intel"];
 
+  # Root filesystem.
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/63d79656-aa5b-466a-b369-be5eac3f51ab";
     fsType = "ext4";
@@ -15,6 +17,7 @@
 
   boot.initrd.luks.devices."luks-93fa00bc-777f-4359-bad5-880c29faca0d".device = "/dev/disk/by-uuid/93fa00bc-777f-4359-bad5-880c29faca0d";
 
+  # EFI/boot partition.
   fileSystems."/boot" = {
     device = "/dev/disk/by-uuid/EBD7-3E1C";
     fsType = "vfat";
@@ -24,7 +27,9 @@
     ];
   };
 
+  # Allow CPU microcode.
   hardware.cpu.intel.updateMicrocode = true;
 
+  # Allows remote deployment on ARM systems (ie. Raspberry Pi).
   boot.binfmt.emulatedSystems = ["aarch64-linux"];
 }

hosts/weebill/default.nix

@@ -1,4 +1,5 @@
 {pkgs, ...}: {
+  # Boot loader.
   boot = {
     kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
     initrd.availableKernelModules = [
@@ -13,12 +14,14 @@
   };
 
   fileSystems = {
+    # Root filesystem.
     "/" = {
       device = "/dev/disk/by-label/NIXOS_SD";
       fsType = "ext4";
       options = ["noatime"];
     };
 
+    # AFP share.
     "/srv/iMac" = {
       device = "/dev/disk/by-uuid/48843b25-4d8c-4638-a5f8-fb3901e1165e";
       fsType = "ext4";

lib/default.nix

@@ -1,81 +0,0 @@
-inputs:
-with inputs;
-with inputs.nixpkgs.lib; {
-  mergeHosts = lists.foldl' (
-    a: b: attrsets.recursiveUpdate a b
-  ) {};
-
-  mkHost = hostname: {
-    platform ? "x86_64-linux",
-    suite,
-    user ? "fern",
-    extraModules ? [],
-  }: let
-    system = platform;
-    secrets = builtins.toString inputs.secrets;
-
-    pkgs = import nixpkgs {
-      inherit system;
-      config = {
-        allowUnfree = true;
-        permittedInsecurePackages = [
-          "dotnet-sdk-6.0.428"
-          "dotnet-runtime-6.0.36"
-        ];
-      };
-      overlays = [
-        (import ../overlays {inherit inputs system;})
-      ];
-    };
-
-    deployPkgs = import nixpkgs {
-      inherit system;
-      overlays = [
-        deploy-rs.overlays.default
-        (self: super: {
-          deploy-rs = {
-            inherit (pkgs) deploy-rs;
-            lib = super.deploy-rs.lib;
-          };
-        })
-      ];
-    };
-  in
-    {
-      nixosConfigurations.${hostname} = nixosSystem {
-        inherit system pkgs;
-
-        specialArgs = {
-          inherit
-            hostname
-            platform
-            suite
-            user
-            secrets
-            ; # Inherit variables.
-        };
-
-        modules =
-          [
-            nixvim.nixosModules.nixvim
-            ../suites/common.nix
-            ../suites/${suite}.nix
-            ../hosts/${hostname}.nix
-          ]
-          ++ (filesystem.listFilesRecursive ../modules)
-          ++ extraModules;
-      };
-    }
-    // optionalAttrs ((suite == "server")
-      || (suite == "vm")
-      || (suite == "lxc")) {
-      deploy.nodes.${hostname} = {
-        hostname = "${hostname}.local";
-        profiles.system = {
-          user = "root";
-          sshUser = user;
-          path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.${hostname};
-        };
-      };
-    };
-}

modules/webone/default.nix

@@ -10,6 +10,7 @@ in {
   options.services.webone.enable = mkEnableOption "Enable WebOne HTTP proxy.";
 
   config = mkIf cfg.enable {
+    # Create user & group for service.
     users.groups.webone = {};
 
     users.users.webone = {
@@ -19,6 +20,7 @@ in {
       group = "webone";
     };
 
+    # Create config directory and log file, and set ownership to webone user.
     systemd.tmpfiles.settings = {
       "10-webone" = {
         "/var/log/webone.log" = {
@@ -38,6 +40,7 @@ in {
       };
     };
 
+    # Create a systemd service.
     systemd.services.webone = {
       description = "WebOne HTTP Proxy Server";
       documentation = ["https://github.com/atauenis/webone/wiki/"];

overlay.nix

@@ -6,10 +6,10 @@
 with inputs;
   final: prev: {
     # WebOne HTTP proxy.
-    webone = prev.pkgs.callPackage ../packages/webone {};
+    webone = prev.pkgs.callPackage ./packages/webone {};
 
     # Yazi Gruvbox theme.
-    yazi-flavour-gruvbox-dark = prev.pkgs.callPackage ../packages/yazi-flavour-gruvbox {};
+    yazi-flavour-gruvbox-dark = prev.pkgs.callPackage ./packages/yazi-flavour-gruvbox {};
 
     # Latest FluffyChat.
     fluffychat =

packages/webone/default.nix

@@ -18,6 +18,7 @@ buildDotnetModule rec {
   projectFile = "WebOne.csproj";
   nugetDeps = ./deps.nix;
 
+  # Uses outdated dotnet 6.
   dotnet-sdk = dotnetCorePackages.sdk_6_0;
   dotnet-runtime = dotnetCorePackages.runtime_6_0;
 

suites/default.nix

@@ -52,10 +52,10 @@ with lib; {
   networking.hostName = hostname;
 
   # Define a user account.
-  users.users.${user} = {
+  users.users.fern = {
     isNormalUser = true;
     uid = 1000;
-    description = mkIf (user == "fern") "Fern Garden";
+    description = "Fern Garden";
     extraGroups = [
       "wheel"
       "networkmanager"
@@ -95,6 +95,9 @@ with lib; {
   # https://discourse.nixos.org/t/slow-build-at-building-man-cache/52365/2
   documentation.man.generateCaches = false;
 
+  # Enable all terminfo (for ghostty).
+  environment.enableAllTerminfo = true;
+
   # Install some packages.
   programs = {
     git.enable = true;
@@ -102,9 +105,11 @@ with lib; {
 
     nixvim = {
       enable = true;
+
+      # Set $EDITOR
       defaultEditor = true;
 
-      # For telescope.
+      # For telescope grep.
       dependencies.ripgrep.enable = true;
 
       # Space as leader.
@@ -127,7 +132,10 @@ with lib; {
 
       colorschemes.gruvbox = {
         enable = true;
-        settings.contrast = "hard";
+        settings = {
+          contrast = "hard";
+          overrides.SignColumn.bg = "none";
+        };
       };
 
       opts = rec {

suites/desktop/default.nix

@@ -4,6 +4,8 @@
   ...
 }:
 with lib; {
+  imports = [../.]; # Common config.
+
   # Configure the bootloader.
   boot = {
     # Enable secure boot.

suites/server/default.nix

@@ -1,15 +1,9 @@
 {
-  user,
+  imports = [../.]; # Common config.
-  lib,
+
-  ...
-}:
-with lib; {
   # Passwordless sudo.
   security.sudo.wheelNeedsPassword = false;
 
-  # Enable all terminfo (for ghostty).
-  environment.enableAllTerminfo = true;
-
   # Enable sshd.
   services.openssh = {
     enable = true;
@@ -20,14 +14,11 @@ with lib; {
     };
   };
 
-  users.users.${user} = {
+  # Add authorized ssh pubkeys.
+  users.users.fern = {
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETPyuxUVEmYyEW6PVC6BXqkhULHd/RvMm8fMbYhjTMV fern@muskduck"
       "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMoJvPcUJDVVzO4dHROCFNlgJdDZSP5xyPx2s40zcx5QAAAABHNzaDo= YubiKey5NFC"
     ];
-    extraGroups = mkIf (user == "docker") ["docker"]; # if docker is enabled.
   };
-
-  # Enable docker.
-  virtualisation.docker.enable = mkIf (user == "docker") true;
 }

suites/server/docker/default.nix

@@ -0,0 +1,9 @@
+{
+  # Add user to docker group.
+  users.users.fern = {
+    extraGroups = ["docker"];
+  };
+
+  # Enable docker.
+  virtualisation.docker.enable = true;
+}

suites/server/lxc/default.nix

@@ -1,6 +1,6 @@
 {modulesPath, ...}: {
   imports = [
     (modulesPath + "/virtualisation/proxmox-lxc.nix")
-    ./server.nix
+    ../. # Server config.
   ];
 }

suites/server/vm/default.nix

@@ -6,7 +6,7 @@
 with lib; {
   imports = [
     (modulesPath + "/profiles/qemu-guest.nix")
-    ./server.nix
+    ../. # Server config.
   ];
 
   # Load kernel modules.