structure changes to flake

starter/configuration.nix

@@ -1,197 +1,94 @@
 {
+  config,
   lib,
   pkgs,
+  self,
   ...
 }:
 # Read configuration from JSON
 let
   jsonConfig = builtins.fromJSON (builtins.readFile ./config.json);
-in {
-  imports = [
-    ./disko-config.nix
-    ./hardware-configuration.nix
-  ];
 
-  # Enable flakes and nix commands
-  nix = {
-    settings = {
-      experimental-features = ["nix-command" "flakes"];
-      # Enable automatic garbage collection
-      auto-optimise-store = true;
+  customServicesDir = ./custom-services;
+  customServicesExists = builtins.pathExists customServicesDir;
+
+  customServices =
+    if customServicesExists
+    then
+      map
+      (name: ./custom-services + "/${name}")
+      (builtins.filter
+        (name: lib.hasSuffix ".nix" name)
+        (builtins.attrNames (builtins.readDir customServicesDir)))
+    else [];
+in {
+  imports =
+    [
+      ./disko-config.nix
+    ]
+    ++ customServices;
+
+  options.nixosConfig.flake = lib.mkOption {
+    type = lib.types.path;
+    description = "Path to the current flake configuration";
+  };
+
+  config = {
+    nix.settings = {
       trusted-users = [jsonConfig.username];
     };
-    # Automatic cleanup of old generations
-    gc = {
-      automatic = true;
-      dates = "weekly";
-      options = "--delete-older-than 30d";
+    # Set the flake path
+    nixosConfig.flake = self;
+
+    # Activation script to save the configuration
+    system.activationScripts.saveFlakeConfig = {
+      deps = [];
+      text = ''
+        rm -rf /etc/nixos/current-systemconfig
+        mkdir -p /etc/nixos/current-systemconfig
+        cp -rf ${config.nixosConfig.flake}/* /etc/nixos/current-systemconfig/
+        cd /etc/nixos/current-systemconfig
+        chown -R ${jsonConfig.username}:users /etc/nixos/current-systemconfig
+        chmod -R u=rwX,g=rX,o=rX /etc/nixos/current-systemconfig
+      '';
     };
-  };
 
-  # Boot configuration
-  boot.loader.grub = {
-    enable = true;
-    devices = [jsonConfig.rootDevice];
-    efiSupport = true;
-    efiInstallAsRemovable = true;
-  };
-
-  # Networking
-  networking = {
-    firewall = {
+    services.selfHostPlaybook = {
       enable = true;
-      # Only allow necessary ports
-      allowedTCPPorts = [80 443 2222]; # HTTP, HTTPS, and SSH
+      tier = "starter"; # This determines which services are enabled
     };
-  };
 
-  environment.etc = {
-    environment-files = {
-      source = pkgs.copyPathToStore ./env;
+    # Networking
+    networking = {
+      firewall = {
+        enable = true;
+        # Only allow necessary ports
+        allowedTCPPorts = [80 443 2222]; # HTTP, HTTPS, and SSH
+      };
     };
-  };
 
-  # System packages
-  environment.systemPackages = with pkgs; [
-    # System utilities
-    neovim
-    git
-    # Docker tools
-    docker
-    docker-compose
-  ];
+    environment.etc = {
+      environment-files = {
+        source = ./env;
+      };
+    };
+    # User configuration
+    users.users.${jsonConfig.username} = {
+      isNormalUser = true;
+      extraGroups = ["wheel" "docker"];
+      hashedPassword = jsonConfig.hashedPassword;
+      openssh.authorizedKeys.keys = [jsonConfig.sshKey];
+      # Set default shell to bash
+      shell = pkgs.bash;
+    };
 
-  # Enable Docker with recommended settings
-  virtualisation.docker = {
-    enable = true;
-    # Enable docker daemon to start on boot
-    enableOnBoot = true;
-    # Use overlay2 storage driver
-    storageDriver = "overlay2";
-    # Enable live restore
-    liveRestore = true;
-  };
-
-  # Services configuration
-  services = {
-    # SSH server configuration
-    openssh = {
+    programs.git = {
       enable = true;
-      settings = {
-        PermitRootLogin = "no";
-        PasswordAuthentication = false;
-        # Additional security settings
-        MaxAuthTries = 3;
-        LoginGraceTime = "30s";
-      };
-      ports = [2222];
-    };
-
-    # Caddy configuration with security headers
-    caddy = {
-      enable = true;
-      virtualHosts = {
-        "${jsonConfig.domains.portainer}" = {
-          extraConfig = ''
-            reverse_proxy localhost:9000
-            header {
-              # Security headers
-              Strict-Transport-Security "max-age=31536000; includeSubDomains"
-              X-Content-Type-Options "nosniff"
-              X-Frame-Options "DENY"
-              Referrer-Policy "strict-origin-when-cross-origin"
-            }
-          '';
-        };
-        "${jsonConfig.domains.n8n}" = {
-          extraConfig = ''
-            reverse_proxy localhost:5678
-            header {
-              Strict-Transport-Security "max-age=31536000; includeSubDomains"
-              X-Content-Type-Options "nosniff"
-              X-Frame-Options "DENY"
-              Referrer-Policy "strict-origin-when-cross-origin"
-            }
-          '';
-        };
-        "${jsonConfig.domains.baserow}" = {
-          extraConfig = ''
-            reverse_proxy localhost:3000
-            header {
-              Strict-Transport-Security "max-age=31536000; includeSubDomains"
-              X-Content-Type-Options "nosniff"
-              X-Frame-Options "DENY"
-              Referrer-Policy "strict-origin-when-cross-origin"
-            }
-          '';
-        };
+      config = {
+        user.name = jsonConfig.username;
+        user.email = "${jsonConfig.username}@nixos";
+        safe.directory = "/etc/nixos/current-systemconfig";
       };
     };
   };
-  # User configuration
-  users.users.${jsonConfig.username} = {
-    isNormalUser = true;
-    extraGroups = ["wheel" "docker"];
-    hashedPassword = jsonConfig.hashedPassword;
-    openssh.authorizedKeys.keys = [jsonConfig.sshKey];
-    # Set default shell to bash
-    shell = pkgs.bash;
-  };
-
-  # Container configurations
-  virtualisation.oci-containers = {
-    backend = "docker";
-    containers = {
-      "portainer" = {
-        image = "docker.io/portainer/portainer-ce:latest";
-        ports = ["127.0.0.1:9000:9000"];
-        volumes = [
-          "/etc/localtime:/etc/localtime:ro"
-          "/var/run/docker.sock:/var/run/docker.sock:ro"
-          "portainer_data:/data"
-        ];
-        extraOptions = [
-          "--network=web"
-        ];
-      };
-
-      "n8n" = {
-        image = "docker.io/n8nio/n8n:latest";
-        environmentFiles = ["/etc/environment-files/n8n.env"];
-        ports = ["127.0.0.1:5678:5678"];
-        volumes = ["n8n_data:/home/node/.n8n"];
-        extraOptions = ["--network=web"];
-      };
-
-      "baserow" = {
-        image = "docker.io/baserow/baserow:latest";
-        environmentFiles = ["/etc/environment-files/baserow.env"];
-        ports = ["127.0.0.1:3000:80"];
-        volumes = ["baserow_data:/baserow/data"];
-        extraOptions = ["--network=web"];
-      };
-    };
-  };
-
-  systemd.services.docker-network-web = {
-    description = "Create Docker Network Web";
-    requires = ["docker.service"];
-    after = ["docker.service"];
-    wantedBy = ["multi-user.target"];
-
-    # Run on startup if network doesn't exist
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-    };
-
-    script = ''
-      if ! /run/current-system/sw/bin/docker network ls | grep -q 'web'; then
-        /run/current-system/sw/bin/docker network create web
-      fi
-    '';
-  };
-
-  # System state version (do not change)
-  system.stateVersion = "24.11";
 }