feat(modules): Introduce per node module import from meta

hive.nix

@@ -49,6 +49,8 @@ let
     };
 
     meta = (import ./meta) lib;
+
+    nodeMeta = meta.nodes.${node};
   };
 in
 
@@ -64,16 +66,16 @@ in
   };
 
   defaults =
-    { meta, name, ... }:
+    { name, nodeMeta, ... }:
     {
       # Import the default modules
       imports = [ ./modules ];
 
       # Include default secrets
-      age-secrets.sources = [ (./machines + "/${name}/secrets") ];
+      age-secrets.sources = [ ./machines/${name}/secrets ];
 
       # Deployment config is specified in meta.nodes.${node}.deployment
-      inherit (meta.nodes.${name}) deployment;
+      inherit (nodeMeta) deployment;
 
       nix = {
         # Set NIX_PATH to the patched version of nixpkgs
@@ -92,7 +94,7 @@ in
 
       # Use the stateVersion declared in the metadata
       system = {
-        inherit (meta.nodes.${name}) stateVersion;
+        inherit (nodeMeta) stateVersion;
       };
     };
 }

meta/nodes.nix

@@ -26,6 +26,8 @@
 
     stateVersion = "23.05";
     vm-cluster = "Hyperviseur NPS";
+
+    nix-modules = [ "services/crabfit" ];
   };
 
   compute01 = {
@@ -53,6 +55,8 @@
   storage01 = {
     site = "pav01";
     stateVersion = "23.11";
+
+    nix-modules = [ "services/forgejo-nix-runners" ];
   };
 
   vault01 = {

meta/options.nix

@@ -95,6 +95,14 @@ in
                 '';
               };
 
+              nix-modules = mkOption {
+                type = listOf str;
+                default = [ ];
+                description = ''
+                  List of modules to import from [nix-modules](https://git.hubrecht.ovh/hubrecht/nix-modules).
+                '';
+              };
+
               admins = mkOption {
                 type = listOf str;
                 default = [ ];

modules/default.nix

@@ -32,7 +32,12 @@
 #  pris connaissance de la licence CeCILL, et que vous en avez accepté les
 #  termes.
 
-{ lib, sources, ... }:
+{
+  lib,
+  nodeMeta,
+  sources,
+  ...
+}:
 
 {
   imports =
@@ -57,11 +62,12 @@
       "${sources.attic}/nixos/atticd.nix"
       "${sources.arkheon}/module.nix"
     ]
-    ++ ((import sources.nix-modules { inherit lib; }).importModules [
-      "age-secrets"
-      "services/crabfit"
-      "services/forgejo-nix-runners"
-      "services/bupstash"
-      "services/systemd-notify"
-    ]);
+    ++ ((import sources.nix-modules { inherit lib; }).importModules (
+      [
+        "age-secrets"
+        "services/bupstash"
+        "services/systemd-notify"
+      ]
+      ++ nodeMeta.nix-modules
+    ));
 }

modules/dgn-access-control.nix

@@ -35,7 +35,7 @@
   config,
   lib,
   meta,
-  name,
+  nodeMeta,
   ...
 }:
 
@@ -49,7 +49,6 @@ let
     types
     ;
 
-  nodeMeta = meta.nodes.${name};
   admins =
     meta.organization.groups.root
     ++ nodeMeta.admins

modules/dgn-netbox-agent/default.nix

@@ -1,8 +1,7 @@
 {
   config,
-  meta,
-  name,
   lib,
+  nodeMeta,
   ...
 }:
 let
@@ -24,13 +23,13 @@ in
         register = true;
         update_all = true;
         virtual = {
-          enabled = meta.nodes.${name}.vm-cluster != null;
-          cluster_name = meta.nodes.${name}.vm-cluster;
+          enabled = nodeMeta.vm-cluster != null;
+          cluster_name = nodeMeta.vm-cluster;
         };
         purge_old_devices = true;
         hostname_cmd = "echo ${hostName}.${domain}";
         datacenter_location = {
-          driver = "cmd:echo ${meta.nodes.${name}.site}";
+          driver = "cmd:echo ${nodeMeta.site}";
           regex = "(.*)";
         };
         device = {

modules/dgn-network.nix

@@ -3,6 +3,7 @@
   lib,
   meta,
   name,
+  nodeMeta,
   ...
 }:
 
@@ -42,7 +43,7 @@ in
       inherit (net') hostId;
 
       hostName = name;
-      domain = "${meta.nodes.${name}.site}.infra.dgnum.eu";
+      domain = "${nodeMeta.site}.infra.dgnum.eu";
       useNetworkd = true;
 
       firewall.logRefusedConnections = false;