vm + cleanup

.gitignore

@@ -0,0 +1 @@
+result

flake.nix

@@ -111,7 +111,21 @@
             "c2"
             "fw"
           ]
-        );
+        )
+        // {
+          "test-vm" = nixpkgs.lib.nixosSystem {
+            system = "x86_64-linux";
+            inherit specialArgs;
+            modules = [
+              {
+                imports = [
+                  ./mod
+                  ./host/test-vm
+                ];
+              }
+            ];
+          };
+        };
 
       colmenaHive = colmena.lib.makeHive {
         meta = {

host/test-vm/default.nix

@@ -0,0 +1,38 @@
+{ pkgs, ... }:
+{
+  networking.hostName = "test-vm";
+  services.syncthing.enable = false;
+  hd.common.users.enable = false; # default user depends on age
+
+  users = {
+    mutableUsers = false;
+    users."hd" = {
+      description = "Henri";
+      isNormalUser = true;
+      createHome = true;
+      home = "/home/hd";
+      extraGroups = [ "wheel" ];
+      shell = pkgs.fish;
+      packages = [ ];
+      password = "";
+    };
+    users.root.hashedPassword = "!";
+  };
+
+  boot = {
+    loader = {
+      efi.canTouchEfiVariables = true;
+      grub = {
+        enable = true;
+        efiSupport = true;
+        device = "nodev";
+      };
+    };
+
+    kernelPackages = pkgs.linuxPackages_6_12;
+    initrd.systemd.network.wait-online.enable = false;
+  };
+
+  # ====== DON'T CHANGE ======
+  system.stateVersion = "24.11";
+}

mod/common/default.nix

@@ -6,6 +6,15 @@
   ...
 }:
 with lib;
+let
+  mkCommonOption =
+    name:
+    mkOption {
+      type = types.bool;
+      default = config.hd.common.enable;
+      description = "Enables" ++ name;
+    };
+in
 {
   options.hd.common.enable = mkOption {
     type = types.bool;
@@ -14,45 +23,12 @@ with lib;
   };
 
   options.hd.common = {
-    locale = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.common.enable;
-        description = "Enable locale settings";
-      };
-    };
-
-    nix = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.common.enable;
-        description = "Enable Nix-related configuration";
-      };
-    };
-
-    security = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.common.enable;
-        description = "Enable security-related configuration";
-      };
-    };
-
-    shell = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.common.enable;
-        description = "Enable basic shell utilities";
-      };
-    };
-
-    users = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.common.enable;
-        description = "Enable default user accounts";
-      };
-    };
+    locale.enable = mkCommonOption "locale settings";
+    nix.enable = mkCommonOption "nix settings";
+    security.enable = mkCommonOption "security settings";
+    shell.enable = mkCommonOption "shell utilities";
+    users.enable = mkCommonOption "default users";
+    secrets.enable = mkCommonOption "agenix secrets";
   };
 
   imports = [

mod/syncthing.nix

@@ -55,16 +55,12 @@ in
     group = config.services.syncthing.group;
   };
 
-  services.syncthing = lib.mkIf cfg.enable (
-    assert lib.assertMsg (builtins.elem this var.syncthing.device-names.all)
-      "${this} is not in devices in mod/syncthing.nix";
-    {
+  services.syncthing = lib.mkIf cfg.enable ({
     settings = {
       inherit folders;
       devices = var.syncthing.devices;
     };
     key = lib.optionalAttrs is-managed config.age.secrets.syncthing-key.path;
     cert = lib.optionalAttrs is-managed "${../pki/syncthing + "/${this}.cert"}";
-    }
-  );
+  });
 }