refactor(systems): pull out inline modules

modules/meta/access.nix

@@ -1,32 +0,0 @@
-{
-  config,
-  access,
-  ...
-}: let
-  nixosModule = {
-    config,
-    ...
-  }: {
-    config = {
-      _module.args.access = access // {
-        systemFor = hostName: if hostName == config.networking.hostName
-          then config
-          else access.systemFor hostName;
-        systemForOrNull = hostName: if hostName == config.networking.hostName
-          then config
-          else access.systemForOrNull hostName;
-      };
-    };
-  };
-in {
-  config = {
-    network.nixos.extraModules = [
-      nixosModule
-    ];
-
-    _module.args.access = {
-      systemFor = hostName: config.network.nodes.${hostName};
-      systemForOrNull = hostName: config.network.nodes.${hostName} or null;
-    };
-  };
-}

modules/nixos/access.nix

@@ -1,17 +1,15 @@
 {
   pkgs,
-  inputs,
   config,
   lib,
   ...
 }: let
-  inherit (lib.modules) mkIf mkMerge mkBefore mkAfter mkDefault mkOptionDefault;
+  inherit (lib.modules) mkIf mkMerge mkBefore mkAfter mkOptionDefault;
   inherit (lib.options) mkOption mkEnableOption;
   inherit (lib.lists) optionals;
   inherit (lib.strings) concatStringsSep optionalString;
-  inherit (config.services) tailscale avahi;
+  inherit (config.services) tailscale;
   inherit (config) networking;
-  inherit (networking) hostName;
   cfg = config.networking.access;
   cidrModule = { config, ... }: {
     options = with lib.types; {
@@ -35,10 +33,6 @@
   };
 in {
   options.networking.access = with lib.types; {
-    hostnameForNetwork = mkOption {
-      type = attrsOf str;
-      default = { };
-    };
     cidrForNetwork = mkOption {
       type = attrsOf (submodule cidrModule);
       default = { };
@@ -63,18 +57,6 @@ in {
   };
 
   config.networking.access = {
-    hostnameForNetwork = {
-      local = let
-        eth0 = config.systemd.network.networks.eth0 or { };
-        hasStaticAddress = eth0.address or [ ] != [ ] || eth0.addresses or [ ] != [ ];
-        hasSLAAC = eth0.slaac.enable or false;
-      in mkMerge [
-        (mkIf (hasStaticAddress || hasSLAAC) (mkDefault "${hostName}.local.${networking.domain}"))
-        (mkIf (avahi.enable && avahi.publish.enable) (mkOptionDefault "${hostName}.local"))
-      ];
-      tail = mkIf tailscale.enable "${hostName}.tail.${networking.domain}";
-      global = mkIf (networking.enableIPv6 && networking.tempAddresses == "disabled") "${hostName}.${networking.domain}";
-    };
     cidrForNetwork = {
       loopback = {
         v4 = [
@@ -117,6 +99,10 @@ in {
         '';
       in "${localaddrs-reload}";
     };
+    moduleArgAttrs = {
+      inherit (cfg) cidrForNetwork localaddrs;
+      mkSnakeOil = pkgs.callPackage ../../packages/snakeoil.nix { };
+    };
   };
 
   config.networking = {
@@ -219,18 +205,4 @@ in {
       };
     };
   };
-
-  config._module.args.access = let
-    systemFor = hostName: inputs.self.nixosConfigurations.${hostName}.config;
-    systemForOrNull = hostName: inputs.self.nixosConfigurations.${hostName}.config or null;
-  in {
-    inherit (cfg) hostnameForNetwork cidrForNetwork localaddrs;
-    systemFor = hostName: if hostName == networking.hostName
-      then config
-      else systemFor hostName;
-    systemForOrNull = hostName: if hostName == networking.hostName
-      then config
-      else systemForOrNull hostName;
-  };
-  config.lib.access.mkSnakeOil = pkgs.callPackage ../../packages/snakeoil.nix { };
 }

modules/system/access.nix

@@ -0,0 +1,101 @@
+{
+  name,
+  config,
+  lib,
+  access,
+  inputs,
+  ...
+}: let
+  inherit (inputs.self.lib) systems;
+  inherit (inputs.self.lib.lib) domain;
+  inherit (lib.options) mkOption mkEnableOption;
+  inherit (lib.modules) mkIf mkDefault mkOptionDefault;
+  cfg = config.access;
+  systemConfig = config;
+  systemAccess = access;
+  nixosModule = {
+    config,
+    system,
+    ...
+  }: let
+    cfg = config.networking.access;
+  in {
+    options.networking.access = with lib.types; {
+      global.enable =
+        mkEnableOption "global access"
+        // {
+          default = system.access.global.enable;
+        };
+      moduleArgAttrs = mkOption {
+        type = lazyAttrsOf unspecified;
+        internal = true;
+      };
+    };
+    config = {
+      networking.access = {
+        moduleArgAttrs = {
+          inherit (systemAccess) hostnameForNetwork;
+          systemFor = hostName:
+            if hostName == config.networking.hostName
+            then systemConfig
+            else systemAccess.systemFor hostName;
+          systemForOrNull = hostName:
+            if hostName == config.networking.hostName
+            then systemConfig
+            else systemAccess.systemForOrNull hostName;
+          nixosFor = hostName:
+            if hostName == config.networking.hostName
+            then config
+            else systemAccess.nixosFor hostName;
+          nixosForOrNull = hostName:
+            if hostName == config.networking.hostName
+            then config
+            else systemAccess.nixosForOrNull hostName;
+        };
+      };
+      networking.tempAddresses = mkIf cfg.global.enable (
+        mkDefault "disabled"
+      );
+      _module.args.access = config.networking.access.moduleArgAttrs;
+      lib.access = config.networking.access.moduleArgAttrs;
+    };
+  };
+in {
+  options.access = with lib.types; {
+    hostName = mkOption {
+      type = str;
+      default = name;
+    };
+    domain = mkOption {
+      type = str;
+      default = domain;
+    };
+    tailscale.enable = mkEnableOption "tailscale access";
+    global.enable = mkEnableOption "globally routeable";
+    hostnameForNetwork = mkOption {
+      type = attrsOf str;
+      default = {};
+    };
+  };
+  config = {
+    modules = [
+      nixosModule
+    ];
+
+    access = {
+      hostnameForNetwork = {
+        local = mkOptionDefault "${cfg.hostName}.local.${cfg.domain}";
+        tail = mkIf cfg.tailscale.enable (mkOptionDefault "${cfg.hostName}.tail.${cfg.domain}");
+        global = mkIf cfg.global.enable (mkOptionDefault "${cfg.hostName}.${cfg.domain}");
+      };
+    };
+
+    _module.args.access = {
+      inherit (cfg) hostnameForNetwork;
+      systemFor = hostName: systems.${hostName}.config;
+      systemForOrNull = hostName: systems.${hostName}.config or null;
+      nixosFor = hostName: (access.systemFor hostName).built.config;
+      nixosForOrNull = hostName: (access.systemForOrNull hostName).built.config or null;
+    };
+  };
+}

modules/system/deploy.nix

@@ -0,0 +1,41 @@
+{
+  name,
+  config,
+  lib,
+  inputs,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkOptionDefault;
+in {
+  options = let
+    inherit (inputs.self.lib.lib) json;
+    inherit (lib.types) nullOr;
+    inherit (lib.options) mkOption;
+  in {
+    deploy = mkOption {
+      type = nullOr json.types.attrs;
+    };
+  };
+  config = {
+    deploy = let
+      nixos = config.built;
+    in {
+      sshUser = mkOptionDefault "root";
+      user = mkOptionDefault "root";
+      sshOpts = mkIf (config.type == "NixOS") (
+        mkOptionDefault ["-p" "${builtins.toString (builtins.head nixos.config.services.openssh.ports)}"]
+      );
+      autoRollback = mkOptionDefault true;
+      magicRollback = mkOptionDefault true;
+      fastConnection = mkOptionDefault false;
+      hostname = mkOptionDefault "${name}.local.gensokyo.zone";
+      profiles.system = {
+        user = "root";
+        path = let
+          inherit (inputs.self.legacyPackages.${config.system}.deploy-rs) activate;
+        in
+          activate.nixos nixos;
+      };
+    };
+  };
+}

modules/system/host.nix

@@ -0,0 +1,105 @@
+{
+  name,
+  config,
+  meta,
+  std,
+  lib,
+  inputs,
+  ...
+}: let
+  inherit (lib.modules) mkOptionDefault;
+  inherit (std) string;
+in {
+  options = let
+    inherit (lib.types) str listOf attrs unspecified enum nullOr;
+    inherit (lib.options) mkOption;
+  in {
+    arch = mkOption {
+      description = "Processor architecture of the host";
+      type = str;
+      default = "x86_64";
+    };
+    type = mkOption {
+      description = "Operating system type of the host";
+      type = nullOr (enum ["NixOS" "MacOS" "Darwin" "Linux"]);
+      default = "NixOS";
+    };
+    folder = mkOption {
+      type = str;
+      internal = true;
+    };
+    system = mkOption {
+      type = str;
+      internal = true;
+    };
+    modules = mkOption {
+      type = listOf unspecified;
+    };
+    specialArgs = mkOption {
+      type = attrs;
+      internal = true;
+    };
+    builder = mkOption {
+      type = unspecified;
+      internal = true;
+    };
+    built = mkOption {
+      type = unspecified;
+      internal = true;
+    };
+  };
+  config = {
+    system = let
+      kernel =
+        {
+          nixos = "linux";
+          macos = "darwin";
+          darwin = "darwin";
+          linux = "linux";
+        }
+        .${string.toLower config.type};
+    in "${config.arch}-${kernel}";
+    folder =
+      {
+        nixos = "nixos";
+        macos = "darwin";
+        darwin = "darwin";
+        linux = "linux";
+      }
+      .${string.toLower config.type};
+    modules = [
+      # per-OS modules
+      meta.modules.${config.folder}
+      # per-OS configuration
+      meta.${config.folder}.base
+    ];
+    builder =
+      {
+        nixos = let
+          lib = inputs.nixpkgs.lib.extend (self: super:
+            import (inputs.arcexprs + "/lib") {
+              inherit super;
+              lib = self;
+              isOverlayLib = true;
+            });
+          sys = args:
+            lib.nixosSystem ({
+                inherit lib;
+              }
+              // args);
+        in
+          sys;
+        darwin = inputs.darwin.lib.darwinSystem;
+        macos = inputs.darwin.lib.darwinSystem;
+      }
+      .${string.toLower config.type};
+    built = mkOptionDefault (config.builder {
+      inherit (config) system modules specialArgs;
+    });
+    specialArgs = {
+      inherit name inputs std meta;
+      systemType = config.folder;
+      system = config;
+    };
+  };
+}