split nix and system

Flake lock file updates:

• Updated input 'my-nixpkgs':
    'github:qaristote/my-nixpkgs/65eb03f15116223871d06254dc453abc79bcffaa' (2025-03-18)
  → 'github:qaristote/my-nixpkgs/14fb28f55fa552aaeffb987e4078e16691bde5b0' (2025-03-22)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/da044451c6a70518db5b730fe277b70f494188f1' (2025-03-18)
  → 'github:NixOS/nixpkgs/7105ae3957700a9646cc4b766f5815b23ed0c682' (2025-03-20)

4 files changed, 16 insertions, 83 deletions

diff --git a/config/default.nix b/config/default.nix
index dd22e26..c1bc7e3 100644
--- a/config/default.nix
+++ b/config/default.nix
@@ -7,6 +7,7 @@
     ./networking.nix
     ./nix.nix
     ./services
+    ./system.nix
     ./users.nix
   ];
 
diff --git a/config/nix.nix b/config/nix.nix
index a5110a6..3142f93 100644
--- a/config/nix.nix
+++ b/config/nix.nix
@@ -1,92 +1,11 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  allowReboot = true;
-in {
+{...}: {
   personal.nix = {
     enable = true;
-    autoUpgrade.enable = true;
     gc.enable = true;
-    flake = "git+file:///etc/nixos/";
-    remoteBuilds = {
-      enable = true;
-      machines.hephaistos = {
-        enable = true;
-        domain = "aristote.mesh";
-        user = config.networking.hostName;
-      };
-    };
   };
 
-  system.autoUpgrade = {inherit allowReboot;};
-
-  # disable remote builds
-  nix.settings.max-jobs = 0;
   nixpkgs.flake = {
     setNixPath = true;
     setFlakeRegistry = true;
   };
-
-  systemd.services.nixos-upgrade = {
-    preStart = lib.mkForce ''
-      cd /etc/nixos
-      # requires to have added
-      # hephaistos.aristote.mesh:/~/nixos-configuration
-      # as remote hephaistos
-      git push --force hephaistos master
-    '';
-    postStop = lib.mkForce "";
-    serviceConfig.TimeoutStopSec = lib.mkForce (lib.mkOptionDefault "");
-    script = lib.mkForce (let
-      hephaistos = "hephaistos.aristote.mesh";
-    in
-      ''
-        RESULT=$(ssh ${hephaistos} -- \
-          'nix build --print-out-paths \
-                     git+file://$(pwd)/nixos-configuration#nixosConfigurations.hermes.config.system.build.toplevel' \
-          )
-        nix-copy-closure --from ${hephaistos} "$RESULT"
-      ''
-      + (
-        let
-          switch = "$RESULT/bin/switch-to-configuration";
-          readlink = "${pkgs.coreutils}/bin/readlink";
-          luksCfg = config.boot.initrd.luks.devices;
-          crypt = luksCfg.crypt.device;
-        in
-          if allowReboot
-          then ''
-            ${switch} boot
-            booted="$(${readlink} /run/booted-system/{initrd,kernel,kernel-modules})"
-            built="$(${readlink} /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})"
-            if [ "$booted" = "$built" ]
-            then
-              ${switch} switch
-            else
-            ${lib.optionalString (luksCfg ? crypt) ''
-              cryptsetup luksAddKey ${crypt} /etc/luks/keys/tmp \
-                         --key-file /etc/luks/keys/master \
-                         --verbose
-            ''}
-              shutdown -r now ${lib.optionalString (luksCfg ? crypt) ''              || \
-                            cryptsetup luksRemoveKey ${crypt} \
-                                       --key-file /etc/luks/keys/tmp \
-                                       --verbose
-            ''}
-            fi
-          ''
-          else ''
-            ${switch} switch
-          ''
-      ));
-    serviceConfig = {
-      MemoryAccounting = true;
-      MemoryHigh = "0.9G";
-      MemoryMax = "1G";
-      MemorySwapMax = "0";
-    };
-  };
 }
diff --git a/config/services/web/quentin/default.nix b/config/services/web/quentin/default.nix
index ac617f7..7194190 100644
--- a/config/services/web/quentin/default.nix
+++ b/config/services/web/quentin/default.nix
@@ -16,5 +16,5 @@
   };
 
   # automatically fetch (non-structural) website updates when updating the system
-  personal.nix.autoUpgrade.autoUpdateInputs = lib.mkOptionDefault ["personal-webpage/data"];
+  personal.system.autoUpgrade.autoUpdateInputs = lib.mkOptionDefault ["personal-webpage/data"];
 }
diff --git a/config/system.nix b/config/system.nix
new file mode 100644
index 0000000..847a046
--- /dev/null
+++ b/config/system.nix
@@ -0,0 +1,13 @@
+{...}: {
+  personal.system = {
+    flake = "git+file:///etc/nixos/";
+    autoUpgrade = {
+      enable = true;
+      remoteBuilding = {
+        enable = true;
+        builder.domain = "aristote.mesh";
+      };
+    };
+  };
+  system.autoUpgrade.allowReboot = true;
+}