new readme

2026-02-18 16:18:07 -03:00 · 2026-02-18 16:18:07 -03:00 · 80b1246ad8
commit 80b1246ad8
parent 561fdf5ef4
1 changed files with 58 additions and 72 deletions
--- a/readme.md
+++ b/readme.md
@ -1,87 +1,73 @@
-# Nix Configuration
+# NixOS Flake Configuration
-My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would.
+Modular NixOS configuration using flake-parts with the [dendritic](https://github.com/gytis-ivaskevicius/dendritic) pattern.
 ## Structure
 ```
 .
 ├── aspects/           # Reusable NixOS/home-manager modules (dendritic)
 │   ├── base/          # Base system configuration
 │   ├── hosts/         # Host-specific configurations
 │   │   ├── _alexandria/
 │   │   ├── _io/
 │   │   ├── _rotterdam/
 │   │   └── _trantor/
 │   ├── systems/       # System type modules (desktop, server, cli, gaming)
 │   └── users/         # User account configurations
 ├── data/              # Shared host/service definitions
 ├── packages/          # Custom packages and overlays
 ├── shells/            # Shell configurations
 └── terranix/          # Terraform configurations for cloud resources
 ```
 ## Hosts
-### Desktop Systems
+| Host | Architecture | Type | Description |
- **rotterdam** - Main desktop workstation (x86_64)
+|------|--------------|------|-------------|
-  - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman
+| trantor | aarch64-linux | server | ARM server running Forgejo |
-  - Storage: Ephemeral root with LUKS encryption
+| alexandria | x86_64-linux | server | x86 server (Kanidm, Vaultwarden, Nextcloud, Jellyfin) |
-
+| rotterdam | x86_64-linux | desktop | Gaming desktop with GPU passthrough |
- **io** - Laptop workstation (x86_64)
+| io | x86_64-linux | desktop | Workstation |
  - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman
  - Storage: Ephemeral root with LUKS encryption
 ### Servers
 - **alexandria** - Home server (x86_64)
  - Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm
 - **trantor** - Cloud server (aarch64)
  - Hosts: Forgejo
  - Cloud provider: Oracle Cloud Infrastructure
  - Storage: Ephemeral root with btrfs
 ## Home Manager Configurations
 - **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment
 - **user@io** - Lightweight desktop setup
 Both configurations include:
 - btop, direnv, helix, starship, tmux
 - Stylix theme management
 - Fish shell with custom configurations
 ## Terranix Configurations
 Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu):
 - **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server
 - **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain
 - **tailscale-tailnet** - Tailscale network ACL and device management
 ## Services
-All services are accessible via custom domains under baduhai.dev:
+- **git.baduhai.dev** (Forgejo) - Publicly accessible on trantor
- **Kanidm** (auth.baduhai.dev) - Identity and access management
+Other services (LAN/Tailscale only): Kanidm, Vaultwarden, Nextcloud, Jellyfin
 - **Vaultwarden** (pass.baduhai.dev) - Password manager
 - **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible)
 - **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration
 - **Jellyfin** (jellyfin.baduhai.dev) - Media server
-Services are accessible via:
+## Features
 - LAN for alexandria-hosted services
 - Tailscale VPN for all services
 - Public internet for Forgejo only
-## Notable Features
+- **Ephemeral root**: Automatic btrfs subvolume rollover with impermanence
 - **Secrets**: Managed via agenix with age encryption
 - **Disk management**: disko for declarative disk partitioning
 - **Modular architecture**: Each aspect is a separate module imported via import-tree
 - **Dendritic pattern**: Aspects are imported as a unified flake module
-### Ephemeral Root
+## Building
 Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot:
 - Root filesystem is automatically rolled back using btrfs snapshots
 - Old snapshots retained for 30 days
 - Persistent data stored in dedicated subvolumes
 - Implements truly stateless systems
-### Custom DNS Architecture
+```bash
- Unbound DNS servers on both alexandria and trantor
+# Build specific host
- Service routing based on visibility flags (public/LAN/Tailscale)
+nix build .#nixosConfigurations.trantor.config.system.build.toplevel
 - Split-horizon DNS for optimal access paths
-### Security
+# Rebuild host (if using nixos-cli on the host)
- LUKS full-disk encryption on desktop systems
+sudo nixos apply
- Fail2ban on public-facing servers
+```
 - agenix for secrets management
 - Tailscale for secure remote access
-### Desktop Environment
+## Terranix
 - Custom Niri window manager (Wayland compositor)
 - Using forked version with auto-centering feature
 - Stylix for consistent theming
-### Development Setup
+Terraform configurations for cloud infrastructure managed via terranix:
- Nix flakes for reproducible builds
+
- deploy-rs for automated deployments
+- baduhai.dev DNS
- Podman for containerization
+- Cloudflare tunnel endpoints
- Complete AI tooling integration
+- Tailscale subnet routers
 ## Key Dependencies
 - nixpkgs (nixos-unstable for workstations, nixos for servers)
 - home-manager
 - agenix
 - disko
 - impermanence
 - nix-flatpak
 - nixos-cli