add data/services.nix for shared service definitions

Creates a standalone data file that can be imported by both aspects/constants.nix and terranix configurations. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 22:46:49 -03:00 · 2026-02-06 22:46:49 -03:00 · bde5e2aabc
commit bde5e2aabc
parent 848f79f8bb
20 changed files with 189 additions and 57 deletions
--- a/aspects/desktop/boot.nix
+++ b/aspects/desktop/boot.nix
@ -1,9 +1,6 @@
-{ inputs, ... }:
+{ ... }:
 {
  flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: {
-    # Import parent aspect for inheritance
-    imports = [ inputs.self.modules.nixos.common-boot ];
-
    boot = {
      plymouth.enable = true;
      initrd.systemd.enable = true;
--- a/aspects/desktop/nix.nix
+++ b/aspects/desktop/nix.nix
@ -1,9 +1,6 @@
 { inputs, ... }:
 {
  flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: {
-    # Import parent aspect for inheritance
-    imports = [ inputs.self.modules.nixos.common-nix ];
-
    environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;

    nix = {
--- a/aspects/desktop/services.nix
+++ b/aspects/desktop/services.nix
@ -1,9 +1,6 @@
-{ inputs, ... }:
+{ ... }:
 {
  flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: {
-    # Import parent aspect for inheritance
-    imports = [ inputs.self.modules.nixos.common-services ];
-
    services = {
      printing.enable = true;
      udev.packages = with pkgs; [ yubikey-personalization ];
--- a/aspects/hosts/_alexandria/jellyfin.nix
+++ b/aspects/hosts/_alexandria/jellyfin.nix
@ -1,7 +1,6 @@
 { lib, inputs, ... }:
 let
-  utils = import ../../../utils.nix { inherit inputs lib; };
-  inherit (utils) mkNginxVHosts;
+  mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
 in
 {
  services.jellyfin = {
--- a/aspects/hosts/_alexandria/kanidm.nix
+++ b/aspects/hosts/_alexandria/kanidm.nix
@ -7,8 +7,7 @@
 }:

 let
-  utils = import ../../../utils.nix { inherit inputs lib; };
-  inherit (utils) mkNginxVHosts;
+  mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
  kanidmCertDir = "/var/lib/kanidm/certs";
 in

--- a/aspects/hosts/_alexandria/nextcloud.nix
+++ b/aspects/hosts/_alexandria/nextcloud.nix
@ -7,8 +7,7 @@
 }:

 let
-  utils = import ../../../utils.nix { inherit inputs lib; };
-  inherit (utils) mkNginxVHosts;
+  mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
 in

 {
--- a/aspects/hosts/_alexandria/nginx.nix
+++ b/aspects/hosts/_alexandria/nginx.nix
@ -6,8 +6,7 @@
 }:

 let
-  utils = import ../../../utils.nix { inherit inputs lib; };
-  inherit (utils) mkNginxVHosts services;
+  services = inputs.self.services;

  # Get all unique domains from shared services that have LAN IPs (served by this host)
  localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services));
--- a/aspects/hosts/_alexandria/unbound.nix
+++ b/aspects/hosts/_alexandria/unbound.nix
@ -1,7 +1,7 @@
 { inputs, lib, ... }:

 let
-  utils = import ../../../utils.nix { inherit inputs lib; };
+  services = inputs.self.services;
 in

 {
@ -35,7 +35,7 @@ in
        # LAN-only DNS records
        local-zone = ''"baduhai.dev." transparent'';
        local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'')
-          (lib.filter (e: e ? lanIP) utils.services);
+          (lib.filter (e: e.lanIP != null) services);
      };

      forward-zone = [
--- a/aspects/hosts/_alexandria/vaultwarden.nix
+++ b/aspects/hosts/_alexandria/vaultwarden.nix
@ -5,8 +5,7 @@
  ...
 }:
 let
-  utils = import ../../../utils.nix { inherit inputs lib; };
-  inherit (utils) mkNginxVHosts;
+  mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
 in
 {
  services.vaultwarden = {
--- a/aspects/hosts/_trantor/forgejo.nix
+++ b/aspects/hosts/_trantor/forgejo.nix
@ -6,8 +6,7 @@
 }:

 let
-  utils = import ../../../utils.nix { inherit inputs lib; };
-  inherit (utils) mkNginxVHosts;
+  mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
 in

 {
--- a/aspects/hosts/_trantor/nginx.nix
+++ b/aspects/hosts/_trantor/nginx.nix
@ -6,8 +6,7 @@
 }:

 let
-  utils = import ../../../utils.nix { inherit inputs lib; };
-  inherit (utils) mkNginxVHosts services;
+  services = inputs.self.services;

  # Get all unique domains from shared services on trantor (host = "trantor")
  localDomains = lib.unique (
--- a/aspects/hosts/_trantor/unbound.nix
+++ b/aspects/hosts/_trantor/unbound.nix
@ -1,7 +1,7 @@
 { inputs, lib, ... }:

 let
-  utils = import ../../../utils.nix { inherit inputs lib; };
+  services = inputs.self.services;
 in

 {
@ -35,7 +35,7 @@ in

        # Tailnet DNS records from shared services
        local-zone = ''"baduhai.dev." transparent'';
-        local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services;
+        local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') services;
      };

      forward-zone = [
--- a/aspects/server/boot.nix
+++ b/aspects/server/boot.nix
@ -1,10 +1,7 @@
 # aspects/server/boot.nix
-{ inputs, ... }:
+{ ... }:
 {
  flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: {
-    # Import parent aspect for inheritance
-    imports = [ inputs.self.modules.nixos.common-boot ];
-
    boot.kernelPackages = pkgs.linuxPackages_hardened;
  };
 }
--- a/aspects/server/nix.nix
+++ b/aspects/server/nix.nix
@ -2,9 +2,6 @@
 { inputs, ... }:
 {
  flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: {
-    # Import parent aspect for inheritance
-    imports = [ inputs.self.modules.nixos.common-nix ];
-
    environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;

    nix = {
--- a/aspects/server/tailscale.nix
+++ b/aspects/server/tailscale.nix
@ -1,10 +1,7 @@
 # aspects/server/tailscale.nix
-{ inputs, ... }:
+{ ... }:
 {
  flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: {
-    # Import parent aspect for inheritance
-    imports = [ inputs.self.modules.nixos.common-tailscale ];
-
    services.tailscale = {
      extraSetFlags = [ "--advertise-exit-node" ];
      useRoutingFeatures = "server";
--- a/data/services.nix
+++ b/data/services.nix
@ -0,0 +1,42 @@
+# Shared service and host definitions
+# This file can be imported directly (unlike aspects which use flake-parts)
+{
+  hosts = {
+    alexandria = {
+      lanIP = "192.168.15.142";
+      tailscaleIP = "100.76.19.50";
+    };
+    trantor = {
+      tailscaleIP = "100.108.5.90";
+    };
+  };
+
+  services = [
+    {
+      name = "kanidm";
+      domain = "auth.baduhai.dev";
+      host = "alexandria";
+    }
+    {
+      name = "vaultwarden";
+      domain = "pass.baduhai.dev";
+      host = "alexandria";
+    }
+    {
+      name = "forgejo";
+      domain = "git.baduhai.dev";
+      host = "trantor";
+      public = true;
+    }
+    {
+      name = "nextcloud";
+      domain = "cloud.baduhai.dev";
+      host = "alexandria";
+    }
+    {
+      name = "jellyfin";
+      domain = "jellyfin.baduhai.dev";
+      host = "alexandria";
+    }
+  ];
+}
--- a/flake.lock
+++ b/flake.lock
@ -453,6 +453,21 @@
        "type": "github"
      }
    },
+    "import-tree": {
+      "locked": {
+        "lastModified": 1763762820,
+        "narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=",
+        "owner": "vic",
+        "repo": "import-tree",
+        "rev": "3c23749d8013ec6daa1d7255057590e9ca726646",
+        "type": "github"
+      },
+      "original": {
+        "owner": "vic",
+        "repo": "import-tree",
+        "type": "github"
+      }
+    },
    "niri": {
      "inputs": {
        "nixpkgs": "nixpkgs_4",
@ -932,6 +947,7 @@
        "flake-parts": "flake-parts",
        "home-manager": "home-manager_2",
        "impermanence": "impermanence",
+        "import-tree": "import-tree",
        "niri": "niri",
        "niri-flake": "niri-flake",
        "nix-ai-tools": "nix-ai-tools",
--- a/flake.nix
+++ b/flake.nix
@ -58,21 +58,23 @@

  outputs =
    inputs@{ flake-parts, import-tree, ... }:
-    flake-parts.lib.mkFlake { inherit inputs; } (
-      import-tree ./aspects
-      // {
-        systems = [
-          "x86_64-linux"
-          "aarch64-linux"
-        ];
+    let
+      aspectsModule = import-tree ./aspects;
+    in
+    flake-parts.lib.mkFlake { inherit inputs; } {
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+      ];

-        imports = [
-          ./deploy.nix
-          ./devShells.nix
-          ./overlays.nix
-          ./packages.nix
-          ./terranixConfigurations.nix
-        ];
-      }
-    );
+      imports = [
+        flake-parts.flakeModules.modules
+      ] ++ aspectsModule.imports ++ [
+        ./deploy.nix
+        ./devShells.nix
+        ./overlays.nix
+        ./packages.nix
+        ./terranixConfigurations.nix
+      ];
+    };
 }
--- a/plan.md
+++ b/plan.md
@ -0,0 +1,89 @@
+# Current structure:
+
+```
+ hosts
+├──  alexandria
+│   ├──  hardware-configuration.nix
+│   ├──  jellyfin.nix
+│   ├──  kanidm.nix
+│   ├──  nextcloud.nix
+│   ├──  nginx.nix
+│   ├──  unbound.nix
+│   └──  vaultwarden.nix
+├──  io
+│   ├──  boot.nix
+│   ├──  disko.nix
+│   ├──  hardware-configuration.nix
+│   ├──  programs.nix
+│   └──  services.nix
+├──  modules
+│   ├──  common
+│   │   ├──  boot.nix
+│   │   ├──  console.nix
+│   │   ├──  firewall.nix
+│   │   ├──  locale.nix
+│   │   ├──  nix.nix
+│   │   ├──  openssh.nix
+│   │   ├──  programs.nix
+│   │   ├──  security.nix
+│   │   ├──  services.nix
+│   │   ├──  tailscale.nix
+│   │   └──  users.nix
+│   ├──  desktop
+│   │   ├──  boot.nix
+│   │   ├──  desktop.nix
+│   │   ├──  nix.nix
+│   │   └──  services.nix
+│   ├──  server
+│   │   ├──  boot.nix
+│   │   ├──  nix.nix
+│   │   └──  tailscale.nix
+│   ├──  ai.nix
+│   ├──  bluetooth.nix
+│   ├──  dev.nix
+│   ├──  ephemeral.nix
+│   ├──  fwupd.nix
+│   ├──  gaming.nix
+│   ├──  libvirtd.nix
+│   ├──  networkmanager.nix
+│   └──  podman.nix
+├──  rotterdam
+│   ├──  boot.nix
+│   ├──  hardware-configuration.nix
+│   ├──  hardware.nix
+│   ├──  programs.nix
+│   └──  services.nix
+└──  trantor
+    ├──  boot.nix
+    ├──  disko.nix
+    ├──  fail2ban.nix
+    ├──  forgejo.nix
+    ├──  hardware-configuration.nix
+    ├──  networking.nix
+    ├──  nginx.nix
+    ├──  openssh.nix
+    └──  unbound.nix
+ modules
+└──  ephemeral.nix
+ users
+├──  modules
+│   ├──  common
+│   │   ├──  bash.nix
+│   │   ├──  fish.nix
+│   │   └──  hm-cli.nix
+│   ├──  desktop
+│   │   ├──  desktop.nix
+│   │   └──  niri.nix
+│   ├──  btop.nix
+│   ├──  comma.nix
+│   ├──  direnv.nix
+│   ├──  gaming.nix
+│   ├──  helix.nix
+│   ├──  obs-studio.nix
+│   ├──  starship.nix
+│   ├──  stylix.nix
+│   └──  tmux.nix
+└──  user
+    └──  git.nix
+```
+
--- a/terranix/cloudflare/baduhai.dev.nix
+++ b/terranix/cloudflare/baduhai.dev.nix
@ -6,7 +6,15 @@
 { config, lib, ... }:

 let
-  inherit (import ../../shared/services.nix) services;
+  sharedData = import ../../data/services.nix;
+  # Enrich services with host IPs
+  services = map (svc:
+    let hostInfo = sharedData.hosts.${svc.host} or {};
+    in svc // {
+      lanIP = hostInfo.lanIP or null;
+      tailscaleIP = hostInfo.tailscaleIP or null;
+    }
+  ) sharedData.services;

  # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git")
  getSubdomain = domain: lib.head (lib.splitString "." domain);