From bde5e2aabc17b452be085704cfdaa9e11e510fa6 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:46:49 -0300 Subject: [PATCH] add data/services.nix for shared service definitions Creates a standalone data file that can be imported by both aspects/constants.nix and terranix configurations. Co-Authored-By: Claude Opus 4.5 --- aspects/desktop/boot.nix | 5 +- aspects/desktop/nix.nix | 3 - aspects/desktop/services.nix | 5 +- aspects/hosts/_alexandria/jellyfin.nix | 3 +- aspects/hosts/_alexandria/kanidm.nix | 3 +- aspects/hosts/_alexandria/nextcloud.nix | 3 +- aspects/hosts/_alexandria/nginx.nix | 3 +- aspects/hosts/_alexandria/unbound.nix | 4 +- aspects/hosts/_alexandria/vaultwarden.nix | 3 +- aspects/hosts/_trantor/forgejo.nix | 3 +- aspects/hosts/_trantor/nginx.nix | 3 +- aspects/hosts/_trantor/unbound.nix | 4 +- aspects/server/boot.nix | 5 +- aspects/server/nix.nix | 3 - aspects/server/tailscale.nix | 5 +- data/services.nix | 42 +++++++++++ flake.lock | 16 ++++ flake.nix | 34 +++++---- plan.md | 89 +++++++++++++++++++++++ terranix/cloudflare/baduhai.dev.nix | 10 ++- 20 files changed, 189 insertions(+), 57 deletions(-) create mode 100644 data/services.nix create mode 100644 plan.md diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix index bd98184..48f879d 100644 --- a/aspects/desktop/boot.nix +++ b/aspects/desktop/boot.nix @@ -1,9 +1,6 @@ -{ inputs, ... }: +{ ... }: { flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-boot ]; - boot = { plymouth.enable = true; initrd.systemd.enable = true; diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix index 67cfa11..a3aa421 100644 --- a/aspects/desktop/nix.nix +++ b/aspects/desktop/nix.nix @@ -1,9 +1,6 @@ { inputs, ... }: { flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-nix ]; - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; nix = { diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix index 59f0a56..8ebbb6b 100644 --- a/aspects/desktop/services.nix +++ b/aspects/desktop/services.nix @@ -1,9 +1,6 @@ -{ inputs, ... }: +{ ... }: { flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-services ]; - services = { printing.enable = true; udev.packages = with pkgs; [ yubikey-personalization ]; diff --git a/aspects/hosts/_alexandria/jellyfin.nix b/aspects/hosts/_alexandria/jellyfin.nix index 591403d..0b024bd 100644 --- a/aspects/hosts/_alexandria/jellyfin.nix +++ b/aspects/hosts/_alexandria/jellyfin.nix @@ -1,7 +1,6 @@ { lib, inputs, ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { services.jellyfin = { diff --git a/aspects/hosts/_alexandria/kanidm.nix b/aspects/hosts/_alexandria/kanidm.nix index d51eb14..35e08c8 100644 --- a/aspects/hosts/_alexandria/kanidm.nix +++ b/aspects/hosts/_alexandria/kanidm.nix @@ -7,8 +7,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; kanidmCertDir = "/var/lib/kanidm/certs"; in diff --git a/aspects/hosts/_alexandria/nextcloud.nix b/aspects/hosts/_alexandria/nextcloud.nix index 9d69199..c4a9669 100644 --- a/aspects/hosts/_alexandria/nextcloud.nix +++ b/aspects/hosts/_alexandria/nextcloud.nix @@ -7,8 +7,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { diff --git a/aspects/hosts/_alexandria/nginx.nix b/aspects/hosts/_alexandria/nginx.nix index 19258dd..26a7ba1 100644 --- a/aspects/hosts/_alexandria/nginx.nix +++ b/aspects/hosts/_alexandria/nginx.nix @@ -6,8 +6,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; + services = inputs.self.services; # Get all unique domains from shared services that have LAN IPs (served by this host) localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); diff --git a/aspects/hosts/_alexandria/unbound.nix b/aspects/hosts/_alexandria/unbound.nix index 6e46cdd..07c8850 100644 --- a/aspects/hosts/_alexandria/unbound.nix +++ b/aspects/hosts/_alexandria/unbound.nix @@ -1,7 +1,7 @@ { inputs, lib, ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; + services = inputs.self.services; in { @@ -35,7 +35,7 @@ in # LAN-only DNS records local-zone = ''"baduhai.dev." transparent''; local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') - (lib.filter (e: e ? lanIP) utils.services); + (lib.filter (e: e.lanIP != null) services); }; forward-zone = [ diff --git a/aspects/hosts/_alexandria/vaultwarden.nix b/aspects/hosts/_alexandria/vaultwarden.nix index 81e65b1..8577b2d 100644 --- a/aspects/hosts/_alexandria/vaultwarden.nix +++ b/aspects/hosts/_alexandria/vaultwarden.nix @@ -5,8 +5,7 @@ ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { services.vaultwarden = { diff --git a/aspects/hosts/_trantor/forgejo.nix b/aspects/hosts/_trantor/forgejo.nix index e6b2159..1112622 100644 --- a/aspects/hosts/_trantor/forgejo.nix +++ b/aspects/hosts/_trantor/forgejo.nix @@ -6,8 +6,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index 1fd6b5c..5522e24 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -6,8 +6,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; + services = inputs.self.services; # Get all unique domains from shared services on trantor (host = "trantor") localDomains = lib.unique ( diff --git a/aspects/hosts/_trantor/unbound.nix b/aspects/hosts/_trantor/unbound.nix index 367c2c8..9f84228 100644 --- a/aspects/hosts/_trantor/unbound.nix +++ b/aspects/hosts/_trantor/unbound.nix @@ -1,7 +1,7 @@ { inputs, lib, ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; + services = inputs.self.services; in { @@ -35,7 +35,7 @@ in # Tailnet DNS records from shared services local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; + local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') services; }; forward-zone = [ diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix index 68397f2..ff5ef25 100644 --- a/aspects/server/boot.nix +++ b/aspects/server/boot.nix @@ -1,10 +1,7 @@ # aspects/server/boot.nix -{ inputs, ... }: +{ ... }: { flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-boot ]; - boot.kernelPackages = pkgs.linuxPackages_hardened; }; } diff --git a/aspects/server/nix.nix b/aspects/server/nix.nix index b22565c..84bec67 100644 --- a/aspects/server/nix.nix +++ b/aspects/server/nix.nix @@ -2,9 +2,6 @@ { inputs, ... }: { flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-nix ]; - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; nix = { diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix index 433494c..5a48799 100644 --- a/aspects/server/tailscale.nix +++ b/aspects/server/tailscale.nix @@ -1,10 +1,7 @@ # aspects/server/tailscale.nix -{ inputs, ... }: +{ ... }: { flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-tailscale ]; - services.tailscale = { extraSetFlags = [ "--advertise-exit-node" ]; useRoutingFeatures = "server"; diff --git a/data/services.nix b/data/services.nix new file mode 100644 index 0000000..ae7395c --- /dev/null +++ b/data/services.nix @@ -0,0 +1,42 @@ +# Shared service and host definitions +# This file can be imported directly (unlike aspects which use flake-parts) +{ + hosts = { + alexandria = { + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + }; + trantor = { + tailscaleIP = "100.108.5.90"; + }; + }; + + services = [ + { + name = "kanidm"; + domain = "auth.baduhai.dev"; + host = "alexandria"; + } + { + name = "vaultwarden"; + domain = "pass.baduhai.dev"; + host = "alexandria"; + } + { + name = "forgejo"; + domain = "git.baduhai.dev"; + host = "trantor"; + public = true; + } + { + name = "nextcloud"; + domain = "cloud.baduhai.dev"; + host = "alexandria"; + } + { + name = "jellyfin"; + domain = "jellyfin.baduhai.dev"; + host = "alexandria"; + } + ]; +} diff --git a/flake.lock b/flake.lock index b5b63cf..c7b2e16 100644 --- a/flake.lock +++ b/flake.lock @@ -453,6 +453,21 @@ "type": "github" } }, + "import-tree": { + "locked": { + "lastModified": 1763762820, + "narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=", + "owner": "vic", + "repo": "import-tree", + "rev": "3c23749d8013ec6daa1d7255057590e9ca726646", + "type": "github" + }, + "original": { + "owner": "vic", + "repo": "import-tree", + "type": "github" + } + }, "niri": { "inputs": { "nixpkgs": "nixpkgs_4", @@ -932,6 +947,7 @@ "flake-parts": "flake-parts", "home-manager": "home-manager_2", "impermanence": "impermanence", + "import-tree": "import-tree", "niri": "niri", "niri-flake": "niri-flake", "nix-ai-tools": "nix-ai-tools", diff --git a/flake.nix b/flake.nix index 701406d..ca1a349 100644 --- a/flake.nix +++ b/flake.nix @@ -58,21 +58,23 @@ outputs = inputs@{ flake-parts, import-tree, ... }: - flake-parts.lib.mkFlake { inherit inputs; } ( - import-tree ./aspects - // { - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; + let + aspectsModule = import-tree ./aspects; + in + flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; - imports = [ - ./deploy.nix - ./devShells.nix - ./overlays.nix - ./packages.nix - ./terranixConfigurations.nix - ]; - } - ); + imports = [ + flake-parts.flakeModules.modules + ] ++ aspectsModule.imports ++ [ + ./deploy.nix + ./devShells.nix + ./overlays.nix + ./packages.nix + ./terranixConfigurations.nix + ]; + }; } diff --git a/plan.md b/plan.md new file mode 100644 index 0000000..af88fb9 --- /dev/null +++ b/plan.md @@ -0,0 +1,89 @@ +# Current structure: + +``` + hosts +├──  alexandria +│ ├──  hardware-configuration.nix +│ ├──  jellyfin.nix +│ ├──  kanidm.nix +│ ├──  nextcloud.nix +│ ├──  nginx.nix +│ ├──  unbound.nix +│ └──  vaultwarden.nix +├──  io +│ ├──  boot.nix +│ ├──  disko.nix +│ ├──  hardware-configuration.nix +│ ├──  programs.nix +│ └──  services.nix +├──  modules +│ ├──  common +│ │ ├──  boot.nix +│ │ ├──  console.nix +│ │ ├──  firewall.nix +│ │ ├──  locale.nix +│ │ ├──  nix.nix +│ │ ├──  openssh.nix +│ │ ├──  programs.nix +│ │ ├──  security.nix +│ │ ├──  services.nix +│ │ ├──  tailscale.nix +│ │ └──  users.nix +│ ├──  desktop +│ │ ├──  boot.nix +│ │ ├──  desktop.nix +│ │ ├──  nix.nix +│ │ └──  services.nix +│ ├──  server +│ │ ├──  boot.nix +│ │ ├──  nix.nix +│ │ └──  tailscale.nix +│ ├──  ai.nix +│ ├──  bluetooth.nix +│ ├──  dev.nix +│ ├──  ephemeral.nix +│ ├──  fwupd.nix +│ ├──  gaming.nix +│ ├──  libvirtd.nix +│ ├──  networkmanager.nix +│ └──  podman.nix +├──  rotterdam +│ ├──  boot.nix +│ ├──  hardware-configuration.nix +│ ├──  hardware.nix +│ ├──  programs.nix +│ └──  services.nix +└──  trantor + ├──  boot.nix + ├──  disko.nix + ├──  fail2ban.nix + ├──  forgejo.nix + ├──  hardware-configuration.nix + ├──  networking.nix + ├──  nginx.nix + ├──  openssh.nix + └──  unbound.nix + modules +└──  ephemeral.nix + users +├──  modules +│ ├──  common +│ │ ├──  bash.nix +│ │ ├──  fish.nix +│ │ └──  hm-cli.nix +│ ├──  desktop +│ │ ├──  desktop.nix +│ │ └──  niri.nix +│ ├──  btop.nix +│ ├──  comma.nix +│ ├──  direnv.nix +│ ├──  gaming.nix +│ ├──  helix.nix +│ ├──  obs-studio.nix +│ ├──  starship.nix +│ ├──  stylix.nix +│ └──  tmux.nix +└──  user + └──  git.nix +``` + diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index 1b456f3..185e5bd 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -6,7 +6,15 @@ { config, lib, ... }: let - inherit (import ../../shared/services.nix) services; + sharedData = import ../../data/services.nix; + # Enrich services with host IPs + services = map (svc: + let hostInfo = sharedData.hosts.${svc.host} or {}; + in svc // { + lanIP = hostInfo.lanIP or null; + tailscaleIP = hostInfo.tailscaleIP or null; + } + ) sharedData.services; # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") getSubdomain = domain: lib.head (lib.splitString "." domain);