baduhai/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add data/services.nix for shared service definitions

Browse source 
Creates a standalone data file that can be imported by both
aspects/constants.nix and terranix configurations.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
William 2026-02-06 22:46:49 -03:00
parent 848f79f8bb
commit bde5e2aabc
20 changed files with 189 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

5
aspects/desktop/boot.nix
View file

@ -1,9 +1,6 @@
{ inputs, ... }: { ... }:
{ {
flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: { flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: {
# Import parent aspect for inheritance
imports = [ inputs.self.modules.nixos.common-boot ];
boot = { boot = {
plymouth.enable = true; plymouth.enable = true;
initrd.systemd.enable = true; initrd.systemd.enable = true;

3
aspects/desktop/nix.nix
View file

@ -1,9 +1,6 @@
{ inputs, ... }: { inputs, ... }:
{ {
flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: { flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: {
# Import parent aspect for inheritance
imports = [ inputs.self.modules.nixos.common-nix ];
environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
nix = { nix = {

5
aspects/desktop/services.nix
View file

@ -1,9 +1,6 @@
{ inputs, ... }: { ... }:
{ {
flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: { flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: {
# Import parent aspect for inheritance
imports = [ inputs.self.modules.nixos.common-services ];
services = { services = {
printing.enable = true; printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ]; udev.packages = with pkgs; [ yubikey-personalization ];

3
aspects/hosts/_alexandria/jellyfin.nix
View file

@ -1,7 +1,6 @@
{ lib, inputs, ... }: { lib, inputs, ... }:
let let
utils = import ../../../utils.nix { inherit inputs lib; }; mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
inherit (utils) mkNginxVHosts;
in in
{ {
services.jellyfin = { services.jellyfin = {

3
aspects/hosts/_alexandria/kanidm.nix
View file

@ -7,8 +7,7 @@
}: }:
let let
utils = import ../../../utils.nix { inherit inputs lib; }; mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
inherit (utils) mkNginxVHosts;
kanidmCertDir = "/var/lib/kanidm/certs"; kanidmCertDir = "/var/lib/kanidm/certs";
in in

3
aspects/hosts/_alexandria/nextcloud.nix
View file

@ -7,8 +7,7 @@
}: }:
let let
utils = import ../../../utils.nix { inherit inputs lib; }; mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
inherit (utils) mkNginxVHosts;
in in
{ {

3
aspects/hosts/_alexandria/nginx.nix
View file

@ -6,8 +6,7 @@
}: }:
let let
utils = import ../../../utils.nix { inherit inputs lib; }; services = inputs.self.services;
inherit (utils) mkNginxVHosts services;
# Get all unique domains from shared services that have LAN IPs (served by this host) # Get all unique domains from shared services that have LAN IPs (served by this host)
localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services));

4
aspects/hosts/_alexandria/unbound.nix
View file

@ -1,7 +1,7 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
let let
utils = import ../../../utils.nix { inherit inputs lib; }; services = inputs.self.services;
in in
{ {
@ -35,7 +35,7 @@ in
# LAN-only DNS records # LAN-only DNS records
local-zone = ''"baduhai.dev." transparent''; local-zone = ''"baduhai.dev." transparent'';
local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'')
(lib.filter (e: e ? lanIP) utils.services); (lib.filter (e: e.lanIP != null) services);
}; };
forward-zone = [ forward-zone = [

3
aspects/hosts/_alexandria/vaultwarden.nix
View file

@ -5,8 +5,7 @@
... ...
}: }:
let let
utils = import ../../../utils.nix { inherit inputs lib; }; mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
inherit (utils) mkNginxVHosts;
in in
{ {
services.vaultwarden = { services.vaultwarden = {

3
aspects/hosts/_trantor/forgejo.nix
View file

@ -6,8 +6,7 @@
}: }:
let let
utils = import ../../../utils.nix { inherit inputs lib; }; mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
inherit (utils) mkNginxVHosts;
in in
{ {

3
aspects/hosts/_trantor/nginx.nix
View file

@ -6,8 +6,7 @@
}: }:
let let
utils = import ../../../utils.nix { inherit inputs lib; }; services = inputs.self.services;
inherit (utils) mkNginxVHosts services;
# Get all unique domains from shared services on trantor (host = "trantor") # Get all unique domains from shared services on trantor (host = "trantor")
localDomains = lib.unique ( localDomains = lib.unique (

4
aspects/hosts/_trantor/unbound.nix
View file

@ -1,7 +1,7 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
let let
utils = import ../../../utils.nix { inherit inputs lib; }; services = inputs.self.services;
in in
{ {
@ -35,7 +35,7 @@ in
# Tailnet DNS records from shared services # Tailnet DNS records from shared services
local-zone = ''"baduhai.dev." transparent''; local-zone = ''"baduhai.dev." transparent'';
local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') services;
}; };
forward-zone = [ forward-zone = [

5
aspects/server/boot.nix
View file

@ -1,10 +1,7 @@
# aspects/server/boot.nix # aspects/server/boot.nix
{ inputs, ... }: { ... }:
{ {
flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: { flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: {
# Import parent aspect for inheritance
imports = [ inputs.self.modules.nixos.common-boot ];
boot.kernelPackages = pkgs.linuxPackages_hardened; boot.kernelPackages = pkgs.linuxPackages_hardened;
}; };
} }

3
aspects/server/nix.nix
View file

@ -2,9 +2,6 @@
{ inputs, ... }: { inputs, ... }:
{ {
flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: { flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: {
# Import parent aspect for inheritance
imports = [ inputs.self.modules.nixos.common-nix ];
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = { nix = {

5
aspects/server/tailscale.nix
View file

@ -1,10 +1,7 @@
# aspects/server/tailscale.nix # aspects/server/tailscale.nix
{ inputs, ... }: { ... }:
{ {
flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: { flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: {
# Import parent aspect for inheritance
imports = [ inputs.self.modules.nixos.common-tailscale ];
services.tailscale = { services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ]; extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server"; useRoutingFeatures = "server";

42
data/services.nix Normal file
View file

@ -0,0 +1,42 @@
# Shared service and host definitions
# This file can be imported directly (unlike aspects which use flake-parts)
{
hosts = {
alexandria = {
lanIP = "192.168.15.142";
tailscaleIP = "100.76.19.50";
};
trantor = {
tailscaleIP = "100.108.5.90";
};
};
services = [
{
name = "kanidm";
domain = "auth.baduhai.dev";
host = "alexandria";
}
{
name = "vaultwarden";
domain = "pass.baduhai.dev";
host = "alexandria";
}
{
name = "forgejo";
domain = "git.baduhai.dev";
host = "trantor";
public = true;
}
{
name = "nextcloud";
domain = "cloud.baduhai.dev";
host = "alexandria";
}
{
name = "jellyfin";
domain = "jellyfin.baduhai.dev";
host = "alexandria";
}
];
}

16
flake.lock generated
View file

@ -453,6 +453,21 @@
"type": "github" "type": "github"
} }
}, },
"import-tree": {
"locked": {
"lastModified": 1763762820,
"narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=",
"owner": "vic",
"repo": "import-tree",
"rev": "3c23749d8013ec6daa1d7255057590e9ca726646",
"type": "github"
},
"original": {
"owner": "vic",
"repo": "import-tree",
"type": "github"
}
},
"niri": { "niri": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_4",
@ -932,6 +947,7 @@
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"impermanence": "impermanence", "impermanence": "impermanence",
"import-tree": "import-tree",
"niri": "niri", "niri": "niri",
"niri-flake": "niri-flake", "niri-flake": "niri-flake",
"nix-ai-tools": "nix-ai-tools", "nix-ai-tools": "nix-ai-tools",

34
flake.nix
View file

@ -58,21 +58,23 @@
outputs = outputs =
inputs@{ flake-parts, import-tree, ... }: inputs@{ flake-parts, import-tree, ... }:
flake-parts.lib.mkFlake { inherit inputs; } ( let
import-tree ./aspects aspectsModule = import-tree ./aspects;
// { in
systems = [ flake-parts.lib.mkFlake { inherit inputs; } {
"x86_64-linux" systems = [
"aarch64-linux" "x86_64-linux"
]; "aarch64-linux"
];
imports = [ imports = [
./deploy.nix flake-parts.flakeModules.modules
./devShells.nix ] ++ aspectsModule.imports ++ [
./overlays.nix ./deploy.nix
./packages.nix ./devShells.nix
./terranixConfigurations.nix ./overlays.nix
]; ./packages.nix
} ./terranixConfigurations.nix
); ];
};
} }

89
plan.md Normal file
View file

@ -0,0 +1,89 @@
# Current structure:
```
 hosts
├──  alexandria
│ ├──  hardware-configuration.nix
│ ├──  jellyfin.nix
│ ├──  kanidm.nix
│ ├──  nextcloud.nix
│ ├──  nginx.nix
│ ├──  unbound.nix
│ └──  vaultwarden.nix
├──  io
│ ├──  boot.nix
│ ├──  disko.nix
│ ├──  hardware-configuration.nix
│ ├──  programs.nix
│ └──  services.nix
├──  modules
│ ├──  common
│ │ ├──  boot.nix
│ │ ├──  console.nix
│ │ ├──  firewall.nix
│ │ ├──  locale.nix
│ │ ├──  nix.nix
│ │ ├──  openssh.nix
│ │ ├──  programs.nix
│ │ ├──  security.nix
│ │ ├──  services.nix
│ │ ├──  tailscale.nix
│ │ └──  users.nix
│ ├──  desktop
│ │ ├──  boot.nix
│ │ ├──  desktop.nix
│ │ ├──  nix.nix
│ │ └──  services.nix
│ ├──  server
│ │ ├──  boot.nix
│ │ ├──  nix.nix
│ │ └──  tailscale.nix
│ ├──  ai.nix
│ ├──  bluetooth.nix
│ ├──  dev.nix
│ ├──  ephemeral.nix
│ ├──  fwupd.nix
│ ├──  gaming.nix
│ ├──  libvirtd.nix
│ ├──  networkmanager.nix
│ └──  podman.nix
├──  rotterdam
│ ├──  boot.nix
│ ├──  hardware-configuration.nix
│ ├──  hardware.nix
│ ├──  programs.nix
│ └──  services.nix
└──  trantor
├──  boot.nix
├──  disko.nix
├──  fail2ban.nix
├──  forgejo.nix
├──  hardware-configuration.nix
├──  networking.nix
├──  nginx.nix
├──  openssh.nix
└──  unbound.nix
 modules
└──  ephemeral.nix
 users
├──  modules
│ ├──  common
│ │ ├──  bash.nix
│ │ ├──  fish.nix
│ │ └──  hm-cli.nix
│ ├──  desktop
│ │ ├──  desktop.nix
│ │ └──  niri.nix
│ ├──  btop.nix
│ ├──  comma.nix
│ ├──  direnv.nix
│ ├──  gaming.nix
│ ├──  helix.nix
│ ├──  obs-studio.nix
│ ├──  starship.nix
│ ├──  stylix.nix
│ └──  tmux.nix
└──  user
└──  git.nix
```

10
terranix/cloudflare/baduhai.dev.nix
View file

@ -6,7 +6,15 @@
{ config, lib, ... }: { config, lib, ... }:
let let
inherit (import ../../shared/services.nix) services; sharedData = import ../../data/services.nix;
# Enrich services with host IPs
services = map (svc:
let hostInfo = sharedData.hosts.${svc.host} or {};
in svc // {
lanIP = hostInfo.lanIP or null;
tailscaleIP = hostInfo.tailscaleIP or null;
}
) sharedData.services;
# Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git")
getSubdomain = domain: lib.head (lib.splitString "." domain); getSubdomain = domain: lib.head (lib.splitString "." domain);