From 124d414359468f37f4d80190e23dfc789297945f Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:08:59 -0300 Subject: [PATCH 01/10] packages/overlays: use builtins.readDir for dynamic package discovery Instead of manually listing packages, the overlay now reads the packages/ directory and automatically includes all .nix files (except overlays.nix itself) as overlay attributes. This makes adding new packages simpler - just add the file and it will automatically be included in the overlay. Co-Authored-By: Claude Opus 4.5 --- packages/overlays.nix | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/packages/overlays.nix b/packages/overlays.nix index dde58b6..a36ed60 100644 --- a/packages/overlays.nix +++ b/packages/overlays.nix @@ -1,12 +1,22 @@ { inputs, ... }: +let + packageDir = builtins.readDir ./.; + + # Filter to .nix files, excluding overlays.nix + isPackageFile = name: + name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; + + # Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar") + toPackageName = filename: + builtins.head (builtins.match "(.+)\\.nix$" filename); + + packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir)); +in { - flake.overlays.default = final: prev: { - base16-schemes = inputs.self.packages.${final.system}.base16-schemes; - claude-desktop = inputs.self.packages.${final.system}.claude-desktop; - fastfetch = inputs.self.packages.${final.system}.fastfetch; - hm-cli = inputs.self.packages.${final.system}.hm-cli; - kwrite = inputs.self.packages.${final.system}.kwrite; - toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; - }; + flake.overlays.default = final: prev: + builtins.listToAttrs (map (name: { + inherit name; + value = inputs.self.packages.${final.system}.${name}; + }) packageNames); } From f8478a75ebc2533e67e86a1ce4b0da93ecc69357 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:11:55 -0300 Subject: [PATCH 02/10] shells: convert to self-contained flake-parts module Move devShells.nix to shells/default.nix as a flake-parts module and use import-tree for automatic module discovery. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 3 ++- devShells.nix => shells/default.nix | 0 2 files changed, 2 insertions(+), 1 deletion(-) rename devShells.nix => shells/default.nix (100%) diff --git a/flake.nix b/flake.nix index a4126cb..2cbb189 100644 --- a/flake.nix +++ b/flake.nix @@ -61,6 +61,7 @@ let aspectsModule = import-tree ./aspects; packagesModule = import-tree ./packages; + shellsModule = import-tree ./shells; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -72,9 +73,9 @@ flake-parts.flakeModules.modules ] ++ aspectsModule.imports ++ packagesModule.imports + ++ shellsModule.imports ++ [ ./deploy.nix - ./devShells.nix ./terranixConfigurations.nix ]; }; diff --git a/devShells.nix b/shells/default.nix similarity index 100% rename from devShells.nix rename to shells/default.nix From c7757c139f7a1f840c88ef5c9725c71fb335e95b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:16:58 -0300 Subject: [PATCH 03/10] terranix: convert to self-contained flake-parts modules Each terranix configuration now exports its own flake output as a self-contained module. Flattened directory structure and removed centralized terranixConfigurations.nix in favor of import-tree. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 3 +- terranix/baduhai.dev.nix | 115 +++++++++ terranix/cloudflare/baduhai.dev.nix | 94 -------- terranix/cloudflare/kernelpanic.space.nix | 0 terranix/kernelpanic.space.nix | 19 ++ terranix/oci/terminus.nix | 0 terranix/oci/trantor.nix | 258 -------------------- terranix/tailnet.nix | 59 +++++ terranix/tailscale/tailnet.nix | 43 ---- terranix/terminus.nix | 19 ++ terranix/trantor.nix | 274 ++++++++++++++++++++++ terranixConfigurations.nix | 27 --- 12 files changed, 488 insertions(+), 423 deletions(-) create mode 100644 terranix/baduhai.dev.nix delete mode 100644 terranix/cloudflare/baduhai.dev.nix delete mode 100644 terranix/cloudflare/kernelpanic.space.nix create mode 100644 terranix/kernelpanic.space.nix delete mode 100644 terranix/oci/terminus.nix delete mode 100644 terranix/oci/trantor.nix create mode 100644 terranix/tailnet.nix delete mode 100644 terranix/tailscale/tailnet.nix create mode 100644 terranix/terminus.nix create mode 100644 terranix/trantor.nix delete mode 100644 terranixConfigurations.nix diff --git a/flake.nix b/flake.nix index 2cbb189..c3fa2f6 100644 --- a/flake.nix +++ b/flake.nix @@ -62,6 +62,7 @@ aspectsModule = import-tree ./aspects; packagesModule = import-tree ./packages; shellsModule = import-tree ./shells; + terranixModule = import-tree ./terranix; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -74,9 +75,9 @@ ] ++ aspectsModule.imports ++ packagesModule.imports ++ shellsModule.imports + ++ terranixModule.imports ++ [ ./deploy.nix - ./terranixConfigurations.nix ]; }; } diff --git a/terranix/baduhai.dev.nix b/terranix/baduhai.dev.nix new file mode 100644 index 0000000..396ecf4 --- /dev/null +++ b/terranix/baduhai.dev.nix @@ -0,0 +1,115 @@ +# Required environment variables: +# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.cloudflare-baduhaidev = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, lib, ... }: + + let + sharedData = import ../data/services.nix; + # Enrich services with host IPs + services = map ( + svc: + let + hostInfo = sharedData.hosts.${svc.host} or { }; + in + svc + // { + lanIP = hostInfo.lanIP or null; + tailscaleIP = hostInfo.tailscaleIP or null; + } + ) sharedData.services; + + # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") + getSubdomain = domain: lib.head (lib.splitString "." domain); + + # Generate DNS records for services + # Public services point to trantor's public IP + # Private services point to their tailscale IP + mkServiceRecords = lib.listToAttrs ( + lib.imap0 ( + i: svc: + let + subdomain = getSubdomain svc.domain; + targetIP = + if svc.public or false then + config.data.terraform_remote_state.trantor "outputs.instance_public_ip" + else + svc.tailscaleIP; + in + { + name = "service_${toString i}"; + value = { + zone_id = config.variable.zone_id.default; + name = subdomain; + type = "A"; + content = targetIP; + proxied = false; + ttl = 3600; + }; + } + ) services + ); + in + + { + terraform.required_providers.cloudflare = { + source = "cloudflare/cloudflare"; + version = "~> 5.0"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "cloudflare/baduhai.dev.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + zone_id = { + default = "c63a8332fdddc4a8e5612ddc54557044"; + type = "string"; + }; + }; + + data = { + terraform_remote_state.trantor = { + backend = "s3"; + config = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + }; + }; + + resource.cloudflare_dns_record = mkServiceRecords; + } + ) + ]; + }; + }; +} diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix deleted file mode 100644 index 185e5bd..0000000 --- a/terranix/cloudflare/baduhai.dev.nix +++ /dev/null @@ -1,94 +0,0 @@ -# Required environment variables: -# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, lib, ... }: - -let - sharedData = import ../../data/services.nix; - # Enrich services with host IPs - services = map (svc: - let hostInfo = sharedData.hosts.${svc.host} or {}; - in svc // { - lanIP = hostInfo.lanIP or null; - tailscaleIP = hostInfo.tailscaleIP or null; - } - ) sharedData.services; - - # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") - getSubdomain = domain: lib.head (lib.splitString "." domain); - - # Generate DNS records for services - # Public services point to trantor's public IP - # Private services point to their tailscale IP - mkServiceRecords = lib.listToAttrs ( - lib.imap0 ( - i: svc: - let - subdomain = getSubdomain svc.domain; - targetIP = - if svc.public or false then - config.data.terraform_remote_state.trantor "outputs.instance_public_ip" - else - svc.tailscaleIP; - in - { - name = "service_${toString i}"; - value = { - zone_id = config.variable.zone_id.default; - name = subdomain; - type = "A"; - content = targetIP; - proxied = false; - ttl = 3600; - }; - } - ) services - ); -in - -{ - terraform.required_providers.cloudflare = { - source = "cloudflare/cloudflare"; - version = "~> 5.0"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "cloudflare/baduhai.dev.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - zone_id = { - default = "c63a8332fdddc4a8e5612ddc54557044"; - type = "string"; - }; - }; - - data = { - terraform_remote_state.trantor = { - backend = "s3"; - config = { - bucket = "terraform-state"; - key = "oci/trantor.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - }; - }; - - resource.cloudflare_dns_record = mkServiceRecords; -} diff --git a/terranix/cloudflare/kernelpanic.space.nix b/terranix/cloudflare/kernelpanic.space.nix deleted file mode 100644 index e69de29..0000000 diff --git a/terranix/kernelpanic.space.nix b/terranix/kernelpanic.space.nix new file mode 100644 index 0000000..e3bfe72 --- /dev/null +++ b/terranix/kernelpanic.space.nix @@ -0,0 +1,19 @@ +# Cloudflare kernelpanic.space configuration placeholder +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.cloudflare-kernelpanicspace = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ({ config, ... }: { + # Terraform config goes here + }) + ]; + }; + }; +} diff --git a/terranix/oci/terminus.nix b/terranix/oci/terminus.nix deleted file mode 100644 index e69de29..0000000 diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix deleted file mode 100644 index 170ad04..0000000 --- a/terranix/oci/trantor.nix +++ /dev/null @@ -1,258 +0,0 @@ -# Required environment variables: -# instead of OCI variables, ~/.oci/config may also be used -# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) -# OCI_USER_OCID - Oracle user OCID -# OCI_FINGERPRINT - API key fingerprint -# OCI_PRIVATE_KEY_PATH - Path to OCI API private key -# AWS variables are required -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, ... }: - -{ - terraform.required_providers.oci = { - source = "oracle/oci"; - version = "~> 7.0"; - }; - - provider.oci.region = "sa-saopaulo-1"; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "oci/trantor.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - tenancy_ocid = { - default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; - type = "string"; - }; - - compartment_name = { - default = "trantor"; - type = "string"; - }; - - vcn_cidr = { - default = "10.0.0.0/24"; - type = "string"; - }; - - instance_name = { - default = "trantor"; - type = "string"; - }; - - ssh_public_keys = { - default = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - type = "list(string)"; - }; - }; - - data = { - oci_identity_availability_domains.ads = { - compartment_id = config.variable.tenancy_ocid.default; - }; - - oci_core_images.ubuntu_arm = { - compartment_id = config.variable.tenancy_ocid.default; - operating_system = "Canonical Ubuntu"; - operating_system_version = "24.04"; - shape = "VM.Standard.A1.Flex"; - sort_by = "TIMECREATED"; - sort_order = "DESC"; - }; - }; - - resource = { - oci_identity_compartment.trantor = { - compartment_id = config.variable.tenancy_ocid.default; - description = "trantor infrastructure compartment"; - name = config.variable.compartment_name.default; - }; - - oci_core_vcn.vcn = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - cidr_blocks = [ config.variable.vcn_cidr.default ]; - display_name = "trantor-vcn"; - dns_label = "trantor"; - }; - - oci_core_internet_gateway.ig = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-ig"; - enabled = true; - }; - - oci_core_route_table.rt = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-rt"; - - route_rules = [ - { - network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; - destination = "0.0.0.0/0"; - destination_type = "CIDR_BLOCK"; - } - ]; - }; - - oci_core_security_list.sl = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-sl"; - - egress_security_rules = [ - { - destination = "0.0.0.0/0"; - protocol = "all"; - stateless = false; - } - ]; - - ingress_security_rules = [ - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 22; - max = 22; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 80; - max = 80; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 443; - max = 443; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 25565; - max = 25565; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 19132; - max = 19133; - }; - } - { - protocol = "17"; # UDP - source = "0.0.0.0/0"; - stateless = false; - udp_options = { - min = 19132; - max = 19133; - }; - } - ]; - }; - - oci_core_subnet.subnet = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - cidr_block = config.variable.vcn_cidr.default; - display_name = "trantor-subnet"; - dns_label = "subnet"; - route_table_id = config.resource.oci_core_route_table.rt "id"; - security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; - prohibit_public_ip_on_vnic = false; - }; - - oci_core_instance.trantor = { - availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - display_name = config.variable.instance_name.default; - shape = "VM.Standard.A1.Flex"; - - shape_config = { - ocpus = 2; - memory_in_gbs = 12; - }; - - source_details = { - source_type = "image"; - source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; - boot_volume_size_in_gbs = 100; - }; - - create_vnic_details = { - subnet_id = config.resource.oci_core_subnet.subnet "id"; - display_name = "trantor-vnic"; - assign_public_ip = true; - hostname_label = config.variable.instance_name.default; - }; - - metadata = { - ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; - }; - - preserve_boot_volume = false; - }; - - oci_budget_budget.trantor_budget = { - compartment_id = config.variable.tenancy_ocid.default; - targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; - amount = 1; - reset_period = "MONTHLY"; - display_name = "trantor-budget"; - description = "Monthly budget for trantor compartment"; - target_type = "COMPARTMENT"; - }; - - oci_budget_alert_rule.daily_spend_alert = { - budget_id = config.resource.oci_budget_budget.trantor_budget "id"; - type = "ACTUAL"; - threshold = 5; - threshold_type = "PERCENTAGE"; - display_name = "daily-spend-alert"; - recipients = "baduhai@proton.me"; - description = "Alert when daily spending exceeds $0.05"; - message = "Daily spending has exceeded $0.05 in the trantor compartment"; - }; - }; - - output = { - compartment_id = { - value = config.resource.oci_identity_compartment.trantor "id"; - }; - - instance_public_ip = { - value = config.resource.oci_core_instance.trantor "public_ip"; - }; - }; -} diff --git a/terranix/tailnet.nix b/terranix/tailnet.nix new file mode 100644 index 0000000..7bc55f2 --- /dev/null +++ b/terranix/tailnet.nix @@ -0,0 +1,59 @@ +# Required environment variables: +# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions +# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.tailscale-tailnet = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, ... }: + { + terraform.required_providers.tailscale = { + source = "tailscale/tailscale"; + version = "~> 0.17"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "tailscale/tailnet.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + trantor_tailscale_ip = { + default = "100.108.5.90"; + type = "string"; + }; + }; + + resource = { + tailscale_dns_nameservers.global = { + nameservers = [ + config.variable.trantor_tailscale_ip.default + "1.1.1.1" + "1.0.0.1" + ]; + }; + }; + } + ) + ]; + }; + }; +} diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix deleted file mode 100644 index 929e79b..0000000 --- a/terranix/tailscale/tailnet.nix +++ /dev/null @@ -1,43 +0,0 @@ -# Required environment variables: -# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions -# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, ... }: - -{ - terraform.required_providers.tailscale = { - source = "tailscale/tailscale"; - version = "~> 0.17"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "tailscale/tailnet.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - trantor_tailscale_ip = { - default = "100.108.5.90"; - type = "string"; - }; - }; - - resource = { - tailscale_dns_nameservers.global = { - nameservers = [ - config.variable.trantor_tailscale_ip.default - "1.1.1.1" - "1.0.0.1" - ]; - }; - }; -} diff --git a/terranix/terminus.nix b/terranix/terminus.nix new file mode 100644 index 0000000..25e227e --- /dev/null +++ b/terranix/terminus.nix @@ -0,0 +1,19 @@ +# OCI Terminus configuration placeholder +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.oci-terminus = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ({ config, ... }: { + # Terraform config goes here + }) + ]; + }; + }; +} diff --git a/terranix/trantor.nix b/terranix/trantor.nix new file mode 100644 index 0000000..0f1f9ba --- /dev/null +++ b/terranix/trantor.nix @@ -0,0 +1,274 @@ +# Required environment variables: +# instead of OCI variables, ~/.oci/config may also be used +# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) +# OCI_USER_OCID - Oracle user OCID +# OCI_FINGERPRINT - API key fingerprint +# OCI_PRIVATE_KEY_PATH - Path to OCI API private key +# AWS variables are required +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.oci-trantor = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, ... }: + { + terraform.required_providers.oci = { + source = "oracle/oci"; + version = "~> 7.0"; + }; + + provider.oci.region = "sa-saopaulo-1"; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + tenancy_ocid = { + default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; + type = "string"; + }; + + compartment_name = { + default = "trantor"; + type = "string"; + }; + + vcn_cidr = { + default = "10.0.0.0/24"; + type = "string"; + }; + + instance_name = { + default = "trantor"; + type = "string"; + }; + + ssh_public_keys = { + default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + type = "list(string)"; + }; + }; + + data = { + oci_identity_availability_domains.ads = { + compartment_id = config.variable.tenancy_ocid.default; + }; + + oci_core_images.ubuntu_arm = { + compartment_id = config.variable.tenancy_ocid.default; + operating_system = "Canonical Ubuntu"; + operating_system_version = "24.04"; + shape = "VM.Standard.A1.Flex"; + sort_by = "TIMECREATED"; + sort_order = "DESC"; + }; + }; + + resource = { + oci_identity_compartment.trantor = { + compartment_id = config.variable.tenancy_ocid.default; + description = "trantor infrastructure compartment"; + name = config.variable.compartment_name.default; + }; + + oci_core_vcn.vcn = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + cidr_blocks = [ config.variable.vcn_cidr.default ]; + display_name = "trantor-vcn"; + dns_label = "trantor"; + }; + + oci_core_internet_gateway.ig = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-ig"; + enabled = true; + }; + + oci_core_route_table.rt = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-rt"; + + route_rules = [ + { + network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; + destination = "0.0.0.0/0"; + destination_type = "CIDR_BLOCK"; + } + ]; + }; + + oci_core_security_list.sl = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-sl"; + + egress_security_rules = [ + { + destination = "0.0.0.0/0"; + protocol = "all"; + stateless = false; + } + ]; + + ingress_security_rules = [ + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 22; + max = 22; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 80; + max = 80; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 443; + max = 443; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 25565; + max = 25565; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 19132; + max = 19133; + }; + } + { + protocol = "17"; # UDP + source = "0.0.0.0/0"; + stateless = false; + udp_options = { + min = 19132; + max = 19133; + }; + } + ]; + }; + + oci_core_subnet.subnet = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + cidr_block = config.variable.vcn_cidr.default; + display_name = "trantor-subnet"; + dns_label = "subnet"; + route_table_id = config.resource.oci_core_route_table.rt "id"; + security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; + prohibit_public_ip_on_vnic = false; + }; + + oci_core_instance.trantor = { + availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + display_name = config.variable.instance_name.default; + shape = "VM.Standard.A1.Flex"; + + shape_config = { + ocpus = 2; + memory_in_gbs = 12; + }; + + source_details = { + source_type = "image"; + source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; + boot_volume_size_in_gbs = 100; + }; + + create_vnic_details = { + subnet_id = config.resource.oci_core_subnet.subnet "id"; + display_name = "trantor-vnic"; + assign_public_ip = true; + hostname_label = config.variable.instance_name.default; + }; + + metadata = { + ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; + }; + + preserve_boot_volume = false; + }; + + oci_budget_budget.trantor_budget = { + compartment_id = config.variable.tenancy_ocid.default; + targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; + amount = 1; + reset_period = "MONTHLY"; + display_name = "trantor-budget"; + description = "Monthly budget for trantor compartment"; + target_type = "COMPARTMENT"; + }; + + oci_budget_alert_rule.daily_spend_alert = { + budget_id = config.resource.oci_budget_budget.trantor_budget "id"; + type = "ACTUAL"; + threshold = 5; + threshold_type = "PERCENTAGE"; + display_name = "daily-spend-alert"; + recipients = "baduhai@proton.me"; + description = "Alert when daily spending exceeds $0.05"; + message = "Daily spending has exceeded $0.05 in the trantor compartment"; + }; + }; + + output = { + compartment_id = { + value = config.resource.oci_identity_compartment.trantor "id"; + }; + + instance_public_ip = { + value = config.resource.oci_core_instance.trantor "public_ip"; + }; + }; + } + ) + ]; + }; + }; +} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix deleted file mode 100644 index 12c90d1..0000000 --- a/terranixConfigurations.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ - inputs.terranix.flakeModule - ]; - - perSystem = - { pkgs, ... }: - - { - terranix.terranixConfigurations = { - oci-trantor = { - modules = [ ./terranix/oci/trantor.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - cloudflare-baduhaidev = { - modules = [ ./terranix/cloudflare/baduhai.dev.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - tailscale-tailnet = { - modules = [ ./terranix/tailscale/tailnet.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - }; - }; -} From 4bbf14f7505809fb3029c91cc5d88a07369c8d69 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:18:49 -0300 Subject: [PATCH 04/10] terranix: import flakeModule once in flake.nix Fixes duplicate module declaration error by importing terranix flakeModule once at the top level instead of in each config file. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 1 + terranix/baduhai.dev.nix | 4 +--- terranix/kernelpanic.space.nix | 4 +--- terranix/tailnet.nix | 4 +--- terranix/terminus.nix | 4 +--- terranix/trantor.nix | 4 +--- 6 files changed, 6 insertions(+), 15 deletions(-) diff --git a/flake.nix b/flake.nix index c3fa2f6..f995bad 100644 --- a/flake.nix +++ b/flake.nix @@ -72,6 +72,7 @@ imports = [ flake-parts.flakeModules.modules + inputs.terranix.flakeModule ] ++ aspectsModule.imports ++ packagesModule.imports ++ shellsModule.imports diff --git a/terranix/baduhai.dev.nix b/terranix/baduhai.dev.nix index 396ecf4..cea9f22 100644 --- a/terranix/baduhai.dev.nix +++ b/terranix/baduhai.dev.nix @@ -3,11 +3,9 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/kernelpanic.space.nix b/terranix/kernelpanic.space.nix index e3bfe72..01e5c08 100644 --- a/terranix/kernelpanic.space.nix +++ b/terranix/kernelpanic.space.nix @@ -1,9 +1,7 @@ # Cloudflare kernelpanic.space configuration placeholder -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/tailnet.nix b/terranix/tailnet.nix index 7bc55f2..4e01ab9 100644 --- a/terranix/tailnet.nix +++ b/terranix/tailnet.nix @@ -4,11 +4,9 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/terminus.nix b/terranix/terminus.nix index 25e227e..7a0fa5b 100644 --- a/terranix/terminus.nix +++ b/terranix/terminus.nix @@ -1,9 +1,7 @@ # OCI Terminus configuration placeholder -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/trantor.nix b/terranix/trantor.nix index 0f1f9ba..5f19e22 100644 --- a/terranix/trantor.nix +++ b/terranix/trantor.nix @@ -8,11 +8,9 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { From ab69b26b40dbba3345aa3c1ab60df6c468d900ff Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:21:02 -0300 Subject: [PATCH 05/10] this shouldn't ever have been commited --- plan.md | 89 --------------------------------------------------------- 1 file changed, 89 deletions(-) delete mode 100644 plan.md diff --git a/plan.md b/plan.md deleted file mode 100644 index af88fb9..0000000 --- a/plan.md +++ /dev/null @@ -1,89 +0,0 @@ -# Current structure: - -``` - hosts -├──  alexandria -│ ├──  hardware-configuration.nix -│ ├──  jellyfin.nix -│ ├──  kanidm.nix -│ ├──  nextcloud.nix -│ ├──  nginx.nix -│ ├──  unbound.nix -│ └──  vaultwarden.nix -├──  io -│ ├──  boot.nix -│ ├──  disko.nix -│ ├──  hardware-configuration.nix -│ ├──  programs.nix -│ └──  services.nix -├──  modules -│ ├──  common -│ │ ├──  boot.nix -│ │ ├──  console.nix -│ │ ├──  firewall.nix -│ │ ├──  locale.nix -│ │ ├──  nix.nix -│ │ ├──  openssh.nix -│ │ ├──  programs.nix -│ │ ├──  security.nix -│ │ ├──  services.nix -│ │ ├──  tailscale.nix -│ │ └──  users.nix -│ ├──  desktop -│ │ ├──  boot.nix -│ │ ├──  desktop.nix -│ │ ├──  nix.nix -│ │ └──  services.nix -│ ├──  server -│ │ ├──  boot.nix -│ │ ├──  nix.nix -│ │ └──  tailscale.nix -│ ├──  ai.nix -│ ├──  bluetooth.nix -│ ├──  dev.nix -│ ├──  ephemeral.nix -│ ├──  fwupd.nix -│ ├──  gaming.nix -│ ├──  libvirtd.nix -│ ├──  networkmanager.nix -│ └──  podman.nix -├──  rotterdam -│ ├──  boot.nix -│ ├──  hardware-configuration.nix -│ ├──  hardware.nix -│ ├──  programs.nix -│ └──  services.nix -└──  trantor - ├──  boot.nix - ├──  disko.nix - ├──  fail2ban.nix - ├──  forgejo.nix - ├──  hardware-configuration.nix - ├──  networking.nix - ├──  nginx.nix - ├──  openssh.nix - └──  unbound.nix - modules -└──  ephemeral.nix - users -├──  modules -│ ├──  common -│ │ ├──  bash.nix -│ │ ├──  fish.nix -│ │ └──  hm-cli.nix -│ ├──  desktop -│ │ ├──  desktop.nix -│ │ └──  niri.nix -│ ├──  btop.nix -│ ├──  comma.nix -│ ├──  direnv.nix -│ ├──  gaming.nix -│ ├──  helix.nix -│ ├──  obs-studio.nix -│ ├──  starship.nix -│ ├──  stylix.nix -│ └──  tmux.nix -└──  user - └──  git.nix -``` - From d83172f48758bb768def8b7d665fd414b8b2359b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 09:31:14 -0300 Subject: [PATCH 06/10] eza uses --git by default --- aspects/common/programs.nix | 70 +++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 34 deletions(-) diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix index a3233e9..7d12f09 100644 --- a/aspects/common/programs.nix +++ b/aspects/common/programs.nix @@ -1,41 +1,43 @@ { ... }: { - flake.modules.nixos.common-programs = { lib, pkgs, ... }: { - environment = { - systemPackages = with pkgs; [ - ### Dev Tools ### - git - ### System Utilities ### - btop - fastfetch - helix - nixos-firewall-tool - nvd - sysz - tmux - wget - yazi - ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; - tree = "ls --tree"; + flake.modules.nixos.common-programs = + { lib, pkgs, ... }: + { + environment = { + systemPackages = with pkgs; [ + ### Dev Tools ### + git + ### System Utilities ### + btop + fastfetch + helix + nixos-firewall-tool + nvd + sysz + tmux + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first"; + tree = "ls --tree"; + }; }; - }; - programs = { - command-not-found.enable = false; - fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION - export TERM=xterm-256color - clear - fastfetch - end - ''; + programs = { + command-not-found.enable = false; + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; }; }; - }; } From c6fbd210097e7adb193b25ea410a058fae583f7b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 09:33:55 -0300 Subject: [PATCH 07/10] move podmand security options to podman aspect --- aspects/common/security.nix | 9 ++++----- aspects/podman.nix | 29 +++++++++++++++++++---------- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/aspects/common/security.nix b/aspects/common/security.nix index b63074b..2ad04a0 100644 --- a/aspects/common/security.nix +++ b/aspects/common/security.nix @@ -1,14 +1,13 @@ { ... }: { - flake.modules.nixos.common-security = { ... }: { - security = { - unprivilegedUsernsClone = true; # Needed for rootless podman - sudo = { + flake.modules.nixos.common-security = + { ... }: + { + security.sudo = { wheelNeedsPassword = false; extraConfig = '' Defaults lecture = never ''; }; }; - }; } diff --git a/aspects/podman.nix b/aspects/podman.nix index 04e7e04..6afa327 100644 --- a/aspects/podman.nix +++ b/aspects/podman.nix @@ -1,15 +1,24 @@ { ... }: { - flake.modules.nixos.podman = { config, lib, pkgs, ... }: { - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - extraPackages = [ pkgs.podman-compose ]; - }; + flake.modules.nixos.podman = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + extraPackages = [ pkgs.podman-compose ]; + }; - systemd = { - services.podman-auto-update.enable = true; - timers.podman-auto-update.enable = true; + security.unprivilegedUsernsClone = true; # Needed for rootless podman + + systemd = { + services.podman-auto-update.enable = true; + timers.podman-auto-update.enable = true; + }; }; - }; } From 0112637288a29a1eb11f5803e0d3ecc68a279374 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 09:49:52 -0300 Subject: [PATCH 08/10] move common/users.nix into users/ --- aspects/common/users.nix | 25 ------ aspects/hosts/alexandria.nix | 12 ++- aspects/hosts/io.nix | 12 ++- aspects/hosts/rotterdam.nix | 12 ++- aspects/hosts/trantor.nix | 12 ++- aspects/users/root.nix | 12 +++ aspects/users/user.nix | 169 ++++++++++++++++++++--------------- 7 files changed, 150 insertions(+), 104 deletions(-) delete mode 100644 aspects/common/users.nix create mode 100644 aspects/users/root.nix diff --git a/aspects/common/users.nix b/aspects/common/users.nix deleted file mode 100644 index e911663..0000000 --- a/aspects/common/users.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.common-users = { pkgs, ... }: { - users.users = { - user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - root = { - shell = pkgs.fish; - hashedPassword = "!"; - }; - }; - }; -} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 28a367d..83304b1 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "alexandria"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Server aspects inputs.self.modules.nixos.server-boot diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 1d7f15a..6e5b237 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "io"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Desktop aspects inputs.self.modules.nixos.desktop-boot diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index e9d3f18..76ffbb0 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "rotterdam"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Desktop aspects inputs.self.modules.nixos.desktop-boot diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 646cc73..c43c6f2 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "trantor"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Server aspects inputs.self.modules.nixos.server-boot diff --git a/aspects/users/root.nix b/aspects/users/root.nix new file mode 100644 index 0000000..18b70eb --- /dev/null +++ b/aspects/users/root.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + flake.modules.nixos.root = + { pkgs, ... }: + { + users.root = { + shell = pkgs.fish; + hashedPassword = "!"; + }; + }; +} diff --git a/aspects/users/user.nix b/aspects/users/user.nix index 5130abf..050b1a5 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,91 +1,118 @@ -# aspects/users/user.nix { inputs, ... }: + { - flake.homeConfigurations = { - "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { inherit inputs; hostname = "rotterdam"; }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + flake = { + modules.nixos.user = + { pkgs, ... }: + { + users.users.user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + }; - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux + homeConfigurations = { + "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "rotterdam"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash - # Gaming - inputs.self.modules.homeManager.gaming-mangohud + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri - # Programs - inputs.self.modules.homeManager.programs-media # for obs-studio + # Gaming + inputs.self.modules.homeManager.gaming-mangohud - # Stylix - inputs.self.modules.homeManager.stylix + # Programs + inputs.self.modules.homeManager.programs-media # for obs-studio - # User-specific (from _user/) - ./_user/git.nix + # Stylix + inputs.self.modules.homeManager.stylix - # Home configuration - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ]; - }; + # User-specific (from _user/) + ./_user/git.nix - "user@io" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { inherit inputs; hostname = "io"; }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux + "user@io" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "io"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash - # Stylix - inputs.self.modules.homeManager.stylix + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri - # User-specific (from _user/) - ./_user/git.nix + # Stylix + inputs.self.modules.homeManager.stylix - # Home configuration - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ]; + # User-specific (from _user/) + ./_user/git.nix + + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; }; }; } From 6d28510dcaa41d4c193e80531152035ed3100e01 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 10:00:06 -0300 Subject: [PATCH 09/10] reformat programs --- aspects/programs/graphics.nix | 42 +++++++------- aspects/programs/media.nix | 42 +++++++------- aspects/programs/office.nix | 37 ++++++------ aspects/programs/utilities.nix | 101 ++++++++++++++++----------------- aspects/programs/web.nix | 31 +++++----- 5 files changed, 124 insertions(+), 129 deletions(-) diff --git a/aspects/programs/graphics.nix b/aspects/programs/graphics.nix index 1488125..4b7a16b 100644 --- a/aspects/programs/graphics.nix +++ b/aspects/programs/graphics.nix @@ -1,27 +1,25 @@ { ... }: { - flake.modules.nixos.programs-graphics = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Image Editing - gimp - inkscape - # CAD & 3D Modeling - plasticity - ]; + flake.modules.nixos.programs-graphics = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + gimp + inkscape + plasticity + ]; - services.flatpak.packages = [ - # Vector Graphics - "com.boxy_svg.BoxySVG" - # 3D Printing / Slicing - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ]; - }; + services.flatpak.packages = [ + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ]; + }; } diff --git a/aspects/programs/media.nix b/aspects/programs/media.nix index 8b50b2e..7daaa87 100644 --- a/aspects/programs/media.nix +++ b/aspects/programs/media.nix @@ -2,28 +2,28 @@ { flake.modules = { - nixos.programs-media = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Audio - decibels - # Video - showtime - # Image Viewer - loupe - # Recording & Streaming - obs-studio - ]; - }; - - homeManager.programs-media = { pkgs, ... }: { - programs.obs-studio = { - enable = true; - plugins = with pkgs.obs-studio-plugins; [ - obs-vkcapture - obs-backgroundremoval - obs-pipewire-audio-capture + nixos.programs-media = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + decibels + loupe + obs-studio + showtime ]; }; - }; + + homeManager.programs-media = + { pkgs, ... }: + { + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + obs-vkcapture + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + }; }; } diff --git a/aspects/programs/office.nix b/aspects/programs/office.nix index 1fc6817..c3349f3 100644 --- a/aspects/programs/office.nix +++ b/aspects/programs/office.nix @@ -1,25 +1,22 @@ { ... }: { - flake.modules.nixos.programs-office = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Spelling - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - # Document Viewing - papers - # Presentations - presenterm - # Note Taking & Drawing - rnote - ]; + flake.modules.nixos.programs-office = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + papers + presenterm + rnote + ]; - services.flatpak.packages = [ - # Office Suite - "com.collabora.Office" - ]; - }; + services.flatpak.packages = [ + "com.collabora.Office" + ]; + }; } diff --git a/aspects/programs/utilities.nix b/aspects/programs/utilities.nix index 15b267f..4a207af 100644 --- a/aspects/programs/utilities.nix +++ b/aspects/programs/utilities.nix @@ -2,64 +2,61 @@ { flake.modules = { - nixos.programs-utilities = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Terminal - ghostty - # File Management - nautilus - gnome-disk-utility - # Archive Tools - p7zip - unrar - # Cloud & Remote - rclone - # System Monitoring - mission-center - # Desktop Integration - adwaita-icon-theme - junction - libfido2 - toggleaudiosink - # Xwayland Support - xwayland-satellite - ]; + nixos.programs-utilities = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + ghostty + gnome-disk-utility + mission-center + nautilus + p7zip + rclone + unrar + # Desktop Integration + adwaita-icon-theme + junction + libfido2 + toggleaudiosink + # Xwayland Support + xwayland-satellite + ]; - services.flatpak.packages = [ - # Flatpak Management - "com.github.tchx84.Flatseal" - # Remote Desktop - "com.rustdesk.RustDesk" - ]; - }; + services.flatpak.packages = [ + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + }; - homeManager.programs-utilities = { pkgs, ... }: { - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; + homeManager.programs-utilities = + { pkgs, ... }: + { + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; }; }; - password-store = { - enable = true; - package = pkgs.pass-wayland; + home.sessionVariables = { + TERMINAL = "ghostty"; }; }; - - home.sessionVariables = { - TERMINAL = "ghostty"; - }; - }; }; } diff --git a/aspects/programs/web.nix b/aspects/programs/web.nix index cc3753b..a11ca57 100644 --- a/aspects/programs/web.nix +++ b/aspects/programs/web.nix @@ -1,18 +1,21 @@ { ... }: { - flake.modules.nixos.programs-web = { inputs, pkgs, system, ... }: { - environment.systemPackages = with pkgs; [ - # Browsers - inputs.zen-browser.packages."${system}".default - tor-browser - # Communication - vesktop - # Cloud & Sync - bitwarden-desktop - nextcloud-client - # Downloads - fragments - ]; - }; + flake.modules.nixos.programs-web = + { + inputs, + pkgs, + system, + ... + }: + { + environment.systemPackages = with pkgs; [ + inputs.zen-browser.packages."${system}".default + bitwarden-desktop + fragments + nextcloud-client + tor-browser + vesktop + ]; + }; } From d482fd06945b6c3422b998552472cff21e6dde0e Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Feb 2026 14:02:12 -0300 Subject: [PATCH 10/10] flake file rearranging --- flake.nix | 57 +++++++++++++++++++++++++------------------------------ 1 file changed, 26 insertions(+), 31 deletions(-) diff --git a/flake.nix b/flake.nix index f995bad..482ebea 100644 --- a/flake.nix +++ b/flake.nix @@ -2,58 +2,52 @@ description = "My nix hosts"; inputs = { + # nix tools flake-parts.url = "github:hercules-ci/flake-parts"; import-tree.url = "github:vic/import-tree"; + # nixos/hm nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; - home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; + # nixos/hm functionality modules agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; - disko.url = "github:nix-community/disko"; - - noctalia = { - url = "github:noctalia-dev/noctalia-shell"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - + impermanence.url = "github:nix-community/impermanence"; + nixos-cli.url = "github:nix-community/nixos-cli"; + nix-flatpak.url = "github:gmodena/nix-flatpak/main"; stylix.url = "github:danth/stylix"; - nixos-cli.url = "github:nix-community/nixos-cli"; - - nix-flatpak.url = "github:gmodena/nix-flatpak/main"; - - zen-browser.url = "github:0xc000022070/zen-browser-flake"; - - impermanence.url = "github:nix-community/impermanence"; - - deploy-rs.url = "github:serokell/deploy-rs"; - + # nixos/hm program modules niri-flake.url = "github:sodiboo/niri-flake"; - - niri.url = "github:baduhai/niri/auto-center-when-space-available"; - + nix-ai-tools.url = "github:numtide/llm-agents.nix"; nix-index-database = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; + noctalia = { + url = "github:noctalia-dev/noctalia-shell"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + vicinae.url = "github:vicinaehq/vicinae"; + zen-browser.url = "github:0xc000022070/zen-browser-flake"; + # stand-alone tools + deploy-rs.url = "github:serokell/deploy-rs"; terranix = { url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; - nix-ai-tools.url = "github:numtide/llm-agents.nix"; - - vicinae.url = "github:vicinaehq/vicinae"; + # others + niri.url = "github:baduhai/niri/auto-center-when-space-available"; }; outputs = @@ -73,12 +67,13 @@ imports = [ flake-parts.flakeModules.modules inputs.terranix.flakeModule - ] ++ aspectsModule.imports - ++ packagesModule.imports - ++ shellsModule.imports - ++ terranixModule.imports - ++ [ - ./deploy.nix - ]; + ] + ++ aspectsModule.imports + ++ packagesModule.imports + ++ shellsModule.imports + ++ terranixModule.imports + ++ [ + ./deploy.nix + ]; }; }