dannydannydanny/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(nix): move flake to repo root 🚚

Browse source 
clan-cli silently ignores the `?dir=` URL parameter when resolving a
flake source, so with the flake at nixos/flake.nix `clan machines
update` fails with "flake.nix does not exist". Move the flake tree up
so the repo root contains flake.nix, flake.lock, flake-modules/, lib/,
modules/, sops/, and vars/. Host-specific NixOS modules stay in
nixos/{hosts,home,fish.nix,neovim.nix,…}; flake-module paths updated
accordingly.

- dotfiles-rebuild flakeRef is now "${dotfilesDir}#<host>" (was
  "${dotfilesDir}/nixos#<host>").
- CLAUDE.md build commands + clan section updated. nixupdate fish alias
  updated. sunken-ship hostsfile comment updated.
- Existing /etc/dotfiles checkouts on the servers will pick up the new
  layout on the next `dotfiles-rebuild` timer tick; the rebuild service
  was pre-updated via rsync so its flakeRef matches before the pull.

Also includes 4b follow-through: zerotier identities are now live on
both servers (sunken-ship=d553a2de33 controller, phantom-ship=6c048abbdc
peer) and IPv6 ping across the ZT mesh works.
This commit is contained in:
DannyDannyDanny 2026-04-19 15:19:59 +02:00
parent 9921a7f9f1
commit 88c51399d0
33 changed files with 29 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

23
CLAUDE.md
View file

@ -2,8 +2,10 @@
## Build commands
The flake lives at the repo root (`~/dotfiles/flake.nix`) — clan-cli doesn't handle flakes in subdirs.
```bash
# macOS (from ~/dotfiles/nixos)
# macOS (from ~/dotfiles)
darwin-rebuild switch --flake .
# NixOS servers (SSH from mac, or on server)
@ -11,13 +13,17 @@ sudo nixos-rebuild switch --flake .#sunken-ship
sudo nixos-rebuild switch --flake .#phantom-ship
# WSL
sudo nixos-rebuild switch --flake ~/dotfiles/nixos#wsl
sudo nixos-rebuild switch --flake ~/dotfiles#wsl
# Update flake + rebuild (fish alias: nixupdate)
cd ~/dotfiles/nixos && sudo nix flake update && sudo darwin-rebuild switch --flake ~/dotfiles/nixos#Daniel-Macbook-Air
cd ~/dotfiles && sudo nix flake update && sudo darwin-rebuild switch --flake ~/dotfiles#Daniel-Macbook-Air
# Installer ISO (Linux only, cannot build on macOS)
cd ~/dotfiles/nixos && nix build .#installer-iso
cd ~/dotfiles && nix build .#installer-iso
# Clan push update (from mac; builds on target so aarch64-darwin → x86_64-linux works)
nix run git+https://git.clan.lol/clan/clan-core#clan-cli -- \
machines update sunken-ship --flake ~/dotfiles
```
## Rebuild protocol
@ -47,7 +53,7 @@ cd ~/dotfiles/nixos && nix build .#installer-iso
## Server (sunken-ship)
- SSH: `ssh -i ~/.ssh/id_ed25519_sunken_ship danny@sunken-ship`
- Remote rebuild: `ssh ... 'cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#sunken-ship'`
- Remote rebuild: `ssh ... 'cd /etc/dotfiles && sudo nixos-rebuild switch --flake .#sunken-ship'`
- Auto-rebuild timer: `dotfiles-rebuild` — every 15 min. Check with `systemctl is-active dotfiles-rebuild.timer`.
- WiFi connected; stays reachable when ethernet is unplugged.
- Services: UxPlay (AirPlay receiver on Scarlett Solo)
@ -55,7 +61,7 @@ cd ~/dotfiles/nixos && nix build .#installer-iso
## Server (phantom-ship)
- SSH: `ssh danny@phantom-ship`
- Remote rebuild: `ssh ... 'cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#phantom-ship'`
- Remote rebuild: `ssh ... 'cd /etc/dotfiles && sudo nixos-rebuild switch --flake .#phantom-ship'`
- Auto-rebuild timer: same pattern as sunken-ship.
- Ethernet only (no WiFi).
@ -72,11 +78,10 @@ Terminal colors follow **System Settings → Appearance**: `programs.alacritty`
**CLI invocation:** clan-cli is not installed globally. Run ad-hoc via:
```bash
nix run git+https://git.clan.lol/clan/clan-core#clan-cli -- machines list \
--flake 'path:/Users/danny/dotfiles/nixos'
nix run git+https://git.clan.lol/clan/clan-core#clan-cli -- machines list --flake ~/dotfiles
```
**Flake path quirk:** `--flake .` and `--flake git+…` both fail from a git worktree when the flake lives in a subdir (`nixos/`). Use `--flake 'path:…/nixos'` explicitly. May not be needed from the main checkout — retest.
Flake lives at the repo root (not `nixos/`) — clan-cli silently ignores `?dir=` so a subdir flake breaks `clan machines update`.
**`enableRecommendedDefaults = false`:** we opted out fleet-wide because clan's defaults flip to `systemd-networkd` + `systemd-resolved` + `boot.initrd.systemd`, which breaks dnsmasq (NAT DNS on phantom-ship) and navidrome's resolv.conf bind-mount on sunken-ship. Revisit per-service in a later pass — the defaults also include handy extras (tcpdump, htop, curl, jq, nixos-facter). Option defined in `nixosModules/clanCore/defaults.nix` + `nixosModules/clanCore/networking.nix` inside the `clan-core` flake.