dannydannydanny/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(nix): move flake to repo root 🚚

Browse source 
clan-cli silently ignores the `?dir=` URL parameter when resolving a
flake source, so with the flake at nixos/flake.nix `clan machines
update` fails with "flake.nix does not exist". Move the flake tree up
so the repo root contains flake.nix, flake.lock, flake-modules/, lib/,
modules/, sops/, and vars/. Host-specific NixOS modules stay in
nixos/{hosts,home,fish.nix,neovim.nix,…}; flake-module paths updated
accordingly.

- dotfiles-rebuild flakeRef is now "${dotfilesDir}#<host>" (was
  "${dotfilesDir}/nixos#<host>").
- CLAUDE.md build commands + clan section updated. nixupdate fish alias
  updated. sunken-ship hostsfile comment updated.
- Existing /etc/dotfiles checkouts on the servers will pick up the new
  layout on the next `dotfiles-rebuild` timer tick; the rebuild service
  was pre-updated via rsync so its flakeRef matches before the pull.

Also includes 4b follow-through: zerotier identities are now live on
both servers (sunken-ship=d553a2de33 controller, phantom-ship=6c048abbdc
peer) and IPv6 ping across the ZT mesh works.
This commit is contained in:
DannyDannyDanny 2026-04-19 15:19:59 +02:00
parent 9921a7f9f1
commit 88c51399d0
33 changed files with 29 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/fish.nix
View file

@ -11,7 +11,7 @@
weather = "curl wttr.in/?T";
# TODO: rename and move 25_flakes into dotfiles
nide = "nix develop ~/python-projects/25_flakes/$(basename (pwd)) -c $(which fish)";
nixupdate = "cd ~/dotfiles/nixos && sudo nix flake update && sudo darwin-rebuild switch --flake ~/dotfiles/nixos#Daniel-Macbook-Air";
nixupdate = "cd ~/dotfiles && sudo nix flake update && sudo darwin-rebuild switch --flake ~/dotfiles#Daniel-Macbook-Air";
};
interactiveShellInit = ''
function fish_user_key_bindings

80
nixos/flake-modules/clan.nix
View file

@ -1,80 +0,0 @@
# clan.lol wiring for the homelab.
#
# Declares `sunken-ship` and `phantom-ship` as clan machines. Each machine's
# `imports` list is the NixOS module set that used to live in its own
# flake-module. clan-core produces `flake.nixosConfigurations.<name>` from
# these, which is why the old per-host flake-modules were removed.
#
# The mac stays outside the clan — admin only, uses `clan machines update`
# to push to the servers.
{ config, inputs, ... }:
let
lib = inputs.nixpkgs.lib;
hmModule = { user, homeDirectory, stateVersion ? null, userImports ? [ ] }:
import ../lib/home-manager-user.nix {
inherit lib user homeDirectory stateVersion userImports;
};
in {
imports = [ inputs.clan-core.flakeModules.default ];
clan = {
meta.name = "homelab";
# Inventory machines — required for `inventory.instances` role bindings
# to resolve. Host-specific NixOS config lives under `machines.<name>`
# below.
inventory.machines.sunken-ship = { };
inventory.machines.phantom-ship = { };
# ZeroTier mesh VPN. sunken-ship is the controller (manages network
# membership); phantom-ship is a peer. The mac joins manually as an
# external ZT client and is authorized on the controller by node ID.
inventory.instances.zerotier = {
module.name = "zerotier";
module.input = "clan-core";
roles.controller.machines.sunken-ship = { };
roles.peer.machines.phantom-ship = { };
roles.peer.machines.sunken-ship = { };
};
# Preserve current network / init stack (no systemd-networkd/resolved,
# no boot.initrd.systemd, no extra debug packages). Revisit per-service
# in later stages rather than flipping this fleet-wide.
machines.sunken-ship = {
imports = [
{
clan.core.enableRecommendedDefaults = false;
clan.core.networking.targetHost = "danny@sunken-ship";
clan.core.networking.buildHost = "danny@sunken-ship";
}
../hosts/sunken-ship.nix
config.flake.nixosModules.dotfiles-rebuild
inputs.home-manager.nixosModules.home-manager
(hmModule {
user = "danny";
homeDirectory = "/home/danny";
stateVersion = "25.11";
})
];
};
machines.phantom-ship = {
imports = [
{
clan.core.enableRecommendedDefaults = false;
clan.core.networking.targetHost = "danny@phantom-ship";
clan.core.networking.buildHost = "danny@phantom-ship";
}
inputs.nix-openclaw.nixosModules.openclaw-gateway
../hosts/phantom-ship.nix
config.flake.nixosModules.dotfiles-rebuild
inputs.home-manager.nixosModules.home-manager
(hmModule {
user = "danny";
homeDirectory = "/home/danny";
stateVersion = "25.11";
})
];
};
};
}

22
nixos/flake-modules/daniel-macbook-air.nix
View file

@ -1,22 +0,0 @@
{ inputs, ... }: {
flake.darwinConfigurations."Daniel-Macbook-Air" = inputs.nix-darwin.lib.darwinSystem {
modules = [
# Overlay: make zen-browser available as pkgs.zen-browser
{ nixpkgs.overlays = [ (final: prev: {
zen-browser = inputs.zen-browser.packages.${final.stdenv.hostPlatform.system}.default;
}) ];
}
../hosts/daniel-macbook-air.nix
../fish.nix
inputs.home-manager.darwinModules.home-manager
(import ../lib/home-manager-user.nix {
lib = inputs.nixpkgs.lib;
user = "danny";
homeDirectory = "/Users/danny";
userImports = [ ../home/danny/home.nix ];
})
];
};
}

11
nixos/flake-modules/installer-iso.nix
View file

@ -1,11 +0,0 @@
{ inputs, self, ... }: {
# Custom minimal installer ISO (build with: nix build .#installer-iso).
# Optional: add ./installer-wifi.nix (gitignored) to modules for live WiFi.
flake.nixosConfigurations.installer-iso = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ ../installer-iso.nix ];
};
flake.packages.x86_64-linux.installer-iso =
self.nixosConfigurations.installer-iso.config.system.build.isoImage;
}

7
nixos/flake-modules/nixos-modules.nix
View file

@ -1,7 +0,0 @@
# Expose reusable NixOS modules via `flake.nixosModules`.
#
# Consume from a host's flake-module via:
# modules = [ config.flake.nixosModules.dotfiles-rebuild ];
{ ... }: {
flake.nixosModules.dotfiles-rebuild = ../modules/dotfiles-rebuild.nix;
}

11
nixos/flake-modules/server-install.nix
View file

@ -1,11 +0,0 @@
{ inputs, ... }: {
# For disko-install: LUKS + WiFi; hostname/WiFi via --system-config.
flake.nixosConfigurations.server-install = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
inputs.disko.nixosModules.disko
../disko-server.nix
../hosts/server-install.nix
];
};
}

19
nixos/flake-modules/wsl.nix
View file

@ -1,19 +0,0 @@
{ inputs, ... }: {
flake.nixosConfigurations.wsl = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
inputs.nixos-wsl.nixosModules.default
inputs.vscode-server.nixosModules.default
../hosts/wsl.nix
../fish.nix
inputs.home-manager.nixosModules.home-manager
(import ../lib/home-manager-user.nix {
lib = inputs.nixpkgs.lib;
user = "dth";
homeDirectory = "/home/dth";
userImports = [ ../home/danny/home.nix ];
})
];
};
}

572
nixos/flake.lock generated
View file

@ -1,572 +0,0 @@
{
"nodes": {
"clan-core": {
"inputs": {
"data-mesher": "data-mesher",
"disko": "disko",
"flake-parts": [
"flake-parts"
],
"nix-darwin": "nix-darwin",
"nix-select": "nix-select",
"nixpkgs": [
"nixpkgs"
],
"sops-nix": "sops-nix",
"systems": "systems",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1776557977,
"narHash": "sha256-j+UWg3fR6jWKPqkPoqRf1a6nR1b/AnZXDuh04H+voUc=",
"rev": "e9ced950bedc726492e5cb52139bf5f17258dc69",
"type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/e9ced950bedc726492e5cb52139bf5f17258dc69.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"
}
},
"data-mesher": {
"inputs": {
"flake-parts": [
"clan-core",
"flake-parts"
],
"nixpkgs": [
"clan-core",
"nixpkgs"
],
"treefmt-nix": [
"clan-core",
"treefmt-nix"
]
},
"locked": {
"lastModified": 1776506822,
"narHash": "sha256-WlxAhXEoDHbkfFw3uNYra0CXce7pBk314x9chPu7ycE=",
"rev": "c3f48f5931b27bb9cc58de8799d36ecefb867d98",
"type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/c3f48f5931b27bb9cc58de8799d36ecefb867d98.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"clan-core",
"nixpkgs"
]
},
"locked": {
"lastModified": 1773889306,
"narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
"owner": "nix-community",
"repo": "disko",
"rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"disko_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1773889306,
"narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
"owner": "nix-community",
"repo": "disko",
"rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1775087534,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1776184304,
"narHash": "sha256-No6QGBmIv5ChiwKCcbkxjdEQ/RO2ZS1gD7SFy6EZ7rc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3c7524c68348ef79ce48308e0978611a050089b2",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nix-openclaw",
"nixpkgs"
]
},
"locked": {
"lastModified": 1767909183,
"narHash": "sha256-u/bcU0xePi5bgNoRsiqSIwaGBwDilKKFTz3g0hqOBAo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "cd6e96d56ed4b2a779ac73a1227e0bb1519b3509",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"zen-browser",
"nixpkgs"
]
},
"locked": {
"lastModified": 1774991950,
"narHash": "sha256-kScKj3qJDIWuN9/6PMmgy5esrTUkYinrO5VvILik/zw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f2d3e04e278422c7379e067e323734f3e8c585a7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"import-tree": {
"locked": {
"lastModified": 1773693634,
"narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=",
"owner": "vic",
"repo": "import-tree",
"rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1",
"type": "github"
},
"original": {
"owner": "vic",
"repo": "import-tree",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"clan-core",
"nixpkgs"
]
},
"locked": {
"lastModified": 1775037210,
"narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "06648f4902343228ce2de79f291dd5a58ee12146",
"type": "github"
},
"original": {
"owner": "nix-darwin",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-darwin_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1775037210,
"narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "06648f4902343228ce2de79f291dd5a58ee12146",
"type": "github"
},
"original": {
"owner": "nix-darwin",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-openclaw": {
"inputs": {
"flake-utils": "flake-utils",
"home-manager": "home-manager_2",
"nix-steipete-tools": "nix-steipete-tools",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1776183358,
"narHash": "sha256-uRWaRXGhkyGWMbNgQcmx0+RPzPLenVGopkNHgAEfmBQ=",
"owner": "openclaw",
"repo": "nix-openclaw",
"rev": "53aac0dce0810c40c75793fdad3d41b0f7e7baaf",
"type": "github"
},
"original": {
"owner": "openclaw",
"repo": "nix-openclaw",
"type": "github"
}
},
"nix-select": {
"locked": {
"lastModified": 1763303120,
"narHash": "sha256-yxcNOha7Cfv2nhVpz9ZXSNKk0R7wt4AiBklJ8D24rVg=",
"rev": "3d1e3860bef36857a01a2ddecba7cdb0a14c35a9",
"type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/3d1e3860bef36857a01a2ddecba7cdb0a14c35a9.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://git.clan.lol/clan/nix-select/archive/main.tar.gz"
}
},
"nix-steipete-tools": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1773561580,
"narHash": "sha256-wT0bKTp45YnMkc4yXQvk943Zz/rksYiIjEXGdWzxnic=",
"owner": "openclaw",
"repo": "nix-steipete-tools",
"rev": "cd4c429ff3b3aaef9f92e59812cf2baf5704b86f",
"type": "github"
},
"original": {
"owner": "openclaw",
"repo": "nix-steipete-tools",
"type": "github"
}
},
"nixos-wsl": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1776255237,
"narHash": "sha256-LQjlc0VEn55WAT4BiI8sIsokb/2FNlcbBD+Xr3MTE24=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "9a8c2a85f1ffdcecfb0f9c52c5a73c49ceb43911",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "main",
"repo": "NixOS-WSL",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1767364772,
"narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1773734432,
"narHash": "sha256-IF5ppUWh6gHGHYDbtVUyhwy/i7D261P7fWD1bPefOsw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cda48547b432e8d3b18b4180ba07473762ec8558",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1776255774,
"narHash": "sha256-psVTpH6PK3q1htMJpmdz1hLF5pQgEshu7gQWgKO6t6Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "566acc07c54dc807f91625bb286cb9b321b5f42a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1682134069,
"narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd901ef4bf93499374c5af385b2943f5801c0833",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"root": {
"inputs": {
"clan-core": "clan-core",
"disko": "disko_2",
"flake-parts": "flake-parts",
"home-manager": "home-manager",
"import-tree": "import-tree",
"nix-darwin": "nix-darwin_2",
"nix-openclaw": "nix-openclaw",
"nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs_3",
"vscode-server": "vscode-server",
"zen-browser": "zen-browser"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"clan-core",
"nixpkgs"
]
},
"locked": {
"lastModified": 1776119890,
"narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1774449309,
"narHash": "sha256-brhZ8DmuGtzkCYHJg4HEd602amKm89Y9ytsFZ5uWD1w=",
"owner": "nix-systems",
"repo": "default",
"rev": "c29398b59d2048c4ab79345812849c9bd15e9150",
"type": "github"
},
"original": {
"owner": "nix-systems",
"ref": "future-26.11",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"clan-core",
"nixpkgs"
]
},
"locked": {
"lastModified": 1775636079,
"narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"vscode-server": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1770124655,
"narHash": "sha256-yHmd2B13EtBUPLJ+x0EaBwNkQr9LTne1arLVxT6hSnY=",
"owner": "nix-community",
"repo": "nixos-vscode-server",
"rev": "92ce71c3ba5a94f854e02d57b14af4997ab54ef0",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-vscode-server",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"home-manager": "home-manager_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1776317517,
"narHash": "sha256-JP1XVRabZquf7pnXvRUjp7DV+EBrB6Qmp3+vG3HMy/k=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "0a7be59e988bb2cb452080f59aaabae70bc415ae",
"type": "github"
},
"original": {
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

38
nixos/flake.nix
View file

@ -1,38 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
vscode-server.url = "github:nix-community/nixos-vscode-server";
flake-parts.url = "github:hercules-ci/flake-parts";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
# Auto-loads every .nix file under ./flake-modules as a flake-parts module.
import-tree.url = "github:vic/import-tree";
nix-darwin.url = "github:nix-darwin/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
zen-browser.url = "github:0xc000022070/zen-browser-flake";
zen-browser.inputs.nixpkgs.follows = "nixpkgs";
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
nix-openclaw.url = "github:openclaw/nix-openclaw";
nix-openclaw.inputs.nixpkgs.follows = "nixpkgs";
clan-core.url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz";
clan-core.inputs.nixpkgs.follows = "nixpkgs";
clan-core.inputs.flake-parts.follows = "flake-parts";
};
outputs = inputs @ { flake-parts, import-tree, ... }:
flake-parts.lib.mkFlake { inherit inputs; } {
systems = [ "x86_64-linux" "aarch64-darwin" ];
imports = [ (import-tree ./flake-modules) ];
};
}

2
nixos/hosts/sunken-ship.nix
View file

@ -2,7 +2,7 @@
#
# One-time on server: clone repo to /etc/dotfiles (root needs git access).
# If private repo: use SSH (ssh:// or git@) and add root's key to GitHub, or use HTTPS + token.
# Then: sudo nixos-rebuild switch --flake /etc/dotfiles/nixos#sunken-ship
# Then: sudo nixos-rebuild switch --flake /etc/dotfiles#sunken-ship
# If sudo git is not found: sudo nix run nixpkgs#git -- -C /etc/dotfiles pull origin main
# Timer runs every 15 min: git fetch, pull if origin/main changed, rebuild.
{ config, lib, pkgs, ... }:

35
nixos/lib/home-manager-user.nix
View file

@ -1,35 +0,0 @@
# Shared home-manager wiring for NixOS and nix-darwin hosts.
#
# Usage (from a flake-module):
# modules = [
# inputs.home-manager.nixosModules.home-manager # or .darwinModules
# (import ../lib/home-manager-user.nix {
# lib = inputs.nixpkgs.lib;
# user = "danny";
# homeDirectory = "/home/danny";
# stateVersion = "25.11"; # optional
# userImports = [ ../home/danny/home.nix ]; # optional
# })
# ];
{ lib
, user
, homeDirectory
, stateVersion ? null
, userImports ? [ ]
}:
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
# Automatically back up files before home-manager overwrites them.
home-manager.backupFileExtension = "backup";
home-manager.users.${user} = { ... }: {
imports = userImports;
home = {
username = user;
# Force an absolute path even if another module sets a bad value.
homeDirectory = lib.mkForce homeDirectory;
} // lib.optionalAttrs (stateVersion != null) {
stateVersion = stateVersion;
};
};
}

44
nixos/modules/dotfiles-rebuild.nix
View file

@ -1,44 +0,0 @@
# Shared auto-rebuild-from-git service for homelab hosts.
#
# Every 15 min: git fetch origin, fast-forward main, and if there were any
# new commits run nixos-rebuild switch against `<dotfilesDir>/nixos#<host>`.
#
# Assumes /etc/dotfiles is an already-cloned checkout of the dotfiles repo.
{ config, lib, pkgs, ... }:
let
dotfilesDir = "/etc/dotfiles";
flakeRef = "${dotfilesDir}/nixos#${config.networking.hostName}";
in {
environment.systemPackages = [ pkgs.git ];
# Trust /etc/dotfiles as root even though it's owned by `danny`.
# nix/libgit2 reads safe.directory from /etc/gitconfig; the GIT_CONFIG_*
# env vars on the service only affect the git CLI, not nix.
programs.git.enable = true;
programs.git.config.safe.directory = [ dotfilesDir ];
systemd.services.dotfiles-rebuild = {
description = "Pull dotfiles and run nixos-rebuild if repo changed";
path = with pkgs; [ git nix nixos-rebuild ];
environment.GIT_CONFIG_COUNT = "1";
environment.GIT_CONFIG_KEY_0 = "safe.directory";
environment.GIT_CONFIG_VALUE_0 = dotfilesDir;
script = ''
set -euo pipefail
cd ${dotfilesDir}
git fetch origin
if [ "$(git rev-parse HEAD)" = "$(git rev-parse origin/main)" ]; then
exit 0
fi
git pull origin main
exec nixos-rebuild switch --flake ${flakeRef}
'';
serviceConfig.Type = "oneshot";
};
systemd.timers.dotfiles-rebuild = {
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "*-*-* *:00/15:00"; # every 15 minutes
timerConfig.RandomizedDelaySec = "2min";
};
}

6
nixos/sops/machines/phantom-ship/key.json
View file

@ -1,6 +0,0 @@
[
{
"publickey": "age18gtjh28qxeltg2r2tzxwl096crkqkqk8tjhersyf7mzdsddady7qs34x0m",
"type": "age"
}
]

6
nixos/sops/machines/sunken-ship/key.json
View file

@ -1,6 +0,0 @@
[
{
"publickey": "age1zy3q73pujauyajgfqwu0pnyy8732lzwvw87tu7p2xg3xuzaujc2qh6ql77",
"type": "age"
}
]

14
nixos/sops/secrets/phantom-ship-age.key/secret
View file

@ -1,14 +0,0 @@
{
"data": "ENC[AES256_GCM,data:43IKkW3YpbpEtECD3kXV4zWF6hB39knoWwqy5BGCqvYWSPccKIwwLD3ctCy3SeH806AatvE8Bl2dvHFvP++xtvFtw5PaHdnenn8=,iv:j7ODs5O0rbwD0LWkkv9BEk6O9ySl+uhCiEVa+GkRE3k=,tag:Bk/PkQjOvul8pP7hoh2cwQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaVlVQ3pvRmpLaVB3WWtl\nYjBIdDBJK0VKeS90eE5YeFhFRnBPak5YckFZCkl5RkVMV3JxL0pSVkM4cjhRaUE3\nK24vSWM0YnFWeXNjc3ZSWDRBb1ZDeWsKLS0tIENabmsxVUl0UGZzN1pncWswTVdM\nWDBVTVMrYzJHUklKSVVjYXBBM2RuajgKCvrGjfjujmqq2lsbNAb8d1xUhv+es2uX\nydcfnqbFRF4pjrku41iRaOolWrZHDvl+PnMslk8bclZG23UKYbSkbA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-04-19T12:31:43Z",
"mac": "ENC[AES256_GCM,data:7/Z1Up1DZUgNMCuuBh2pnfTH3Ih6824yJqD1+w9clqgkSrFtKL6v5oo5EV4TF2FDJcrYQtbbAWQoEgJXfCKXfIYOPBIChfoQEG5N5XxNe57bklkipOMWJBm7448qBhLgy3yJQqAVFkQw6uHTuDrcngRFW5D3xHkCSilHC/xau9U=,iv:WL98Dcuxojg6BQ5tLOuhXYCfFHVXqpIBr680uriPXz0=,tag:FCl6wkBiLJUyMu1RnOqeIw==,type:str]",
"version": "3.12.2"
}
}

1
nixos/sops/secrets/phantom-ship-age.key/users/danny
View file

@ -1 +0,0 @@
../../../users/danny

14
nixos/sops/secrets/sunken-ship-age.key/secret
View file

@ -1,14 +0,0 @@
{
"data": "ENC[AES256_GCM,data:Mk4Vfs0PvKI4Ynwmz+8myrFtPW1swn9PdtQoeZw0xh9aCT+o6IWstAUypuCfwSgPYkj8PFPi2yq7ysTzglBkhrThV9Zto48U2dA=,iv:jL1WHTpN3mVNQJ/ltHBFd7zMtVtRmh9RIJAnh1SiGZc=,tag:zmRAQvcg6FW1+bEvZd8D6g==,type:str]",
"sops": {
"age": [
{
"recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6NzV5c2FDVndUSWRnZndR\ndXI2bEY2VGRiRndNbjZscHdjL0N0eHUrV1hZCmJMRllSdjNLWS8rcnlYLy94VUcy\ndDlXeUptaGdwb2ZsMW1UZHJoeW5CZzgKLS0tIDBkeUozUDd2YWpIRTFlK3M3K2RH\naW9CMnc1ZXRmM0x4MDYwVHVLZnVpR0UKZSowubfXrUemRSFNYo8hxSaeV6/egOi6\nmtmxPICosAV5VRbf8c5Hn3XGNGfOGVwwox+GmLjzqfpVsM9f2Qm9IQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-04-19T12:31:44Z",
"mac": "ENC[AES256_GCM,data:SaRWT7Q7joTgG7+LBL2icBQ4k2SJdFfDcPzV3IsBIMgVFC4kQNbkVr0BlTM4mgtfH+IxE8PBQu1v/JFo6kf43njnF3mD/Yzr/EsLxwVmD9U1DTpW+mr1EBUVLfiGqnVrTj2DhMdatKB1g8jRwAlpIcsmrlnsHIKjuSj5HKRIi7Q=,iv:YVV3BMhfh1ThIiYwW4uHUmUKqkHUtCy0i0owiAngKyg=,tag:f4UaL5ZjEp3Gkd6LGiq+uw==,type:str]",
"version": "3.12.2"
}
}

1
nixos/sops/secrets/sunken-ship-age.key/users/danny
View file

@ -1 +0,0 @@
../../../users/danny

6
nixos/sops/users/danny/key.json
View file

@ -1,6 +0,0 @@
[
{
"publickey": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28",
"type": "age"
}
]

1
nixos/vars/per-machine/phantom-ship/zerotier/zerotier-identity-secret/machines/phantom-ship
View file

@ -1 +0,0 @@
../../../../../../sops/machines/phantom-ship

18
nixos/vars/per-machine/phantom-ship/zerotier/zerotier-identity-secret/secret
View file

@ -1,18 +0,0 @@
{
"data": "ENC[AES256_GCM,data:g6eYxa672pfIHJ6jaTAf63ubXIJMPg08GJU2vwnF3hsCK73s5zkbFTd2GiLOZxlk641SK0bIfedABmsybG63qzFW2BOMIaUree0dlDv/u0oaRGdKCrrrrboxi6YbBncKgJLJpiAsmHZ9dsTz4bpicmj0JOBJ6f5HsD95qfy62yMOTSGZD7vdH43cXfbXxg49mKE7Ku2TL8a8awDiFc+Dqk+8QmMxr1XmF/IhYna+Amc+3OtmGGNEfoR8z7yHz13YA0CjJOe0QT2/GgRSUn5B43OkKhpR3e8mwtq6TAFRlBExt5Ccb4P09INcCA2oeAnyi0SEtwHg7KyPIDRJpEYVQ7jWAEFbNtOseBEbnibs,iv:QGNEvG0eLzVFw4lEqDYaSoUK318TRap61rqLD5Djzb0=,tag:vm73BNMMcF+0fiIkugqwxg==,type:str]",
"sops": {
"age": [
{
"recipient": "age18gtjh28qxeltg2r2tzxwl096crkqkqk8tjhersyf7mzdsddady7qs34x0m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUEJqQXNHcitJNnBEZDZW\nbFdieDFOaDFEazk4cUY5aXYrMjJabnVmWndVCjU0WmRpemNsWUMxN1N0R2dpSTla\nNzliTFFOU1o4VlBwSTJLN1krSEZ0TWMKLS0tIElyd3ovRno0Y3pGd1FFTE5VN0tM\ndTU2c25WcWN4YW15cGErSUJvYmFuRXcKKjBQln8jyOSBa1X1EJJSUg528waFL/8F\nkCpket2TGmNCvMDSai+5Iqe6X222J86uzoXsrLPl2PZaOCXD4t+gRw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSFNPWW92QkFFYURROGJG\nbTZoS0hFQk52RVNSTWJsclBYRWxIS3c3RTFZCldhQ0QvUmhlRzg5Q3lHUnBnTUtN\nWEZqbWpFOUZhMStzNldCRXdyQzlyWnMKLS0tIGV6anNjVktWamkvbkF3OUxVS1Ji\nUGMzc2FxeE5YTmdMVTRtUDNuMlFaTlkKoJcPcmoMgxVRvcLv7ejws4IJnQd+Yt7s\njqWi0q4iwGLZSLUPb8NUZpWEn0Jbji2edSpATzf67uws1TFHGAMmuA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-04-19T12:31:44Z",
"mac": "ENC[AES256_GCM,data:hjIn5hcpgQkrWFTsQ3BdmQFPKeubs90opSl06z2Dh7mzTcSqCSF3cQ/l8fj+GD2GuptEMbPczOIoiJfKNxoLDp5L4iHIou7XwFXVhhdjm8fqIMHusnZc/eQBI/H6J2fHWzJ1gxgsKlkazsY3cbWxLfqdz7vAV06SflW5/B5Hbto=,iv:BeB417C5r4uVHSKs9UzwJI+A4F9NrrpoTRn+X14sMtA=,tag:PcaaJrMXO0h6EzdKpVl9xg==,type:str]",
"version": "3.12.2"
}
}

1
nixos/vars/per-machine/phantom-ship/zerotier/zerotier-identity-secret/users/danny
View file

@ -1 +0,0 @@
../../../../../../sops/users/danny

1
nixos/vars/per-machine/phantom-ship/zerotier/zerotier-ip/value
View file

@ -1 +0,0 @@
fdd5:53a2:de33:d269:6499:936c:48a:bbdc

1
nixos/vars/per-machine/sunken-ship/zerotier/zerotier-identity-secret/machines/sunken-ship
View file

@ -1 +0,0 @@
../../../../../../sops/machines/sunken-ship

18
nixos/vars/per-machine/sunken-ship/zerotier/zerotier-identity-secret/secret
View file

@ -1,18 +0,0 @@
{
"data": "ENC[AES256_GCM,data:6WHKA76dLKWJnGpNp45EAwf4gvHnoccXbGz1bCH5EYN/7o0zcl8KziabKjG+hY4BlG7CsNPCOVr2bWAVkWBjTQVoYNwaBNsQ2DF15E0/qxqCYUXKUNoZ5xkWvrcNbVCyEdDAZX9abpAyLenlOMRLFNaWlOsKVr44uG9j75KyMc8NNl4UvCjuBEdAvNLOhEOWuQaRJc73IJAet7pWxP7HkwkihR4+GVIft1UygNYmcThPr2A1+DdNf+IsCNJTR+FL2l3OupCIBawSR6/L/cjyBt1YvIu6fCSYs82r63+W2RKlIzpvoyupEH2vteSgiaLNQ8/j114f4MCZjSgJ3y8SKloZAQTPpsobsnHhYNUS,iv:oji4lQxeXdrvoERb/EtXJEC0LNqn4qBewxM2/rD1FfY=,tag:XQBCSwHw2MFiI4qRdX4klw==,type:str]",
"sops": {
"age": [
{
"recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZmhNdTVjSG91RGpyMnlv\nY2x0azE3YTZhTDlzTGZOUXdvbEJhTmNqbzFZCmZPWWtOZG52V1NLVFRlODA2N1dB\neCtsWXg5Q3I3MTJKWlJkeTBwOG00aUUKLS0tIDBnRFRrcXJ5SnZEUTN3REs5VTZH\nNlN3MTJ6aWdpMHVkTDJ5MVRuUTVEak0Kw8VPmgp0XiIVlADbjQjHqxdK31kAAAf0\nN/VCLirEK+DOzXJIkMguL7K9Xe7HyIOvtkJGBE2et1mia1pXkxClqA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zy3q73pujauyajgfqwu0pnyy8732lzwvw87tu7p2xg3xuzaujc2qh6ql77",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQL1NLbFlWdk5TQXNUSUFF\nNTFqQk01RzI0WUJrdklBSlBGbkJYU0N2Qnl3CnRDakRiamtMREJLQkhTN1VPWEtz\neFlWVTlmU2NPWTVxdGtHVzROS1ZmV3MKLS0tIEJsVTRZMy9pWTNTK2k1aklXeGY3\nODZGMy9TQytYOG9kbExnMVg1bEFOYUkKwa9MG/IXjaXjB/wxR5xBYN9CtpQHP7pj\nyDBTqa68JQHcUkFgtxBojjumWWADkHO+LmExPSP8Q7Jk+raR2JawXw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-04-19T12:31:44Z",
"mac": "ENC[AES256_GCM,data:/GMdb0AGXxWFr9nBFwyRD9iiqXloZu4zTsrDINpfdvGVzp4bQgny2KqHeCtUj2yaPrtEq9dXlLKdgMMlfiXx9b6I1A9AUM/DGle6ZCWyY07598/kNsFL4+2Fr/Xp3wcwVpxDpo2590jb1yT+8FSXzyy6oKjLOCBKixKq70U9bwo=,iv:OyShn5yuTDOhSSSF1AfVOFktFdk6vVVsemMOg2XhjrY=,tag:F7bTHCyhrMG6VyVcYNAVHA==,type:str]",
"version": "3.12.2"
}
}

1
nixos/vars/per-machine/sunken-ship/zerotier/zerotier-identity-secret/users/danny
View file

@ -1 +0,0 @@
../../../../../../sops/users/danny

1
nixos/vars/per-machine/sunken-ship/zerotier/zerotier-ip/value
View file

@ -1 +0,0 @@
fdd5:53a2:de33:d269:6499:93d5:53a2:de33

1
nixos/vars/per-machine/sunken-ship/zerotier/zerotier-network-id/value
View file

@ -1 +0,0 @@
d553a2de33d26964

14
nixos/vars/shared/zerotier-controller/zerotier-identity-secret/secret
View file

@ -1,14 +0,0 @@
{
"data": "ENC[AES256_GCM,data:NO63/4R06iLMuhWl5r6bWnVs9lt3i+yJlzWGV4ZiTqdxLHZdK/RO1cfdrfFr/YsYIrBzIYv1GghzmAjqg3InJsW5hEyYxddPdwxgowmHw44c8jOlCEvcMNuLw+Dh1njX6+mPcO6yPnSFeF3O72l/S4PYuesWUAnVSi4KcvDBsYSAITJkSEbNi8+63QVLPbumCVK/ZmGFWy59fepUe+0hA+IlCQBxKEFpku1bIpDfOlkOkaG9kyH0X3TNuvT5R785q5SBaIr9kez1GpcYtGlY4Mio1zemt9oYxzq7f6i1Ca4i5COUFq0TKtjU87T1fg6fEQ3cA28i57IWu7PMxPoV2Mpnwldg3BiCqGvbNMb3,iv:EcOrTwgJSuuP9suOzA+ZHwOHkX4fqYh77gTtV/W9DAQ=,tag:MSpfI+z5/rM0+cxUfEAAKg==,type:str]",
"sops": {
"age": [
{
"recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNZ2xTdFlaU2JJVFdhM3Rq\nNmFQMEd4NWdwd3RKQUI4dXAxNk0rWnZkRWhnCmFFRXNrUGlRbWpUOXFuU3Z0QndV\nS2NUV2NPVldpWGFPS0NPRm1NNFVSWlUKLS0tIEFhNHE1YndxUXVJbUVDSWU2Qkt5\najI4ajNPN0F3Qmt4Tzhkd3hKY0xpSkEKgaguLuJhrnbPWqeTMFeJD8UET0be46sV\nZNQLyYcINE3mnAQNMGzWFnZ986IrPBI/L/Nsqxni6El764nN6A7hig==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-04-19T12:31:43Z",
"mac": "ENC[AES256_GCM,data:5vmwAXCxmSWh9HZWZGZfFglyDRdrRKiZOnPQrYCzMBYP5hMD9t8sW3xpnmD/2pz5eqP0rIZTE8SCXK4OIJNJ9YJdoRUPDNyTQ5LDIMLbHEcAQrAk3jYN7HnXCa9AUe2nPRQi0KsI0VbxTwIDthqwZSrQAQMZ8m4FYFoBV5tZVpA=,iv:UomaST+33fy6txRq2DpPs+6YUZsvpjC5nwHMfc3ik60=,tag:mQOig05Un2S7UV9nNPKEeQ==,type:str]",
"version": "3.12.2"
}
}

1
nixos/vars/shared/zerotier-controller/zerotier-identity-secret/users/danny
View file

@ -1 +0,0 @@
../../../../../sops/users/danny

1
nixos/vars/shared/zerotier-controller/zerotier-ip/value
View file

@ -1 +0,0 @@
fdd5:53a2:de33:d269:6499:93d5:53a2:de33

1
nixos/vars/shared/zerotier-controller/zerotier-network-id/value
View file

@ -1 +0,0 @@
d553a2de33d26964