refactor(nix): auto-load flake-modules + extract shared dotfiles-rebuild 🌳

- Add import-tree input; flake.nix now auto-loads every file under ./flake-modules so new hosts/features drop in without editing flake.nix. - Extract the duplicated dotfiles-rebuild service, timer, and safe.directory wiring into nixos/modules/dotfiles-rebuild.nix, exposed via flake.nixosModules.dotfiles-rebuild. - sunken-ship and phantom-ship now pull it in from their flake-modules; hostname-specific flakeRef is derived from config.networking.hostName.
2026-04-18 18:00:54 +02:00 · 2026-04-18 18:00:54 +02:00 · 975b2a3ee9
commit 975b2a3ee9
parent 5e7b76bdcf
8 changed files with 80 additions and 81 deletions
--- a/nixos/hosts/phantom-ship.nix
+++ b/nixos/hosts/phantom-ship.nix
@ -2,9 +2,6 @@
 { config, lib, pkgs, ... }:

 let
-  dotfilesDir = "/etc/dotfiles";
-  flakeRef = "${dotfilesDir}/nixos#phantom-ship";
-
  # Telegram user ID(s) — gitignored, not committed to public repo.
  # Create openclaw-allow-from.nix with e.g.: [ 12345678 ]
  allowFromPath = ./openclaw-allow-from.nix;
@ -134,35 +131,6 @@ in
    ReadWritePaths = [ "/var/lib/openclaw" "/etc/openclaw" ];
  };

-  # Trust /etc/dotfiles as root even though it's owned by `danny`.
-  # The GIT_CONFIG_* env vars below only affect the git CLI; nix/libgit2
-  # reads safe.directory from /etc/gitconfig, so set it there too.
-  programs.git.enable = true;
-  programs.git.config.safe.directory = [ dotfilesDir ];
-
-  # Pull dotfiles and rebuild if the repo has new commits.
-  systemd.services.dotfiles-rebuild = {
-    description = "Pull dotfiles and run nixos-rebuild if repo changed";
-    path = with pkgs; [ git nix nixos-rebuild ];
-    environment.GIT_CONFIG_COUNT = "1";
-    environment.GIT_CONFIG_KEY_0 = "safe.directory";
-    environment.GIT_CONFIG_VALUE_0 = dotfilesDir;
-    script = ''
-      set -euo pipefail
-      cd ${dotfilesDir}
-      git fetch origin
-      if [ "$(git rev-parse HEAD)" = "$(git rev-parse origin/main)" ]; then
-        exit 0
-      fi
-      git pull origin main
-      exec nixos-rebuild switch --flake ${flakeRef}
-    '';
-    serviceConfig.Type = "oneshot";
-  };
-
-  systemd.timers.dotfiles-rebuild = {
-    wantedBy = [ "timers.target" ];
-    timerConfig.OnCalendar = "*-*-* *:00/15:00";  # every 15 minutes
-    timerConfig.RandomizedDelaySec = "2min";
-  };
+  # Auto-rebuild service/timer + safe.directory provided by the
+  # shared dotfiles-rebuild NixOS module (see nixos/modules/dotfiles-rebuild.nix).
 }