docs: update stale dotfiles/nixos flake paths 📝

Stage 4f cleanup. The flake moved from ~/dotfiles/nixos/ to ~/dotfiles/ in 88c5139; docs and install scripts hadn't been refreshed. Point all rebuild / flake references at the new root: - AGENTS.md, README.md, server-quickstart.md, docs/server-installer-usb.md, docs/sunken-ship-wifi.md, nixos/readme.md — rebuild command paths. - scripts/nixos-server-install.sh — auto-detect now looks for flake.nix at repo root (was nixos/flake.nix). - scripts/post-install-provision.sh — first-rebuild hint path. `nixos/hosts/<host>-hardware.nix` and friends stay where they are — host-specific NixOS modules still live under nixos/; only the flake entry-points + sops/ + vars/ + lib/ + modules/ + flake-modules/ moved. nixos/readme.md rewritten to reflect the split (flake at root, per-host modules under nixos/).
2026-04-20 20:28:05 +02:00 · 2026-04-20 20:28:05 +02:00 · b0c8664f5c
commit b0c8664f5c
parent 754cb0d274
8 changed files with 36 additions and 29 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@ -10,11 +10,11 @@ From the Mac, agents can SSH to sunken-ship:
 ssh -i ~/.ssh/id_ed25519_sunken_ship danny@sunken-ship 'hostname; ip addr'
 ```

-Rebuild on the server: `ssh ... 'cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#sunken-ship'`. The server has WiFi; it remains reachable when ethernet is unplugged.
+Rebuild on the server: `ssh ... 'cd /etc/dotfiles && sudo nixos-rebuild switch --flake .#sunken-ship'`. The server has WiFi; it remains reachable when ethernet is unplugged. Preferred from the mac: `nix run git+https://git.clan.lol/clan/clan-core#clan-cli -- machines update sunken-ship --flake ~/dotfiles`.

 ## Server installer USB (new machines only)

-Build from **Linux**: `cd ~/dotfiles/nixos && nix build .#installer-iso` (x86_64-linux only; cannot build on macOS). Or use official NixOS minimal ISO, write to USB, boot server, clone repo, run [scripts/nixos-server-install.sh](scripts/nixos-server-install.sh). See [docs/server-installer-usb.md](docs/server-installer-usb.md). Optional live WiFi: add `nixos/installer-wifi.nix` (gitignored) when building custom ISO on Linux.
+Build from **Linux**: `cd ~/dotfiles && nix build .#installer-iso` (x86_64-linux only; cannot build on macOS). Or use official NixOS minimal ISO, write to USB, boot server, clone repo, run [scripts/nixos-server-install.sh](scripts/nixos-server-install.sh). See [docs/server-installer-usb.md](docs/server-installer-usb.md). Optional live WiFi: add `nixos/installer-wifi.nix` (gitignored) when building custom ISO on Linux.

 ## Learnings (NixOS server)

--- a/README.md
+++ b/README.md
@ -25,7 +25,7 @@ nix-shell -p gh git
 gh auth login
 gh repo clone dannydannydanny/dotfiles && cd dotfiles
 # git checkout <branch>  # if needed
-sudo nixos-rebuild switch --flake ~/dotfiles/nixos#wsl
+sudo nixos-rebuild switch --flake ~/dotfiles#wsl
 ```

 ### Clone via SSH
--- a/docs/server-installer-usb.md
+++ b/docs/server-installer-usb.md
@ -50,7 +50,7 @@ Bootable USB that installs NixOS on a new server with disk encryption (LUKS). Th
 8. SSH in: `ssh danny@phantom-ship`
 9. First rebuild to switch from generic `server-install` to `phantom-ship` config:
   ```bash
-   cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#phantom-ship
+   cd /etc/dotfiles && sudo nixos-rebuild switch --flake .#phantom-ship
   ```
 10. Commit the generated `phantom-ship-hardware.nix` back to the repo.

@ -87,7 +87,7 @@ Adds WiFi kernel modules for servers that need WiFi on the live system.
 ### Build directly on Linux

 ```bash
-cd ~/dotfiles/nixos && nix build .#installer-iso
+cd ~/dotfiles && nix build .#installer-iso
 # Write to USB:
 sudo dd if=result/iso/nixos-minimal-*.iso of=/dev/sdX status=progress bs=4M
 ```
@ -117,7 +117,7 @@ sudo INSTALLER_SYSTEM_CONFIG_FILE=/path/to/wifi.json INSTALLER_HOSTNAME=my-serve

 ```bash
 sudo nix run github:nix-community/disko/latest#disko-install -- \
-  --flake 'path:/tmp/dotfiles/nixos#server-install' \
+  --flake 'path:/tmp/dotfiles#server-install' \
  --disk main /dev/sda \
  --system-config '{"networking":{"hostName":"my-server"}}'
 ```
@ -130,5 +130,5 @@ sudo nix run github:nix-community/disko/latest#disko-install -- \
 | **Boot** | Boot new server from USB, plug Ethernet |
 | **Install** | `curl ... \| INSTALLER_HOSTNAME=phantom-ship SSH_PUBKEY_FILE=/tmp/key.pub sudo -E bash` |
 | **Reboot** | Remove USB, unlock LUKS |
-| **First rebuild** | `sudo nixos-rebuild switch --flake /etc/dotfiles/nixos#phantom-ship` |
+| **First rebuild** | `sudo nixos-rebuild switch --flake /etc/dotfiles#phantom-ship` |
 | **Commit** | Push generated `phantom-ship-hardware.nix` to repo |
--- a/docs/sunken-ship-wifi.md
+++ b/docs/sunken-ship-wifi.md
@ -42,10 +42,10 @@ nix shell nixpkgs#wpa_supplicant -c wpa_passphrase "YOUR_SSID" "YOUR_PASSWORD"

 ## Rebuild (after changing Nix config)

-From the server (flake is in `nixos/`):
+From the server (flake is at the repo root):

 ```bash
-cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#sunken-ship
+cd /etc/dotfiles && sudo nixos-rebuild switch --flake .#sunken-ship
 ```

 ## Verify
--- a/nixos/readme.md
+++ b/nixos/readme.md
@ -1,32 +1,39 @@
-# NixOS flake
+# NixOS modules

-Rebuild from dotfiles dir:
+Host-specific NixOS and home-manager modules live under this dir:
+
+- `hosts/<machine>.nix` + `hosts/<machine>-hardware.nix`
+- `home/danny/home.nix` (home-manager)
+- `fish.nix`, `neovim.nix`, `ollama.nix`, `installer-iso.nix`, `disko-server.nix`
+
+The flake itself (`flake.nix`, `flake.lock`, `flake-modules/`, `lib/`, `modules/`, `sops/`, `vars/`) lives at the **repo root**, not here. See [CLAUDE.md](../CLAUDE.md) at the repo root for rebuild commands, clan.lol operations, and the `dotfiles-rebuild` timer.
+
+## Quick rebuild reference

 ```bash
 # macOS
-cd ~/dotfiles/nixos && darwin-rebuild switch --flake .
+cd ~/dotfiles && darwin-rebuild switch --flake .

 # WSL
-sudo nixos-rebuild switch --flake ~/dotfiles/nixos#wsl
+sudo nixos-rebuild switch --flake ~/dotfiles#wsl

-# sunken-ship (on server)
-sudo nixos-rebuild switch --flake /etc/dotfiles/nixos#sunken-ship
+# Servers (via clan from mac)
+nix run git+https://git.clan.lol/clan/clan-core#clan-cli -- \
+  machines update sunken-ship --flake ~/dotfiles
 ```

-## Server (sunken-ship)
-
-One-time bootstrap (no git until first rebuild):
+## Server bootstrap (one-time)

 ```bash
-nix run --extra-experimental-features "nix-command flakes" nixpkgs#git -- clone https://github.com/DannyDannyDanny/dotfiles.git /tmp/dotfiles
+nix run --extra-experimental-features "nix-command flakes" nixpkgs#git -- \
+  clone https://github.com/DannyDannyDanny/dotfiles.git /tmp/dotfiles
 sudo mv /tmp/dotfiles /etc/dotfiles
-sudo nixos-rebuild switch --flake /etc/dotfiles/nixos#sunken-ship --option accept-flake-config true
+sudo nixos-rebuild switch --flake /etc/dotfiles#sunken-ship \
+  --option accept-flake-config true
 ```

-If the daemon doesn't have flakes: copy [server-configuration-with-flakes.nix](server-configuration-with-flakes.nix) to `/etc/nixos/configuration.nix`, run `sudo nixos-rebuild switch`, then build and switch to the flake (see [server-quickstart.md](../server-quickstart.md) for SSH keys).
+If the daemon doesn't have flakes: copy [server-configuration-with-flakes.nix](server-configuration-with-flakes.nix) to `/etc/nixos/configuration.nix`, `sudo nixos-rebuild switch`, then build the flake.

 SSH keys (not in repo): `scp ~/.ssh/*.pub danny@server:/tmp/`, then on server `mkdir -p ~/.ssh; cat /tmp/*.pub >> ~/.ssh/authorized_keys`. See [docs/ssh-and-secrets.md](../docs/ssh-and-secrets.md).

-Timer: every 15 min the server pulls and rebuilds when `main` changes. Config: `hosts/sunken-ship.nix`, `hosts/sunken-ship-hardware.nix`.
-
 No git in PATH: `sudo nix run nixpkgs#git -- -C /etc/dotfiles pull origin main`.
--- a/scripts/nixos-server-install.sh
+++ b/scripts/nixos-server-install.sh
@ -16,12 +16,12 @@ set -euo pipefail

 FLAKE_REF="${FLAKE_REF:-}"
 if [[ -z "$FLAKE_REF" ]]; then
-  if [[ -d "$(dirname "$0")/../nixos" ]] && [[ -f "$(dirname "$0")/../nixos/flake.nix" ]]; then
+  if [[ -f "$(dirname "$0")/../flake.nix" ]]; then
    REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
-    FLAKE_REF="path:${REPO_ROOT}/nixos"
+    FLAKE_REF="path:${REPO_ROOT}"
  else
    echo "FLAKE_REF not set and not running from dotfiles repo. Example:"
-    echo "  export FLAKE_REF=github:USER/REPO   # or path:/path/to/dotfiles/nixos"
+    echo "  export FLAKE_REF=github:USER/REPO   # or path:/path/to/dotfiles"
    exit 1
  fi
 fi
@ -197,5 +197,5 @@ echo ""
 echo "=== Done! ==="
 echo "Remove the USB and reboot. After unlocking LUKS:"
 echo "  1. SSH in: ssh danny@${hostname}"
-echo "  2. First rebuild: cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#${hostname}"
+echo "  2. First rebuild: cd /etc/dotfiles && sudo nixos-rebuild switch --flake .#${hostname}"
 echo "  3. Commit ${hostname}-hardware.nix back to the repo"
--- a/scripts/post-install-provision.sh
+++ b/scripts/post-install-provision.sh
@ -57,5 +57,5 @@ cryptsetup close crypted 2>/dev/null || true
 echo ""
 echo "=== Done! Remove USB and reboot. ==="
 echo "After unlocking LUKS, SSH in: ssh danny@${HOSTNAME}"
-echo "Then: cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#${HOSTNAME}"
+echo "Then: cd /etc/dotfiles && sudo nixos-rebuild switch --flake .#${HOSTNAME}"
 echo "Commit ${HOSTNAME}-hardware.nix from the USB back to the repo."
--- a/server-quickstart.md
+++ b/server-quickstart.md
@ -44,7 +44,7 @@ Optional: `services.openssh.settings = { PasswordAuthentication = false; PermitR

 ```bash
 sudo nixos-rebuild switch
-# or: sudo nixos-rebuild switch --flake /path/to/dotfiles/nixos#hostname
+# or: sudo nixos-rebuild switch --flake /path/to/dotfiles#hostname
 ```

 Then from your main machine: `ssh danny@myserver`