Changes to nutmeg and flake.nix

config/host-config/nutboy3.nix

@@ -272,11 +272,19 @@ in {
           };
 
           interfaces.eno2 = {
-            ipv4.addresses = [{
+            ipv4.addresses = [
+              {
                 address = "208.81.4.82";
                 prefixLength = 29;
-            }];
+              }
+              {
+                address = "208.81.1.141";
+                prefixLength = 32;
+              }
+            ];
           };
+
+          firewall.enable = false;
         };
 
         services = {

config/host-config/spark.nix

@@ -1,7 +1,6 @@
 { config, lib, pkgs, ... }:
 
 {
-  config = {
   fudo.slynk.enable = true;
 
   networking = {
@@ -17,5 +16,4 @@
       fcitx5-rime
     ];
   };
-  };
 }

config/hosts.nix

@@ -2,12 +2,12 @@
 
 with lib;
 let
-  syslib = pkgs.callPackage ../lib/hosts.nix {};
+  syslib = pkgs.callPackage ../lib/system.nix {};
 
 in {
   config.fudo.hosts = let
     build-seed = config.instance.build-seed;
-    base-config = syslib.base-host-config ./hosts;
+    base-config = syslib.hosts ./hosts;
   in mapAttrs (hostname: base-config:
     base-config // {
       backplane-password-file =

config/hosts/atom.nix

@@ -3,7 +3,7 @@
   enable-gui = false;
   rp = "niten";
   admin-email = "niten@fudo.org";
-  domain = "sea.fudo.org";
+  domain = "mobile.fudo.org";
   site = "mobile";
   profile = "laptop";
   arch = "x86_64-linux";

config/profile-config/desktop.nix

@@ -4,7 +4,5 @@ with lib;
 {
   imports = [ ./common-ui.nix ];
 
-  config = {
   networking.networkmanager.enable = mkForce false;
-  };
 }

flake.nix

@@ -11,14 +11,27 @@
     fudo-secrets.url = "path:/state/secrets";
   };
 
-  outputs = { self, nixpkgs, fudo-home, fudo-pkgs, fudo-secrets, ... }: let
+  outputs = { self, nixpkgs, fudo-home, fudo-pkgs, fudo-secrets, ... }:
-    hostlib = import ./lib/hosts.nix { lib = nixpkgs.lib; };
+    with nixpkgs.lib;
+    let
+      sys-lib = import ./lib/system.nix { lib = nixpkgs.lib; };
 
-    fudo-nix-hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts:
+      fudo-nix-hosts = nixpkgs.lib.filterAttrs
-      hostOpts.nixos-system) (hostlib.base-host-config ./config/hosts);
+        (hostname: hostOpts: hostOpts.nixos-system)
+        (sys-lib.hosts ./config/hosts);
+
+      fudo-networks = sys-lib.networks ./config/networks;
     in {
       fudoHosts = fudo-nix-hosts;
 
+      fudoNetworks = fudo-networks;
+
+      nixosModule = {
+        imports = [
+          ./lib
+        ];
+      };
+
       nixosConfigurations = let
 
         build-timestamp = self.sourceInfo.lastModified;
@@ -36,12 +49,12 @@
             (import ./lib/overlay.nix)
           ];
         };
-    in nixpkgs.lib.mapAttrs (hostname: hostOpts: let
+      in mapAttrs (hostname: hostOpts: let
         system = hostOpts.arch;
         site = hostOpts.site;
         domain = hostOpts.domain;
         profile = hostOpts.profile;
-    in nixpkgs.lib.nixosSystem {
+      in nixosSystem {
         inherit system;
 
         modules = let
@@ -49,24 +62,39 @@
         in [
           fudo-home.nixosModule
           fudo-secrets.nixosModule
+
+          ({ config, ... }: let
+            network-hosts = config.fudo.networks.${domain}.hosts;
+            host-filesystem-keys =
+              config.fudo.secrets.files.host-filesystem-keys;
+          in {
+            imports = [
               ./lib
               ./config
-
               (config-path + /hardware/${hostname}.nix)
               (config-path + /host-config/${hostname}.nix)
               (config-path + /profile-config/${profile}.nix)
               (config-path + /domain-config/${domain}.nix)
               (config-path + /site-config/${site}.nix)
-        ({ config, ... }: {
+            ];
-          config = {
             instance = {
               inherit hostname build-timestamp;
               build-seed = builtins.readFile
                 config.fudo.secrets.files.build-seed;
             };
-
             nixpkgs.pkgs = pkgs-for system;
-          };
+            # deployment = {
+            #   targetHost =
+            #     network-hosts.${hostname}.ipv4-address;
+
+            #   keys = if (hasAttr hostname host-filesystem-keys) then
+            #     mapAttrs (secret: secret-file: {
+            #       keyFile = secret-file;
+            #       user = "root";
+            #       permissions = "0400";
+            #     }) host-filesystem-keys.${hostname}
+            #   else {};
+            # };
           })
         ];
       }) fudo-nix-hosts;

lib/hosts.nix

@@ -1,24 +0,0 @@
-{ lib, ... }:
-
-with lib;
-let
-  hostname-from-file = filename: builtins.replaceStrings [".nix"] [""] filename;
-
-  is-nix-file = filename: type: (builtins.match ".+\.nix$" filename) != null;
-  is-regular-file = filename: type: type == "regular" || type == "link";
-
-  host-files = host-path:
-    attrNames
-      (filterAttrs is-nix-file
-        (filterAttrs is-regular-file
-          (builtins.readDir host-path)));
-
-  hosts = host-path:
-    map hostname-from-file (host-files host-path);
-in {
-  base-host-config = host-path: let
-    load-host-file = hostname: import (host-path + "/${hostname}.nix");
-  in genAttrs (hosts host-path) (hostname: load-host-file hostname);
-
-  host-list = host-path: hosts host-path;
-}

lib/system.nix

@@ -0,0 +1,36 @@
+{ lib, ... }:
+
+with lib;
+let
+  head-or-null = lst: if (lst == []) then null else head lst;
+  is-regular-file = filename: type: type == "regular" || type == "link";
+  regular-files = path: filterAttrs is-regular-file (builtins.readDir path);
+  matches-ext = ext: filename: type: (builtins.match ".+[.]${ext}$" filename) != null;
+  is-nix-file = matches-ext "nix";
+  strip-ext = ext: filename: head-or-null (builtins.match "(.+)[.]${ext}$" filename);
+  get-ext = filename: head-or-null (builtins.match "^.+[.](.+)$" filename);
+  hostname-from-file = filename: strip-ext "nix";
+  nix-files = path:
+    attrNames
+      (filterAttrs is-nix-file
+        (filterAttrs is-regular-file
+          (builtins.readDir path)));
+
+  basename-to-file = path: let
+    files = nix-files path;
+  in listToAttrs
+    (map (file:
+      nameValuePair (strip-ext "nix" file)
+        (path + "/${file}"))
+      files);
+
+  basename-import = path:
+    mapAttrs (attr: attr-file: import attr-file)
+      (basename-to-file path);
+
+in {
+
+  hosts = host-path: basename-import host-path;
+
+  networks = network-path: basename-import network-path;
+}