nixos/CLAUDE.md

49 lines
2.4 KiB
Markdown
Raw Normal View History

# FredOS NixOS Configuration
This is a NixOS flake-based configuration for multiple hosts:
- **FredOS-Gaming** — gaming desktop
- **FredOS-Mediaserver** — home media server **and the home router** (nftables NAT/firewall in `services/router.nix`; `networking.firewall` is disabled on this host, WAN exposure comes from `ports.toml`)
- **FredOS-Macbook** — MacBook laptop
## Structure
- `flake.nix` — flake inputs/outputs; all hosts track the `nixos-26.05` stable channel
- `common.nix` — shared configuration across all hosts
- `hosts/` — per-host NixOS configuration modules (imported per-host by `mkHost` in flake.nix)
- `hosts/hardware/` — hardware-specific configuration
- `home-manager/` — Home Manager configuration (via NixOS module)
- `services/` — modular service definitions, gated by hostname with `lib.mkIf`
- `settings/` — shared settings (desktop, hyprland, quickshell, stylix, …)
- `modules/crowdsec/` — vendored crowdsec modules from nixpkgs PR #446307; delete once that PR lands in the pinned channel
- `ports.toml` — WAN → LAN port forwards consumed by `services/router.nix`
## Deployment
Hosts never pull this repo locally — they rebuild from the Forgejo remote via the
`update` alias (`nixos-rebuild switch --refresh --flake git+https://forg.gregersen.it/rope/nixos`).
That means evaluation is **pure**: config can never read files outside the repo
(e.g. `/var/secrets`) at eval time. Secrets must be injected at service runtime
(see `services/crowdsec.nix` and `services/go2rtc.nix` for the pattern).
## Code Evaluation
Before writing or changing any NixOS / Home Manager option, verify it exists and
has the expected name and type using the `nixos` MCP server tools (`nix` /
`nix_versions`, configured in `.mcp.json`). Don't rely on memory for option or
package names — look them up first to avoid invented attributes that fail at eval.
Always validate Nix expressions with `nix eval` before committing. For example:
```bash
# Evaluate a specific attribute to check for syntax/type errors
nix eval .#nixosConfigurations.FredOS-Gaming.config.system.stateVersion
# Full eval of a host without building
nix eval --raw .#nixosConfigurations.FredOS-Mediaserver.config.system.build.toplevel.drvPath
# Evaluate the full flake outputs to catch top-level errors
nix eval .#nixosConfigurations --apply builtins.attrNames
```
Use `nix flake check` for a broader check of the flake.