docs: update readme and CLAUDE.md for forgejo and 26.05
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
a4351473d0
commit
9671dfb793
2 changed files with 86 additions and 94 deletions
23
CLAUDE.md
23
CLAUDE.md
|
|
@ -2,18 +2,28 @@
|
|||
|
||||
This is a NixOS flake-based configuration for multiple hosts:
|
||||
- **FredOS-Gaming** — gaming desktop
|
||||
- **FredOS-Mediaserver** — home media server
|
||||
- **FredOS-Mediaserver** — home media server **and the home router** (nftables NAT/firewall in `services/router.nix`; `networking.firewall` is disabled on this host, WAN exposure comes from `ports.toml`)
|
||||
- **FredOS-Macbook** — MacBook laptop
|
||||
|
||||
## Structure
|
||||
|
||||
- `flake.nix` — flake inputs/outputs; all hosts use `nixpkgs` unstable
|
||||
- `flake.nix` — flake inputs/outputs; all hosts track the `nixos-26.05` stable channel
|
||||
- `common.nix` — shared configuration across all hosts
|
||||
- `hosts/` — per-host NixOS configuration modules
|
||||
- `hosts/` — per-host NixOS configuration modules (imported per-host by `mkHost` in flake.nix)
|
||||
- `hosts/hardware/` — hardware-specific configuration
|
||||
- `home-manager/` — Home Manager configuration (via NixOS module)
|
||||
- `services/` — modular service definitions imported by hosts
|
||||
- `settings/` — shared settings/variables
|
||||
- `services/` — modular service definitions, gated by hostname with `lib.mkIf`
|
||||
- `settings/` — shared settings (desktop, hyprland, quickshell, stylix, …)
|
||||
- `modules/crowdsec/` — vendored crowdsec modules from nixpkgs PR #446307; delete once that PR lands in the pinned channel
|
||||
- `ports.toml` — WAN → LAN port forwards consumed by `services/router.nix`
|
||||
|
||||
## Deployment
|
||||
|
||||
Hosts never pull this repo locally — they rebuild from the Forgejo remote via the
|
||||
`update` alias (`nixos-rebuild switch --refresh --flake git+https://forg.gregersen.it/rope/nixos`).
|
||||
That means evaluation is **pure**: config can never read files outside the repo
|
||||
(e.g. `/var/secrets`) at eval time. Secrets must be injected at service runtime
|
||||
(see `services/crowdsec.nix` and `services/go2rtc.nix` for the pattern).
|
||||
|
||||
## Code Evaluation
|
||||
|
||||
|
|
@ -23,6 +33,9 @@ Always validate Nix expressions with `nix eval` before committing. For example:
|
|||
# Evaluate a specific attribute to check for syntax/type errors
|
||||
nix eval .#nixosConfigurations.FredOS-Gaming.config.system.stateVersion
|
||||
|
||||
# Full eval of a host without building
|
||||
nix eval --raw .#nixosConfigurations.FredOS-Mediaserver.config.system.build.toplevel.drvPath
|
||||
|
||||
# Evaluate the full flake outputs to catch top-level errors
|
||||
nix eval .#nixosConfigurations --apply builtins.attrNames
|
||||
```
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue