From 36d066f3557b46acb3ed1c0b1f5db1f6bb721b39 Mon Sep 17 00:00:00 2001
From: Dmitriy Pleshevskiy <dmitriy@pleshevski.ru>
Date: Sat, 18 Mar 2023 16:47:02 +0300
Subject: [PATCH] refac: restructure nixos

---
 flake.nix                                     |  15 ++++++++++++---
 .../services/mailserver-accounts.secret.nix   | Bin 1122 -> 0 bytes
 machines/modules/networking.secret.nix        | Bin 370 -> 0 bytes
 .../hosts}/asus-gl553vd/default.nix           |  18 ++++++++----------
 .../asus-gl553vd/hardware-configuration.nix   |   0
 .../hosts}/canigou/data.secret.nix            | Bin
 {machines => nixos/hosts}/canigou/default.nix |   9 +++++----
 .../hosts}/canigou/hardware-configuration.nix |   0
 .../hosts}/canigou/networking.secret.nix      | Bin
 .../hosts}/canigou/services/wireguard.nix     |   2 +-
 {machines => nixos/hosts}/default.nix         |  14 +++++++++-----
 {machines => nixos/hosts}/home/default.nix    |  18 ++++++++----------
 .../hosts}/home/hardware-configuration.nix    |   0
 .../hosts}/magenta/data.secret.nix            | Bin
 {machines => nixos/hosts}/magenta/default.nix |  10 +++++-----
 .../hosts}/magenta/hardware-configuration.nix |   0
 .../hosts}/magenta/networking.secret.nix      | Bin
 .../hosts}/magenta/services/gitea.nix         |   2 +-
 .../services/mailserver-accounts.secret.nix   | Bin 0 -> 1131 bytes
 .../hosts}/magenta/services/mailserver.nix    |   0
 .../hosts}/magenta/services/traefik.nix       |   2 +-
 .../services/woodpecker/agent-docker.nix      |   2 +-
 .../magenta/services/woodpecker/common.nix    |   6 +++---
 .../services/woodpecker/data.secret.nix       | Bin
 .../magenta/services/woodpecker/default.nix   |   0
 .../magenta/services/woodpecker/server.nix    |   2 +-
 {machines => nixos}/modules/docker-stack.nix  |   0
 {machines => nixos}/modules/nix.nix           |   0
 {machines => nixos}/modules/traefik.nix       |   0
 .../modules/wireguard-client.nix              |   2 +-
 {machines/modules => nixos/shared}/common.nix |   0
 .../modules => nixos/shared}/docker-swarm.nix |   0
 .../modules => nixos/shared}/fail2ban.nix     |   0
 {machines/modules => nixos/shared}/fonts.nix  |   0
 .../shared}/garbage-collector.nix             |   0
 {machines/modules => nixos/shared}/gnupg.nix  |   0
 nixos/shared/networking.secret.nix            | Bin 0 -> 340 bytes
 {machines/modules => nixos/shared}/sound.nix  |   0
 .../shared}/window-manager.nix                |   0
 39 files changed, 56 insertions(+), 46 deletions(-)
 delete mode 100644 machines/magenta/services/mailserver-accounts.secret.nix
 delete mode 100644 machines/modules/networking.secret.nix
 rename {machines => nixos/hosts}/asus-gl553vd/default.nix (81%)
 rename {machines => nixos/hosts}/asus-gl553vd/hardware-configuration.nix (100%)
 rename {machines => nixos/hosts}/canigou/data.secret.nix (100%)
 rename {machines => nixos/hosts}/canigou/default.nix (72%)
 rename {machines => nixos/hosts}/canigou/hardware-configuration.nix (100%)
 rename {machines => nixos/hosts}/canigou/networking.secret.nix (100%)
 rename {machines => nixos/hosts}/canigou/services/wireguard.nix (96%)
 rename {machines => nixos/hosts}/default.nix (76%)
 rename {machines => nixos/hosts}/home/default.nix (87%)
 rename {machines => nixos/hosts}/home/hardware-configuration.nix (100%)
 rename {machines => nixos/hosts}/magenta/data.secret.nix (100%)
 rename {machines => nixos/hosts}/magenta/default.nix (78%)
 rename {machines => nixos/hosts}/magenta/hardware-configuration.nix (100%)
 rename {machines => nixos/hosts}/magenta/networking.secret.nix (100%)
 rename {machines => nixos/hosts}/magenta/services/gitea.nix (98%)
 create mode 100644 nixos/hosts/magenta/services/mailserver-accounts.secret.nix
 rename {machines => nixos/hosts}/magenta/services/mailserver.nix (100%)
 rename {machines => nixos/hosts}/magenta/services/traefik.nix (98%)
 rename {machines => nixos/hosts}/magenta/services/woodpecker/agent-docker.nix (93%)
 rename {machines => nixos/hosts}/magenta/services/woodpecker/common.nix (66%)
 rename {machines => nixos/hosts}/magenta/services/woodpecker/data.secret.nix (100%)
 rename {machines => nixos/hosts}/magenta/services/woodpecker/default.nix (100%)
 rename {machines => nixos/hosts}/magenta/services/woodpecker/server.nix (96%)
 rename {machines => nixos}/modules/docker-stack.nix (100%)
 rename {machines => nixos}/modules/nix.nix (100%)
 rename {machines => nixos}/modules/traefik.nix (100%)
 rename {machines => nixos}/modules/wireguard-client.nix (97%)
 rename {machines/modules => nixos/shared}/common.nix (100%)
 rename {machines/modules => nixos/shared}/docker-swarm.nix (100%)
 rename {machines/modules => nixos/shared}/fail2ban.nix (100%)
 rename {machines/modules => nixos/shared}/fonts.nix (100%)
 rename {machines/modules => nixos/shared}/garbage-collector.nix (100%)
 rename {machines/modules => nixos/shared}/gnupg.nix (100%)
 create mode 100644 nixos/shared/networking.secret.nix
 rename {machines/modules => nixos/shared}/sound.nix (100%)
 rename {machines/modules => nixos/shared}/window-manager.nix (100%)

diff --git a/flake.nix b/flake.nix
index ec9e682..27e7218 100644
--- a/flake.nix
+++ b/flake.nix
@@ -84,6 +84,14 @@
                 '')
                 vpsMachines);
 
+              rollback = lib.recurseIntoAttrs (lib.mapAttrs
+                (hostname: machine: pkgs.writeShellScript "rollback-${hostname}" ''
+                  ${nixos-rebuild}/bin/nixos-rebuild test \
+                    --rollback \
+                    --flake .#${hostname}
+                '')
+                self.nixosConfigurations);
+
               switch = lib.recurseIntoAttrs (lib.mapAttrs
                 (hostname: machine: pkgs.writeShellScript "switch-${hostname}" ''
                   ${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@
@@ -95,6 +103,7 @@
                   ${nixos-rebuild}/bin/nixos-rebuild test --flake .#${hostname} $@
                 '')
                 localMachines);
+
             });
 
           devShells = {
@@ -137,7 +146,6 @@
                   agenix.nixosModules.default
                   home-manager.nixosModule
                 ])
-                ++ [ ./machines/${hostname} ]
                 ++ extraModules
                 ++ [
                   # deployment settings
@@ -156,8 +164,9 @@
                     home-manager.useGlobalPkgs = true;
                     home-manager.useUserPackages = true;
                   })
-                ];
+                ]
+                ++ [ ./nixos/hosts/${hostname} ];
             })
-          (import ./machines inputs);
+          (import ./nixos/hosts inputs);
     };
 }
diff --git a/machines/magenta/services/mailserver-accounts.secret.nix b/machines/magenta/services/mailserver-accounts.secret.nix
deleted file mode 100644
index d26568644cacf7049a6676fa6fc60b48b6e46d6d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1122
zcmV-o1fBZ;M@dveQdv+`0Pve>kef#r;4Am0iXq=TspE)AUQ*9(OzgXGioniidSg2$
z?aO)R91_;iQqCL4i;}9TRWwvXOzdVssDT=<q@mC{@^{X#I-#$Gd&I^fK$^iBG<a^G
z^lV70Q*wI(Ost40Q-{^7eH=fg7c<!#vT4!jIChDg*u0gHDq=wiW5P_a2;O+&>2NY^
zS?~gDVK@9F*GV5O)j_jTFvwe2@(Nq2!)`#4PegxY+V3#*fkb3>zFf(ax?9`bQv*>O
zLH79@FWVMl&1)5d%17F~53UyqCNI<e$Wf(PTFB!k<=uj=zPX&z$&PF-nca^x*6(^S
z?DqhN()BGplWVUOaWkl*w`|*IZtfENA;LsstH<1Woh3BQW#`bSki~5gP+=(_c`{dR
zo_ck5T1zsgTfk&e(mcaTxxK_9kjfr#1I|OkFydzg3-32(A)%i42WOCDC~ABIyWBnn
zrG796C5NcWnc`M$HG;|Fj6aekoB^E$SZF;W%y!MBRCZEXt;_NVO2O=4&eon)DiWs|
zeL$uLCAlR;kSz5OIyH7691U`QpOX<zvixvQq{4$Budl>Dc)(D_wqUI2F!xA#C`6mI
zg6M*zgolSrydMnZ9%@0~Dam2>ijD*I`s8FDS*K^mYcg87Z_A$1t3J~UL&cDl(5Cq;
z-D(#a!j~;8O1E)2Q)01w>Y$Ie+)I_a2qs*G*ueP9A=hM%>VL?i{2HO1zfqhUgaNqL
z#W)Vhr&D5VwS@HJbn!h_Dqhd#z%e0juoI4Bd-!ITptC<+D{(9W-Jm=2KH?G0p4pZZ
zC_3ksf;QR++3=I<bqcb5WNC}#mZ_naQ0f@ZwPQ>B`*QO6Zms)IdFvcYCVQ09=@-_D
z4(b#jET_YmQ~FP_%h(4$$p8Goai^Gf#nqDeS*LDRnj=L)t2u`-JuhU}wqmLqP?^h9
zLFj%3Om^YNeHe<Vy#|b9uPfXiQ-2j_vWI-Gzz*r$oT#?LiGzC%F4QDSJkXx@G*XV`
z7}I`E?zC5^b8ndDp{EEnwn2(E1dnlYDj23T-!Y0<hY<x^qo*&@Mol#>FACE4(r|>%
zfxHrn0zrg`weVn<zOZkhH1>$jVeCfRQ!2vTY7ovOq29nMnGJ|H!}7oS!m-($777Wu
z&vrsLvb2}Kls#O-yx0$XGUp0>sQi=A0!@nq>Ex4$ED^!qg>=<_)Fs{u2kzY=#&`5x
zm)v1E;ktB%%r?`%nL7KAP15ouz*>oI1}6kO{+|8PwQ5^7Ce|`!J&E7p1YRcmxmDF5
zDI#j|nu5oRZ>qChBd_~f|4g5s3=YVL6LH`js>7ERX6O$ny(1*1W31K=Ler4BM(GQz
zf3~BSu9s7@{MBoU%)0rdfqJn(QJ;0meKQb2(}5LormzG<0fPrPa82Fa7u8U!fPs{#
on4y3kFM~Ps`rKywE($+oSx6s!Qg@RKM1es|J1u?K9=6X-U%+55dH?_b

diff --git a/machines/modules/networking.secret.nix b/machines/modules/networking.secret.nix
deleted file mode 100644
index f500ba75c79361a62a7dd1815b5259cc86b94ee7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 370
zcmV-&0ge6uM@dveQdv+`0B;!u0g|h*K;s@>z5FO`xCcN%m}+#}{v0A=#md=RiNdUd
zjLRUgUj5)!e_QK$&gT8F4mmZB__V&PO4{!^lD0lqA#9aREuHW=a}VRx4P%@1mp2PS
zuKr;6czjfcEeXbUddBa@`dF}?s;jVyRj(Lb9wJfcG+_-~LEVWKi5@6`SvkVrdc+vO
z&-Dv_QNo+qA)e~qIAFygn;Hx3-M%ETXe@|CGt%$jR(ufodMuyt96m;~P@e%4<v^1G
zTm`Nw8FCkb$Mvl{(@?+DgA9CIJA{w9z4nM~*LgvYUVf&yRa4$)ao|RSGq@nAIhFdA
zfFErSn*}@?6*%4URDo#+G-ZQ5!<3zl^=Wr+xYm!H8kEa?C^o%5JwuH{@R@bKy=tdq
z1cp+L4_;Z36?Arz;x2zC6dlBmN^m_a@C%-g^*x(34o?Rz1Cy92^PtvcH}vvNT63bB
Q(H#^9N#zNfL40=Ri{|F9B>(^b

diff --git a/machines/asus-gl553vd/default.nix b/nixos/hosts/asus-gl553vd/default.nix
similarity index 81%
rename from machines/asus-gl553vd/default.nix
rename to nixos/hosts/asus-gl553vd/default.nix
index aac31b3..e6da7cf 100644
--- a/machines/asus-gl553vd/default.nix
+++ b/nixos/hosts/asus-gl553vd/default.nix
@@ -4,15 +4,13 @@
   imports = [
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
-    ../modules/common.nix
-    ../modules/sound.nix
-    ../modules/window-manager.nix
-    ../modules/fonts.nix
-    ../modules/gnupg.nix
-    ../modules/nix.nix
-    ../modules/garbage-collector.nix
-    ../modules/networking.secret.nix
-    ../modules/wireguard-client.nix
+    ../../shared/common.nix
+    ../../shared/sound.nix
+    ../../shared/window-manager.nix
+    ../../shared/fonts.nix
+    ../../shared/gnupg.nix
+    ../../shared/garbage-collector.nix
+    ../../shared/networking.secret.nix
   ];
 
   # Use latest kernel
@@ -72,7 +70,7 @@
 
   # Wireguard client
   age.secrets.wireguard-asus-gl553vd-private = {
-    file = ../../secrets/wireguard-asus-gl553vd-private.age;
+    file = ../../../../secrets/wireguard-asus-gl553vd-private.age;
     mode = "0400";
   };
   local.wireguard = {
diff --git a/machines/asus-gl553vd/hardware-configuration.nix b/nixos/hosts/asus-gl553vd/hardware-configuration.nix
similarity index 100%
rename from machines/asus-gl553vd/hardware-configuration.nix
rename to nixos/hosts/asus-gl553vd/hardware-configuration.nix
diff --git a/machines/canigou/data.secret.nix b/nixos/hosts/canigou/data.secret.nix
similarity index 100%
rename from machines/canigou/data.secret.nix
rename to nixos/hosts/canigou/data.secret.nix
diff --git a/machines/canigou/default.nix b/nixos/hosts/canigou/default.nix
similarity index 72%
rename from machines/canigou/default.nix
rename to nixos/hosts/canigou/default.nix
index 123159d..e5706f6 100644
--- a/machines/canigou/default.nix
+++ b/nixos/hosts/canigou/default.nix
@@ -1,16 +1,17 @@
 { pkgs, ... }:
 
 let
-  data = import ../../data.nix;
+  data = import ../../../data.nix;
 in
 {
   imports = [
     ./hardware-configuration.nix
     ./networking.secret.nix # generated at runtime by nixos-infect
 
-    ../modules/common.nix
-    ../modules/fail2ban.nix
-    ../modules/docker-swarm.nix
+    ../../shared/common.nix
+    ../../shared/fail2ban.nix
+    ../../shared/garbage-collector.nix
+    ../../shared/docker-swarm.nix
 
     ./services/wireguard.nix
   ];
diff --git a/machines/canigou/hardware-configuration.nix b/nixos/hosts/canigou/hardware-configuration.nix
similarity index 100%
rename from machines/canigou/hardware-configuration.nix
rename to nixos/hosts/canigou/hardware-configuration.nix
diff --git a/machines/canigou/networking.secret.nix b/nixos/hosts/canigou/networking.secret.nix
similarity index 100%
rename from machines/canigou/networking.secret.nix
rename to nixos/hosts/canigou/networking.secret.nix
diff --git a/machines/canigou/services/wireguard.nix b/nixos/hosts/canigou/services/wireguard.nix
similarity index 96%
rename from machines/canigou/services/wireguard.nix
rename to nixos/hosts/canigou/services/wireguard.nix
index d791ccd..0b6dfcf 100644
--- a/machines/canigou/services/wireguard.nix
+++ b/nixos/hosts/canigou/services/wireguard.nix
@@ -58,7 +58,7 @@ in
   };
 
   age.secrets.wireguard-canigou-private = {
-    file = ../../../secrets/wireguard-canigou-private.age;
+    file = ../../../../secrets/wireguard-canigou-private.age;
     mode = "0400";
   };
 }
diff --git a/machines/default.nix b/nixos/hosts/default.nix
similarity index 76%
rename from machines/default.nix
rename to nixos/hosts/default.nix
index ddd1a02..1cc4f72 100644
--- a/machines/default.nix
+++ b/nixos/hosts/default.nix
@@ -9,8 +9,10 @@ in
 
     extraModules = [
       hardware.common-gpu-amd
-      ../users/jan
-      ../users/nas
+      ../modules/nix.nix
+      ../modules/wireguard-client.nix
+      ../../users/jan
+      ../../users/nas
     ];
 
     extraHomeModule = { ... }: {
@@ -24,8 +26,10 @@ in
 
     extraModules = [
       hardware.common-cpu-intel
-      ../users/jan
-      ../users/nas
+      ../modules/nix.nix
+      ../modules/wireguard-client.nix
+      ../../users/jan
+      ../../users/nas
     ];
 
     extraHomeModule = { ... }: {
@@ -41,7 +45,7 @@ in
 
     extraModules = [
       inputs.mailserver.nixosModule
-      ./modules/docker-stack.nix
+      ../modules/docker-stack.nix
     ];
   };
 
diff --git a/machines/home/default.nix b/nixos/hosts/home/default.nix
similarity index 87%
rename from machines/home/default.nix
rename to nixos/hosts/home/default.nix
index 99eab9f..29b044f 100644
--- a/machines/home/default.nix
+++ b/nixos/hosts/home/default.nix
@@ -4,15 +4,13 @@
   imports = [
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
-    ../modules/common.nix
-    ../modules/sound.nix
-    ../modules/window-manager.nix
-    ../modules/fonts.nix
-    ../modules/gnupg.nix
-    ../modules/nix.nix
-    ../modules/garbage-collector.nix
-    ../modules/networking.secret.nix
-    ../modules/wireguard-client.nix
+    ../../shared/common.nix
+    ../../shared/sound.nix
+    ../../shared/window-manager.nix
+    ../../shared/fonts.nix
+    ../../shared/gnupg.nix
+    ../../shared/garbage-collector.nix
+    ../../shared/networking.secret.nix
   ];
 
   # Configure kernel
@@ -96,7 +94,7 @@
 
   # Wireguard client
   age.secrets.wireguard-home-private = {
-    file = ../../secrets/wireguard-home-private.age;
+    file = ../../../secrets/wireguard-home-private.age;
     mode = "0400";
   };
   local.wireguard = {
diff --git a/machines/home/hardware-configuration.nix b/nixos/hosts/home/hardware-configuration.nix
similarity index 100%
rename from machines/home/hardware-configuration.nix
rename to nixos/hosts/home/hardware-configuration.nix
diff --git a/machines/magenta/data.secret.nix b/nixos/hosts/magenta/data.secret.nix
similarity index 100%
rename from machines/magenta/data.secret.nix
rename to nixos/hosts/magenta/data.secret.nix
diff --git a/machines/magenta/default.nix b/nixos/hosts/magenta/default.nix
similarity index 78%
rename from machines/magenta/default.nix
rename to nixos/hosts/magenta/default.nix
index 971143a..65d2cce 100644
--- a/machines/magenta/default.nix
+++ b/nixos/hosts/magenta/default.nix
@@ -1,17 +1,17 @@
 { config, pkgs, lib, ... }:
 
 let
-  data = import ../../data.nix;
+  data = import ../../../data.nix;
 in
 {
   imports = [
     ./hardware-configuration.nix
     ./networking.secret.nix # generated at runtime by nixos-infect
 
-    ../modules/common.nix
-    ../modules/fail2ban.nix
-    ../modules/garbage-collector.nix
-    ../modules/docker-swarm.nix
+    ../../shared/common.nix
+    ../../shared/fail2ban.nix
+    ../../shared/garbage-collector.nix
+    ../../shared/docker-swarm.nix
 
     ./services/mailserver.nix
     ./services/gitea.nix
diff --git a/machines/magenta/hardware-configuration.nix b/nixos/hosts/magenta/hardware-configuration.nix
similarity index 100%
rename from machines/magenta/hardware-configuration.nix
rename to nixos/hosts/magenta/hardware-configuration.nix
diff --git a/machines/magenta/networking.secret.nix b/nixos/hosts/magenta/networking.secret.nix
similarity index 100%
rename from machines/magenta/networking.secret.nix
rename to nixos/hosts/magenta/networking.secret.nix
diff --git a/machines/magenta/services/gitea.nix b/nixos/hosts/magenta/services/gitea.nix
similarity index 98%
rename from machines/magenta/services/gitea.nix
rename to nixos/hosts/magenta/services/gitea.nix
index 767eaf8..9d86c3f 100644
--- a/machines/magenta/services/gitea.nix
+++ b/nixos/hosts/magenta/services/gitea.nix
@@ -122,7 +122,7 @@ in
   };
 
   age.secrets.gitea-smtp-passfile = {
-    file = ../../../secrets/gitea-smtp-passfile.age;
+    file = ../../../../secrets/gitea-smtp-passfile.age;
     owner = giteaCfg.user;
     group = "gitea";
   };
diff --git a/nixos/hosts/magenta/services/mailserver-accounts.secret.nix b/nixos/hosts/magenta/services/mailserver-accounts.secret.nix
new file mode 100644
index 0000000000000000000000000000000000000000..4dd5b9577604336cede4d659a9541f66c77ecaab
GIT binary patch
literal 1131
zcmV-x1eE&#M@dveQdv+`08UV|0x5D=?$T@#19Q69p;O{au;^5oLq9Mjb0l{AKdFQi
z0rc{AEL3Y~Vv@8Xf5-|tLEju@o{<|vdCC@o4G7gZ>-~+fwYs$Ty;{U991kU^RcEwe
zWjQNuGRcrgmOJWZotERgl<Ui8p;gJoATw;3t{y+UQ&q%|H`-U)j`XuUnsCts9hfJI
z=I-DI=(Tr_an`PgX6897h1KL%><(uLUd<=jMmWbVcNZIBgB47^yRb;+hDZ1Avh28m
zjYuUGMR*VAx&(I83}+Gnqw!qKhM{a&-f1)WSfUQZ^%ZB&`E9j>x8^>y&D0M+0GN-y
zao#oMX=`tnRG+46QPA8HV^k-Dc~Bm0P<Pa2trw9!2sy8lyl6*^AIRqXlSv6Sbiba9
zHBNL+^zY}S=m5334DwjD7&Ws{ZdF^+XcyZ&q4N`GB?oN&04=vg&2S9rQMLTzMuv*{
z(=V-l9qA-Z%??*9?+(ZkF|rY5m<x}i5xhP2EP=l+bpoVb#@RqKcJ@lWzWsxGnGyp8
z2_nR8ZvsGx>~3}?vCjNGWJoe%{pOmVQEd-&`F1f)J%k^&S#)~ok0~|Y5TDt^jMA#j
zf*V}Z{v!NY$qcm+umtT59nnEE4xn#)lgt)+bNCHJq*yEOvU7^N-JzLc1rJRgTV$2i
z$&CA}P&k*jwy^&>Mw85Y^V(yi*_Rvg6CcumVkHWXx`0YOD)|i;&-<cC&6FFFhyOQ$
zUgh0q+Pjy(-@l5t1*!KEwt%5W#G0l}qoGa5bOu`(W=9}k_pm<vfv!1BRwLjcBXL@C
zz=-xZwMcX>oM0tWCtfS9uBLw1_KY#=YZb%`w0cAmBUUd_TtKd>9+;NsZm&AUQnQ5l
zR~wsraoOgN;M>Y=*ON6Cs)N^RRq6qp^3elW{ude2>m35tc;998^9~{z$ZY8s+ldI%
zQ~V*w;L%w0%U1JiWwSjGaUv$4=Sm6F<J6CWA1#jUww94hi>dItC{F9E16(D$JSf17
zucY*;`N&CILPVtI*Kzaz<TZZG{N>^FhdIJnaIQ_`A^Q=S744^BJa&hix86rn+N{XO
zk79c%RpP7@ZF4?5=`DLrz%OsVi+p!VS6E(X0+bEKy<^j6T!-XS#B~J>1j=ovls;d?
zCpUPoq;rh4zF!DNx9L=QyB(TxKLx}Nu3J%@1F(LWKmg@VQo;BeQH3jy0LfO+ljJH`
zH;e|r;^W_0@eZt8d<(<MkeR&RdJePV@+h)dV9=gPTP>;>nC3DxT<?#Gx~??>i)3^h
zbw*7FQWao_bx!oo-4`PN1Fng2iNd+atu0zQ(*$UeUyJo|G*wvc{6ZnFBah@hp#&^M
zqFF!DlO<6Z&JDpWkA!~+5JUR_*@+lCNb?*xA?(~AYJXuF9M{Cxf-`Q4+mmS5@ccyk
x9e`+gaCyf@up3F}QukRBl2u<>{Ug9lo5!RFsgWoq)HrhRKs(NT?-whYrkHllDGUGr

literal 0
HcmV?d00001

diff --git a/machines/magenta/services/mailserver.nix b/nixos/hosts/magenta/services/mailserver.nix
similarity index 100%
rename from machines/magenta/services/mailserver.nix
rename to nixos/hosts/magenta/services/mailserver.nix
diff --git a/machines/magenta/services/traefik.nix b/nixos/hosts/magenta/services/traefik.nix
similarity index 98%
rename from machines/magenta/services/traefik.nix
rename to nixos/hosts/magenta/services/traefik.nix
index ff48fd4..44e03c8 100644
--- a/machines/magenta/services/traefik.nix
+++ b/nixos/hosts/magenta/services/traefik.nix
@@ -54,7 +54,7 @@ in
   systemd.tmpfiles.rules = [ "d '${dataDir}' 0700 ${user} ${group} - -" ];
 
   age.secrets.traefik-dashboard-basicauth-users = {
-    file = ../../../secrets/traefik-dashboard-basicauth-users.age;
+    file = ../../../../secrets/traefik-dashboard-basicauth-users.age;
     owner = user;
     inherit group;
   };
diff --git a/machines/magenta/services/woodpecker/agent-docker.nix b/nixos/hosts/magenta/services/woodpecker/agent-docker.nix
similarity index 93%
rename from machines/magenta/services/woodpecker/agent-docker.nix
rename to nixos/hosts/magenta/services/woodpecker/agent-docker.nix
index 633a425..b68c50e 100644
--- a/machines/magenta/services/woodpecker/agent-docker.nix
+++ b/nixos/hosts/magenta/services/woodpecker/agent-docker.nix
@@ -1,7 +1,7 @@
 { pkgs, config, ... }:
 
 let
-  nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { };
+  nextPkgs = pkgs.callPackage ../../../../../packages/woodpecker { };
 
   canigouData = import ../../data.secret.nix;
 
diff --git a/machines/magenta/services/woodpecker/common.nix b/nixos/hosts/magenta/services/woodpecker/common.nix
similarity index 66%
rename from machines/magenta/services/woodpecker/common.nix
rename to nixos/hosts/magenta/services/woodpecker/common.nix
index 9c7026d..e98720a 100644
--- a/machines/magenta/services/woodpecker/common.nix
+++ b/nixos/hosts/magenta/services/woodpecker/common.nix
@@ -18,10 +18,10 @@ in
   };
   users.groups.docker.members = [ userAgent userServer ];
 
-  age.secrets.woodpecker-common-env.file = ../../../../secrets/woodpecker-common-env.age;
-  age.secrets.woodpecker-server-env.file = ../../../../secrets/woodpecker-server-env.age;
+  age.secrets.woodpecker-common-env.file = ../../../../../secrets/woodpecker-common-env.age;
+  age.secrets.woodpecker-server-env.file = ../../../../../secrets/woodpecker-server-env.age;
   age.secrets.woodpecker-docker-config = {
-    file = ../../../../secrets/docker-config.json.age;
+    file = ../../../../../secrets/docker-config.json.age;
     mode = "440";
     inherit group;
   };
diff --git a/machines/magenta/services/woodpecker/data.secret.nix b/nixos/hosts/magenta/services/woodpecker/data.secret.nix
similarity index 100%
rename from machines/magenta/services/woodpecker/data.secret.nix
rename to nixos/hosts/magenta/services/woodpecker/data.secret.nix
diff --git a/machines/magenta/services/woodpecker/default.nix b/nixos/hosts/magenta/services/woodpecker/default.nix
similarity index 100%
rename from machines/magenta/services/woodpecker/default.nix
rename to nixos/hosts/magenta/services/woodpecker/default.nix
diff --git a/machines/magenta/services/woodpecker/server.nix b/nixos/hosts/magenta/services/woodpecker/server.nix
similarity index 96%
rename from machines/magenta/services/woodpecker/server.nix
rename to nixos/hosts/magenta/services/woodpecker/server.nix
index 3d57b50..dfde4fa 100644
--- a/machines/magenta/services/woodpecker/server.nix
+++ b/nixos/hosts/magenta/services/woodpecker/server.nix
@@ -2,7 +2,7 @@
 { pkgs, config, ... }:
 
 let
-  nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { };
+  nextPkgs = pkgs.callPackage ../../../../../packages/woodpecker { };
 
   data = import ./data.secret.nix;
   inherit (data) hostname port grpcPort userServer group database;
diff --git a/machines/modules/docker-stack.nix b/nixos/modules/docker-stack.nix
similarity index 100%
rename from machines/modules/docker-stack.nix
rename to nixos/modules/docker-stack.nix
diff --git a/machines/modules/nix.nix b/nixos/modules/nix.nix
similarity index 100%
rename from machines/modules/nix.nix
rename to nixos/modules/nix.nix
diff --git a/machines/modules/traefik.nix b/nixos/modules/traefik.nix
similarity index 100%
rename from machines/modules/traefik.nix
rename to nixos/modules/traefik.nix
diff --git a/machines/modules/wireguard-client.nix b/nixos/modules/wireguard-client.nix
similarity index 97%
rename from machines/modules/wireguard-client.nix
rename to nixos/modules/wireguard-client.nix
index d5757fc..afdb0af 100644
--- a/machines/modules/wireguard-client.nix
+++ b/nixos/modules/wireguard-client.nix
@@ -5,7 +5,7 @@ let
 
   port = 51820;
 
-  serverAddr = (import ../canigou/data.secret.nix).addr;
+  serverAddr = (import ../hosts/canigou/data.secret.nix).addr;
 
   # Run `ip route` to show gateway
   defaultGateway = "192.168.0.1";
diff --git a/machines/modules/common.nix b/nixos/shared/common.nix
similarity index 100%
rename from machines/modules/common.nix
rename to nixos/shared/common.nix
diff --git a/machines/modules/docker-swarm.nix b/nixos/shared/docker-swarm.nix
similarity index 100%
rename from machines/modules/docker-swarm.nix
rename to nixos/shared/docker-swarm.nix
diff --git a/machines/modules/fail2ban.nix b/nixos/shared/fail2ban.nix
similarity index 100%
rename from machines/modules/fail2ban.nix
rename to nixos/shared/fail2ban.nix
diff --git a/machines/modules/fonts.nix b/nixos/shared/fonts.nix
similarity index 100%
rename from machines/modules/fonts.nix
rename to nixos/shared/fonts.nix
diff --git a/machines/modules/garbage-collector.nix b/nixos/shared/garbage-collector.nix
similarity index 100%
rename from machines/modules/garbage-collector.nix
rename to nixos/shared/garbage-collector.nix
diff --git a/machines/modules/gnupg.nix b/nixos/shared/gnupg.nix
similarity index 100%
rename from machines/modules/gnupg.nix
rename to nixos/shared/gnupg.nix
diff --git a/nixos/shared/networking.secret.nix b/nixos/shared/networking.secret.nix
new file mode 100644
index 0000000000000000000000000000000000000000..b878e8ff92db4c83a1de3884db873bfabc8dd0ba
GIT binary patch
literal 340
zcmV-a0jvH1M@dveQdv+`0Claxag#Oe77mxLhd<hK%Bo5_ENvDe;)=F3i}xtf!H(OJ
z1pxh1jYG?6m_PD_!5d)@R?G-G`=%5z$k+W7p&?ntI|I-Q+VTy_A?kK~+M^(HD%NOf
zgq@mSG#w9V-5K`)CG2AaYHkHg8TE>gyySiQdW{GjkhLvYS#5h95&lb>wFzDbB}RY*
zbf?Rs0k7mAT+D_#SOneS<o|L4$vDAytW@gB!#eL3k(FKQhaxr~h5V6u0cMiIJ6)8A
zYHV2gCv}A2%8Nli1pb~rdRpAEQ3*JD0ry2oR5JkGM66O;cCo-*SkR({Bdt1(2euVK
zB9fJe97%+uxM3sXpta%MYLFwt5jgumlhm4{X#KULwhXf#Ds9zPqVd;hD-k|ji#8c0
m?*lp>yzdIvo*bDtM+Zm)8=+t1N|$vfOj>I1E-u>BA^kd^OPkvO

literal 0
HcmV?d00001

diff --git a/machines/modules/sound.nix b/nixos/shared/sound.nix
similarity index 100%
rename from machines/modules/sound.nix
rename to nixos/shared/sound.nix
diff --git a/machines/modules/window-manager.nix b/nixos/shared/window-manager.nix
similarity index 100%
rename from machines/modules/window-manager.nix
rename to nixos/shared/window-manager.nix