flake-parts/scripts.nix

@@ -7,19 +7,19 @@
       lib,
       ...
     }:
-    let
+    {
-      mkScript = file: rec {
+      packages =
+        "${self}/scripts"
+        |> lib.filesystem.listFilesRecursive
+        |> lib.map (file: {
           name =
             file
             |> lib.unsafeDiscardStringContext
             |> lib.removePrefix "${self}/scripts/"
             |> lib.removeSuffix ".nix"
             |> lib.replaceString "/" "-";
-        value = pkgs.writeShellApplication ({ inherit name; } // import file { inherit self' pkgs lib; });
+          value = import file { inherit self' pkgs lib; };
-      };
+        })
-    in
+        |> lib.listToAttrs;
-    {
-      packages =
-        "${self}/scripts" |> lib.filesystem.listFilesRecursive |> lib.map mkScript |> lib.listToAttrs;
     };
 }

flake-parts/tests.nix

@@ -2,14 +2,18 @@
 {
   perSystem =
     { pkgs, lib, ... }:
-    let
+    {
-      mkTest = dir: rec {
+      checks =
-        name = "${dir}-test";
+        "${self}/tests"
+        |> builtins.readDir
+        |> lib.attrNames
+        |> lib.map (name: {
+          name = "${name}-test";
           value = pkgs.testers.runNixOSTest (
             {
-            inherit name;
+              name = "${name}-test";
             }
-          // import "${self}/tests/${dir}" {
+            // import "${self}/tests/${name}" {
               inherit
                 inputs
                 self
@@ -18,9 +22,7 @@
                 ;
             }
           );
-      };
+        })
-    in
+        |> lib.listToAttrs;
-    {
-      checks = "${self}/tests" |> builtins.readDir |> lib.attrNames |> lib.map mkTest |> lib.listToAttrs;
     };
 }

flake.nix

@@ -70,6 +70,6 @@
         ./flake-parts
         |> builtins.readDir
         |> builtins.attrNames
-        |> builtins.map (name: ./flake-parts/${name});
+        |> builtins.map (name: ./flake-parts + "/${name}");
     };
 }

modules/system/networking/overlay.nix

@@ -11,7 +11,7 @@ in
   options.custom.networking.overlay = {
     networkCidr = lib.mkOption {
       type = lib.types.nonEmptyStr;
-      default = "10.254.250.0/24";
+      default = "";
     };
     networkAddress = lib.mkOption {
       type = lib.types.nonEmptyStr;
@@ -25,7 +25,7 @@ in
     };
     domain = lib.mkOption {
       type = lib.types.nonEmptyStr;
-      default = "splitleaf.de";
+      default = "";
     };
     fqdn = lib.mkOption {
       type = lib.types.nonEmptyStr;
@@ -43,11 +43,11 @@ in
     };
     interface = lib.mkOption {
       type = lib.types.nonEmptyStr;
-      default = "nebula";
+      default = "";
     };
     systemdUnit = lib.mkOption {
       type = lib.types.nonEmptyStr;
-      default = "nebula@mesh.service";
+      default = "";
     };
 
     isLighthouse = lib.mkEnableOption "";

modules/system/services/nebula/default.nix

@@ -51,6 +51,13 @@ in
       message = "`${netCfg.hostName}` is a Nebula lighthouse, but `underlay.isPublic` is not set. Lighthouses must be publicly reachable.";
     };
 
+    custom.networking.overlay = {
+      networkCidr = "10.254.250.0/24";
+      domain = "splitleaf.de";
+      interface = "nebula";
+      systemdUnit = "nebula@mesh.service";
+    };
+
     sops.secrets."nebula/host-key" = lib.mkIf (cfg.privateKeyPath == null) {
       owner = config.users.users.nebula-mesh.name;
       restartUnits = [ "nebula@mesh.service" ];

scripts/install-anywhere.nix

@@ -1,5 +1,7 @@
 { pkgs, ... }:
-{
+pkgs.writeShellApplication {
+  name = "install-anywhere";
+
   runtimeInputs = [
     pkgs.sops
     pkgs.ssh-to-age

scripts/nebula/recert-all-hosts.nix

@@ -1,5 +1,7 @@
 { self', pkgs, ... }:
-{
+pkgs.writeShellApplication {
+  name = "nebula-recert-all-hosts";
+
   runtimeInputs = [
     pkgs.bitwarden-cli
     pkgs.jq

scripts/nebula/recert-host.nix

@@ -1,5 +1,7 @@
 { pkgs, ... }:
-{
+pkgs.writeShellApplication {
+  name = "nebula-recert-host";
+
   runtimeInputs = [
     pkgs.nebula
     pkgs.bitwarden-cli