From d92342ab4c9a5312b288416b38de64b26ff9caaf Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Sat, 14 Feb 2026 23:47:32 +0100 Subject: [PATCH 1/4] networking/overlay: Move defaults from nebula --- modules/system/networking/overlay.nix | 8 ++++---- modules/system/services/nebula/default.nix | 7 ------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/modules/system/networking/overlay.nix b/modules/system/networking/overlay.nix index 243e558..7894900 100644 --- a/modules/system/networking/overlay.nix +++ b/modules/system/networking/overlay.nix @@ -11,7 +11,7 @@ in options.custom.networking.overlay = { networkCidr = lib.mkOption { type = lib.types.nonEmptyStr; - default = ""; + default = "10.254.250.0/24"; }; networkAddress = lib.mkOption { type = lib.types.nonEmptyStr; @@ -25,7 +25,7 @@ in }; domain = lib.mkOption { type = lib.types.nonEmptyStr; - default = ""; + default = "splitleaf.de"; }; fqdn = lib.mkOption { type = lib.types.nonEmptyStr; @@ -43,11 +43,11 @@ in }; interface = lib.mkOption { type = lib.types.nonEmptyStr; - default = ""; + default = "nebula"; }; systemdUnit = lib.mkOption { type = lib.types.nonEmptyStr; - default = ""; + default = "nebula@mesh.service"; }; isLighthouse = lib.mkEnableOption ""; diff --git a/modules/system/services/nebula/default.nix b/modules/system/services/nebula/default.nix index d34e286..27956ee 100644 --- a/modules/system/services/nebula/default.nix +++ b/modules/system/services/nebula/default.nix @@ -51,13 +51,6 @@ in message = "`${netCfg.hostName}` is a Nebula lighthouse, but `underlay.isPublic` is not set. Lighthouses must be publicly reachable."; }; - custom.networking.overlay = { - networkCidr = "10.254.250.0/24"; - domain = "splitleaf.de"; - interface = "nebula"; - systemdUnit = "nebula@mesh.service"; - }; - sops.secrets."nebula/host-key" = lib.mkIf (cfg.privateKeyPath == null) { owner = config.users.users.nebula-mesh.name; restartUnits = [ "nebula@mesh.service" ]; From a3bae7baec74f6513bb98361b7da93bc55d21dd2 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Sat, 14 Feb 2026 23:53:12 +0100 Subject: [PATCH 2/4] tests: Refactor parts module --- flake-parts/tests.nix | 40 +++++++++++++++++++--------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/flake-parts/tests.nix b/flake-parts/tests.nix index 221d65b..a460fb4 100644 --- a/flake-parts/tests.nix +++ b/flake-parts/tests.nix @@ -2,27 +2,25 @@ { perSystem = { pkgs, lib, ... }: + let + mkTest = dir: rec { + name = "${dir}-test"; + value = pkgs.testers.runNixOSTest ( + { + inherit name; + } + // import "${self}/tests/${dir}" { + inherit + inputs + self + pkgs + lib + ; + } + ); + }; + in { - checks = - "${self}/tests" - |> builtins.readDir - |> lib.attrNames - |> lib.map (name: { - name = "${name}-test"; - value = pkgs.testers.runNixOSTest ( - { - name = "${name}-test"; - } - // import "${self}/tests/${name}" { - inherit - inputs - self - pkgs - lib - ; - } - ); - }) - |> lib.listToAttrs; + checks = "${self}/tests" |> builtins.readDir |> lib.attrNames |> lib.map mkTest |> lib.listToAttrs; }; } From 0ea72891c8f3f259e5e8d4b4f3298c1d270acc9d Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Sat, 14 Feb 2026 23:54:13 +0100 Subject: [PATCH 3/4] scripts: Refactor following tests' example --- flake-parts/scripts.nix | 24 ++++++++++++------------ scripts/install-anywhere.nix | 4 +--- scripts/nebula/recert-all-hosts.nix | 4 +--- scripts/nebula/recert-host.nix | 4 +--- 4 files changed, 15 insertions(+), 21 deletions(-) diff --git a/flake-parts/scripts.nix b/flake-parts/scripts.nix index 7308cc4..37d9ead 100644 --- a/flake-parts/scripts.nix +++ b/flake-parts/scripts.nix @@ -7,19 +7,19 @@ lib, ... }: + let + mkScript = file: rec { + name = + file + |> lib.unsafeDiscardStringContext + |> lib.removePrefix "${self}/scripts/" + |> lib.removeSuffix ".nix" + |> lib.replaceString "/" "-"; + value = pkgs.writeShellApplication ({ inherit name; } // import file { inherit self' pkgs lib; }); + }; + in { packages = - "${self}/scripts" - |> lib.filesystem.listFilesRecursive - |> lib.map (file: { - name = - file - |> lib.unsafeDiscardStringContext - |> lib.removePrefix "${self}/scripts/" - |> lib.removeSuffix ".nix" - |> lib.replaceString "/" "-"; - value = import file { inherit self' pkgs lib; }; - }) - |> lib.listToAttrs; + "${self}/scripts" |> lib.filesystem.listFilesRecursive |> lib.map mkScript |> lib.listToAttrs; }; } diff --git a/scripts/install-anywhere.nix b/scripts/install-anywhere.nix index 17e5c0b..5fbd3b0 100644 --- a/scripts/install-anywhere.nix +++ b/scripts/install-anywhere.nix @@ -1,7 +1,5 @@ { pkgs, ... }: -pkgs.writeShellApplication { - name = "install-anywhere"; - +{ runtimeInputs = [ pkgs.sops pkgs.ssh-to-age diff --git a/scripts/nebula/recert-all-hosts.nix b/scripts/nebula/recert-all-hosts.nix index f7526b6..e70c09b 100644 --- a/scripts/nebula/recert-all-hosts.nix +++ b/scripts/nebula/recert-all-hosts.nix @@ -1,7 +1,5 @@ { self', pkgs, ... }: -pkgs.writeShellApplication { - name = "nebula-recert-all-hosts"; - +{ runtimeInputs = [ pkgs.bitwarden-cli pkgs.jq diff --git a/scripts/nebula/recert-host.nix b/scripts/nebula/recert-host.nix index 1aff425..50cf6f3 100644 --- a/scripts/nebula/recert-host.nix +++ b/scripts/nebula/recert-host.nix @@ -1,7 +1,5 @@ { pkgs, ... }: -pkgs.writeShellApplication { - name = "nebula-recert-host"; - +{ runtimeInputs = [ pkgs.nebula pkgs.bitwarden-cli From 050d607cd3ce6e22e9502db68c1431eea263f073 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Sat, 14 Feb 2026 23:57:00 +0100 Subject: [PATCH 4/4] flake.nix: Avoid path concatenation in imports mapping --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 67951df..e4dad29 100644 --- a/flake.nix +++ b/flake.nix @@ -70,6 +70,6 @@ ./flake-parts |> builtins.readDir |> builtins.attrNames - |> builtins.map (name: ./flake-parts + "/${name}"); + |> builtins.map (name: ./flake-parts/${name}); }; }