Merge pull request #255 from ryan4yin/feat/tailscale-home-host-migration

Move Tailscale role and host Home Manager config layout

home/README.md

@@ -26,6 +26,9 @@ home/
 │   │   └── ...
 │   ├── editors/       # Linux-specific editors
 │   └── ...
+├── hosts/             # Host-specific home manager entry modules
+│   ├── linux/         # Linux host home modules (ai, shoukei, k3s-*, etc.)
+│   └── darwin/        # macOS host home modules (fern, frieren)
 └── darwin/            # macOS-specific home manager configurations
     ├── aerospace/     # macOS window manager
     ├── proxy/         # Proxy configurations
@@ -46,3 +49,8 @@ home/
 3. **darwin**: macOS-specific configuration
    - macOS applications and services
    - Platform-specific integrations (Aerospace, Squirrel, etc.)
+
+4. **hosts**: Host entry modules for Home Manager
+   - Each output should reference only one host home module file
+   - Host modules are responsible for importing shared stacks (`home/linux/*` or `home/darwin`) and
+     applying host overrides

home/hosts/README.md

@@ -0,0 +1,17 @@
+# Host Home Modules
+
+This directory contains host-specific Home Manager entry modules.
+
+## Layout
+
+- `home/hosts/linux/*.nix`: Linux host home modules
+- `home/hosts/darwin/*.nix`: macOS host home modules
+
+## Conventions
+
+1. Each host output should reference only one file under `home/hosts/...`.
+2. Shared home module imports should be handled in the host file itself.
+   - Linux hosts usually import `../../linux/core.nix` or `../../linux/gui.nix`.
+   - Darwin hosts import `../../darwin`.
+3. Host-specific overrides (SSH keys, desktop toggles, host-local config links) live in the same
+   host file.

home/hosts/darwin/darwin-fern.nix

@@ -3,6 +3,8 @@ let
   hostName = "fern";
 in
 {
+  imports = [ ../../darwin ];
+
   programs.ssh.matchBlocks."github.com".identityFile =
     "${config.home.homeDirectory}/.ssh/${hostName}";
 }

home/hosts/darwin/darwin-frieren.nix

@@ -3,6 +3,8 @@ let
   hostName = "frieren";
 in
 {
+  imports = [ ../../darwin ];
+
   programs.ssh.matchBlocks."github.com".identityFile =
     "${config.home.homeDirectory}/.ssh/${hostName}";
 }

home/hosts/linux/12kingdoms-shoukei.nix

@@ -4,9 +4,13 @@ let
   mkSymlink = config.lib.file.mkOutOfStoreSymlink;
 in
 {
+  imports = [ ../../linux/gui.nix ];
+
   programs.ssh.matchBlocks."github.com".identityFile =
     "${config.home.homeDirectory}/.ssh/${hostName}";
 
+  modules.desktop.gaming.enable = false;
+  modules.desktop.niri.enable = true;
   modules.desktop.nvidia.enable = false;
 
   xdg.configFile."niri/niri-hardware.kdl".source =

home/hosts/linux/idols-ai.nix

@@ -3,8 +3,12 @@ let
   mkSymlink = config.lib.file.mkOutOfStoreSymlink;
 in
 {
+  imports = [ ../../linux/gui.nix ];
+
   programs.ssh.matchBlocks."github.com".identityFile = "${config.home.homeDirectory}/.ssh/idols-ai";
 
+  modules.desktop.gaming.enable = true;
+  modules.desktop.niri.enable = true;
   modules.desktop.nvidia.enable = true;
 
   xdg.configFile."niri/niri-hardware.kdl".source =

home/hosts/linux/idols-kana.nix

@@ -0,0 +1,3 @@
+{
+  imports = [ ./idols-aquamarine.nix ];
+}

home/hosts/linux/idols-ruby.nix

@@ -0,0 +1,3 @@
+{
+  imports = [ ./idols-aquamarine.nix ];
+}

home/hosts/linux/k3s-prod-1-master-1.nix

@@ -0,0 +1,3 @@
+{
+  imports = [ ../../linux/core.nix ];
+}

home/hosts/linux/k3s-test-1-master-1.nix

@@ -0,0 +1,3 @@
+{
+  imports = [ ../../linux/core.nix ];
+}

hosts/README.md

@@ -79,7 +79,8 @@ configurations follow similar patterns but are customized for specific hardware
    1. Create a new folder under `hosts/` with the name of the new host.
    2. Create & add the new host's `hardware-configuration.nix` to the new folder, and add the new
       host's `configuration.nix` to `hosts/<name>/default.nix`.
-   3. If the new host need to use home-manager, add its custom config into `hosts/<name>/home.nix`.
+   3. If the new host need to use home-manager, add its custom config into
+      `home/hosts/linux/<name>.nix` or `home/hosts/darwin/<name>.nix`.
 1. Under `outputs/`
    1. Add a new nix file named `outputs/<system-architecture>/src/<name>.nix`.
    2. Copy the content from one of the existing similar host, and modify it to fit the new host.

hosts/idols-aquamarine/vpn.nix

@@ -1,28 +0,0 @@
-{
-  # tailscale do not support running multiple clients on the same host,
-  # so we use netbird for homelab instead.
-  #
-  # services.tailscale = {
-  #   enable = true;
-  #   port = 41641;
-  #   interfaceName = "tailscale0";
-  #   # allow the Tailscale UDP port through the firewall
-  #   openFirewall = true;
-  #
-  #   useRoutingFeatures = "server";
-  #   extraSetFlags = [
-  #     # access home network via tailscale
-  #     "--advertise-routes=192.168.5.0/24"
-  #     "--accept-routes=false"
-  #   ];
-  # };
-
-  services.netbird.useRoutingFeatures = "server";
-  services.netbird.clients.homelab = {
-    port = 51820;
-    name = "homelab";
-    interface = "netbird-homelab";
-    hardened = true;
-    autoStart = true;
-  };
-}

hosts/idols-kana/home.nix

@@ -1,3 +0,0 @@
-{
-  imports = [ ../idols-ruby/home.nix ];
-}

hosts/k8s/kubevirt-youko/vpn.nix

@@ -0,0 +1,19 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = [ pkgs.tailscale ];
+
+  services.tailscale = {
+    enable = true;
+    port = 41641;
+    interfaceName = "tailscale0";
+    # allow the Tailscale UDP port through the firewall
+    openFirewall = true;
+
+    useRoutingFeatures = "server";
+    extraSetFlags = [
+      # advertise homelab subnet via tailscale
+      "--advertise-routes=192.168.5.0/24"
+      "--accept-routes=false"
+    ];
+  };
+}

modules/darwin/apps.nix

@@ -168,7 +168,7 @@ in
       "joplin" # note taking app
 
       "tailscale-app" # tailscale macos app (with gui)
-      "netbirdio/tap/netbird-ui" # netbird gui app
+      # "netbirdio/tap/netbird-ui" # netbird gui app
 
       # AI
       "lm-studio"

modules/nixos/desktop/networking/netbird.nix

@@ -27,12 +27,12 @@
 #
 # =============================================================
 {
-  services.netbird.useRoutingFeatures = "client";
+  # services.netbird.useRoutingFeatures = "client";
-  services.netbird.clients.homelab = {
+  # services.netbird.clients.homelab = {
-    port = 51820;
+  #   port = 51820;
-    name = "homelab";
+  #   name = "homelab";
-    interface = "netbird-homelab";
+  #   interface = "netbird-homelab";
-    hardened = true;
+  #   hardened = true;
-    autoStart = true;
+  #   autoStart = true;
-  };
+  # };
 }

outputs/aarch64-darwin/src/fern.nix

@@ -29,8 +29,7 @@ let
       ];
 
     home-modules = map mylib.relativeToRoot [
-      "hosts/darwin-${name}/home.nix"
+      "home/hosts/darwin/darwin-${name}.nix"
-      "home/darwin"
     ];
   };
 

outputs/aarch64-darwin/src/frieren.nix

@@ -28,8 +28,7 @@ let
         }
       ];
     home-modules = map mylib.relativeToRoot [
-      "hosts/darwin-${name}/home.nix"
+      "home/hosts/darwin/darwin-${name}.nix"
-      "home/darwin"
     ];
   };
 

outputs/aarch64-linux/src/12kingdoms-shoukei.nix

@@ -36,19 +36,9 @@ let
           modules.desktop.gaming.enable = false;
         }
       ];
-    home-modules =
+    home-modules = map mylib.relativeToRoot [
-      (map mylib.relativeToRoot [
+      "home/hosts/linux/12kingdoms-${name}.nix"
-        # common
+    ];
-        "home/linux/gui.nix"
-        # host specific
-        "hosts/12kingdoms-${name}/home.nix"
-      ])
-      ++ [
-        {
-          # not supported yet
-          modules.desktop.gaming.enable = false;
-        }
-      ];
   };
 
   modules-niri = {
@@ -56,10 +46,7 @@ let
       { programs.niri.enable = true; }
     ]
     ++ base-modules.nixos-modules;
-    home-modules = [
+    home-modules = base-modules.home-modules;
-      { modules.desktop.niri.enable = true; }
-    ]
-    ++ base-modules.home-modules;
   };
 in
 {

outputs/x86_64-linux/src/idols-ai.nix

@@ -36,18 +36,9 @@ let
           modules.desktop.gaming.enable = true;
         }
       ];
-    home-modules =
+    home-modules = map mylib.relativeToRoot [
-      (map mylib.relativeToRoot [
+      "home/hosts/linux/idols-${name}.nix"
-        # common
+    ];
-        "home/linux/gui.nix"
-        # host specific
-        "hosts/idols-${name}/home.nix"
-      ])
-      ++ [
-        {
-          modules.desktop.gaming.enable = true;
-        }
-      ];
   };
 
   modules-niri = {
@@ -55,10 +46,7 @@ let
       { programs.niri.enable = true; }
     ]
     ++ base-modules.nixos-modules;
-    home-modules = [
+    home-modules = base-modules.home-modules;
-      { modules.desktop.niri.enable = true; }
-    ]
-    ++ base-modules.home-modules;
   };
 in
 {

outputs/x86_64-linux/src/idols-aquamarine.nix

@@ -36,7 +36,7 @@ let
         { modules.secrets.server.storage.enable = true; }
       ];
     home-modules = map mylib.relativeToRoot [
-      "home/linux/tui.nix"
+      "home/hosts/linux/idols-${name}.nix"
     ];
   };
 

outputs/x86_64-linux/src/idols-kana.nix

@@ -33,7 +33,7 @@ let
       ];
     home-modules = map mylib.relativeToRoot [
       # host specific
-      "hosts/idols-${name}/home.nix"
+      "home/hosts/linux/idols-${name}.nix"
     ];
   };
 

outputs/x86_64-linux/src/idols-ruby.nix

@@ -33,7 +33,7 @@ let
       ];
     home-modules = map mylib.relativeToRoot [
       # host specific
-      "hosts/idols-${name}/home.nix"
+      "home/hosts/linux/idols-${name}.nix"
     ];
   };
 

outputs/x86_64-linux/src/k3s-prod-1-master-1.nix

@@ -29,7 +29,7 @@ let
         { modules.secrets.server.kubernetes.enable = true; }
       ];
     home-modules = map mylib.relativeToRoot [
-      "home/linux/core.nix"
+      "home/hosts/linux/${name}.nix"
     ];
   };
 

outputs/x86_64-linux/src/k3s-test-1-master-1.nix

@@ -29,7 +29,7 @@ let
         { modules.secrets.server.kubernetes.enable = true; }
       ];
     home-modules = map mylib.relativeToRoot [
-      "home/linux/core.nix"
+      "home/hosts/linux/${name}.nix"
     ];
   };