Convert to flake-parts & easy-hosts. Users broke

convert to using flake-parts and easy-hosts for the flake system. This
allows me to remove my poor file-system based code and replace it with
the code done in easy-hosts. Which also has good knock-on effects.

This change factors users out of hosts, which is probably a good change
since users aren't a nixos-module, but aren't completely untangled
either.

I'm going to leave users broken for a minute as I decide exactly how I
want to handle them.

.gitignore

@@ -0,0 +1 @@
+result

flake.nix

@@ -1,94 +1,79 @@
 {
-  inputs = {
+  outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } {
-    nixpkgs.url = "nixpkgs/nixos-unstable";
+    imports = with inputs; [
+      easy-hosts.flakeModule
+      # home-manager.flakeModules.home-manager
+    ];
 
-    home-manager.url = "github:nix-community/home-manager";
+    systems = [ "x86-64-linux" ];
+    easy-hosts = {
+      autoConstruct = true;
+      path = ./hosts;
+      easy-hosts.onlySystem = "x86-64-linux";
 
-    lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz";
+      shared = {
+        modules = [
+          inputs.lix-module.nixosModules.default
+          ./nixModules
+        ];
+      };
+    };
 
-    hyprland.url = "git+https://github.com/hyprwm/Hyprland";
+    # flake = {
-    hyprland-contrib.url = "github:hyprwm/contrib";
+    #   homeConfigurations = {};
-
+    #   homeModules = { my-modules = ./hmModules; };
-    niri.url = "github:sodiboo/niri-flake";
+    # };
-
-    sops-nix.url = "github:Mic92/sops-nix";
-    ags.url = "github:Aylur/ags";
-    aagl.url = "github:ezKEa/aagl-gtk-on-nix";
   };
 
-  outputs = { self, home-manager, nixpkgs, lix-module, ... }@inputs: let
+  inputs = {
-    system = "x86_64-linux";
+    # Save data with this url. Source:
-    pkgs = nixpkgs.legacyPackages.${system};
+    # at://did:plc:mojgntlezho4qt7uvcfkdndg/app.bsky.feed.post/3loogwsoqok2w
-    fs = pkgs.lib.fileset;
+    # cid: bafyreidhuuxs3cuabneygtxir65hnd7hvy4hwj5rwrylpwmp7jhxciasve
-    st = pkgs.lib.strings;
+    nixpkgs.url = "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz";
-    as = pkgs.lib.attrsets;
 
-    hosts = let 
+    home-manager = {
-      hostFilter = { name, ...}: name == "host.nix";
+      type = "github";
-      hostPaths = fs.toList (fs.fileFilter hostFilter ./hosts);
+      owner = "nix-community";
-      # Assumes dir structure is start_of_path/hosts/hostname/host.nix
+      repo = "home-manager";
-      extractHostName = path: builtins.unsafeDiscardStringContext (
+      inputs.nixpkgs.follows = "nixpkgs";
-        st.removeSuffix "/host.nix" (
-          builtins.elemAt (st.splitString "/hosts/" path) 1
-        )
-      );
-    in builtins.listToAttrs (map (path: {
-      value = path;
-      name = extractHostName path;
-    }) hostPaths);
-
-    users = let
-      userFilter = { name, ...}: name == "user.nix";
-      userPaths = fs.toList (fs.fileFilter userFilter ./hosts);
-    in builtins.listToAttrs (map (path: let
-        dirsAndFiles = st.splitString "/" path;
-        dAFLength = builtins.length dirsAndFiles;
-        # Assumes dir structure is start_of_path/hosts/hostname/users/username/user.nix
-        hostname = builtins.unsafeDiscardStringContext (
-          builtins.elemAt dirsAndFiles (dAFLength - 4));
-        username = builtins.unsafeDiscardStringContext (
-          builtins.elemAt dirsAndFiles (dAFLength - 2));
-      in {
-        name = username + "@" + hostname;
-        value = path;
-      }
-    ) userPaths);
-
-    userConfig = usernameAtHostname: userpath: home-manager.lib.homeManagerConfiguration {
-      inherit pkgs;
-      extraSpecialArgs = { 
-        inherit inputs; 
-        inherit usernameAtHostname;
-      };
-      modules = [
-        ./hmModules
-        userpath
-      ];
     };
 
-    hostConfig = hostname: hostpath: nixpkgs.lib.nixosSystem {
+    flake-parts = {
-      specialArgs = let
+      type = "github";
-        hostFilteredUsers = as.filterAttrs (
+      owner = "hercules-ci";
-          name: value: let
+      repo = "flake-parts";
-            userHostname = builtins.elemAt (st.splitString "@" name) 1;
+      inputs.nixpkgs-lib.follows = "nixpkgs";
-          in userHostname == hostname
+    };
-        ) users;
+
-
+    easy-hosts = {
-        hostUsers = as.mapAttrsToList (
+      type = "github";
-          name: value: builtins.elemAt (st.splitString "@" name) 0
+      owner = "tgirlcloud";
-        ) hostFilteredUsers;
+      repo = "easy-hosts";
-      in {
+    };
-        inherit inputs;
+
-        inherit hostname;
+    lix = {
-        "usernameList" = hostUsers;
+      url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz";
-      };
+      flake = false;
-      modules = [
+    };
-        ./nixosModules
+
-        hostpath
+    lix-module = {
-      ];
+      url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.lix.follows = "lix";
+    };
+
+    niri = {
+      type = "github";
+      owner = "sodiboo";
+      repo = "niri-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    sops-nix = {
+      type = "github";
+      owner = "Mic92";
+      repo = "sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
     };
-  in {
-    nixosConfigurations = builtins.mapAttrs (name: path: hostConfig name path) hosts;
-    homeConfigurations = builtins.mapAttrs (name: path: userConfig name path) users;
   };
 }

hosts/juri/default.nix

@@ -17,12 +17,14 @@ in {
       forgejoPassword = {
         owner = "forgejo";
       };
+      caddyApi = {};
     };
   };
 
   caddy = {
     enable = true;
     adminEmail = email;
+    environmentFile = config.sops.secrets.caddyApi.path;
     vhosts = {
       "juri.woach.me" = {
         extraConfig = ''
@@ -39,6 +41,12 @@ in {
         extraConfig = ''
           reverse_proxy :${builtins.toString config.headscale.server.port}
         '';
+        serverAliases = [ "*.dns.ginko.woach.me" ];
+      };
+      "juri.${config.services.headscale.settings.dns.base_domain}" = {
+        extraConfig = ''
+          reverse_proxy :${builtins.toString config.fava.port}
+        '';
       };
     };
   };

hosts/juri/secrets.yaml

@@ -1,10 +1,7 @@
 pdsEnv: ENC[AES256_GCM,data:W1kKvcntrBOSgo7gLxwO8A9ZkWjkRWfUDZUMy5YNvhzqYS5xBPGL4QEcknWtQaVfaZklnO/+Gr5JEq/qgU2nIEY3xazfjYl4MNkZBhuwI20RwZB9voVubzHbPwjLtZbNTXRMa7BzO6a3ieSudKWAMP0dumG3/+wHtTYOM6lxUBfpw51+lNikc7kLqI+lzys0jC37ajP0/cm/U644BD0ozSSF289CLtXSkLt8sgHvA1ci8M+wEEq4aJ0JTVs98m0E7Udaride4tjLelESx3hPdoVzBIEa,iv:sQiYE//UGGA2qPfbM9//FcKEued6t8ORiKW8kfzLtz0=,tag:Fj+CzBgL8MH/6FLnUadIPQ==,type:str]
 forgejoPassword: ENC[AES256_GCM,data:cQJJbf07v4HngeSYE2TwTcAx8WY=,iv:533TO2MfJVop93U4T7yIIiu6i4swDtduFuu79ZzFYFU=,tag:Pz5u/NqOSTKz2zFNzNLY5w==,type:str]
+caddyApi: ENC[AES256_GCM,data:mWb/pMr1cxbz6K2ZQkV3AF93/GtIPZyYrJfDDbisK3GhMlWOVZNWDzw7cC/e+1w5aSxeGmOAE13eETVpV9q8W2Bjg8IADn/4j8Su90LxAr+U77pVoF0gUvv1CagEXM8myx+GgaAG80xIeSUNUMOMsgUhJTBoaMrVpHDEPREsa9XyRzEB4X3uQnKx4tUNcUqGSUu5wvMfXDF7rNzJhkVEfE6i,iv:h5QLei1PcZUc4djaqbId9VFv8Rr2dTa7CNowxZVlRUA=,tag:nBfyFVU/fBboswcVsGKL4A==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1ey3wr2wnkgny3dfgvnyrf0cptwzr7s5x464p2y9ya58lpay8lfrsds3y68
           enc: |
@@ -33,8 +30,7 @@ sops:
             N3NhMHp3V1ppclQvWTIxNkM5RjhRV0EKl8goB9tCl0BGi4jN7Fzuh0Ajm146x2Hu
             vesj+ENu2E9II3OeYuBndD+Y4x2zugIpzNOPg1V8zkarJOf7R/sXEw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-24T19:31:53Z"
+    lastmodified: "2025-09-17T01:49:06Z"
-    mac: ENC[AES256_GCM,data:5FVSw5wMXRl4qZQmD4yS7g/9qztaveDiU7mgifiOhOBqQrtvv5I/V7rkb5nKew+N3vKmg4vpWBL4kFxsQvWekAPT+ToNED4XhB5H5wZ/RyXga0CU0PMKWtGdEKdyjs4cIZjfScclW0ONgaSkv6XtCLj1V+ukPY3WBI3/2jnf6dA=,iv:7p1qEG1+E7SNLv64/aqjm1ppF4jQ/5h+Z5iHzd8sGDA=,tag:hG59vDcqha1MQf+kN1jguw==,type:str]
+    mac: ENC[AES256_GCM,data:THEyH3KP9VVFiP7NAPn693dolWIWByb3wSjwC9QLSTe3cgdJbFqa5GvVzFa6xM1ue/GYStMwYIZt0+3LP5Wz5B2KWNy2ljvgFXjzlDHxSOzkWi3/yP9fnuRyf0vujW2Q0ltkXMleyKSisZCD87FjuUz1J9LBYQP64e0mhyB5jL4=,iv:WUDt4AusjrQVhDFk/XSohBlmxjp6Dp6EoMe08yQ0RYg=,tag:LC2j1Bvgo7h29O9mmgIFCw==,type:str]
-    pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.10.2

nixosModules/services/caddy/service.nix

@@ -5,14 +5,28 @@
     enable = lib.mkEnableOption "Enables caddy webserver";
     vhosts = lib.mkOption {};
     adminEmail = lib.mkOption { type = lib.types.str; };
+    environmentFile = lib.mkOption {};
   };
 
   config = lib.mkIf config.caddy.enable {
     networking.firewall.allowedTCPPorts = [ 80 443 ];
     services.caddy = {
       enable = true;
+      globalConfig = ''
+        acme_dns porkbun {
+          api_key {$APIKEY}
+          api_secret_key {$APISECRETKEY}
+        }
+      '';
+      package = pkgs.caddy.withPlugins {
+        plugins = [ "github.com/caddy-dns/porkbun@v0.3.1" ];
+        hash = "sha256-g/Nmi4X/qlqqjY/zoG90iyP5Y5fse6Akr8exG5Spf08=";
+      };
       virtualHosts = config.caddy.vhosts;
       email = config.caddy.adminEmail;
     };
+    systemd.services.caddy.serviceConfig.EnvironmentFile = [ 
+      config.caddy.environmentFile 
+    ];
   };
 }

nixosModules/services/headscale/service.nix

@@ -17,7 +17,7 @@
       settings = {
         server_url = "https://${config.headscale.server.domain}";
         dns = {
-          base_domain = "connect.claris";
+          base_domain = "dns.${config.headscale.server.domain}";
           override_local_dns = false;
         };
       };