fix(#19): readme and docs

2025-03-20 14:03:51 -05:00 · 2025-03-20 14:03:51 -05:00 · 4be2f48d8d
commit 4be2f48d8d
parent 5dae6ea229
2 changed files with 53 additions and 14 deletions
--- a/lib/doc/readme.md
+++ b/lib/doc/readme.md
@ -1,6 +1,6 @@
-# Internal Usage
+# Documentation

-## Secrets?
+## Internal Setup

 If you're deploying anything secrets-related, you will need the proper keys:

@ -9,7 +9,7 @@ $ mkdir -p ${XDG_CONFIG_HOME:-~/.config}/sops/age
 $ pass age-key >> ${XDG_CONFIG_HOME:-~/.config}/sops/age/keys.txt
 ```

-## Update Server
+# Updates

 **NOTE**: I want to establish a solid way to do this without `root@`.

@ -62,7 +62,7 @@ nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \
 ssh "root@$host" nixos-rebuild --rollback switch
 ```

-## Provisioning New NixOS Hosts
+# Provisioning New NixOS Hosts

 ```shell
 nix run --extra-experimental-features 'nix-command flakes' \
@ -103,7 +103,7 @@ nix-shell --packages git \
    --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0='"
 ```

-Then:
+### Post-Installation Setup

 1. Tailscale connection and roles.

@ -129,4 +129,23 @@ $ rsync -r ~/.local/share/password-store $host:~/.local/share/password-store

 # Temporary Firewall Changes

-Source: https://discourse.nixos.org/t/how-to-temporarily-open-a-tcp-port-in-nixos/12306/2
+```shell
+$ nixos-firewall-tool --help
+```
+
+Or if we're performing ad-hoc operations on the router's nftables rules as root:
+
+```shell
+# add a rule
+$ nft add rule ...
+
+# find a rule
+$ nft -a list table $table
+# examples:
+$ nft -a list table nat
+$ nft -a list table filter
+$ nft -a list table ip
+
+# delete a rule
+$ nft delete rule $table $chain handle $handle
+```
--- a/readme.md
+++ b/readme.md
@ -7,17 +7,37 @@ Nix for <code>lytedev</code>

 [![pre-merge status](https://git.lyte.dev/lytedev/nix/badges/workflows/pre-merge.yaml/badge.svg)](https://git.lyte.dev/lytedev/nix/actions?workflow=pre-merge.yaml)

+Desktop - Laptop - Servers - Routers - Packages - Templates
+
 </div>

-My Nix monorepo.
+# Details

- Desktop configurations
- Laptop configurations
- Home server configurations
- Remote server configurations
- Home router configurations
- My packages
- New project templates
+I aim for declaring everything where possible, but I definitely break the rules
+if it's convenient enough and try to write it down when I do so. I also don't
+like repeating myself in configuration. I am mostly focused on being pragmatic
+and getting things done and doing so in a way that makes it easy to keep doing
+so (maintainability), but I also occasionally fall into experimenting with big
+refactors of the code for no real gain.
+
+## Layers
+
+- Common defaults (machines that I might not interact with at all or only
+  rarely, such as backup targets)
+- Machines that I interact with only remotely (`shell` class)
+- Machines that I interact with directly, such as a laptop or my desktop
+  workstation (`desktop` class)
+
+## Notable Links
+
+- [Set of NixOS modules](./lib/modules/nixos/default.nix)
+  - [Home router module](./lib/modules/nixos/router.nix)
+- [Set of Home Manager modules](./lib/modules/home/default.nix)
+- [NixOS hosts](./packages/hosts/default.nix)
+  - [Desktop workstation](./packages/hosts/dragon.nix)
+  - [Primary laptop](./packages/hosts/foxtrot.nix)
+  - [Server](./packages/hosts/beefcake.nix)
+  - [Router](./packages/hosts/router.nix)

 # Docs