# dunkirk.sh

Kieran's opinionated NixOS infrastructure — declarative server config, self-hosted services, and automated deployments.

## Layout

```
~/dots
├── .github/workflows  # CI/CD (deploy-rs + per-service reusable workflow)
├── dots               # config files symlinked by home-manager
│   └── wallpapers
├── machines
│   ├── atalanta       # macOS M4 (nix-darwin)
│   ├── ember          # dell r210 server (basement)
│   ├── moonlark       # framework 13 (dead)
│   ├── nest           # shared tilde server (home-manager only)
│   ├── prattle        # oracle cloud x86_64
│   ├── tacyon         # rpi 5
│   └── terebithia     # oracle cloud aarch64 (main server)
├── modules
│   ├── lib
│   │   └── mkService.nix  # service factory (see Deployment section)
│   ├── home           # home-manager modules
│   │   ├── aesthetics # theming and wallpapers
│   │   ├── apps       # app configs (ghostty, helix, git, ssh, etc.)
│   │   ├── system     # shell, environment
│   │   └── wm/hyprland
│   └── nixos          # nixos modules
│       ├── apps       # system-level app configs
│       ├── services   # self-hosted services (mkService-based + custom)
│       │   ├── restic # backup system with CLI
│       │   └── bore   # tunnel proxy
│       └── system     # pam, wifi
├── packages           # custom nix packages
└── secrets            # agenix-encrypted secrets
```

## Machines

| Name | Platform | Role |
|------|----------|------|
| **terebithia** | Oracle Cloud aarch64 | Main server — runs all services |
| **prattle** | Oracle Cloud x86_64 | Secondary server |
| **atalanta** | macOS M4 | Development laptop (nix-darwin) |
| **ember** | Dell R210 | Basement server |
| **tacyon** | Raspberry Pi 5 | Edge device |
| **nest** | Shared tilde | Home-manager only |