refactor: optimize flake.nix and modularize networking config

Cleaner deploy.nodes generation, improved devShell experience, and centralized host IP definitions.

flake.nix

@@ -13,52 +13,81 @@
       url = "github:gytis-ivaskevicius/flake-utils-plus";
       inputs.flake-utils.follows = "flake-utils";
     };
+    deploy-rs = {
+      url = "github:serokell/deploy-rs";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = inputs@{
     self, nixpkgs,
-    flake-utils, sops-nix, utils,
+    flake-utils, sops-nix, utils, deploy-rs,
     ...
   }:
   let
-    system = utils.lib.system.x86_64-linux;
+    system = "x86_64-linux";
+    lib = nixpkgs.lib;
   in
-  utils.lib.mkFlake {
-    inherit self inputs;
+    utils.lib.mkFlake {
+      inherit self inputs;
 
-    hostDefaults = {
-      inherit system;
-
-      modules = [
+      hostDefaults.modules = [
         ./modules
         ./users
-
         sops-nix.nixosModules.sops
+        ({ self, ... }: {
+          sops.defaultSopsFile = "${self}/secrets/secrets.yaml";
+          sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+        })
       ];
+
+      hosts = {
+        # Infrastructure
+        Niko.modules        = [ ./hosts/Niko        ];
+        Ingress.modules     = [ ./hosts/Ingress     ];
+        Gitea.modules       = [ ./hosts/Gitea       ];
+        Vaultwarden.modules = [ ./hosts/Vaultwarden ];
+
+        # Production
+        Binnenpost.modules    = [ ./hosts/Binnenpost    ];
+        Production.modules    = [ ./hosts/Production    ];
+        ProductionGPU.modules = [ ./hosts/ProductionGPU ];
+        ProductionArr.modules = [ ./hosts/ProductionArr ];
+        ACE.modules           = [ ./hosts/ACE           ];
+
+        # Lab
+        Template.modules    = [ ./hosts/Template    ];
+        Development.modules = [ ./hosts/Development ];
+        Testing.modules     = [ ./hosts/Testing     ];
+      };
+
+      deploy.nodes = let
+        pkg = deploy-rs.lib.${system};
+        isDeployable = nixos: (nixos.config.homelab.users.deploy.enable or false) && (nixos.config.homelab.networking.hostIp != null);
+      in
+      builtins.mapAttrs (_: nixos: {
+        hostname = nixos.config.homelab.networking.hostIp;
+        sshUser  = "deploy";
+        user     = "root";
+        profiles.system.path = pkg.activate.nixos nixos;
+        profiles.test.path   = pkg.activate.custom nixos.config.system.build.toplevel ''
+          $PROFILE/bin/switch-to-configuration test
+        '';
+      }) (lib.filterAttrs (_: isDeployable) self.nixosConfigurations);
+
+      checks = builtins.mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib;
+
+      outputsBuilder = channels: {
+        formatter = channels.nixpkgs.alejandra;
+        devShells.default = channels.nixpkgs.mkShell {
+          name = "homelab-dev";
+          buildInputs = [
+            deploy-rs.packages.${system}.deploy-rs
+            channels.nixpkgs.sops
+            channels.nixpkgs.age
+          ];
+          shellHook = "echo '🛡️ Homelab Development Shell Loaded'";
+        };
+      };
     };
-
-    hosts = {
-      # Physical hosts
-      Niko.modules          = [ ./hosts/Niko          ];
-
-      # Virtual machines
-
-      # Single-service
-      Ingress.modules       = [ ./hosts/Ingress       ];
-      Gitea.modules         = [ ./hosts/Gitea         ];
-      Vaultwarden.modules   = [ ./hosts/Vaultwarden   ];
-
-      # Production multi-service
-      Binnenpost.modules    = [ ./hosts/Binnenpost    ];
-      Production.modules    = [ ./hosts/Production    ];
-      ProductionGPU.modules = [ ./hosts/ProductionGPU ];
-      ProductionArr.modules = [ ./hosts/ProductionArr ];
-      ACE.modules           = [ ./hosts/ACE           ];
-
-      # Others
-      Template.modules      = [ ./hosts/Template      ];
-      Development.modules   = [ ./hosts/Development   ];
-      Testing.modules       = [ ./hosts/Testing       ];
-    };
-  };
 }