Infrastructure is a Tree
Your infrastructure lives in nest.* Everything outside nest.{trait,rules} is part of the DOM tree.
Nodes with is = [trait...] are configurable Entities. Everything else is a tree, a grouping container whose scalar attributes flow down to child nodes.
graph TD
R["nest"]
P["prod\n(tree)\nsystem: x86_64-linux\nenv: prod"]
W1["web-1\n(node)\ntrait: host\naddr: 10.0.0.1"]
W2["web-2\n(node)\ntrait: host\naddr: 10.0.0.2"]
R --> P
P --> W1
P --> W2
Attribute inheritance
Section titled “Attribute inheritance”Attributes defined on a namespace flow to all nodes beneath it:
nest.prod.system = "x86_64-linux";nest.prod.env = "prod";
nest.prod.web-1 = { is = [ nest.host ]; addr = "10.0.0.1"; };nest.prod.web-2 = { is = [ nest.host ]; addr = "10.0.0.2"; };Both hosts inherit system and env. Change the attrs for all prod hosts by editing one line.
Marking nodes with traits
Section titled “Marking nodes with traits”Mark nodes with is = [...] to classify them. Rules match by trait and apply config.
nest.prod.web-1 = { is = [ nest.host nest.web ]; # host AND web server};A node can have many traits.
Traits compose: web.needs = [nest.server] means any web
node automatically gains all server traits.
monitoring.neededBy = [ nest.web ] All nodes with web trait gain monitoring.
Registry pattern
Section titled “Registry pattern”Some nodes exist purely as data, they carry no output class and never appear in outputs. They’re useful as registries for rules to query.
nest.ssh-registry.alice = { publicKeys = [ "ssh-ed25519 AAAA…" ];};Rules can find these via select "ssh-registry [publicKeys]", then synthesize them as aggregated data on nodes that need them.