# Playbook: Add a Host Toggle

- Name: Add or adjust host toggles
- Purpose: Enable categories, services, or features per host in `hosts/<name>/toggles.nix`.
- Prerequisites: Identify host role (see Hosts and Roles), secureHost setting, and whether proxies/containers are required.
- Inputs: Toggle category (apps/dev/scripts/services/servers/units), users list, proxy/container flags, mainServer override, network interface names.
- Steps:
  1. Open `hosts/<name>/toggles.nix` and adjust category maps using helper patterns (`enableList` with `mkEnabled`, `mkEnabledWithUsers`, or `mkEnabledIp`).
  2. Set feature flags such as `enableProxy`, `enableContainers`, and `mainServer` when the host should own proxied services.
  3. Add service toggles under `servers` with proxy/ip data as needed; align IPs to `my.ips` (e.g., `mkEnabledIp` for remote hosts).
  4. Ensure `interfaces` entries exist for network-facing services and match `my.interfaces` defaults unless intentionally overridden.
  5. Reconcile toggle changes with secrets and secureHost: avoid enabling secret-backed services on hosts with `secureHost = false`.
- Validation:
  - Toggle sets align with host capabilities and `my.secureHost`.
  - Proxy- or container-dependent services have `enableProxy`/`enableContainers` enabled.
  - IP/interface values match `docs/reference/index.md` entries.
- Outputs: Updated host toggle file reflecting new enablement and infrastructure flags.
- References: `docs/constitution.md` (Hosts and toggles, Main server and proxies), `docs/reference/index.md` (Hosts and Roles, Proxy rules, Network maps)