-
-
Notifications
You must be signed in to change notification settings - Fork 40
Expand file tree
/
Copy pathflake.nix
More file actions
295 lines (282 loc) · 9.36 KB
/
flake.nix
File metadata and controls
295 lines (282 loc) · 9.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
{
description = "EmergentMind's Nix-Config";
outputs =
{
self,
nixpkgs,
flake-parts,
introdus,
nix-secrets,
...
}@inputs:
let
inherit (self) outputs;
inherit (nixpkgs) lib;
namespace = "emergentmind"; # namespace for our custom modules. Snowfall lib style
introdusLib = introdus.lib.mkIntrodusLib {
inherit (nixpkgs) lib;
secrets = nix-secrets;
};
customLib = nixpkgs.lib.extend (
self: super: {
custom =
introdusLib
# NOTE: This overrides introdusLib entries with local changes via
# '//' in case I want to test something
// (import ./lib {
inherit (nixpkgs) lib;
});
}
);
secrets = nix-secrets.mkSecrets nixpkgs customLib;
mkHost = host: isDarwin: {
${host} =
let
func = if isDarwin then inputs.nix-darwin.lib.darwinSystem else lib.nixosSystem;
systemFunc = func;
# Propagate lib.custom into hm
# see: https://github.com/nix-community/home-manager/pull/3454
in
systemFunc {
specialArgs = rec {
inherit
inputs
outputs
namespace
secrets
;
lib = customLib;
inherit isDarwin;
};
modules = [
./hosts/${if isDarwin then "darwin" else "nixos"}/${host}
];
};
};
# FIXME: Move this
# Bare minimum configuration for a host for faster initial install testing
mkMinimalHost = host: {
"${host}Minimal" = lib.nixosSystem {
# FIXME: This will break when we add aarch64, so set it via in hostSpec maybe?
system = "x86_64-linux";
# FIXME:This should merge with the above specialArgs
specialArgs = {
inherit
inputs
outputs
namespace
secrets
;
lib = customLib;
isDarwin = false;
};
modules = lib.flatten (
[
# FIXME: See if we can lift this from elsewhere now that we aren't standalone
{
nixpkgs.overlays = [
(final: prev: {
unstable = import inputs.nixpkgs-unstable {
inherit (final.stdenv.hostPlatform) system;
config.allowUnfree = true;
};
})
introdus.overlays.default
];
}
inputs.home-manager.nixosModules.home-manager
]
++
# FIXME: If this moves to introdus, the hosts path need to become relative to the caller
# not introdus
(map customLib.custom.relativeToRoot [
# Minimal modules for quick setup
"modules/hosts/common/host-spec.nix"
"modules/hosts/nixos/disks.nix"
"hosts/nixos/${host}/host-spec.nix"
"hosts/nixos/${host}/disks.nix"
"hosts/common/optional/minimal-configuration.nix"
])
++ lib.optional (lib.pathExists ./hosts/nixos/${host}/facter.json) [
inputs.nixos-facter-modules.nixosModules.facter
{
config.facter.reportPath = customLib.custom.relativeToRoot "hosts/nixos/${host}/facter.json";
}
]
);
};
};
mkHostConfigs =
hosts: isDarwin:
lib.foldl (acc: set: acc // set) { } (
(lib.map (host: mkHost host isDarwin) hosts)
++ (lib.map (host: mkMinimalHost host) (lib.filter (h: h != "iso") hosts))
);
readHosts = folder: lib.attrNames (lib.readDir ./hosts/${folder});
in
flake-parts.lib.mkFlake { inherit inputs; } {
flake = {
# Custom modifications/overrides to upstream packages
overlays = import ./overlays {
inherit inputs lib secrets;
};
# Build host configs
nixosConfigurations = mkHostConfigs (readHosts "nixos") false;
# darwinConfigurations = mkHostConfigs (readHosts "darwin") true;
};
systems = [
"x86_64-linux"
];
perSystem =
{ system, ... }:
let
pkgs = import nixpkgs {
inherit system;
overlays = [
introdus.overlays.default
self.overlays.default
];
};
formatter = inputs.introdus.formatter.${system};
in
rec {
# Expose custom packages
_module.args.pkgs = pkgs;
packages = lib.packagesFromDirectoryRecursive {
callPackage = lib.callPackageWith pkgs;
directory = ./pkgs;
};
# FIXME: There might be a better way to auto-integrate the introdus formatter
checks = import ./checks {
inherit
inputs
pkgs
system
lib
formatter
;
};
# Nix formatter available through 'nix fmt' https://github.com/NixOS/nixfmt
inherit formatter;
# Custom shell for bootstrapping, nix-config dev, and secrets management
devShells = import ./shell.nix {
inherit
checks
inputs
system
pkgs
lib
;
};
};
};
inputs = {
#
# ========= Official NixOS, Darwin, and HM Package Sources =========
#
nixpkgs.url = "github:NixOS/nixpkgs/nixos-26.05";
# The next two are for pinning to stable vs unstable regardless of what the above is set to
# This is particularly useful when an upcoming stable release is in beta because you can effectively
# keep 'nixpkgs-stable' set to stable for critical packages while setting 'nixpkgs' to the beta branch to
# get a jump start on deprecation changes.
# See also 'stable-packages' and 'unstable-packages' overlays at 'overlays/default.nix"
# nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-26.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:nixos/nixos-hardware";
# Modern nixos-hardware alternative
nixos-facter-modules.url = "github:nix-community/nixos-facter-modules";
home-manager = {
url = "github:nix-community/home-manager/release-26.05";
inputs.nixpkgs.follows = "nixpkgs";
};
#
# ========= Utilities =========
#
# Utility wrappers
wrappers = {
url = "github:BirdeeHub/nix-wrapper-modules";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
# Declarative partitioning and formatting
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence = {
url = "github:nix-community/impermanence";
};
# Secrets management. See ./docs/secretsmgmt.md
sops-nix = {
url = "github:mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
# Declarative vms using libvirt
nixvirt = {
url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
# Pre-commit
pre-commit-hooks = {
url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
# Firefox
firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs.nixpkgs.follows = "nixpkgs";
};
firefox2nix = {
url = "git+https://git.sr.ht/~rycee/mozilla-addons-to-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
# desktop shell
noctalia = {
#FIXME: pinned to 4.7.7 until 5.x becomes more stable (still alpha as 26.06.09)
url = "github:noctalia-dev/noctalia?ref=v4.7.7";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
#
# ========= Ricing =========
#
stylix = {
url = "github:danth/stylix/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
silentSDDM = {
url = "github:uiriansan/SilentSDDM";
#inputs.nixpkgs.follows = "nixpkgs-unstable";
inputs.nixpkgs.follows = "nixpkgs";
};
#
# ========= Personal Repositories =========
#
# this is a separate input for dev hosts that don't have a local copy of introdus
introdus-git = {
url = "git+ssh://git@codeberg.org/fidgetingbits/introdus?ref=ta";
};
introdus = {
# url = "git+ssh://git@codeberg.org/fidgetingbits/introdus?shallow=1&ref=ta";
url = "path:///home/ta/src/nix/introdus/ta";
};
# Private secrets repo. See ./docs/secretsmgmt.md
# Authenticate via ssh and use shallow clone
nix-secrets = {
url = "git+ssh://git@gitlab.com/emergentmind/nix-secrets.git?ref=main&shallow=1";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-assets = {
url = "git+ssh://git@codeberg.org/emergentmind/nix-assets";
};
emergentvim = {
# url = "git+ssh://git@codeberg.org/emergentmind/neovim";
url = "path:///home/ta/src/nix/neovim";
inputs.nixpkgs.follows = "nixpkgs-unstable";
inputs.introdus.follows = "introdus";
inputs.flake-parts.follows = "flake-parts";
};
};
}