]> Git — Sourcephile - julm/julm-nix.git/blob - flake.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
maint/remove(vim-ghcid-quickfix): prefer HLS
[julm/julm-nix.git] / flake.nix
1 {
2 description = "julm's Nix configurations for hosts (NixOS) and homes (home-manager)";
3 /*
4 nixConfig = {
5 extra-substituters = [
6 "https://nix-community.cachix.org"
7 ];
8 extra-trusted-public-keys = [
9 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
10 ];
11 };
12 */
13
14 nixConfig = {
15 # Explanation: required due to the applyPatches on nixpkgs below.
16 allow-import-from-derivation = true;
17 };
18
19 # https://status.nixos.org
20 # nix flake update nixpkgs --override-flake nixpkgs github:NixOS/nixpkgs/2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a --allow-dirty-locks
21 inputs = {
22 azaharPlus = {
23 url = "github:AzaharPlus/AzaharPlus?submodules=1";
24 flake = false;
25 };
26 jjui = {
27 url = "github:idursun/jjui";
28 flake = false;
29 };
30 /*
31 doom-emacs.flake = false;
32 doom-emacs.url = "github:hlissner/doom-emacs";
33 */
34 jj-fugitive = {
35 url = "github:martintrojer/jj-fugitive";
36 flake = false;
37 };
38 sivansh11-jj-nvim = {
39 url = "github:sivansh11/jj";
40 flake = false;
41 };
42 bufstack = {
43 url = "github:BibekBhusal0/bufstack.nvim";
44 flake = false;
45 };
46 jj-diffconflicts = {
47 url = "github:rafikdraoui/jj-diffconflicts";
48 flake = false;
49 };
50 NicolasGB-jj-nvim = {
51 url = "github:NicolasGB/jj.nvim";
52 #url = "git+file:///home/julm/src/lua/jj.nvim";
53 flake = false;
54 };
55 git-hooks.inputs.nixpkgs.follows = "nixpkgs";
56 git-hooks.url = "github:cachix/git-hooks.nix";
57 home-manager.inputs.nixpkgs.follows = "nixpkgs";
58 home-manager.url = "github:nix-community/home-manager/release-25.11";
59 #home-manager.url = "git+file:///home/julm/src/nix/home-manager";
60 nixos-hardware.url = "github:NixOS/nixos-hardware/master";
61 #nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
62 nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
63 nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
64 nixpkgs-unstable-latest.url = "github:NixOS/nixpkgs/cad22e7d996aea55ecab064e84834289143e44a0";
65 lanzaboote = {
66 url = "github:nix-community/lanzaboote/v1.0.0";
67 inputs.nixpkgs.follows = "nixpkgs";
68 inputs.pre-commit.follows = "git-hooks";
69 };
70 };
71
72 outputs =
73 inputs:
74 let
75 remoteNixpkgsPatches = import nixpkgs/patches.nix;
76 localNixpkgsPatches = [
77 nixpkgs/patches/openvpn/openvpn-netns.patch
78 nixpkgs/patches/openvpn/0001-nixos-netns-init-module-to-manage-network-namespaces.patch
79 ];
80 originPkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
81 nixpkgsPath = originPkgs.applyPatches {
82 name = "nixpkgs-patched";
83 src = inputs.nixpkgs.outPath;
84 patches = map originPkgs.fetchpatch remoteNixpkgsPatches ++ localNixpkgsPatches;
85 postPatch = ''
86 patch=$(printf '%s\n' ${
87 builtins.concatStringsSep " " (map (p: p.sha256) remoteNixpkgsPatches ++ localNixpkgsPatches)
88 } |
89 sort | sha256sum | cut -c -7)
90 echo "-patch-$patch" >.version-suffix
91 '';
92 };
93 profile = "/nix/var/nix/profiles/system";
94 inherit (inputs.nixpkgs) lib;
95 overlays = import nixpkgs/overlays.nix;
96 #nixosSystem = lib.nixosSystem;
97 nixosSystem = import (nixpkgsPath + "/nixos/lib/eval-config.nix");
98 forAllSystems =
99 f:
100 lib.genAttrs lib.systems.flakeExposed (
101 system:
102 f rec {
103 inherit system;
104 #pkgs = inputs.nixpkgs.legacyPackages.${system};
105 pkgs = import nixpkgsPath {
106 inherit system;
107 overlays = overlays { inherit inputs system; };
108 };
109 }
110 );
111 self =
112 with lib.fileset;
113 toSource {
114 root = ./.;
115 fileset =
116 let
117 exts = [
118 "clear"
119 "conf"
120 "cred"
121 "crt"
122 "css"
123 "el"
124 "hs"
125 "inc"
126 "json"
127 "lua"
128 "nft"
129 "nix"
130 "patch"
131 "pem"
132 "pub"
133 "sh"
134 "theme"
135 "toml"
136 "vim"
137 ];
138 in
139 unions [
140 (fileFilter (file: lib.any file.hasExt exts) ./domains)
141 (fileFilter (file: lib.any file.hasExt exts) ./home-manager)
142 (fileFilter (file: lib.any file.hasExt exts) ./homes)
143 (fileFilter (file: lib.any file.hasExt exts) ./hosts)
144 (fileFilter (file: lib.any file.hasExt exts) ./nixos)
145 (fileFilter (file: lib.any file.hasExt exts) ./nixpkgs)
146 (fileFilter (file: lib.any file.hasExt exts) ./users)
147 ./shell.nix
148 ];
149 };
150 in
151 rec {
152 # nix -L build .#hello
153 packages = forAllSystems ({ pkgs, ... }: pkgs);
154
155 # nix -L build .#nixosConfigurations.oignon.config.system.build.toplevel
156 # nix -L build .#nixosConfigurations.oignon.config.boot.kernelPackages.kernel.configfile
157 # nix -L build .#nixosConfigurations.oignon.pkgs.hello
158 # nix eval --raw .#nixosConfigurations.oignon.config.networking.nftables.ruleset
159 nixosConfigurations =
160 lib.genAttrs
161 (builtins.attrNames (
162 lib.filterAttrs (_n: v: v == "directory") (builtins.readDir (self + "/hosts"))
163 ))
164 (
165 hostName:
166 nixosSystem {
167 system = null;
168 specialArgs = {
169 # Required to avoid infinite recursion
170 # when `inputs` is used in `imports`.
171 inherit inputs;
172 };
173 modules = [
174 nixos/default.nix
175 (import (self + "/hosts/${hostName}.nix"))
176 inputs.lanzaboote.nixosModules.lanzaboote
177 inputs.home-manager.nixosModules.home-manager
178 (
179 { config, ... }:
180 let
181 inherit (config.nixpkgs.hostPlatform) system;
182 pkgs-unstable = import inputs.nixpkgs-unstable.outPath {
183 inherit system;
184 overlays = overlays { inherit inputs system; };
185 };
186 pkgs-unstable-latest = import inputs.nixpkgs-unstable-latest.outPath {
187 inherit system;
188 overlays = overlays { inherit inputs system; };
189 };
190 in
191 {
192 _module.args = {
193 inherit hostName pkgs-unstable pkgs-unstable-latest;
194 hosts = nixosConfigurations;
195 host = nixosConfigurations.${hostName}._module.args;
196 };
197 nixpkgs = {
198 overlays = overlays {
199 inherit inputs;
200 inherit (config.nixpkgs.hostPlatform) system;
201 };
202 config.permittedInsecurePackages = [
203 # Still needed for chatty
204 # See https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802%3E
205 # and https://gitlab.gnome.org/World/Chatty/-/issues/932
206 "olm-3.2.16"
207 ];
208 config.allowUnfreePredicate =
209 pkg:
210 builtins.elem (lib.getName pkg) [
211 "anydesk"
212 "canon-cups-ufr2"
213 "cudatoolkit"
214 "geogebra"
215 "hplip"
216 "memtest86-efi"
217 "nvidia-settings"
218 "nvidia-x11"
219 ];
220 };
221 home-manager = {
222 useGlobalPkgs = true;
223 useUserPackages = true;
224 verbose = true;
225 #force = true;
226 backupFileExtension = "old";
227 extraSpecialArgs = {
228 inherit
229 inputs
230 hostName
231 pkgs-unstable
232 pkgs-unstable-latest
233 ;
234 };
235 };
236 }
237 )
238 ];
239 }
240 );
241
242 # nix -L develop or direnv allow
243 devShells = forAllSystems (
244 { pkgs, system, ... }:
245 {
246 default = pkgs.callPackage (self + "/shell.nix") {
247 inherit
248 pkgs
249 inputs
250 system
251 nixpkgsPath
252 ;
253 inherit (checks.${system}.git-hooks-check) shellHook;
254 };
255 }
256 );
257
258 # nix -L run .#oignon.switch
259 apps = forAllSystems (
260 { pkgs, system, ... }:
261 with builtins;
262 mapAttrs (
263 hostName:
264 { config, ... }:
265 let
266 inherit (config.system) build;
267 scriptApp = scriptName: ps: script: {
268 type = "app";
269 program =
270 (pkgs.writeShellScript "${hostName}-${scriptName}" ''
271 export PATH="${lib.makeBinPath ([ pkgs.coreutils ] ++ ps)}:$PATH"
272 set -eux
273 ${script}
274 '').outPath;
275 };
276 in
277 {
278 # Example: nix run .#aubergine.switch
279 "switch" = scriptApp "switch" [ ] ''
280 shopt -s globstar
281
282 chmod -R g-rwx,o-rwx **/*.gpg
283 trap 'git reset **/*.gpg' EXIT
284 git rm -rf --cached --ignore-unmatch **/*.gpg # prevent copying to /nix/store
285
286 nix-store --add-root hosts/${hostName}.nixpkgs --indirect --realise ${nixpkgsPath}
287 nix-store --add-root hosts/${hostName}.root --indirect --realise ${build.toplevel}
288
289 nix copy --to "ssh://${config.install.target}?''${targetStore-}"${lib.optionalString config.install.substituteOnDestination " --substitute-on-destination"} ${build.toplevel}
290
291 if ssh ${config.install.target} set -x ';' \
292 systemctl reset-failed nixos-fallback '2>/dev/null' ';' \
293 test "''${NO_NIXOS_FALLBACK:+set}" '||' \
294 systemd-run -u nixos-fallback --description=nixos-fallback /bin/sh -xc '''\'''
295 PATH=${
296 with pkgs;
297 lib.makeBinPath [
298 coreutils
299 nix
300 systemd
301 ]
302 }
303 sleep $((10 * 60))
304 ${profile}/bin/switch-to-configuration switch
305 systemctl reboot
306 '\'''' '&&' \
307 ${build.toplevel}/bin/switch-to-configuration test
308 then
309 ssh ${config.install.target} -o ControlPath=none set -x ';' \
310 systemctl stop nixos-fallback.service ';' \
311 nix-env --profile ${profile} --set '${build.toplevel}' ';' \
312 ${build.toplevel}/bin/switch-to-configuration boot '&&' \
313 nix-env --delete-generations 7d --profile ${profile}
314 else
315 tput rev
316 echo WARNING: switch-to-configuration was not registered at boot
317 tput sgr0
318 ssh ${config.install.target} -o ControlPath=none set -x ';' \
319 systemctl stop nixos-fallback.service
320 false
321 fi
322 '';
323 }
324 ) nixosConfigurations
325 );
326
327 # nix flake check
328 checks = forAllSystems (
329 args: with args; {
330 git-hooks-check = inputs.git-hooks.lib.${system}.run {
331 src = self;
332 hooks = {
333 nixfmt-rfc-style.enable = true;
334 };
335 };
336 }
337 );
338 };
339 }
julm's NixOS and home-manager configs