]> Git — Sourcephile - julm/julm-nix.git/blob - flake.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
use/op(okular): cups currently broken with GTK
[julm/julm-nix.git] / flake.nix
1 {
2 description = "julm's Nix configurations for hosts (NixOS) and homes (home-manager)";
3 /*
4 nixConfig = {
5 extra-substituters = [
6 "https://nix-community.cachix.org"
7 ];
8 extra-trusted-public-keys = [
9 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
10 ];
11 };
12 */
13
14 nixConfig = {
15 allow-import-from-derivation = true;
16 };
17
18 inputs = {
19 /*
20 doom-emacs.flake = false;
21 doom-emacs.url = "github:hlissner/doom-emacs";
22 */
23 jj-fugitive = {
24 url = "github:martintrojer/jj-fugitive";
25 flake = false;
26 };
27 sivansh11-jj-nvim = {
28 url = "github:sivansh11/jj";
29 flake = false;
30 };
31 bufstack = {
32 url = "github:BibekBhusal0/bufstack.nvim";
33 flake = false;
34 };
35 jj-diffconflicts = {
36 url = "github:rafikdraoui/jj-diffconflicts";
37 flake = false;
38 };
39 NicolasGB-jj-nvim = {
40 url = "github:NicolasGB/jj.nvim";
41 #url = "git+file:///home/julm/src/lua/jj.nvim";
42 flake = false;
43 };
44 git-hooks.inputs.nixpkgs.follows = "nixpkgs";
45 git-hooks.url = "github:cachix/git-hooks.nix";
46 home-manager.inputs.nixpkgs.follows = "nixpkgs";
47 home-manager.url = "github:nix-community/home-manager/release-25.11";
48 #home-manager.url = "git+file:///home/julm/src/nix/home-manager";
49 nixos-hardware.url = "github:NixOS/nixos-hardware/master";
50 #nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
51 nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
52 nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
53 nixpkgs-unstable-latest.url = "github:NixOS/nixpkgs/cad22e7d996aea55ecab064e84834289143e44a0";
54 lanzaboote = {
55 url = "github:nix-community/lanzaboote/v1.0.0";
56 inputs.nixpkgs.follows = "nixpkgs";
57 inputs.pre-commit.follows = "git-hooks";
58 };
59 };
60
61 outputs =
62 inputs:
63 let
64 remoteNixpkgsPatches = import nixpkgs/patches.nix;
65 localNixpkgsPatches = [
66 nixpkgs/patches/openvpn/openvpn-netns.patch
67 nixpkgs/patches/openvpn/0001-nixos-netns-init-module-to-manage-network-namespaces.patch
68 ];
69 originPkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
70 nixpkgsPath = originPkgs.applyPatches {
71 name = "nixpkgs-patched";
72 src = inputs.nixpkgs.outPath;
73 patches = map originPkgs.fetchpatch remoteNixpkgsPatches ++ localNixpkgsPatches;
74 postPatch = ''
75 patch=$(printf '%s\n' ${
76 builtins.concatStringsSep " " (map (p: p.sha256) remoteNixpkgsPatches ++ localNixpkgsPatches)
77 } |
78 sort | sha256sum | cut -c -7)
79 echo "-patch-$patch" >.version-suffix
80 '';
81 };
82 profile = "/nix/var/nix/profiles/system";
83 inherit (inputs.nixpkgs) lib;
84 overlays = _system: import nixpkgs/overlays.nix;
85 #nixosSystem = lib.nixosSystem;
86 nixosSystem = import (nixpkgsPath + "/nixos/lib/eval-config.nix");
87 forAllSystems =
88 f:
89 lib.genAttrs lib.systems.flakeExposed (
90 system:
91 f rec {
92 inherit system;
93 #pkgs = inputs.nixpkgs.legacyPackages.${system};
94 pkgs = import nixpkgsPath {
95 inherit system;
96 overlays = overlays system;
97 };
98 }
99 );
100 self =
101 with lib.fileset;
102 toSource {
103 root = ./.;
104 fileset =
105 let
106 exts = [
107 "clear"
108 "conf"
109 "cred"
110 "crt"
111 "css"
112 "el"
113 "hs"
114 "inc"
115 "json"
116 "lua"
117 "nft"
118 "nix"
119 "patch"
120 "pem"
121 "pub"
122 "sh"
123 "theme"
124 "toml"
125 "vim"
126 ];
127 in
128 unions [
129 (fileFilter (file: lib.any file.hasExt exts) ./domains)
130 (fileFilter (file: lib.any file.hasExt exts) ./home-manager)
131 (fileFilter (file: lib.any file.hasExt exts) ./homes)
132 (fileFilter (file: lib.any file.hasExt exts) ./hosts)
133 (fileFilter (file: lib.any file.hasExt exts) ./nixos)
134 (fileFilter (file: lib.any file.hasExt exts) ./nixpkgs)
135 (fileFilter (file: lib.any file.hasExt exts) ./users)
136 ./shell.nix
137 ];
138 };
139 in
140 rec {
141 # nix -L build .#hello
142 packages = forAllSystems ({ pkgs, ... }: pkgs);
143
144 # nix -L build .#nixosConfigurations.oignon.config.system.build.toplevel
145 # nix -L build .#nixosConfigurations.oignon.config.boot.kernelPackages.kernel.configfile
146 # nix -L build .#nixosConfigurations.oignon.pkgs.hello
147 # nix eval --raw .#nixosConfigurations.oignon.config.networking.nftables.ruleset
148 nixosConfigurations =
149 lib.genAttrs
150 (builtins.attrNames (
151 lib.filterAttrs (_n: v: v == "directory") (builtins.readDir (self + "/hosts"))
152 ))
153 (
154 hostName:
155 nixosSystem {
156 system = null;
157 specialArgs = {
158 # Required to avoid infinite recursion
159 # when `inputs` is used in `imports`.
160 inherit inputs;
161 };
162 modules = [
163 nixos/default.nix
164 (import (self + "/hosts/${hostName}.nix"))
165 inputs.lanzaboote.nixosModules.lanzaboote
166 inputs.home-manager.nixosModules.home-manager
167 (
168 { config, ... }:
169 let
170 inherit (config.nixpkgs.hostPlatform) system;
171 pkgs-unstable = import inputs.nixpkgs-unstable.outPath {
172 inherit system;
173 overlays = overlays system;
174 };
175 pkgs-unstable-latest = import inputs.nixpkgs-unstable-latest.outPath {
176 inherit system;
177 overlays = overlays system;
178 };
179 in
180 {
181 _module.args = {
182 inherit hostName pkgs-unstable pkgs-unstable-latest;
183 hosts = nixosConfigurations;
184 host = nixosConfigurations.${hostName}._module.args;
185 };
186 nixpkgs = {
187 overlays = overlays config.nixpkgs.hostPlatform.system;
188 config.permittedInsecurePackages = [
189 # Still needed for chatty
190 # See https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802%3E
191 # and https://gitlab.gnome.org/World/Chatty/-/issues/932
192 "olm-3.2.16"
193 ];
194 config.allowUnfreePredicate =
195 pkg:
196 builtins.elem (lib.getName pkg) [
197 "anydesk"
198 "canon-cups-ufr2"
199 "cudatoolkit"
200 "geogebra"
201 "hplip"
202 "memtest86-efi"
203 "nvidia-settings"
204 "nvidia-x11"
205 ];
206 };
207 home-manager = {
208 useGlobalPkgs = true;
209 useUserPackages = true;
210 verbose = true;
211 #force = true;
212 backupFileExtension = "old";
213 extraSpecialArgs = {
214 inherit
215 inputs
216 hostName
217 pkgs-unstable
218 pkgs-unstable-latest
219 ;
220 };
221 };
222 }
223 )
224 ];
225 }
226 );
227
228 # nix -L develop or direnv allow
229 devShells = forAllSystems (
230 { pkgs, system, ... }:
231 {
232 default = pkgs.callPackage (self + "/shell.nix") {
233 inherit
234 pkgs
235 inputs
236 system
237 nixpkgsPath
238 ;
239 inherit (checks.${system}.git-hooks-check) shellHook;
240 };
241 }
242 );
243
244 # nix -L run .#oignon.switch
245 apps = forAllSystems (
246 { pkgs, system, ... }:
247 with builtins;
248 mapAttrs (
249 hostName:
250 { config, ... }:
251 let
252 inherit (config.system) build;
253 scriptApp = scriptName: ps: script: {
254 type = "app";
255 program =
256 (pkgs.writeShellScript "${hostName}-${scriptName}" ''
257 export PATH="${lib.makeBinPath ([ pkgs.coreutils ] ++ ps)}:$PATH"
258 set -eux
259 ${script}
260 '').outPath;
261 };
262 in
263 {
264 # Example: nix run .#aubergine.switch
265 "switch" = scriptApp "switch" [ ] ''
266 shopt -s globstar
267
268 chmod -R g-rwx,o-rwx **/*.gpg
269 trap 'git reset **/*.gpg' EXIT
270 git rm -rf --cached --ignore-unmatch **/*.gpg # prevent copying to /nix/store
271
272 nix-store --add-root hosts/${hostName}.nixpkgs --indirect --realise ${nixpkgsPath}
273 nix-store --add-root hosts/${hostName}.root --indirect --realise ${build.toplevel}
274
275 nix copy --to "ssh://${config.install.target}?''${targetStore-}"${lib.optionalString config.install.substituteOnDestination " --substitute-on-destination"} ${build.toplevel}
276
277 if ssh ${config.install.target} set -x ';' \
278 systemctl reset-failed nixos-fallback '2>/dev/null' ';' \
279 test "''${NO_NIXOS_FALLBACK:+set}" '||' \
280 systemd-run -u nixos-fallback --description=nixos-fallback /bin/sh -xc '''\'''
281 PATH=${
282 with pkgs;
283 lib.makeBinPath [
284 coreutils
285 nix
286 systemd
287 ]
288 }
289 sleep $((10 * 60))
290 ${profile}/bin/switch-to-configuration switch
291 systemctl reboot
292 '\'''' '&&' \
293 ${build.toplevel}/bin/switch-to-configuration test
294 then
295 ssh ${config.install.target} -o ControlPath=none set -x ';' \
296 systemctl stop nixos-fallback.service ';' \
297 nix-env --profile ${profile} --set '${build.toplevel}' ';' \
298 ${build.toplevel}/bin/switch-to-configuration boot '&&' \
299 nix-env --delete-generations 7d --profile ${profile}
300 else
301 tput rev
302 echo WARNING: switch-to-configuration was not registered at boot
303 tput sgr0
304 ssh ${config.install.target} -o ControlPath=none set -x ';' \
305 systemctl stop nixos-fallback.service
306 false
307 fi
308 '';
309 }
310 ) nixosConfigurations
311 );
312
313 # nix flake check
314 checks = forAllSystems (
315 args: with args; {
316 git-hooks-check = inputs.git-hooks.lib.${system}.run {
317 src = self;
318 hooks = {
319 nixfmt-rfc-style.enable = true;
320 };
321 };
322 }
323 );
324 };
325 }
julm's NixOS and home-manager configs