]> Git — Sourcephile - julm/julm-nix.git/blob - flake.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
maint/update(azaharPlus): use lastest
[julm/julm-nix.git] / flake.nix
1 {
2 description = "julm's Nix configurations for hosts (NixOS) and homes (home-manager)";
3 /*
4 nixConfig = {
5 extra-substituters = [
6 "https://nix-community.cachix.org"
7 ];
8 extra-trusted-public-keys = [
9 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
10 ];
11 };
12 */
13
14 nixConfig = {
15 allow-import-from-derivation = true;
16 };
17
18 inputs = {
19 azaharPlus = {
20 url = "github:AzaharPlus/AzaharPlus?submodules=1";
21 flake = false;
22 };
23 /*
24 doom-emacs.flake = false;
25 doom-emacs.url = "github:hlissner/doom-emacs";
26 */
27 jj-fugitive = {
28 url = "github:martintrojer/jj-fugitive";
29 flake = false;
30 };
31 sivansh11-jj-nvim = {
32 url = "github:sivansh11/jj";
33 flake = false;
34 };
35 bufstack = {
36 url = "github:BibekBhusal0/bufstack.nvim";
37 flake = false;
38 };
39 jj-diffconflicts = {
40 url = "github:rafikdraoui/jj-diffconflicts";
41 flake = false;
42 };
43 NicolasGB-jj-nvim = {
44 url = "github:NicolasGB/jj.nvim";
45 #url = "git+file:///home/julm/src/lua/jj.nvim";
46 flake = false;
47 };
48 git-hooks.inputs.nixpkgs.follows = "nixpkgs";
49 git-hooks.url = "github:cachix/git-hooks.nix";
50 home-manager.inputs.nixpkgs.follows = "nixpkgs";
51 home-manager.url = "github:nix-community/home-manager/release-25.11";
52 #home-manager.url = "git+file:///home/julm/src/nix/home-manager";
53 nixos-hardware.url = "github:NixOS/nixos-hardware/master";
54 #nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
55 nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
56 nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
57 nixpkgs-unstable-latest.url = "github:NixOS/nixpkgs/cad22e7d996aea55ecab064e84834289143e44a0";
58 lanzaboote = {
59 url = "github:nix-community/lanzaboote/v1.0.0";
60 inputs.nixpkgs.follows = "nixpkgs";
61 inputs.pre-commit.follows = "git-hooks";
62 };
63 };
64
65 outputs =
66 inputs:
67 let
68 remoteNixpkgsPatches = import nixpkgs/patches.nix;
69 localNixpkgsPatches = [
70 nixpkgs/patches/openvpn/openvpn-netns.patch
71 nixpkgs/patches/openvpn/0001-nixos-netns-init-module-to-manage-network-namespaces.patch
72 ];
73 originPkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
74 nixpkgsPath = originPkgs.applyPatches {
75 name = "nixpkgs-patched";
76 src = inputs.nixpkgs.outPath;
77 patches = map originPkgs.fetchpatch remoteNixpkgsPatches ++ localNixpkgsPatches;
78 postPatch = ''
79 patch=$(printf '%s\n' ${
80 builtins.concatStringsSep " " (map (p: p.sha256) remoteNixpkgsPatches ++ localNixpkgsPatches)
81 } |
82 sort | sha256sum | cut -c -7)
83 echo "-patch-$patch" >.version-suffix
84 '';
85 };
86 profile = "/nix/var/nix/profiles/system";
87 inherit (inputs.nixpkgs) lib;
88 overlays = import nixpkgs/overlays.nix;
89 #nixosSystem = lib.nixosSystem;
90 nixosSystem = import (nixpkgsPath + "/nixos/lib/eval-config.nix");
91 forAllSystems =
92 f:
93 lib.genAttrs lib.systems.flakeExposed (
94 system:
95 f rec {
96 inherit system;
97 #pkgs = inputs.nixpkgs.legacyPackages.${system};
98 pkgs = import nixpkgsPath {
99 inherit system;
100 overlays = overlays { inherit inputs system; };
101 };
102 }
103 );
104 self =
105 with lib.fileset;
106 toSource {
107 root = ./.;
108 fileset =
109 let
110 exts = [
111 "clear"
112 "conf"
113 "cred"
114 "crt"
115 "css"
116 "el"
117 "hs"
118 "inc"
119 "json"
120 "lua"
121 "nft"
122 "nix"
123 "patch"
124 "pem"
125 "pub"
126 "sh"
127 "theme"
128 "toml"
129 "vim"
130 ];
131 in
132 unions [
133 (fileFilter (file: lib.any file.hasExt exts) ./domains)
134 (fileFilter (file: lib.any file.hasExt exts) ./home-manager)
135 (fileFilter (file: lib.any file.hasExt exts) ./homes)
136 (fileFilter (file: lib.any file.hasExt exts) ./hosts)
137 (fileFilter (file: lib.any file.hasExt exts) ./nixos)
138 (fileFilter (file: lib.any file.hasExt exts) ./nixpkgs)
139 (fileFilter (file: lib.any file.hasExt exts) ./users)
140 ./shell.nix
141 ];
142 };
143 in
144 rec {
145 # nix -L build .#hello
146 packages = forAllSystems ({ pkgs, ... }: pkgs);
147
148 # nix -L build .#nixosConfigurations.oignon.config.system.build.toplevel
149 # nix -L build .#nixosConfigurations.oignon.config.boot.kernelPackages.kernel.configfile
150 # nix -L build .#nixosConfigurations.oignon.pkgs.hello
151 # nix eval --raw .#nixosConfigurations.oignon.config.networking.nftables.ruleset
152 nixosConfigurations =
153 lib.genAttrs
154 (builtins.attrNames (
155 lib.filterAttrs (_n: v: v == "directory") (builtins.readDir (self + "/hosts"))
156 ))
157 (
158 hostName:
159 nixosSystem {
160 system = null;
161 specialArgs = {
162 # Required to avoid infinite recursion
163 # when `inputs` is used in `imports`.
164 inherit inputs;
165 };
166 modules = [
167 nixos/default.nix
168 (import (self + "/hosts/${hostName}.nix"))
169 inputs.lanzaboote.nixosModules.lanzaboote
170 inputs.home-manager.nixosModules.home-manager
171 (
172 { config, ... }:
173 let
174 inherit (config.nixpkgs.hostPlatform) system;
175 pkgs-unstable = import inputs.nixpkgs-unstable.outPath {
176 inherit system;
177 overlays = overlays { inherit inputs system; };
178 };
179 pkgs-unstable-latest = import inputs.nixpkgs-unstable-latest.outPath {
180 inherit system;
181 overlays = overlays { inherit inputs system; };
182 };
183 in
184 {
185 _module.args = {
186 inherit hostName pkgs-unstable pkgs-unstable-latest;
187 hosts = nixosConfigurations;
188 host = nixosConfigurations.${hostName}._module.args;
189 };
190 nixpkgs = {
191 overlays = overlays {
192 inherit inputs;
193 inherit (config.nixpkgs.hostPlatform) system;
194 };
195 config.permittedInsecurePackages = [
196 # Still needed for chatty
197 # See https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802%3E
198 # and https://gitlab.gnome.org/World/Chatty/-/issues/932
199 "olm-3.2.16"
200 ];
201 config.allowUnfreePredicate =
202 pkg:
203 builtins.elem (lib.getName pkg) [
204 "anydesk"
205 "canon-cups-ufr2"
206 "cudatoolkit"
207 "geogebra"
208 "hplip"
209 "memtest86-efi"
210 "nvidia-settings"
211 "nvidia-x11"
212 ];
213 };
214 home-manager = {
215 useGlobalPkgs = true;
216 useUserPackages = true;
217 verbose = true;
218 #force = true;
219 backupFileExtension = "old";
220 extraSpecialArgs = {
221 inherit
222 inputs
223 hostName
224 pkgs-unstable
225 pkgs-unstable-latest
226 ;
227 };
228 };
229 }
230 )
231 ];
232 }
233 );
234
235 # nix -L develop or direnv allow
236 devShells = forAllSystems (
237 { pkgs, system, ... }:
238 {
239 default = pkgs.callPackage (self + "/shell.nix") {
240 inherit
241 pkgs
242 inputs
243 system
244 nixpkgsPath
245 ;
246 inherit (checks.${system}.git-hooks-check) shellHook;
247 };
248 }
249 );
250
251 # nix -L run .#oignon.switch
252 apps = forAllSystems (
253 { pkgs, system, ... }:
254 with builtins;
255 mapAttrs (
256 hostName:
257 { config, ... }:
258 let
259 inherit (config.system) build;
260 scriptApp = scriptName: ps: script: {
261 type = "app";
262 program =
263 (pkgs.writeShellScript "${hostName}-${scriptName}" ''
264 export PATH="${lib.makeBinPath ([ pkgs.coreutils ] ++ ps)}:$PATH"
265 set -eux
266 ${script}
267 '').outPath;
268 };
269 in
270 {
271 # Example: nix run .#aubergine.switch
272 "switch" = scriptApp "switch" [ ] ''
273 shopt -s globstar
274
275 chmod -R g-rwx,o-rwx **/*.gpg
276 trap 'git reset **/*.gpg' EXIT
277 git rm -rf --cached --ignore-unmatch **/*.gpg # prevent copying to /nix/store
278
279 nix-store --add-root hosts/${hostName}.nixpkgs --indirect --realise ${nixpkgsPath}
280 nix-store --add-root hosts/${hostName}.root --indirect --realise ${build.toplevel}
281
282 nix copy --to "ssh://${config.install.target}?''${targetStore-}"${lib.optionalString config.install.substituteOnDestination " --substitute-on-destination"} ${build.toplevel}
283
284 if ssh ${config.install.target} set -x ';' \
285 systemctl reset-failed nixos-fallback '2>/dev/null' ';' \
286 test "''${NO_NIXOS_FALLBACK:+set}" '||' \
287 systemd-run -u nixos-fallback --description=nixos-fallback /bin/sh -xc '''\'''
288 PATH=${
289 with pkgs;
290 lib.makeBinPath [
291 coreutils
292 nix
293 systemd
294 ]
295 }
296 sleep $((10 * 60))
297 ${profile}/bin/switch-to-configuration switch
298 systemctl reboot
299 '\'''' '&&' \
300 ${build.toplevel}/bin/switch-to-configuration test
301 then
302 ssh ${config.install.target} -o ControlPath=none set -x ';' \
303 systemctl stop nixos-fallback.service ';' \
304 nix-env --profile ${profile} --set '${build.toplevel}' ';' \
305 ${build.toplevel}/bin/switch-to-configuration boot '&&' \
306 nix-env --delete-generations 7d --profile ${profile}
307 else
308 tput rev
309 echo WARNING: switch-to-configuration was not registered at boot
310 tput sgr0
311 ssh ${config.install.target} -o ControlPath=none set -x ';' \
312 systemctl stop nixos-fallback.service
313 false
314 fi
315 '';
316 }
317 ) nixosConfigurations
318 );
319
320 # nix flake check
321 checks = forAllSystems (
322 args: with args; {
323 git-hooks-check = inputs.git-hooks.lib.${system}.run {
324 src = self;
325 hooks = {
326 nixfmt-rfc-style.enable = true;
327 };
328 };
329 }
330 );
331 };
332 }
julm's NixOS and home-manager configs