]> Git — Sourcephile - julm/julm-nix.git/blob - flake.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
+compat/retro(blackberry): use urxvtc instead of ghostty
[julm/julm-nix.git] / flake.nix
1 {
2 description = "julm's Nix configurations for hosts (NixOS) and homes (home-manager)";
3 /*
4 nixConfig = {
5 extra-substituters = [
6 "https://nix-community.cachix.org"
7 ];
8 extra-trusted-public-keys = [
9 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
10 ];
11 };
12 */
13
14 inputs = {
15 /*
16 doom-emacs.flake = false;
17 doom-emacs.url = "github:hlissner/doom-emacs";
18 */
19 jj-fugitive = {
20 url = "github:martintrojer/jj-fugitive";
21 flake = false;
22 };
23 sivansh11-jj-nvim = {
24 url = "github:sivansh11/jj";
25 flake = false;
26 };
27 bufstack = {
28 url = "github:BibekBhusal0/bufstack.nvim";
29 flake = false;
30 };
31 jj-diffconflicts = {
32 url = "github:rafikdraoui/jj-diffconflicts";
33 flake = false;
34 };
35 NicolasGB-jj-nvim = {
36 url = "github:NicolasGB/jj.nvim";
37 #url = "git+file:///home/julm/src/lua/jj.nvim";
38 flake = false;
39 };
40 git-hooks.inputs.nixpkgs.follows = "nixpkgs";
41 git-hooks.url = "github:cachix/git-hooks.nix";
42 home-manager.inputs.nixpkgs.follows = "nixpkgs";
43 home-manager.url = "github:nix-community/home-manager/release-25.11";
44 #home-manager.url = "git+file:///home/julm/src/nix/home-manager";
45 nixos-hardware.url = "github:NixOS/nixos-hardware/master";
46 #nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
47 nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
48 nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
49 nixpkgs-unstable-latest.url = "github:NixOS/nixpkgs/cad22e7d996aea55ecab064e84834289143e44a0";
50 lanzaboote = {
51 url = "github:nix-community/lanzaboote/v1.0.0";
52 inputs.nixpkgs.follows = "nixpkgs";
53 inputs.pre-commit.follows = "git-hooks";
54 };
55 };
56
57 outputs =
58 inputs:
59 let
60 remoteNixpkgsPatches = import nixpkgs/patches.nix;
61 localNixpkgsPatches = [
62 nixpkgs/patches/openvpn/openvpn-netns.patch
63 nixpkgs/patches/openvpn/0001-nixos-netns-init-module-to-manage-network-namespaces.patch
64 ];
65 originPkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
66 nixpkgsPath = originPkgs.applyPatches {
67 name = "nixpkgs-patched";
68 src = inputs.nixpkgs.outPath;
69 patches = map originPkgs.fetchpatch remoteNixpkgsPatches ++ localNixpkgsPatches;
70 postPatch = ''
71 patch=$(printf '%s\n' ${
72 builtins.concatStringsSep " " (map (p: p.sha256) remoteNixpkgsPatches ++ localNixpkgsPatches)
73 } |
74 sort | sha256sum | cut -c -7)
75 echo "-patch-$patch" >.version-suffix
76 '';
77 };
78 profile = "/nix/var/nix/profiles/system";
79 inherit (inputs.nixpkgs) lib;
80 overlays = _system: import nixpkgs/overlays.nix;
81 #nixosSystem = lib.nixosSystem;
82 nixosSystem = import (nixpkgsPath + "/nixos/lib/eval-config.nix");
83 forAllSystems =
84 f:
85 lib.genAttrs lib.systems.flakeExposed (
86 system:
87 f rec {
88 inherit system;
89 #pkgs = inputs.nixpkgs.legacyPackages.${system};
90 pkgs = import nixpkgsPath {
91 inherit system;
92 overlays = overlays system;
93 };
94 }
95 );
96 self =
97 with lib.fileset;
98 toSource {
99 root = ./.;
100 fileset =
101 let
102 exts = [
103 "clear"
104 "conf"
105 "cred"
106 "crt"
107 "css"
108 "el"
109 "hs"
110 "inc"
111 "json"
112 "lua"
113 "nft"
114 "nix"
115 "patch"
116 "pem"
117 "pub"
118 "sh"
119 "theme"
120 "toml"
121 "vim"
122 ];
123 in
124 unions [
125 (fileFilter (file: lib.any file.hasExt exts) ./domains)
126 (fileFilter (file: lib.any file.hasExt exts) ./home-manager)
127 (fileFilter (file: lib.any file.hasExt exts) ./homes)
128 (fileFilter (file: lib.any file.hasExt exts) ./hosts)
129 (fileFilter (file: lib.any file.hasExt exts) ./nixos)
130 (fileFilter (file: lib.any file.hasExt exts) ./nixpkgs)
131 (fileFilter (file: lib.any file.hasExt exts) ./users)
132 ./shell.nix
133 ];
134 };
135 in
136 rec {
137 # nix -L build .#hello
138 packages = forAllSystems ({ pkgs, ... }: pkgs);
139
140 # nix -L build .#nixosConfigurations.oignon.config.system.build.toplevel
141 # nix -L build .#nixosConfigurations.oignon.config.boot.kernelPackages.kernel.configfile
142 # nix -L build .#nixosConfigurations.oignon.pkgs.hello
143 # nix eval --raw .#nixosConfigurations.oignon.config.networking.nftables.ruleset
144 nixosConfigurations =
145 lib.genAttrs
146 (builtins.attrNames (
147 lib.filterAttrs (_n: v: v == "directory") (builtins.readDir (self + "/hosts"))
148 ))
149 (
150 hostName:
151 nixosSystem {
152 system = null;
153 specialArgs = {
154 # Required to avoid infinite recursion
155 # when `inputs` is used in `imports`.
156 inherit inputs;
157 };
158 modules = [
159 nixos/default.nix
160 (import (self + "/hosts/${hostName}.nix"))
161 inputs.lanzaboote.nixosModules.lanzaboote
162 inputs.home-manager.nixosModules.home-manager
163 (
164 { config, ... }:
165 let
166 inherit (config.nixpkgs.hostPlatform) system;
167 pkgs-unstable = import inputs.nixpkgs-unstable.outPath {
168 inherit system;
169 overlays = overlays system;
170 };
171 pkgs-unstable-latest = import inputs.nixpkgs-unstable-latest.outPath {
172 inherit system;
173 overlays = overlays system;
174 };
175 in
176 {
177 _module.args = {
178 inherit hostName pkgs-unstable pkgs-unstable-latest;
179 hosts = nixosConfigurations;
180 host = nixosConfigurations.${hostName}._module.args;
181 };
182 nixpkgs = {
183 overlays = overlays config.nixpkgs.hostPlatform.system;
184 config.permittedInsecurePackages = [
185 # Still needed for chatty
186 # See https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802%3E
187 # and https://gitlab.gnome.org/World/Chatty/-/issues/932
188 "olm-3.2.16"
189 ];
190 config.allowUnfreePredicate =
191 pkg:
192 builtins.elem (lib.getName pkg) [
193 "anydesk"
194 "canon-cups-ufr2"
195 "cudatoolkit"
196 "geogebra"
197 "hplip"
198 "memtest86-efi"
199 "nvidia-settings"
200 "nvidia-x11"
201 ];
202 };
203 home-manager = {
204 useGlobalPkgs = true;
205 useUserPackages = true;
206 verbose = true;
207 #force = true;
208 backupFileExtension = "old";
209 extraSpecialArgs = {
210 inherit
211 inputs
212 hostName
213 pkgs-unstable
214 pkgs-unstable-latest
215 ;
216 };
217 };
218 }
219 )
220 ];
221 }
222 );
223
224 # nix -L develop or direnv allow
225 devShells = forAllSystems (
226 { pkgs, system, ... }:
227 {
228 default = pkgs.callPackage (self + "/shell.nix") {
229 inherit
230 pkgs
231 inputs
232 system
233 nixpkgsPath
234 ;
235 inherit (checks.${system}.git-hooks-check) shellHook;
236 };
237 }
238 );
239
240 # nix -L run .#oignon.switch
241 apps = forAllSystems (
242 { pkgs, system, ... }:
243 with builtins;
244 mapAttrs (
245 hostName:
246 { config, ... }:
247 let
248 inherit (config.system) build;
249 scriptApp = scriptName: ps: script: {
250 type = "app";
251 program =
252 (pkgs.writeShellScript "${hostName}-${scriptName}" ''
253 export PATH="${lib.makeBinPath ([ pkgs.coreutils ] ++ ps)}:$PATH"
254 set -eux
255 ${script}
256 '').outPath;
257 };
258 in
259 {
260 # Example: nix run .#aubergine.switch
261 "switch" = scriptApp "switch" [ ] ''
262 shopt -s globstar
263
264 chmod -R g-rwx,o-rwx **/*.gpg
265 trap 'git reset **/*.gpg' EXIT
266 git rm -rf --cached --ignore-unmatch **/*.gpg # prevent copying to /nix/store
267
268 nix-store --add-root hosts/${hostName}.nixpkgs --indirect --realise ${nixpkgsPath}
269 nix-store --add-root hosts/${hostName}.root --indirect --realise ${build.toplevel}
270
271 nix copy --to "ssh://${config.install.target}?''${targetStore-}"${lib.optionalString config.install.substituteOnDestination " --substitute-on-destination"} ${build.toplevel}
272
273 if ssh ${config.install.target} set -x ';' \
274 systemctl reset-failed nixos-fallback '2>/dev/null' ';' \
275 test "''${NO_NIXOS_FALLBACK:+set}" '||' \
276 systemd-run -u nixos-fallback --description=nixos-fallback /bin/sh -xc '''\'''
277 PATH=${
278 with pkgs;
279 lib.makeBinPath [
280 coreutils
281 nix
282 systemd
283 ]
284 }
285 sleep $((10 * 60))
286 ${profile}/bin/switch-to-configuration switch
287 systemctl reboot
288 '\'''' '&&' \
289 ${build.toplevel}/bin/switch-to-configuration test
290 then
291 ssh ${config.install.target} -o ControlPath=none set -x ';' \
292 systemctl stop nixos-fallback.service ';' \
293 nix-env --profile ${profile} --set '${build.toplevel}' ';' \
294 ${build.toplevel}/bin/switch-to-configuration boot '&&' \
295 nix-env --delete-generations 7d --profile ${profile}
296 else
297 tput rev
298 echo WARNING: switch-to-configuration was not registered at boot
299 tput sgr0
300 ssh ${config.install.target} -o ControlPath=none set -x ';' \
301 systemctl stop nixos-fallback.service
302 false
303 fi
304 '';
305 }
306 ) nixosConfigurations
307 );
308
309 # nix flake check
310 checks = forAllSystems (
311 args: with args; {
312 git-hooks-check = inputs.git-hooks.lib.${system}.run {
313 src = self;
314 hooks = {
315 nixfmt-rfc-style.enable = true;
316 };
317 };
318 }
319 );
320 };
321 }
julm's NixOS and home-manager configs