2 description = "julm's Nix configurations for hosts (NixOS) and homes (home-manager)";
6 "https://nix-community.cachix.org"
8 extra-trusted-public-keys = [
9 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
15 # Explanation: required due to the applyPatches on nixpkgs below.
16 allow-import-from-derivation = true;
19 # https://status.nixos.org
20 # nix flake update nixpkgs --override-flake nixpkgs github:NixOS/nixpkgs/2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a --allow-dirty-locks
23 url = "github:AzaharPlus/AzaharPlus?submodules=1";
27 url = "github:NixOS/flake-compat";
31 url = "github:idursun/jjui";
35 url = "github:larpios/jj-conflict.nvim";
39 doom-emacs.flake = false;
40 doom-emacs.url = "github:hlissner/doom-emacs";
43 url = "github:martintrojer/jj-fugitive";
47 url = "github:sivansh11/jj";
51 url = "github:soulis-1256/eagle.nvim";
55 url = "github:BibekBhusal0/bufstack.nvim";
59 url = "github:rafikdraoui/jj-diffconflicts";
63 url = "github:NicolasGB/jj.nvim";
64 #url = "git+file:///home/julm/src/lua/jj.nvim";
67 git-hooks.inputs.nixpkgs.follows = "nixpkgs";
68 git-hooks.url = "github:cachix/git-hooks.nix";
69 home-manager.inputs.nixpkgs.follows = "nixpkgs";
70 home-manager.url = "github:nix-community/home-manager/release-25.11";
71 #home-manager.url = "git+file:///home/julm/src/nix/home-manager";
72 nixos-hardware.url = "github:NixOS/nixos-hardware/master";
73 #nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
74 nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
75 nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
76 nixpkgs-unstable-latest.url = "github:NixOS/nixpkgs";
78 url = "github:nix-community/lanzaboote/v1.0.0";
79 inputs.nixpkgs.follows = "nixpkgs";
80 inputs.pre-commit.follows = "git-hooks";
87 remoteNixpkgsPatches = import nixpkgs/patches.nix;
88 localNixpkgsPatches = [
89 nixpkgs/patches/openvpn/openvpn-netns.patch
90 nixpkgs/patches/openvpn/0001-nixos-netns-init-module-to-manage-network-namespaces.patch
92 originPkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
93 nixpkgsPath = originPkgs.applyPatches {
94 name = "nixpkgs-patched";
95 src = inputs.nixpkgs.outPath;
96 patches = map originPkgs.fetchpatch remoteNixpkgsPatches ++ localNixpkgsPatches;
98 patch=$(printf '%s\n' ${
99 builtins.concatStringsSep " " (map (p: p.sha256) remoteNixpkgsPatches ++ localNixpkgsPatches)
101 sort | sha256sum | cut -c -7)
102 echo "-patch-$patch" >.version-suffix
105 profile = "/nix/var/nix/profiles/system";
106 inherit (inputs.nixpkgs) lib;
107 overlays = import nixpkgs/overlays.nix;
108 #nixosSystem = lib.nixosSystem;
109 nixosSystem = import (nixpkgsPath + "/nixos/lib/eval-config.nix");
112 lib.genAttrs lib.systems.flakeExposed (
116 #pkgs = inputs.nixpkgs.legacyPackages.${system};
117 pkgs = import nixpkgsPath {
119 overlays = overlays { inherit inputs system; };
152 (fileFilter (file: lib.any file.hasExt exts) ./domains)
153 (fileFilter (file: lib.any file.hasExt exts) ./home-manager)
154 (fileFilter (file: lib.any file.hasExt exts) ./homes)
155 (fileFilter (file: lib.any file.hasExt exts) ./hosts)
156 (fileFilter (file: lib.any file.hasExt exts) ./nixos)
157 (fileFilter (file: lib.any file.hasExt exts) ./nixpkgs)
158 (fileFilter (file: lib.any file.hasExt exts) ./users)
164 # nix -L build .#hello
165 packages = forAllSystems ({ pkgs, ... }: pkgs);
167 # nix -L build .#nixosConfigurations.oignon.config.system.build.toplevel
168 # nix -L build .#nixosConfigurations.oignon.config.boot.kernelPackages.kernel.configfile
169 # nix -L build .#nixosConfigurations.oignon.pkgs.hello
170 # nix eval --raw .#nixosConfigurations.oignon.config.networking.nftables.ruleset
171 nixosConfigurations =
173 (builtins.attrNames (
174 lib.filterAttrs (_n: v: v == "directory") (builtins.readDir (self + "/hosts"))
181 # Required to avoid infinite recursion
182 # when `inputs` is used in `imports`.
188 (import (self + "/hosts/${hostName}.nix"))
189 inputs.lanzaboote.nixosModules.lanzaboote
190 inputs.home-manager.nixosModules.home-manager
192 { config, lib, ... }:
194 inherit (config.nixpkgs.hostPlatform) system;
195 pkgs-unstable = import inputs.nixpkgs-unstable.outPath {
197 overlays = overlays { inherit inputs system; };
199 pkgs-unstable-latest = import inputs.nixpkgs-unstable-latest.outPath {
201 overlays = overlays { inherit inputs system; };
206 inherit hostName pkgs-unstable pkgs-unstable-latest;
207 hosts = nixosConfigurations;
208 host = nixosConfigurations.${hostName}._module.args;
211 overlays = overlays {
213 inherit (config.nixpkgs.hostPlatform) system;
215 config.permittedInsecurePackages = [
216 # Still needed for chatty
217 # See https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802%3E
218 # and https://gitlab.gnome.org/World/Chatty/-/issues/932
221 config.allowNonSource = false;
222 config.allowNonSourcePredicate =
224 # Disallow packages whose sourceProvenance is not isSource, except binaryFirmware.
225 !(lib.lists.any (p: !p.isSource && p != lib.sourceTypes.binaryFirmware) pkg.meta.sourceProvenance)
226 # Reallow some of them.
227 || builtins.elem (lib.getName pkg) [
239 "rustc-bootstrap-wrapper"
246 config.allowUnfreePredicate =
248 builtins.elem (lib.getName pkg) [
260 useGlobalPkgs = true;
261 useUserPackages = true;
264 backupFileExtension = "old";
280 # nix -L develop or direnv allow
281 devShells = forAllSystems (
282 { pkgs, system, ... }:
284 default = pkgs.callPackage flake/devShells/default.nix {
291 inherit (checks.${system}.git-hooks-check) shellHook;
296 # nix -L run .#oignon.switch
297 apps = forAllSystems (
298 { pkgs, system, ... }:
304 # Example: nix run .#aubergine.switch
308 (pkgs.callPackage flake/apps/switch.nix {
315 inherit (config.system) build;
319 ) nixosConfigurations
323 checks = forAllSystems (
325 git-hooks-check = inputs.git-hooks.lib.${system}.run {
328 nixfmt-rfc-style.enable = true;
sourcephile / git / julm / julm-nix.git / blob