2 description = "julm's Nix configurations for hosts (NixOS) and homes (home-manager)";
6 "https://nix-community.cachix.org"
8 extra-trusted-public-keys = [
9 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
15 # Explanation: required due to the applyPatches on nixpkgs below.
16 allow-import-from-derivation = true;
19 # https://status.nixos.org
20 # nix flake update nixpkgs --override-flake nixpkgs github:NixOS/nixpkgs/2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a --allow-dirty-locks
23 url = "github:AzaharPlus/AzaharPlus?submodules=1";
27 url = "github:NixOS/flake-compat";
31 url = "github:idursun/jjui";
35 doom-emacs.flake = false;
36 doom-emacs.url = "github:hlissner/doom-emacs";
39 url = "github:martintrojer/jj-fugitive";
43 url = "github:sivansh11/jj";
47 url = "github:soulis-1256/eagle.nvim";
51 url = "github:BibekBhusal0/bufstack.nvim";
55 url = "github:rafikdraoui/jj-diffconflicts";
59 url = "github:NicolasGB/jj.nvim";
60 #url = "git+file:///home/julm/src/lua/jj.nvim";
63 git-hooks.inputs.nixpkgs.follows = "nixpkgs";
64 git-hooks.url = "github:cachix/git-hooks.nix";
65 home-manager.inputs.nixpkgs.follows = "nixpkgs";
66 home-manager.url = "github:nix-community/home-manager/release-25.11";
67 #home-manager.url = "git+file:///home/julm/src/nix/home-manager";
68 nixos-hardware.url = "github:NixOS/nixos-hardware/master";
69 #nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
70 nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
71 nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
72 nixpkgs-unstable-latest.url = "github:NixOS/nixpkgs";
74 url = "github:nix-community/lanzaboote/v1.0.0";
75 inputs.nixpkgs.follows = "nixpkgs";
76 inputs.pre-commit.follows = "git-hooks";
83 remoteNixpkgsPatches = import nixpkgs/patches.nix;
84 localNixpkgsPatches = [
85 nixpkgs/patches/openvpn/openvpn-netns.patch
86 nixpkgs/patches/openvpn/0001-nixos-netns-init-module-to-manage-network-namespaces.patch
88 originPkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
89 nixpkgsPath = originPkgs.applyPatches {
90 name = "nixpkgs-patched";
91 src = inputs.nixpkgs.outPath;
92 patches = map originPkgs.fetchpatch remoteNixpkgsPatches ++ localNixpkgsPatches;
94 patch=$(printf '%s\n' ${
95 builtins.concatStringsSep " " (map (p: p.sha256) remoteNixpkgsPatches ++ localNixpkgsPatches)
97 sort | sha256sum | cut -c -7)
98 echo "-patch-$patch" >.version-suffix
101 profile = "/nix/var/nix/profiles/system";
102 inherit (inputs.nixpkgs) lib;
103 overlays = import nixpkgs/overlays.nix;
104 #nixosSystem = lib.nixosSystem;
105 nixosSystem = import (nixpkgsPath + "/nixos/lib/eval-config.nix");
108 lib.genAttrs lib.systems.flakeExposed (
112 #pkgs = inputs.nixpkgs.legacyPackages.${system};
113 pkgs = import nixpkgsPath {
115 overlays = overlays { inherit inputs system; };
148 (fileFilter (file: lib.any file.hasExt exts) ./domains)
149 (fileFilter (file: lib.any file.hasExt exts) ./home-manager)
150 (fileFilter (file: lib.any file.hasExt exts) ./homes)
151 (fileFilter (file: lib.any file.hasExt exts) ./hosts)
152 (fileFilter (file: lib.any file.hasExt exts) ./nixos)
153 (fileFilter (file: lib.any file.hasExt exts) ./nixpkgs)
154 (fileFilter (file: lib.any file.hasExt exts) ./users)
160 # nix -L build .#hello
161 packages = forAllSystems ({ pkgs, ... }: pkgs);
163 # nix -L build .#nixosConfigurations.oignon.config.system.build.toplevel
164 # nix -L build .#nixosConfigurations.oignon.config.boot.kernelPackages.kernel.configfile
165 # nix -L build .#nixosConfigurations.oignon.pkgs.hello
166 # nix eval --raw .#nixosConfigurations.oignon.config.networking.nftables.ruleset
167 nixosConfigurations =
169 (builtins.attrNames (
170 lib.filterAttrs (_n: v: v == "directory") (builtins.readDir (self + "/hosts"))
177 # Required to avoid infinite recursion
178 # when `inputs` is used in `imports`.
184 (import (self + "/hosts/${hostName}.nix"))
185 inputs.lanzaboote.nixosModules.lanzaboote
186 inputs.home-manager.nixosModules.home-manager
188 { config, lib, ... }:
190 inherit (config.nixpkgs.hostPlatform) system;
191 pkgs-unstable = import inputs.nixpkgs-unstable.outPath {
193 overlays = overlays { inherit inputs system; };
195 pkgs-unstable-latest = import inputs.nixpkgs-unstable-latest.outPath {
197 overlays = overlays { inherit inputs system; };
202 inherit hostName pkgs-unstable pkgs-unstable-latest;
203 hosts = nixosConfigurations;
204 host = nixosConfigurations.${hostName}._module.args;
207 overlays = overlays {
209 inherit (config.nixpkgs.hostPlatform) system;
211 config.permittedInsecurePackages = [
212 # Still needed for chatty
213 # See https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802%3E
214 # and https://gitlab.gnome.org/World/Chatty/-/issues/932
217 config.allowNonSource = false;
218 config.allowNonSourcePredicate =
220 # Disallow packages whose sourceProvenance is not isSource, except binaryFirmware.
221 !(lib.lists.any (p: !p.isSource && p != lib.sourceTypes.binaryFirmware) pkg.meta.sourceProvenance)
222 # Reallow some of them.
223 || builtins.elem (lib.getName pkg) [
235 "rustc-bootstrap-wrapper"
242 config.allowUnfreePredicate =
244 builtins.elem (lib.getName pkg) [
256 useGlobalPkgs = true;
257 useUserPackages = true;
260 backupFileExtension = "old";
276 # nix -L develop or direnv allow
277 devShells = forAllSystems (
278 { pkgs, system, ... }:
280 default = pkgs.callPackage flake/devShells/default.nix {
287 inherit (checks.${system}.git-hooks-check) shellHook;
292 # nix -L run .#oignon.switch
293 apps = forAllSystems (
294 { pkgs, system, ... }:
300 # Example: nix run .#aubergine.switch
304 (pkgs.callPackage flake/apps/switch.nix {
311 inherit (config.system) build;
315 ) nixosConfigurations
319 checks = forAllSystems (
321 git-hooks-check = inputs.git-hooks.lib.${system}.run {
324 nixfmt-rfc-style.enable = true;
sourcephile / git / julm / julm-nix.git / blob