]> Git — Sourcephile - julm/julm-nix.git/blob - flake.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
+use/op(nvim/eagle): init
[julm/julm-nix.git] / flake.nix
1 {
2 description = "julm's Nix configurations for hosts (NixOS) and homes (home-manager)";
3 /*
4 nixConfig = {
5 extra-substituters = [
6 "https://nix-community.cachix.org"
7 ];
8 extra-trusted-public-keys = [
9 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
10 ];
11 };
12 */
13
14 nixConfig = {
15 # Explanation: required due to the applyPatches on nixpkgs below.
16 allow-import-from-derivation = true;
17 };
18
19 # https://status.nixos.org
20 # nix flake update nixpkgs --override-flake nixpkgs github:NixOS/nixpkgs/2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a --allow-dirty-locks
21 inputs = {
22 azaharPlus = {
23 url = "github:AzaharPlus/AzaharPlus?submodules=1";
24 flake = false;
25 };
26 jjui = {
27 url = "github:idursun/jjui";
28 flake = false;
29 };
30 /*
31 doom-emacs.flake = false;
32 doom-emacs.url = "github:hlissner/doom-emacs";
33 */
34 jj-fugitive = {
35 url = "github:martintrojer/jj-fugitive";
36 flake = false;
37 };
38 sivansh11-jj-nvim = {
39 url = "github:sivansh11/jj";
40 flake = false;
41 };
42 eagle-nvim = {
43 url = "github:soulis-1256/eagle.nvim";
44 flake = false;
45 };
46 bufstack = {
47 url = "github:BibekBhusal0/bufstack.nvim";
48 flake = false;
49 };
50 jj-diffconflicts = {
51 url = "github:rafikdraoui/jj-diffconflicts";
52 flake = false;
53 };
54 NicolasGB-jj-nvim = {
55 url = "github:NicolasGB/jj.nvim";
56 #url = "git+file:///home/julm/src/lua/jj.nvim";
57 flake = false;
58 };
59 git-hooks.inputs.nixpkgs.follows = "nixpkgs";
60 git-hooks.url = "github:cachix/git-hooks.nix";
61 home-manager.inputs.nixpkgs.follows = "nixpkgs";
62 home-manager.url = "github:nix-community/home-manager/release-25.11";
63 #home-manager.url = "git+file:///home/julm/src/nix/home-manager";
64 nixos-hardware.url = "github:NixOS/nixos-hardware/master";
65 #nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
66 nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
67 nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
68 nixpkgs-unstable-latest.url = "github:NixOS/nixpkgs/cad22e7d996aea55ecab064e84834289143e44a0";
69 lanzaboote = {
70 url = "github:nix-community/lanzaboote/v1.0.0";
71 inputs.nixpkgs.follows = "nixpkgs";
72 inputs.pre-commit.follows = "git-hooks";
73 };
74 };
75
76 outputs =
77 inputs:
78 let
79 remoteNixpkgsPatches = import nixpkgs/patches.nix;
80 localNixpkgsPatches = [
81 nixpkgs/patches/openvpn/openvpn-netns.patch
82 nixpkgs/patches/openvpn/0001-nixos-netns-init-module-to-manage-network-namespaces.patch
83 ];
84 originPkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
85 nixpkgsPath = originPkgs.applyPatches {
86 name = "nixpkgs-patched";
87 src = inputs.nixpkgs.outPath;
88 patches = map originPkgs.fetchpatch remoteNixpkgsPatches ++ localNixpkgsPatches;
89 postPatch = ''
90 patch=$(printf '%s\n' ${
91 builtins.concatStringsSep " " (map (p: p.sha256) remoteNixpkgsPatches ++ localNixpkgsPatches)
92 } |
93 sort | sha256sum | cut -c -7)
94 echo "-patch-$patch" >.version-suffix
95 '';
96 };
97 profile = "/nix/var/nix/profiles/system";
98 inherit (inputs.nixpkgs) lib;
99 overlays = import nixpkgs/overlays.nix;
100 #nixosSystem = lib.nixosSystem;
101 nixosSystem = import (nixpkgsPath + "/nixos/lib/eval-config.nix");
102 forAllSystems =
103 f:
104 lib.genAttrs lib.systems.flakeExposed (
105 system:
106 f rec {
107 inherit system;
108 #pkgs = inputs.nixpkgs.legacyPackages.${system};
109 pkgs = import nixpkgsPath {
110 inherit system;
111 overlays = overlays { inherit inputs system; };
112 };
113 }
114 );
115 self =
116 with lib.fileset;
117 toSource {
118 root = ./.;
119 fileset =
120 let
121 exts = [
122 "clear"
123 "conf"
124 "cred"
125 "crt"
126 "css"
127 "el"
128 "hs"
129 "inc"
130 "json"
131 "lua"
132 "nft"
133 "nix"
134 "patch"
135 "pem"
136 "pub"
137 "sh"
138 "theme"
139 "toml"
140 "vim"
141 ];
142 in
143 unions [
144 (fileFilter (file: lib.any file.hasExt exts) ./domains)
145 (fileFilter (file: lib.any file.hasExt exts) ./home-manager)
146 (fileFilter (file: lib.any file.hasExt exts) ./homes)
147 (fileFilter (file: lib.any file.hasExt exts) ./hosts)
148 (fileFilter (file: lib.any file.hasExt exts) ./nixos)
149 (fileFilter (file: lib.any file.hasExt exts) ./nixpkgs)
150 (fileFilter (file: lib.any file.hasExt exts) ./users)
151 ./shell.nix
152 ];
153 };
154 in
155 rec {
156 # nix -L build .#hello
157 packages = forAllSystems ({ pkgs, ... }: pkgs);
158
159 # nix -L build .#nixosConfigurations.oignon.config.system.build.toplevel
160 # nix -L build .#nixosConfigurations.oignon.config.boot.kernelPackages.kernel.configfile
161 # nix -L build .#nixosConfigurations.oignon.pkgs.hello
162 # nix eval --raw .#nixosConfigurations.oignon.config.networking.nftables.ruleset
163 nixosConfigurations =
164 lib.genAttrs
165 (builtins.attrNames (
166 lib.filterAttrs (_n: v: v == "directory") (builtins.readDir (self + "/hosts"))
167 ))
168 (
169 hostName:
170 nixosSystem {
171 system = null;
172 specialArgs = {
173 # Required to avoid infinite recursion
174 # when `inputs` is used in `imports`.
175 inherit inputs;
176 };
177 modules = [
178 nixos/default.nix
179 (import (self + "/hosts/${hostName}.nix"))
180 inputs.lanzaboote.nixosModules.lanzaboote
181 inputs.home-manager.nixosModules.home-manager
182 (
183 { config, ... }:
184 let
185 inherit (config.nixpkgs.hostPlatform) system;
186 pkgs-unstable = import inputs.nixpkgs-unstable.outPath {
187 inherit system;
188 overlays = overlays { inherit inputs system; };
189 };
190 pkgs-unstable-latest = import inputs.nixpkgs-unstable-latest.outPath {
191 inherit system;
192 overlays = overlays { inherit inputs system; };
193 };
194 in
195 {
196 _module.args = {
197 inherit hostName pkgs-unstable pkgs-unstable-latest;
198 hosts = nixosConfigurations;
199 host = nixosConfigurations.${hostName}._module.args;
200 };
201 nixpkgs = {
202 overlays = overlays {
203 inherit inputs;
204 inherit (config.nixpkgs.hostPlatform) system;
205 };
206 config.permittedInsecurePackages = [
207 # Still needed for chatty
208 # See https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802%3E
209 # and https://gitlab.gnome.org/World/Chatty/-/issues/932
210 "olm-3.2.16"
211 ];
212 config.allowUnfreePredicate =
213 pkg:
214 builtins.elem (lib.getName pkg) [
215 "anydesk"
216 "canon-cups-ufr2"
217 "cudatoolkit"
218 "geogebra"
219 "hplip"
220 "memtest86-efi"
221 "nvidia-settings"
222 "nvidia-x11"
223 ];
224 };
225 home-manager = {
226 useGlobalPkgs = true;
227 useUserPackages = true;
228 verbose = true;
229 #force = true;
230 backupFileExtension = "old";
231 extraSpecialArgs = {
232 inherit
233 inputs
234 hostName
235 pkgs-unstable
236 pkgs-unstable-latest
237 ;
238 };
239 };
240 }
241 )
242 ];
243 }
244 );
245
246 # nix -L develop or direnv allow
247 devShells = forAllSystems (
248 { pkgs, system, ... }:
249 {
250 default = pkgs.callPackage (self + "/shell.nix") {
251 inherit
252 pkgs
253 inputs
254 system
255 nixpkgsPath
256 ;
257 inherit (checks.${system}.git-hooks-check) shellHook;
258 };
259 }
260 );
261
262 # nix -L run .#oignon.switch
263 apps = forAllSystems (
264 { pkgs, system, ... }:
265 with builtins;
266 mapAttrs (
267 hostName:
268 { config, ... }:
269 let
270 inherit (config.system) build;
271 scriptApp = scriptName: ps: script: {
272 type = "app";
273 program =
274 (pkgs.writeShellScript "${hostName}-${scriptName}" ''
275 export PATH="${lib.makeBinPath ([ pkgs.coreutils ] ++ ps)}:$PATH"
276 set -eux
277 ${script}
278 '').outPath;
279 };
280 in
281 {
282 # Example: nix run .#aubergine.switch
283 "switch" = scriptApp "switch" [ ] ''
284 shopt -s globstar
285
286 chmod -R g-rwx,o-rwx **/*.gpg
287 trap 'git reset **/*.gpg' EXIT
288 git rm -rf --cached --ignore-unmatch **/*.gpg # prevent copying to /nix/store
289
290 nix-store --add-root hosts/${hostName}.nixpkgs --indirect --realise ${nixpkgsPath}
291 nix-store --add-root hosts/${hostName}.root --indirect --realise ${build.toplevel}
292
293 nix copy --to "ssh://${config.install.target}?''${targetStore-}"${lib.optionalString config.install.substituteOnDestination " --substitute-on-destination"} ${build.toplevel}
294
295 if ssh ${config.install.target} set -x ';' \
296 systemctl reset-failed nixos-fallback '2>/dev/null' ';' \
297 test "''${NO_NIXOS_FALLBACK:+set}" '||' \
298 systemd-run -u nixos-fallback --description=nixos-fallback /bin/sh -xc '''\'''
299 PATH=${
300 with pkgs;
301 lib.makeBinPath [
302 coreutils
303 nix
304 systemd
305 ]
306 }
307 sleep $((10 * 60))
308 ${profile}/bin/switch-to-configuration switch
309 systemctl reboot
310 '\'''' '&&' \
311 ${build.toplevel}/bin/switch-to-configuration test
312 then
313 ssh ${config.install.target} -o ControlPath=none set -x ';' \
314 systemctl stop nixos-fallback.service ';' \
315 nix-env --profile ${profile} --set '${build.toplevel}' ';' \
316 ${build.toplevel}/bin/switch-to-configuration boot '&&' \
317 nix-env --delete-generations 7d --profile ${profile}
318 else
319 tput rev
320 echo WARNING: switch-to-configuration was not registered at boot
321 tput sgr0
322 ssh ${config.install.target} -o ControlPath=none set -x ';' \
323 systemctl stop nixos-fallback.service
324 false
325 fi
326 '';
327 }
328 ) nixosConfigurations
329 );
330
331 # nix flake check
332 checks = forAllSystems (
333 args: with args; {
334 git-hooks-check = inputs.git-hooks.lib.${system}.run {
335 src = self;
336 hooks = {
337 nixfmt-rfc-style.enable = true;
338 };
339 };
340 }
341 );
342 };
343 }
julm's NixOS and home-manager configs