]> Git — Sourcephile - julm/julm-nix.git/blob - flake.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
maint/update(overlays): pass inputs
[julm/julm-nix.git] / flake.nix
1 {
2 description = "julm's Nix configurations for hosts (NixOS) and homes (home-manager)";
3 /*
4 nixConfig = {
5 extra-substituters = [
6 "https://nix-community.cachix.org"
7 ];
8 extra-trusted-public-keys = [
9 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
10 ];
11 };
12 */
13
14 nixConfig = {
15 allow-import-from-derivation = true;
16 };
17
18 inputs = {
19 /*
20 doom-emacs.flake = false;
21 doom-emacs.url = "github:hlissner/doom-emacs";
22 */
23 jj-fugitive = {
24 url = "github:martintrojer/jj-fugitive";
25 flake = false;
26 };
27 sivansh11-jj-nvim = {
28 url = "github:sivansh11/jj";
29 flake = false;
30 };
31 bufstack = {
32 url = "github:BibekBhusal0/bufstack.nvim";
33 flake = false;
34 };
35 jj-diffconflicts = {
36 url = "github:rafikdraoui/jj-diffconflicts";
37 flake = false;
38 };
39 NicolasGB-jj-nvim = {
40 url = "github:NicolasGB/jj.nvim";
41 #url = "git+file:///home/julm/src/lua/jj.nvim";
42 flake = false;
43 };
44 git-hooks.inputs.nixpkgs.follows = "nixpkgs";
45 git-hooks.url = "github:cachix/git-hooks.nix";
46 home-manager.inputs.nixpkgs.follows = "nixpkgs";
47 home-manager.url = "github:nix-community/home-manager/release-25.11";
48 #home-manager.url = "git+file:///home/julm/src/nix/home-manager";
49 nixos-hardware.url = "github:NixOS/nixos-hardware/master";
50 #nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
51 nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
52 nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
53 nixpkgs-unstable-latest.url = "github:NixOS/nixpkgs/cad22e7d996aea55ecab064e84834289143e44a0";
54 lanzaboote = {
55 url = "github:nix-community/lanzaboote/v1.0.0";
56 inputs.nixpkgs.follows = "nixpkgs";
57 inputs.pre-commit.follows = "git-hooks";
58 };
59 };
60
61 outputs =
62 inputs:
63 let
64 remoteNixpkgsPatches = import nixpkgs/patches.nix;
65 localNixpkgsPatches = [
66 nixpkgs/patches/openvpn/openvpn-netns.patch
67 nixpkgs/patches/openvpn/0001-nixos-netns-init-module-to-manage-network-namespaces.patch
68 ];
69 originPkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
70 nixpkgsPath = originPkgs.applyPatches {
71 name = "nixpkgs-patched";
72 src = inputs.nixpkgs.outPath;
73 patches = map originPkgs.fetchpatch remoteNixpkgsPatches ++ localNixpkgsPatches;
74 postPatch = ''
75 patch=$(printf '%s\n' ${
76 builtins.concatStringsSep " " (map (p: p.sha256) remoteNixpkgsPatches ++ localNixpkgsPatches)
77 } |
78 sort | sha256sum | cut -c -7)
79 echo "-patch-$patch" >.version-suffix
80 '';
81 };
82 profile = "/nix/var/nix/profiles/system";
83 inherit (inputs.nixpkgs) lib;
84 overlays = import nixpkgs/overlays.nix;
85 #nixosSystem = lib.nixosSystem;
86 nixosSystem = import (nixpkgsPath + "/nixos/lib/eval-config.nix");
87 forAllSystems =
88 f:
89 lib.genAttrs lib.systems.flakeExposed (
90 system:
91 f rec {
92 inherit system;
93 #pkgs = inputs.nixpkgs.legacyPackages.${system};
94 pkgs = import nixpkgsPath {
95 inherit system;
96 overlays = overlays { inherit inputs system; };
97 };
98 }
99 );
100 self =
101 with lib.fileset;
102 toSource {
103 root = ./.;
104 fileset =
105 let
106 exts = [
107 "clear"
108 "conf"
109 "cred"
110 "crt"
111 "css"
112 "el"
113 "hs"
114 "inc"
115 "json"
116 "lua"
117 "nft"
118 "nix"
119 "patch"
120 "pem"
121 "pub"
122 "sh"
123 "theme"
124 "toml"
125 "vim"
126 ];
127 in
128 unions [
129 (fileFilter (file: lib.any file.hasExt exts) ./domains)
130 (fileFilter (file: lib.any file.hasExt exts) ./home-manager)
131 (fileFilter (file: lib.any file.hasExt exts) ./homes)
132 (fileFilter (file: lib.any file.hasExt exts) ./hosts)
133 (fileFilter (file: lib.any file.hasExt exts) ./nixos)
134 (fileFilter (file: lib.any file.hasExt exts) ./nixpkgs)
135 (fileFilter (file: lib.any file.hasExt exts) ./users)
136 ./shell.nix
137 ];
138 };
139 in
140 rec {
141 # nix -L build .#hello
142 packages = forAllSystems ({ pkgs, ... }: pkgs);
143
144 # nix -L build .#nixosConfigurations.oignon.config.system.build.toplevel
145 # nix -L build .#nixosConfigurations.oignon.config.boot.kernelPackages.kernel.configfile
146 # nix -L build .#nixosConfigurations.oignon.pkgs.hello
147 # nix eval --raw .#nixosConfigurations.oignon.config.networking.nftables.ruleset
148 nixosConfigurations =
149 lib.genAttrs
150 (builtins.attrNames (
151 lib.filterAttrs (_n: v: v == "directory") (builtins.readDir (self + "/hosts"))
152 ))
153 (
154 hostName:
155 nixosSystem {
156 system = null;
157 specialArgs = {
158 # Required to avoid infinite recursion
159 # when `inputs` is used in `imports`.
160 inherit inputs;
161 };
162 modules = [
163 nixos/default.nix
164 (import (self + "/hosts/${hostName}.nix"))
165 inputs.lanzaboote.nixosModules.lanzaboote
166 inputs.home-manager.nixosModules.home-manager
167 (
168 { config, ... }:
169 let
170 inherit (config.nixpkgs.hostPlatform) system;
171 pkgs-unstable = import inputs.nixpkgs-unstable.outPath {
172 inherit system;
173 overlays = overlays { inherit inputs system; };
174 };
175 pkgs-unstable-latest = import inputs.nixpkgs-unstable-latest.outPath {
176 inherit system;
177 overlays = overlays { inherit inputs system; };
178 };
179 in
180 {
181 _module.args = {
182 inherit hostName pkgs-unstable pkgs-unstable-latest;
183 hosts = nixosConfigurations;
184 host = nixosConfigurations.${hostName}._module.args;
185 };
186 nixpkgs = {
187 overlays = overlays {
188 inherit inputs;
189 inherit (config.nixpkgs.hostPlatform) system;
190 };
191 config.permittedInsecurePackages = [
192 # Still needed for chatty
193 # See https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802%3E
194 # and https://gitlab.gnome.org/World/Chatty/-/issues/932
195 "olm-3.2.16"
196 ];
197 config.allowUnfreePredicate =
198 pkg:
199 builtins.elem (lib.getName pkg) [
200 "anydesk"
201 "canon-cups-ufr2"
202 "cudatoolkit"
203 "geogebra"
204 "hplip"
205 "memtest86-efi"
206 "nvidia-settings"
207 "nvidia-x11"
208 ];
209 };
210 home-manager = {
211 useGlobalPkgs = true;
212 useUserPackages = true;
213 verbose = true;
214 #force = true;
215 backupFileExtension = "old";
216 extraSpecialArgs = {
217 inherit
218 inputs
219 hostName
220 pkgs-unstable
221 pkgs-unstable-latest
222 ;
223 };
224 };
225 }
226 )
227 ];
228 }
229 );
230
231 # nix -L develop or direnv allow
232 devShells = forAllSystems (
233 { pkgs, system, ... }:
234 {
235 default = pkgs.callPackage (self + "/shell.nix") {
236 inherit
237 pkgs
238 inputs
239 system
240 nixpkgsPath
241 ;
242 inherit (checks.${system}.git-hooks-check) shellHook;
243 };
244 }
245 );
246
247 # nix -L run .#oignon.switch
248 apps = forAllSystems (
249 { pkgs, system, ... }:
250 with builtins;
251 mapAttrs (
252 hostName:
253 { config, ... }:
254 let
255 inherit (config.system) build;
256 scriptApp = scriptName: ps: script: {
257 type = "app";
258 program =
259 (pkgs.writeShellScript "${hostName}-${scriptName}" ''
260 export PATH="${lib.makeBinPath ([ pkgs.coreutils ] ++ ps)}:$PATH"
261 set -eux
262 ${script}
263 '').outPath;
264 };
265 in
266 {
267 # Example: nix run .#aubergine.switch
268 "switch" = scriptApp "switch" [ ] ''
269 shopt -s globstar
270
271 chmod -R g-rwx,o-rwx **/*.gpg
272 trap 'git reset **/*.gpg' EXIT
273 git rm -rf --cached --ignore-unmatch **/*.gpg # prevent copying to /nix/store
274
275 nix-store --add-root hosts/${hostName}.nixpkgs --indirect --realise ${nixpkgsPath}
276 nix-store --add-root hosts/${hostName}.root --indirect --realise ${build.toplevel}
277
278 nix copy --to "ssh://${config.install.target}?''${targetStore-}"${lib.optionalString config.install.substituteOnDestination " --substitute-on-destination"} ${build.toplevel}
279
280 if ssh ${config.install.target} set -x ';' \
281 systemctl reset-failed nixos-fallback '2>/dev/null' ';' \
282 test "''${NO_NIXOS_FALLBACK:+set}" '||' \
283 systemd-run -u nixos-fallback --description=nixos-fallback /bin/sh -xc '''\'''
284 PATH=${
285 with pkgs;
286 lib.makeBinPath [
287 coreutils
288 nix
289 systemd
290 ]
291 }
292 sleep $((10 * 60))
293 ${profile}/bin/switch-to-configuration switch
294 systemctl reboot
295 '\'''' '&&' \
296 ${build.toplevel}/bin/switch-to-configuration test
297 then
298 ssh ${config.install.target} -o ControlPath=none set -x ';' \
299 systemctl stop nixos-fallback.service ';' \
300 nix-env --profile ${profile} --set '${build.toplevel}' ';' \
301 ${build.toplevel}/bin/switch-to-configuration boot '&&' \
302 nix-env --delete-generations 7d --profile ${profile}
303 else
304 tput rev
305 echo WARNING: switch-to-configuration was not registered at boot
306 tput sgr0
307 ssh ${config.install.target} -o ControlPath=none set -x ';' \
308 systemctl stop nixos-fallback.service
309 false
310 fi
311 '';
312 }
313 ) nixosConfigurations
314 );
315
316 # nix flake check
317 checks = forAllSystems (
318 args: with args; {
319 git-hooks-check = inputs.git-hooks.lib.${system}.run {
320 src = self;
321 hooks = {
322 nixfmt-rfc-style.enable = true;
323 };
324 };
325 }
326 );
327 };
328 }
julm's NixOS and home-manager configs