]> Git — Sourcephile - sourcephile-nix.git/blob - flake.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
nix: harmonize with julm-nix
[sourcephile-nix.git] / flake.nix
1 {
2 inputs = {
3 doom-emacs.follows = "julm-nix/doom-emacs";
4 home-manager.follows = "julm-nix/home-manager";
5 julm-nix.url = "git+file:///home/julm/work/sourcephile/nix/julm-nix?ref=main";
6 julm-nix.inputs.nixpkgs.follows = "nixpkgs";
7 nix-formatter-pack.follows = "julm-nix/nix-formatter-pack";
8 nixpkgs.url = "github:NixOS/nixpkgs/fdebb81f45a1ba2c4afca5fd9f526e1653ad0949";
9 pre-commit-hooks.follows = "julm-nix/pre-commit-hooks";
10 };
11
12 outputs = inputs: let
13 remoteNixpkgsPatches = import (inputs.julm-nix + "/nixpkgs/patches.nix");
14 localNixpkgsPatches = [
15 #nixpkgs/patches/systemd-coredump.diff
16 ];
17 originPkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
18 nixpkgsPath = originPkgs.applyPatches {
19 name = "nixpkgs-patched";
20 src = inputs.nixpkgs;
21 patches = map originPkgs.fetchpatch remoteNixpkgsPatches ++ localNixpkgsPatches;
22 postPatch = ''
23 patch=$(printf '%s\n' ${builtins.concatStringsSep " "
24 (map (p: p.sha256) remoteNixpkgsPatches ++ localNixpkgsPatches)} |
25 sort | sha256sum | cut -c -7)
26 echo "+patch-$patch" >.version-suffix
27 '';
28 };
29 lib = inputs.nixpkgs.lib;
30 #nixosSystem = lib.nixosSystem;
31 nixosSystem = import (nixpkgsPath + "/nixos/lib/eval-config.nix");
32 pkgsForSystem = system: import nixpkgsPath {
33 inherit system;
34 config = {
35 allowUnfree = true; # For hplip
36 };
37 overlays =
38 import nixpkgs/overlays.nix ++
39 import (inputs.julm-nix + "/nixpkgs/overlays.nix");
40 };
41 forAllSystems = f: lib.genAttrs lib.systems.flakeExposed (system: f rec {
42 inherit system;
43 #pkgs = inputs.nixpkgs.legacyPackages.${system};
44 pkgs = pkgsForSystem system;
45 });
46 in
47 {
48 # Example: nix -L build .#nixosConfigurations.losurdo.config.system.build.toplevel
49 # Example: nix -L build .#nixosConfigurations.losurdo.config.boot.kernelPackages.kernel.configfile
50 # Example: nix -L build .#nixosConfigurations.losurdo.pkgs.hello
51 # Example: nix eval .#nixosConfigurations.losurdo.config.networking.hostName
52 nixosConfigurations = lib.genAttrs
53 (builtins.attrNames (lib.filterAttrs (_n: v: v == "directory") (builtins.readDir (inputs.self + "/hosts"))))
54 (hostName: nixosSystem
55 {
56 system = null;
57 specialArgs = {
58 # Required to avoid infinite recrsion
59 # when inputs is used in imports
60 inherit inputs;
61 };
62 modules = [
63 (inputs.self + "/hosts/${hostName}.nix")
64 {
65 _module.args = {
66 inherit hostName;
67 hosts = inputs.self.nixosConfigurations;
68 host = inputs.self.nixosConfigurations.${hostName}._module.args;
69 #pkgs = pkgsForSystem "x86_64-linux";
70 #pkgs = pkgsForSystem config._module.args.system;
71 };
72 nixpkgs.overlays =
73 import nixpkgs/overlays.nix ++
74 import (inputs.julm-nix + "/nixpkgs/overlays.nix");
75 #nixpkgs.buildPlatform = "x86_64-linux";
76 }
77 nixos/defaults.nix
78 inputs.nixpkgs.nixosModules.notDetected
79 ({ pkgs, ... }: {
80 nix.registry.nixpkgs = lib.mkDefault { flake = inputs.nixpkgs; };
81 nix.package = pkgs.nixFlakes;
82 nix.extraOptions = "experimental-features = nix-command flakes";
83 #nixpkgs.overlays = import nixpkgs/overlays.nix;
84 # Let 'nixos-version --json' know about the Git revision of this flake.
85 system.configurationRevision = lib.mkIf (inputs.self ? rev) inputs.self.rev;
86 })
87 inputs.home-manager.nixosModules.home-manager
88 {
89 home-manager.useGlobalPkgs = true;
90 home-manager.useUserPackages = true;
91 home-manager.verbose = true;
92 home-manager.backupFileExtension = null;
93 home-manager.extraSpecialArgs = {
94 inherit hostName inputs;
95 };
96 }
97 {
98 programs.ssh.knownHosts = {
99 carotte = {
100 extraHostNames = [ "carotte" "carotte.sourcephile.fr" ];
101 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnnS0w9zm5KuWwlfJu+qEXC0asESQySPp76szyMTE3J";
102 };
103 mermet = {
104 extraHostNames = [ "mermet" "mermet.sourcephile.fr" ];
105 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvKN2sIpH782MFjaOpcty1Hs/T/TPNJpXI08H3O3oxl";
106 };
107 losurdo = {
108 extraHostNames = [ "losurdo" "losurdo.sourcephile.fr" ];
109 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJkAq1T0Dxozt4RPylvWrUmeuejiG+n/owb3ucnWP9F";
110 };
111 };
112 }
113 ];
114 }
115 );
116 #legacyPackages = pkgsForSystem "x86_64-linux";
117 # nix -L develop or direnv allow
118 devShell = forAllSystems ({ pkgs, system, ... }: pkgs.callPackage ./shell.nix
119 {
120 inherit pkgs inputs system nixpkgsPath;
121 #inherit (inputs.self.checks.${system}.pre-commit-check) shellHook;
122 });
123 # nix -L run .#oignon.switch
124 apps = forAllSystems ({ pkgs, system, ... }:
125 with builtins;
126 mapAttrs
127 (hostName: { config, ... }:
128 let
129 inherit (config.system) build;
130 target = "\"\${TARGET:-root@${config.networking.hostName}.${config.networking.domain}}\"";
131 scriptApp = scriptName: ps: script: {
132 type = "app";
133 program = (pkgs.writeShellScript "${hostName}-${scriptName}" ''
134 export PATH="${lib.makeBinPath ([ pkgs.coreutils ] ++ ps)}:$PATH"
135 set -eux
136 ${script}
137 '').outPath;
138 };
139 in
140 {
141 # Example: nix run .#aubergine.switch
142 "switch" = scriptApp "switch" [ ] ''
143 shopt -s globstar
144
145 chmod -R g-rwx,o-rwx **/*.gpg
146 trap 'git reset **/*.gpg' EXIT
147 git rm -rf --cached --ignore-unmatch **/*.gpg # prevent copying to /nix/store
148
149 nix-store --add-root hosts/${hostName}.nixpkgs --indirect --realise ${nixpkgsPath}
150 nix-store --add-root hosts/${hostName}.root --indirect --realise ${build.toplevel}
151
152 nix copy --to ssh://${target}${lib.optionalString config.install.substituteOnDestination " --substitute-on-destination"} ${build.toplevel}
153 '' + lib.optionalString config.boot.initrd.network.ssh.enable ''
154 # Send the SSH key of the initrd
155 gpg --decrypt 'pass/hosts/${hostName}/initrd/ssh.key.gpg' |
156 ssh ${target} install -D -m 400 -o root -g root /dev/stdin /root/initrd/ssh.key
157 # Send the Wireguard key of the initrd
158 gpg --decrypt 'pass/hosts/${hostName}/wireguard/wg-intra/privateKey.gpg' |
159 ssh ${target} install -D -m 400 -o root -g root /dev/stdin /root/initrd/wg-intra.key
160 '' + ''
161 ssh ${target} set -x ';' \
162 systemctl reset-failed nixos-fallback '2>/dev/null' ';' \
163 systemd-run -u nixos-fallback --description=nixos-fallback /bin/sh -xc '''\'''
164 PATH=${with pkgs; lib.makeBinPath [ coreutils nix systemd ]}
165 sleep $((10 * 60))
166 ${profile}/bin/switch-to-configuration switch
167 systemctl reboot
168 '\'''' '&&' \
169 ${build.toplevel}/bin/switch-to-configuration test
170
171 ssh ${target} -o ControlPath=none set -x ';' \
172 systemctl stop nixos-fallback.service ';' \
173 nix-env --profile ${profile} --set '${build.toplevel}' ';' \
174 ${build.toplevel}/bin/switch-to-configuration boot '&&' \
175 nix-env --delete-generations 7d --profile ${profile}
176 '';
177 # Example: nix run .#carotte.install-sd
178 # DELETEME: quite useless, better to use nixos-install
179 "install-sd" = scriptApp "install-sd" [ zstd ] ''
180 set -o pipefail
181 nix-store --add-root hosts/${hostName}.root --indirect --realise ${build.sdImage}
182 unzstd --stdout ${build.sdImage}/sd-image/*.img.zst |
183 sudo -k dd conv=notrunc oflag=direct,sync status=progress of="''${1:-/dev/mmcblk0}"
184 '';
185 }
186 )
187 inputs.self.nixosConfigurations
188 );
189 };
190 }
NixOS configurations for Sourcephile's infrastructure