nixos-config/flake.nix

296 lines
8.9 KiB
Nix
Raw Normal View History

2021-09-24 06:09:20 +02:00
{
inputs = {
2023-04-29 23:29:05 +02:00
2021-09-25 11:07:09 +02:00
secrets = {
2022-01-15 09:32:59 +01:00
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
2021-09-25 11:07:09 +02:00
flake = false;
};
2023-06-29 10:08:09 +02:00
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
2023-06-30 00:14:18 +02:00
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
2023-06-29 18:02:42 +02:00
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
2023-06-29 10:08:09 +02:00
nixpkgs-legacy_2205.url = "github:nixos/nixpkgs/nixos-22.05";
nixpkgs-legacy_2105.url = "github:nixos/nixpkgs/nixos-21.05";
2023-06-30 00:14:18 +02:00
nixos-hardware.url = "github:nixos/nixos-hardware";
2023-06-29 10:08:09 +02:00
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
polygon-art = {
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
};
sops-nix.url = "github:Mic92/sops-nix";
emacs-overlay = {
url = "github:nix-community/emacs-overlay";
flake = false;
};
doom-emacs-nix = {
url = "github:nix-community/nix-doom-emacs";
inputs.nixpkgs.follows = "nixpkgs";
#inputs.emacs-overlay.follows = "emacs-overlay";
};
home-manager-utils = {
url = "github:mrvandalo/home-manager-utils";
inputs.home-manager.follows = "home-manager";
};
nixpkgs-fmt = {
url = "github:nix-community/nixpkgs-fmt";
inputs.nixpkgs.follows = "nixpkgs";
};
grocy-scanner = {
url = "github:mrVanDalo/grocy-scanner";
inputs.nixpkgs.follows = "nixpkgs";
};
2022-12-18 16:46:20 +01:00
permown = {
2022-12-18 17:29:16 +01:00
url = "github:mrVanDalo/module.permown";
2022-12-18 16:46:20 +01:00
#url = "git+file:///home/palo/dev/nixos/permown";
inputs.nixpkgs.follows = "nixpkgs";
};
2022-06-22 23:06:16 +02:00
private_assets = {
2023-06-29 10:08:09 +02:00
#url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
flake = true;
2022-06-22 23:06:16 +02:00
};
2022-09-29 12:36:36 +02:00
retiolum = {
2023-02-16 21:43:28 +01:00
url = "github:Mic92/retiolum";
#url = "git+file:///home/palo/dev/nixos/retiolum";
2022-09-29 12:36:36 +02:00
};
2022-11-24 13:48:18 +01:00
landingpage = {
#url = "git+file:///home/palo/dev/landingpage";
url = "github:mrVanDalo/landingpage";
2022-10-22 15:01:11 +02:00
};
2023-02-17 11:45:09 +01:00
kmonad = {
url = "github:kmonad/kmonad?dir=nix";
inputs.nixpkgs.follows = "nixpkgs";
};
2023-04-29 23:29:05 +02:00
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
2023-06-13 19:58:51 +02:00
#dns = {
# url = "github:kirelagin/dns.nix";
# inputs.nixpkgs.follows = "nixpkgs";
#};
2023-06-30 00:14:18 +02:00
nixinate.url = "github:matthewcroughan/nixinate";
# For accessing `deploy-rs`'s utility Nix functions
deploy-rs.url = "github:serokell/deploy-rs";
2021-09-24 06:09:20 +02:00
};
outputs =
{ self
2023-04-29 23:29:05 +02:00
, disko
2023-06-13 20:42:58 +02:00
#, dns
2023-06-30 00:14:18 +02:00
, deploy-rs
, doom-emacs-nix
, emacs-overlay
, grocy-scanner
, home-manager
, home-manager-utils
2023-06-13 19:58:51 +02:00
, kmonad
, landingpage
2023-06-30 00:14:18 +02:00
, nixinate
2023-01-23 20:04:50 +01:00
, nixos-hardware
, nixpkgs
, nixpkgs-fmt
2023-06-29 10:08:09 +02:00
, nixpkgs-legacy_2105
, nixpkgs-legacy_2205
2023-06-30 00:14:18 +02:00
, nixpkgs-legacy_2211
2023-01-23 20:04:50 +01:00
, nixpkgs-unstable
, permown
, polygon-art
2022-06-22 23:06:16 +02:00
, private_assets
2023-04-29 23:29:05 +02:00
, retiolum
, secrets
2022-06-22 23:06:16 +02:00
, sops-nix
}:
2021-09-25 20:28:25 +02:00
let
system = "x86_64-linux";
2023-06-30 00:14:18 +02:00
2021-09-25 20:28:25 +02:00
pkgs = nixpkgs.legacyPackages.${system};
2023-06-30 00:14:18 +02:00
inherit (nixpkgs) lib;
nixosSystem = args:
(lib.makeOverridable lib.nixosSystem)
(lib.recursiveUpdate args {
modules =
args.modules
++ [
{
config.nixpkgs.pkgs = lib.mkDefault args.pkgs;
config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform;
}
];
});
2022-06-23 00:33:59 +02:00
pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" ''
2022-06-23 01:03:37 +02:00
# collect all network configurations and save them in the store
sudo ls /etc/NetworkManager/system-connections \
| while read file
do
sudo cat "/etc/NetworkManager/system-connections/$file" \
| ${pkgs.pass}/bin/pass insert -m "krops/desktop_secrets/network-manager/system-connections/$file"
done
2022-06-23 00:33:59 +02:00
'';
pushNetworkPasswords = pkgs.writers.writeBashBin "push-network-passwords" ''
echo "push network passwords to $1"
'';
2023-06-30 00:14:18 +02:00
meta = rec {
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
config.permittedInsecurePackages = [ "python-2.7.18.6" ];
overlays = [
(_self: _super: {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
legacy_2211 = import nixpkgs-legacy_2211 {
inherit system;
};
legacy_2205 = import nixpkgs-legacy_2205 {
inherit system;
};
legacy_2105 = nixpkgs-legacy_2105 {
inherit system;
};
polygon-art = polygon-art.packages.${pkgs.system};
landingpage = landingpage.packages.${pkgs.system}.plain;
trilium-server = nixpkgs-unstable.legacyPackages.${pkgs.system}.trilium-server;
kmonad = kmonad.packages.${pkgs.system}.kmonad;
#deploy-rs = deploy-rs.packages.${system}.deploy-rs;
})
(import ./nixos/pkgs)
2022-06-23 00:33:59 +02:00
];
};
2023-06-30 00:14:18 +02:00
specialArgs = {
inherit private_assets;
assets = ./nixos/assets;
};
};
2023-06-30 00:14:18 +02:00
defaultModules = [
({ pkgs, lib, ... }:
{
2022-06-23 00:33:59 +02:00
nix = {
# no channesl needed this way
nixPath = [ "nixpkgs=${pkgs.path}" ];
# make flakes available
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
2023-06-30 00:14:18 +02:00
boot.tmp.useTmpfs = lib.mkDefault true;
environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ];
2022-06-23 00:33:59 +02:00
imports = [
2023-06-30 00:14:18 +02:00
#./nixos/machines/${name}/configuration.nix
#(sopsModule name)
2022-06-23 00:33:59 +02:00
home-manager.nixosModules.home-manager
2022-12-18 16:46:20 +01:00
permown.nixosModules.permown
2023-04-29 23:29:05 +02:00
disko.nixosModules.disko
2023-06-30 00:14:18 +02:00
kmonad.nixosModules.default
2023-06-09 01:24:53 +02:00
{ nix.settings.substituters = [ "https://cache.nixos.org/" ]; }
2022-06-23 00:33:59 +02:00
];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
2023-06-30 00:14:18 +02:00
})
];
2023-06-30 00:14:18 +02:00
sopsModule = name: { lib, ... }: {
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
imports = [
sops-nix.nixosModules.sops
];
};
2023-02-13 18:40:56 +01:00
2023-06-30 00:14:18 +02:00
in
{
devShells.${system}.default =
pkgs.mkShell {
buildInputs = [
pushNetworkPasswords
pullNetworkPasswords
nixpkgs-fmt.defaultPackage.${system}
#deploy-rs.packages.${system}.deploy-rs
];
};
2023-01-31 15:28:24 +01:00
2023-06-30 00:14:18 +02:00
#deploy.nodes.cream.profiles.system = {
# user = "root";
# path = meta.deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.cream;
#};
2022-06-23 00:33:59 +02:00
2023-06-30 00:14:18 +02:00
# This is highly advised, and will prevent many possible mistakes
# checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
2022-06-23 08:39:18 +02:00
2023-06-30 00:14:18 +02:00
apps = nixinate.nixinate.x86_64-linux self;
2023-06-30 00:14:18 +02:00
#packages = with nixpkgs.lib; {
# "x86_64-linux" = (mapAttrs'
# (host: sys: {
# name = "vm-${host}";
# value = sys.config.system.build.vm;
# })
# self.nixosConfigurations) // (mapAttrs'
# (host: sys: {
# name = "sd-${host}";
# value = sys.config.system.build.sdImage;
# })
# (filterAttrs
# (n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
# self.nixosConfigurations));
#};
2023-04-29 23:29:05 +02:00
2023-06-30 00:14:18 +02:00
nixosConfigurations = {
cream = nixosSystem {
inherit (meta) system specialArgs;
pkgs = meta.pkgs;
modules = defaultModules ++ [
{
_module.args.nixinate = {
host = "cream.private";
sshUser = "root";
buildOn = "remote"; # valid args are "local" or "remote"
substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s"
hermetic = false;
2023-03-13 09:47:33 +01:00
};
2023-06-30 00:14:18 +02:00
}
{
# make flake inputs accessiable in NixOS
_module.args.self = self;
_module.args.inputs = self.inputs;
}
{
2022-10-19 13:16:24 +02:00
imports = [
2023-06-30 00:14:18 +02:00
./nixos/machines/cream/configuration.nix
(sopsModule "cream")
grocy-scanner.nixosModule
nixos-hardware.nixosModules.framework-12th-gen-intel
private_assets.nixosModules.jobrad
retiolum.nixosModules.retiolum
2022-10-19 13:16:24 +02:00
];
2023-06-30 00:14:18 +02:00
home-manager.users.mainUser.imports = [
2022-09-23 20:29:18 +02:00
doom-emacs-nix.hmModule
home-manager-utils.hmModule
];
2023-06-30 00:14:18 +02:00
}
];
};
2023-06-30 00:14:18 +02:00
};
2021-09-25 20:28:25 +02:00
};
2021-09-24 06:09:20 +02:00
}