This commit is contained in:
Ingolf Wagner 2024-04-17 21:30:19 +02:00
parent e8240d98b8
commit 7ddf6d9f21
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B

231
flake.nix
View file

@ -5,6 +5,16 @@
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main"; url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
flake = false; flake = false;
}; };
flake-parts.url = "github:hercules-ci/flake-parts";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
clan-core = {
url = "git+https://git.clan.lol/clan/clan-core";
inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
inputs.flake-parts.follows = "flake-parts";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-legacy_2305.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-legacy_2305.url = "github:nixos/nixpkgs/nixos-23.05";
@ -90,10 +100,12 @@
}; };
outputs = outputs =
{ self inputs@{ self
, clan-core
, disko , disko
, dns , dns
, doom-emacs-nix , doom-emacs-nix
, flake-parts
, grocy-scanner , grocy-scanner
, home-manager , home-manager
, home-manager-utils , home-manager-utils
@ -115,23 +127,23 @@
, private_assets , private_assets
, retiolum , retiolum
, secrets , secrets
, srvos
, srvos_nixpkgs
, smoke , smoke
, sops-nix , sops-nix
, srvos
, srvos_nixpkgs
, stylix , stylix
, taskshell , taskshell
}: }:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system}; let
#system = "x86_64-linux";
#pkgs = nixpkgs.legacyPackages.${system};
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
meta = rec {
meta = { nixpackages ? nixpkgs }: rec {
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import nixpackages { pkgs = import nixpkgs {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
config.permittedInsecurePackages = [ config.permittedInsecurePackages = [
@ -165,41 +177,24 @@
inherit private_assets; inherit private_assets;
assets = ./nixos/assets; assets = ./nixos/assets;
}; };
}; };
# todo : why redefine it? clanSetup =
# Mic92 means, is not needed anymore
nixosSystem = args:
(lib.makeOverridable lib.nixosSystem)
(lib.recursiveUpdate args {
modules =
args.modules
++ [
{
config.nixpkgs.pkgs = lib.mkDefault args.pkgs;
config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform;
}
];
});
nixosConfigurationSetup =
{ name { name
, host ? "${name}.private" , host
, modules , modules
, nixpackages ? nixpkgs #, nixpackages ? meta.nixpkgs
}: }: {
nixosSystem {
inherit (meta { nixpackages = nixpackages; }) system specialArgs pkgs; clan.networking.targetHost = lib.mkDefault "root@${host}";
modules = modules ++ defaultModules ++ [ clanCore.machineIcon = null; # Optional, a path to an image file
{
_module.args.nixinate = { #nixpkgs.pkgs = nixpackages;
host = host; nixpkgs.pkgs = meta.pkgs;
sshUser = "root"; nixpkgs.hostPlatform = meta.system;
buildOn = "remote"; # valid args are "local" or "remote"
substituteOnTarget = false; # if buildOn is "local" then it will substitute on the target, "-s" imports = modules ++ defaultModules ++ [
hermetic = false;
};
}
{ {
imports = [ imports = [
./nixos/machines/${name}/configuration.nix ./nixos/machines/${name}/configuration.nix
@ -210,39 +205,32 @@
}; };
defaultModules = [ defaultModules = [
{ ({ pkgs, lib, ... }: {
# todo : find out what this is? # todo : check if this is still needed
# make flake inputs accessiable in NixOS nix = {
_module.args.self = self; # no channesl needed this way
_module.args.inputs = self.inputs; nixPath = [ "nixpkgs=${pkgs.path}" ];
} # make flakes available
({ pkgs, lib, ... }: package = pkgs.nixUnstable;
{ extraOptions = ''
# todo : check if this is still needed experimental-features = nix-command flakes
nix = { '';
# no channesl needed this way };
nixPath = [ "nixpkgs=${pkgs.path}" ]; })
# make flakes available
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
})
{ nix.settings.substituters = [ "https://cache.nixos.org/" ]; } { nix.settings.substituters = [ "https://cache.nixos.org/" ]; }
{ ({ pkgs, ... }: {
boot.tmp.useTmpfs = lib.mkDefault true; boot.tmp.useTmpfs = lib.mkDefault true;
environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ]; environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${pkgs.system} ];
imports = [ imports = [
permown.nixosModules.permown permown.nixosModules.permown
disko.nixosModules.disko disko.nixosModules.disko
kmonad.nixosModules.default kmonad.nixosModules.default
grocy-scanner.nixosModule grocy-scanner.nixosModule
]; ];
} })
]; ];
homeManagerModules = { config, ... }: { homeManagerModules = { pkgs, config, ... }: {
imports = [ imports = [
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
stylix.nixosModules.stylix stylix.nixosModules.stylix
@ -280,56 +268,42 @@
}; };
sopsModule = name: { lib, ... }: { sopsModule = name: { lib, ... }: {
imports = [ sops-nix.nixosModules.sops ]; #imports = [ sops-nix.nixosModules.sops ];
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml"; sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
}; };
in in
{
devShells.${system}.default =
pkgs.mkShell {
buildInputs = [
nixpkgs-fmt.defaultPackage.${system}
nixos-anywhere.packages.${system}.nixos-anywhere
];
};
apps = nixinate.nixinate.x86_64-linux self; flake-parts.lib.mkFlake { inherit inputs; } ({ self, pkgs, ... }: {
# We define our own systems below. you can still use this to add system specific outputs to your flake.
# See: https://flake.parts/getting-started
systems = [ ];
packages = with nixpkgs.lib; { # import clan-core modules
${system} = imports = [
let clan-core.flakeModules.default
vms = mapAttrs' ];
(host: sys: {
name = "vm-${host}";
value = sys.config.system.build.vm;
})
self.nixosConfigurations;
sds = mapAttrs'
(host: sys: {
name = "sd-${host}";
value = sys.config.system.build.sdImage;
})
(filterAttrs
(n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
self.nixosConfigurations);
in
vms // sds;
};
nixosConfigurations = # Define your clan
{ clan = {
sternchen = nixosConfigurationSetup { # Clan wide settings. (Required)
clanName = "gummybears"; # Ensure to choose a unique name.
specialArgs = meta.specialArgs;
machines = {
sternchen = clanSetup {
name = "sternchen"; name = "sternchen";
host = "sternchen.secret"; host = "sternchen.secure";
#host = "192.168.178.25";
modules = [ modules = [
nixos-hardware.nixosModules.lenovo-thinkpad-x220 nixos-hardware.nixosModules.lenovo-thinkpad-x220
homeManagerModules homeManagerModules
]; ];
}; };
cream = nixosConfigurationSetup {
cream = clanSetup {
name = "cream"; name = "cream";
#host = "1.2.3.4";
host = "cream.private";
modules = [ modules = [
nixos-hardware.nixosModules.framework-12th-gen-intel nixos-hardware.nixosModules.framework-12th-gen-intel
retiolum.nixosModules.retiolum retiolum.nixosModules.retiolum
@ -342,8 +316,10 @@
} }
]; ];
}; };
cherry = nixosConfigurationSetup {
cherry = clanSetup {
name = "cherry"; name = "cherry";
host = "cherry.private";
modules = [ modules = [
nixos-hardware.nixosModules.framework-13th-gen-intel nixos-hardware.nixosModules.framework-13th-gen-intel
homeManagerModules homeManagerModules
@ -354,8 +330,10 @@
} }
]; ];
}; };
chungus = nixosConfigurationSetup {
chungus = clanSetup {
name = "chungus"; name = "chungus";
host = "chungus.private";
modules = [ modules = [
homeManagerModules homeManagerModules
retiolum.nixosModules.retiolum retiolum.nixosModules.retiolum
@ -365,9 +343,10 @@
} }
]; ];
}; };
orbi = nixosConfigurationSetup {
orbi = clanSetup {
name = "orbi"; name = "orbi";
host = "95.216.66.212"; host = "orbi.private";
modules = [ modules = [
homeManagerModules homeManagerModules
srvos.nixosModules.hardware-hetzner-online-intel srvos.nixosModules.hardware-hetzner-online-intel
@ -380,8 +359,10 @@
} }
]; ];
}; };
robi = nixosConfigurationSetup {
robi = clanSetup {
name = "robi"; name = "robi";
host = "robi.private";
modules = [ modules = [
homeManagerModules homeManagerModules
{ home-manager.sharedModules = [{ programs.doom-emacs.enable = false; }]; } { home-manager.sharedModules = [{ programs.doom-emacs.enable = false; }]; }
@ -392,6 +373,46 @@
]; ];
}; };
}; };
};
};
});
} }
# devShells.${system}.default =
# pkgs.mkShell {
# buildInputs = [
# nixpkgs-fmt.defaultPackage.${system}
# nixos-anywhere.packages.${system}.nixos-anywhere
# ];
# };
#apps = nixinate.nixinate.x86_64-linux self;
# packages = with nixpkgs.lib; {
# ${system} =
# let
# vms = mapAttrs'
# (host: sys: {
# name = "vm-${host}";
# value = sys.config.system.build.vm;
# })
# self.nixosConfigurations;
# sds = mapAttrs'
# (host: sys: {
# name = "sd-${host}";
# value = sys.config.system.build.sdImage;
# })
# (filterAttrs
# (n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
# self.nixosConfigurations);
# in
# vms // sds;
# };
# nixosConfigurations =
# };