{ inputs = { secrets = { url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main"; flake = false; }; flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; clan-fact-generators = { url = "github:mrvandalo/clan-fact-generators"; inputs.clan-core.follows = "clan-core"; }; clan-core = { url = "git+https://git.clan.lol/clan/clan-core"; #url = "git+file:///home/palo/dev/clan-core"; inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable. inputs.flake-parts.follows = "flake-parts"; }; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11"; nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-anywhere.url = "github:nix-community/nixos-anywhere"; home-manager = { #url = "github:nix-community/home-manager/release-23.11"; url = "github:nix-community/home-manager"; #inputs.nixpkgs.follows = "nixpkgs"; }; polygon-art = { url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git"; }; home-manager-utils = { url = "github:mrvandalo/home-manager-utils"; inputs.home-manager.follows = "home-manager"; }; permown = { url = "github:mrVanDalo/module.permown"; #url = "git+file:///home/palo/dev/nixos/permown"; inputs.nixpkgs.follows = "nixpkgs"; }; private_assets = { #url = "git+file:///home/palo/dev/nixos/nixos-private-assets"; url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main"; flake = true; }; retiolum = { url = "github:Mic92/retiolum"; #url = "git+file:///home/palo/dev/nixos/retiolum"; }; srvos.url = "github:nix-community/srvos"; landingpage = { #url = "git+file:///home/palo/dev/landingpage"; url = "github:mrVanDalo/landingpage"; }; # todo: mabye use https://github.com/jtroo/kanata instead # fixme: kmonad crashes every now and than and the keyboard is not usable anymore. kmonad = { url = "github:kmonad/kmonad?dir=nix"; inputs.nixpkgs.follows = "nixpkgs"; }; stylix = { #url = "github:danth/stylix?ref=35cab8eb76c1d3672b2b290a64f357847c30d090"; #url = "github:danth/stylix/release-23.11"; url = "github:danth/stylix"; inputs.nixpkgs.follows = "nixpkgs"; inputs.home-manager.follows = "home-manager"; }; # smoke test framwork to trigger tests (enable if I want to use it for real) #smoke = { # url = github:SamirTalwar/smoke; # inputs.nixpkgs.follows = "nixpkgs"; #}; # had to override it to remove colors taskshell = { url = "github:mrvandalo/taskshell"; inputs.nixpkgs.follows = "nixpkgs"; }; # my own tool overviewer.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git?ref=main"; }; outputs = inputs@{ self , clan-core , clan-fact-generators , flake-parts , home-manager , home-manager-utils , kmonad , landingpage , nixos-anywhere , nixos-hardware , nixpkgs , nixpkgs-legacy_2211 , nixpkgs-legacy_2311 , overviewer , permown , polygon-art , private_assets , retiolum , secrets , srvos , stylix , taskshell }: let #system = "x86_64-linux"; #pkgs = nixpkgs.legacyPackages.${system}; inherit (nixpkgs) lib; meta = rec { system = "x86_64-linux"; pkgs = import nixpkgs { inherit system; config.allowUnfree = true; config.permittedInsecurePackages = [ "electron-24.8.6" # for bitwarden "python-2.7.18.6" "python-2.7.18.7" "python-2.7.18.8" ]; overlays = [ (_self: _super: { legacy_2211 = import nixpkgs-legacy_2211 { inherit system; config.allowUnfree = true; }; legacy_2311 = import nixpkgs-legacy_2311 { inherit system; config.allowUnfree = true; }; polygon-art = polygon-art.packages.${system}; landingpage = landingpage.packages.${system}.plain; kmonad = kmonad.packages.${system}.kmonad; tasksh = taskshell.packages.${system}.tasksh; overviewer = overviewer.packages.${system}.overviewer; }) (import ./pkgs) ]; }; specialArgs = { inherit private_assets; assets = ./assets; factsGenerator = clan-fact-generators.lib { inherit pkgs; }; clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; }; }; }; clanSetup = { name , host , modules }: { clan.networking.targetHost = lib.mkDefault "root@${host}"; nixpkgs.pkgs = meta.pkgs; nixpkgs.hostPlatform = meta.system; clanCore.facts.secretStore = "password-store"; imports = modules ++ defaultModules ++ [ ./machines/${name}/configuration.nix # clan core configuration ({ pkgs, lib, ... }: { imports = [ # this magically adds all my machines in the zero tier network # and makes the controller accept them. # will automatic look into `/machines//facts/zerotier-ip inputs.clan-core.clanModules.zerotier-static-peers # Statically configure the host names of machines based on their respective zerotier-ip. inputs.clan-core.clanModules.static-hosts # generate ssh host keys with facts inputs.clan-core.clanModules.sshd ]; clan.static-hosts.topLevelDomain = "bear"; environment.systemPackages = [ clan-core.packages.${pkgs.system}.clan-cli ]; }) ]; }; defaultModules = [ # make flake inputs accessiable in NixOS { _module.args.self = self; _module.args.inputs = self.inputs; } # ssh keys ({ config, ... }: { users.users.root.openssh.authorizedKeys.keyFiles = [ # master key ./assets/mrvandalo_rsa.pub # backup key "${config.clanCore.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub" "${config.clanCore.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub" ]; }) # configure nix ({ pkgs, lib, ... }: { nix.settings.substituters = [ "https://cache.nixos.org/" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.max-jobs = 1; # no channesl needed this way nix.nixPath = [ "nixpkgs=${pkgs.path}" ]; documentation.nixos.enable = true; boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10; boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10; boot.loader.grub.configurationLimit = lib.mkDefault 10; }) # some modules I always use permown.nixosModules.permown kmonad.nixosModules.default # some default things I always want ({ pkgs, ... }: { boot.tmp.useTmpfs = lib.mkDefault true; environment.systemPackages = [ pkgs.nixpkgs-fmt ]; }) ]; stylixModules = { pkgs, config, ... }: { imports = [ stylix.nixosModules.stylix ]; stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml"; stylix.image = ./assets/wallpaper.png; stylix.fonts = { serif = { package = pkgs.ubuntu_font_family; name = "Ubuntu"; }; sansSerif = { package = pkgs.ubuntu_font_family; name = "Ubuntu"; }; monospace = { package = pkgs.jetbrains-mono; name = "JetBrains Mono"; }; emoji = { package = pkgs.noto-fonts-emoji; name = "Noto Color Emoji"; }; sizes.popups = 15; }; # todo: remove this if not needed anymore #home-manager.sharedModules = [ # { stylix.targets.bemenu.enable = false; } #]; }; homeManagerModules = { pkgs, config, ... }: { imports = [ home-manager.nixosModules.home-manager ]; home-manager.extraSpecialArgs = { inherit private_assets; assets = ./assets; }; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.sharedModules = [ home-manager-utils.hmModule ]; }; in flake-parts.lib.mkFlake { inherit inputs; } ({ self, pkgs, ... }: { # We define our own systems below. you can still use this to add system specific outputs to your flake. # See: https://flake.parts/getting-started systems = [ ]; # import clan-core modules imports = [ clan-core.flakeModules.default ]; # Define your clan clan = { # Clan wide settings. clanName = "gummybears"; # Ensure to choose a unique name. specialArgs = meta.specialArgs; machines = { sternchen = clanSetup { name = "sternchen"; host = "sternchen.bear"; #host = "192.168.178.25"; modules = [ nixos-hardware.nixosModules.lenovo-thinkpad-x220 homeManagerModules stylixModules { home-manager.users.mainUser.gui.enable = true; } { home-manager.users.mainUser = import ./homes/tina; home-manager.users.root = import ./homes/root; } # todo : strange overrides, this should be an option kinda an be changed on another level (the homes/ folders or something) ({ lib, ... }: { home-manager.sharedModules = [ { programs.atuin.enable = lib.mkForce false; } ]; }) { clanCore.machineDescription = "LaLaptop"; } ]; }; cream = clanSetup { name = "cream"; host = "cream.bear"; modules = [ nixos-hardware.nixosModules.framework-12th-gen-intel retiolum.nixosModules.retiolum private_assets.nixosModules.cream private_assets.nixosModules.yubikey homeManagerModules stylixModules { home-manager.users.mainUser.gui.enable = true; } { home-manager.users.mainUser = import ./homes/palo; home-manager.users.root = import ./homes/root; } { clanCore.machineDescription = "Laptop"; } ]; }; cherry = clanSetup { name = "cherry"; host = "cherry.bear"; modules = [ nixos-hardware.nixosModules.framework-13th-gen-intel homeManagerModules stylixModules private_assets.nixosModules.yubikey { home-manager.users.mainUser.gui.enable = true; } { home-manager.users.mainUser = import ./homes/palo; home-manager.users.root = import ./homes/root; } { clanCore.machineDescription = "Laptop"; } ]; }; chungus = clanSetup { name = "chungus"; host = "chungus.bear"; modules = [ { clan.networking.zerotier.controller = { enable = true; public = false; }; } homeManagerModules stylixModules retiolum.nixosModules.retiolum private_assets.nixosModules.chungus { home-manager.users.mainUser = import ./homes/palo; home-manager.users.root = import ./homes/root; } { clanCore.machineDescription = "Home Server"; } ]; }; orbi = clanSetup { name = "orbi"; host = "orbi.bear"; #host = "95.216.66.212"; modules = [ homeManagerModules stylixModules srvos.nixosModules.hardware-hetzner-online-intel srvos.nixosModules.server srvos.nixosModules.mixins-terminfo { # not needed for servers in general boot.initrd.systemd.emergencyAccess = false; systemd.enableEmergencyMode = false; } { home-manager.users.mainUser = import ./homes/palo; home-manager.users.root = import ./homes/root; } { clanCore.machineDescription = "Internet Server"; } ]; }; }; }; }); }