{ inputs = { secrets = { url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main"; flake = false; }; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs-legacy_2205.url = "github:nixos/nixpkgs/nixos-22.05"; nixpkgs-legacy_2105.url = "github:nixos/nixpkgs/nixos-21.05"; nixos-hardware.url = "github:nixos/nixos-hardware"; home-manager = { url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; }; polygon-art = { url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git"; }; sops-nix.url = "github:Mic92/sops-nix"; emacs-overlay = { url = "github:nix-community/emacs-overlay"; flake = false; }; doom-emacs-nix = { url = "github:nix-community/nix-doom-emacs"; inputs.nixpkgs.follows = "nixpkgs"; #inputs.emacs-overlay.follows = "emacs-overlay"; }; home-manager-utils = { url = "github:mrvandalo/home-manager-utils"; inputs.home-manager.follows = "home-manager"; }; nixpkgs-fmt = { url = "github:nix-community/nixpkgs-fmt"; inputs.nixpkgs.follows = "nixpkgs"; }; grocy-scanner = { url = "github:mrVanDalo/grocy-scanner"; inputs.nixpkgs.follows = "nixpkgs"; }; permown = { url = "github:mrVanDalo/module.permown"; #url = "git+file:///home/palo/dev/nixos/permown"; inputs.nixpkgs.follows = "nixpkgs"; }; private_assets = { #url = "git+file:///home/palo/dev/nixos/nixos-private-assets"; url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main"; flake = true; }; retiolum = { url = "github:Mic92/retiolum"; #url = "git+file:///home/palo/dev/nixos/retiolum"; }; landingpage = { #url = "git+file:///home/palo/dev/landingpage"; url = "github:mrVanDalo/landingpage"; }; kmonad = { url = "github:kmonad/kmonad?dir=nix"; inputs.nixpkgs.follows = "nixpkgs"; }; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; #dns = { # url = "github:kirelagin/dns.nix"; # inputs.nixpkgs.follows = "nixpkgs"; #}; nixinate.url = "github:matthewcroughan/nixinate"; # For accessing `deploy-rs`'s utility Nix functions deploy-rs.url = "github:serokell/deploy-rs"; }; outputs = { self , disko #, dns , deploy-rs , doom-emacs-nix , emacs-overlay , grocy-scanner , home-manager , home-manager-utils , kmonad , landingpage , nixinate , nixos-hardware , nixpkgs , nixpkgs-fmt , nixpkgs-legacy_2105 , nixpkgs-legacy_2205 , nixpkgs-legacy_2211 , nixpkgs-unstable , permown , polygon-art , private_assets , retiolum , secrets , sops-nix }: let system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages.${system}; inherit (nixpkgs) lib; nixosSystem = args: (lib.makeOverridable lib.nixosSystem) (lib.recursiveUpdate args { modules = args.modules ++ [ { config.nixpkgs.pkgs = lib.mkDefault args.pkgs; config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform; } ]; }); pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" '' # collect all network configurations and save them in the store sudo ls /etc/NetworkManager/system-connections \ | while read file do sudo cat "/etc/NetworkManager/system-connections/$file" \ | ${pkgs.pass}/bin/pass insert -m "krops/desktop_secrets/network-manager/system-connections/$file" done ''; pushNetworkPasswords = pkgs.writers.writeBashBin "push-network-passwords" '' echo "push network passwords to $1" ''; meta = rec { system = "x86_64-linux"; pkgs = import nixpkgs { inherit system; config.allowUnfree = true; config.permittedInsecurePackages = [ "python-2.7.18.6" ]; overlays = [ (_self: _super: { unstable = import nixpkgs-unstable { inherit system; config.allowUnfree = true; }; legacy_2211 = import nixpkgs-legacy_2211 { inherit system; }; legacy_2205 = import nixpkgs-legacy_2205 { inherit system; }; legacy_2105 = nixpkgs-legacy_2105 { inherit system; }; polygon-art = polygon-art.packages.${pkgs.system}; landingpage = landingpage.packages.${pkgs.system}.plain; trilium-server = nixpkgs-unstable.legacyPackages.${pkgs.system}.trilium-server; kmonad = kmonad.packages.${pkgs.system}.kmonad; #deploy-rs = deploy-rs.packages.${system}.deploy-rs; }) (import ./nixos/pkgs) ]; }; specialArgs = { inherit private_assets; assets = ./nixos/assets; }; }; defaultModules = [ ({ pkgs, lib, ... }: { nix = { # no channesl needed this way nixPath = [ "nixpkgs=${pkgs.path}" ]; # make flakes available package = pkgs.nixUnstable; extraOptions = '' experimental-features = nix-command flakes ''; }; boot.tmp.useTmpfs = lib.mkDefault true; environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ]; imports = [ #./nixos/machines/${name}/configuration.nix #(sopsModule name) home-manager.nixosModules.home-manager permown.nixosModules.permown disko.nixosModules.disko kmonad.nixosModules.default { nix.settings.substituters = [ "https://cache.nixos.org/" ]; } ]; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; }) ]; sopsModule = name: { lib, ... }: { sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml"; imports = [ sops-nix.nixosModules.sops ]; }; in { devShells.${system}.default = pkgs.mkShell { buildInputs = [ pushNetworkPasswords pullNetworkPasswords nixpkgs-fmt.defaultPackage.${system} #deploy-rs.packages.${system}.deploy-rs ]; }; #deploy.nodes.cream.profiles.system = { # user = "root"; # path = meta.deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.cream; #}; # This is highly advised, and will prevent many possible mistakes # checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; apps = nixinate.nixinate.x86_64-linux self; #packages = with nixpkgs.lib; { # "x86_64-linux" = (mapAttrs' # (host: sys: { # name = "vm-${host}"; # value = sys.config.system.build.vm; # }) # self.nixosConfigurations) // (mapAttrs' # (host: sys: { # name = "sd-${host}"; # value = sys.config.system.build.sdImage; # }) # (filterAttrs # (n: hasAttrByPath [ "config" "system" "build" "sdImage" ]) # self.nixosConfigurations)); #}; nixosConfigurations = { cream = nixosSystem { inherit (meta) system specialArgs; pkgs = meta.pkgs; modules = defaultModules ++ [ { _module.args.nixinate = { host = "cream.private"; sshUser = "root"; buildOn = "remote"; # valid args are "local" or "remote" substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s" hermetic = false; }; } { # make flake inputs accessiable in NixOS _module.args.self = self; _module.args.inputs = self.inputs; } { imports = [ ./nixos/machines/cream/configuration.nix (sopsModule "cream") grocy-scanner.nixosModule nixos-hardware.nixosModules.framework-12th-gen-intel private_assets.nixosModules.jobrad retiolum.nixosModules.retiolum ]; home-manager.users.mainUser.imports = [ doom-emacs-nix.hmModule home-manager-utils.hmModule ]; } ]; }; }; }; }