{ description = "my krops file"; inputs = { secrets = { url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main"; flake = false; }; nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11"; nixos-hardware = { url = "github:nixos/nixos-hardware"; inputs.nixpkgs.follows = "nixpkgs"; }; # colmena # ------- colmena = { url = "github:zhaofengli/colmena"; inputs.nixpkgs.follows = "nixpkgs"; }; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-legacy.url = "github:nixos/nixpkgs/nixos-22.05"; polygon-art = { url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git"; }; sops-nix.url = "github:Mic92/sops-nix"; emacs-overlay = { url = "github:nix-community/emacs-overlay"; flake = false; }; doom-emacs-nix = { url = "github:nix-community/nix-doom-emacs"; inputs.nixpkgs.follows = "nixpkgs"; #inputs.emacs-overlay.follows = "emacs-overlay"; }; home-manager = { url = "github:nix-community/home-manager/release-22.11"; inputs.nixpkgs.follows = "nixpkgs"; }; home-manager-utils = { url = "github:mrvandalo/home-manager-utils"; inputs.home-manager.follows = "home-manager"; }; cluster-module = { url = "github:mrvandalo/module.cluster"; #url = "git+file:///home/palo/dev/nixos/module.cluster"; }; nixpkgs-fmt = { url = "github:nix-community/nixpkgs-fmt"; inputs.nixpkgs.follows = "nixpkgs"; }; grocy-scanner = { url = "github:mrVanDalo/grocy-scanner"; inputs.nixpkgs.follows = "nixpkgs"; }; permown = { url = "github:mrVanDalo/module.permown"; #url = "git+file:///home/palo/dev/nixos/permown"; inputs.nixpkgs.follows = "nixpkgs"; }; private_assets = { url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main"; flake = false; }; retiolum = { url = "github:krebs/retiolum"; flake = false; }; landingpage = { #url = "git+file:///home/palo/dev/landingpage"; url = "github:mrVanDalo/landingpage"; }; }; outputs = { self , cluster-module , colmena , doom-emacs-nix , emacs-overlay , grocy-scanner , home-manager , home-manager-utils , nixos-hardware , nixpkgs , nixpkgs-fmt , nixpkgs-legacy , nixpkgs-unstable , permown , polygon-art , private_assets , secrets , sops-nix , retiolum , landingpage }: let system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages.${system}; pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" '' # collect all network configurations and save them in the store sudo ls /etc/NetworkManager/system-connections \ | while read file do sudo cat "/etc/NetworkManager/system-connections/$file" \ | ${pkgs.pass}/bin/pass insert -m "krops/desktop_secrets/network-manager/system-connections/$file" done ''; pushNetworkPasswords = pkgs.writers.writeBashBin "push-network-passwords" '' echo "push network passwords to $1" ''; in { # colmena devShell.${system} = pkgs.mkShell { buildInputs = [ colmena.packages.${system}.colmena pushNetworkPasswords pullNetworkPasswords nixpkgs-fmt.defaultPackage.${system} ]; }; colmena = let sopsModule = name: { lib, ... }: { sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml"; imports = [ sops-nix.nixosModules.sops ]; }; in { meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; overlays = [ (_self: _super: { # we assign the overlay created before to the overlays of nixpkgs. unstable = nixpkgs-unstable.legacyPackages.${pkgs.system}; legacy = nixpkgs-legacy.legacyPackages.${pkgs.system}; polygon-art = polygon-art.packages.${pkgs.system}; landingpage = landingpage.packages.${pkgs.system}.plain; }) ]; }; specialArgs = { inherit private_assets retiolum; }; }; defaults = { name, pkgs, lib, ... }: { deployment.buildOnTarget = lib.mkDefault true; nix = { # no channesl needed this way nixPath = [ "nixpkgs=${pkgs.path}" ]; # make flakes available package = pkgs.nixUnstable; extraOptions = '' experimental-features = nix-command flakes ''; }; environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} colmena.packages.${system}.colmena ]; imports = [ ./nixos/machines/${name}/configuration.nix cluster-module.nixosModules.tinc (sopsModule name) home-manager.nixosModules.home-manager permown.nixosModules.permown ]; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; }; sterni = { name, nodes, pkgs, ... }: { deployment.allowLocalDeployment = true; deployment.targetHost = "${name}.private"; deployment.tags = [ "desktop" "online" "private" ]; imports = [ grocy-scanner.nixosModule nixos-hardware.nixosModules.lenovo-thinkpad-x220 ]; home-manager.users.mainUser = { imports = [ doom-emacs-nix.hmModule home-manager-utils.hmModule ]; }; }; sternchen = { name, nodes, pkgs, ... }: { deployment.targetHost = "${name}.secret"; deployment.tags = [ "desktop" ]; imports = [ grocy-scanner.nixosModule ]; home-manager.users.mainUser = { imports = [ doom-emacs-nix.hmModule home-manager-utils.hmModule ]; programs.doom-emacs.enable = false; }; }; pepe = { name, nodes, pkgs, ... }: { deployment.targetHost = "${name}.private"; deployment.tags = [ "server" "online" "private" ]; imports = [ grocy-scanner.nixosModule nixos-hardware.nixosModules.lenovo-thinkpad-x220 ]; }; robi = { name, nodes, pkgs, ... }: { deployment.targetHost = "${name}.private"; deployment.tags = [ "server" "online" "private" ]; imports = [ nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-gpu-intel ]; }; bobi = { name, nodes, pkgs, ... }: { deployment.targetHost = "${name}.private"; deployment.buildOnTarget = false; deployment.tags = [ "desktop" "usb" "private" ]; imports = [ grocy-scanner.nixosModule ]; home-manager.users.mainUser = { imports = [ doom-emacs-nix.hmModule home-manager-utils.hmModule ]; }; }; mobi = { name, nodes, pkgs, ... }: { deployment.targetHost = "${name}.private"; deployment.buildOnTarget = false; deployment.tags = [ "desktop" "usb" "private" ]; imports = [ grocy-scanner.nixosModule ]; home-manager.users.mainUser = { imports = [ doom-emacs-nix.hmModule home-manager-utils.hmModule ]; }; }; }; }; }