{ description = "my krops file"; inputs = { secrets = { url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main"; flake = false; }; nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11"; nixos-hardware = { url = "github:nixos/nixos-hardware"; inputs.nixpkgs.follows = "nixpkgs"; }; # colmena # ------- colmena = { url = "github:zhaofengli/colmena"; inputs.nixpkgs.follows = "nixpkgs"; }; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-legacy.url = "github:nixos/nixpkgs/nixos-22.05"; polygon-art = { url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git"; }; sops-nix.url = "github:Mic92/sops-nix"; emacs-overlay = { url = "github:nix-community/emacs-overlay"; flake = false; }; doom-emacs-nix = { url = "github:nix-community/nix-doom-emacs"; inputs.nixpkgs.follows = "nixpkgs"; #inputs.emacs-overlay.follows = "emacs-overlay"; }; home-manager = { url = "github:nix-community/home-manager/release-22.11"; inputs.nixpkgs.follows = "nixpkgs"; }; home-manager-utils = { url = "github:mrvandalo/home-manager-utils"; inputs.home-manager.follows = "home-manager"; }; nixpkgs-fmt = { url = "github:nix-community/nixpkgs-fmt"; inputs.nixpkgs.follows = "nixpkgs"; }; grocy-scanner = { url = "github:mrVanDalo/grocy-scanner"; inputs.nixpkgs.follows = "nixpkgs"; }; permown = { url = "github:mrVanDalo/module.permown"; #url = "git+file:///home/palo/dev/nixos/permown"; inputs.nixpkgs.follows = "nixpkgs"; }; private_assets = { url = "git+file:///home/palo/dev/nixos/nixos-private-assets"; #url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main"; flake = true; }; retiolum = { url = "github:Mic92/retiolum"; #url = "git+file:///home/palo/dev/nixos/retiolum"; }; landingpage = { #url = "git+file:///home/palo/dev/landingpage"; url = "github:mrVanDalo/landingpage"; }; kmonad = { url = "github:kmonad/kmonad?dir=nix"; inputs.nixpkgs.follows = "nixpkgs"; }; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; #dns = { # url = "github:kirelagin/dns.nix"; # inputs.nixpkgs.follows = "nixpkgs"; #}; }; outputs = { self , colmena , disko #, dns , doom-emacs-nix , emacs-overlay , grocy-scanner , home-manager , home-manager-utils , kmonad , landingpage , nixos-hardware , nixpkgs , nixpkgs-fmt , nixpkgs-legacy , nixpkgs-unstable , permown , polygon-art , private_assets , retiolum , secrets , sops-nix }: let system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages.${system}; pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" '' # collect all network configurations and save them in the store sudo ls /etc/NetworkManager/system-connections \ | while read file do sudo cat "/etc/NetworkManager/system-connections/$file" \ | ${pkgs.pass}/bin/pass insert -m "krops/desktop_secrets/network-manager/system-connections/$file" done ''; pushNetworkPasswords = pkgs.writers.writeBashBin "push-network-passwords" '' echo "push network passwords to $1" ''; in { # colmena devShell.${system} = pkgs.mkShell { buildInputs = [ colmena.packages.${system}.colmena pushNetworkPasswords pullNetworkPasswords nixpkgs-fmt.defaultPackage.${system} ]; }; colmena = let sopsModule = name: { lib, ... }: { sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml"; imports = [ sops-nix.nixosModules.sops kmonad.nixosModules.default ]; }; in { meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; overlays = [ (_self: _super: { unstable = import nixpkgs-unstable { inherit system; config.allowUnfree = true; }; legacy = nixpkgs-legacy.legacyPackages.${pkgs.system}; polygon-art = polygon-art.packages.${pkgs.system}; landingpage = landingpage.packages.${pkgs.system}.plain; trilium-server = nixpkgs-unstable.legacyPackages.${pkgs.system}.trilium-server; kmonad = kmonad.packages.${pkgs.system}.kmonad; }) ]; }; specialArgs = { inherit private_assets; assets = ./nixos/assets; }; }; defaults = { name, pkgs, lib, ... }: { deployment.buildOnTarget = lib.mkDefault true; nix = { # no channesl needed this way nixPath = [ "nixpkgs=${pkgs.path}" ]; # make flakes available package = pkgs.nixUnstable; extraOptions = '' experimental-features = nix-command flakes ''; }; environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} colmena.packages.${system}.colmena ]; boot.tmpOnTmpfs = lib.mkDefault true; # make /tmp a tmpfs (performance!) imports = [ ./nixos/machines/${name}/configuration.nix (sopsModule name) home-manager.nixosModules.home-manager permown.nixosModules.permown disko.nixosModules.disko { nix.settings.substituters = [ "https://cache.nixos.org/" ]; } { nix.settings = { substituters = [ "https://colmena.cachix.org" ]; trusted-public-keys = [ "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" ]; }; } #{ # nix.settings = { # substituters = [ "http://chungus.private:5000" "http://robi.private:5000" ]; # #trusted-public-keys = [ "to be created" ]; # }; #} ]; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; }; cream = { name, nodes, pkgs, ... }: { deployment.allowLocalDeployment = true; deployment.targetHost = "${name}.private"; #deployment.targetHost = "localhost"; deployment.tags = [ "desktop" "online" "private" ]; imports = [ grocy-scanner.nixosModule nixos-hardware.nixosModules.framework-12th-gen-intel private_assets.nixosModules.jobrad retiolum.nixosModules.retiolum ]; home-manager.users.mainUser = { imports = [ doom-emacs-nix.hmModule home-manager-utils.hmModule ]; }; }; #sterni = { name, nodes, pkgs, ... }: { # deployment.allowLocalDeployment = true; # deployment.targetHost = "${name}.private"; # deployment.tags = [ "desktop" "online" "private" ]; # imports = [ # grocy-scanner.nixosModule # nixos-hardware.nixosModules.lenovo-thinkpad-x220 # retiolum.nixosModules.retiolum # ]; # home-manager.users.mainUser = { # imports = [ # doom-emacs-nix.hmModule # home-manager-utils.hmModule # ]; # }; #}; #sternchen = { name, nodes, pkgs, ... }: { # deployment.targetHost = "${name}.secret"; # deployment.tags = [ "desktop" ]; # imports = [ # grocy-scanner.nixosModule # ]; # home-manager.users.mainUser = { # imports = [ # doom-emacs-nix.hmModule # home-manager-utils.hmModule # ]; # programs.doom-emacs.enable = false; # }; #}; pepe = { name, nodes, pkgs, ... }: { deployment.targetHost = "${name}.private"; deployment.tags = [ "server" "online" "private" ]; imports = [ grocy-scanner.nixosModule nixos-hardware.nixosModules.lenovo-thinkpad-x220 ]; }; chungus = { name, nodes, pkgs, ... }: { deployment.targetHost = "${name}.private"; deployment.tags = [ "server" "online" "private" ]; deployment.buildOnTarget = false; imports = [ grocy-scanner.nixosModule ]; }; robi = { name, nodes, pkgs, ... }: { deployment.targetHost = "${name}.private"; deployment.tags = [ "server" "online" "private" ]; imports = [ nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-gpu-intel ]; home-manager.users.root = { home.stateVersion = "22.11"; imports = [ doom-emacs-nix.hmModule ]; programs.doom-emacs = { enable = true; emacsPackage = pkgs.emacs-nox; doomPrivateDir = ./doom.d; }; }; }; bobi = { name, nodes, pkgs, ... }: { #deployment.targetHost = "${name}.private"; deployment.targetHost = "192.168.178.31"; deployment.buildOnTarget = false; deployment.tags = [ "desktop" "usb" "private" ]; imports = [ grocy-scanner.nixosModule ]; home-manager.users.mainUser = { imports = [ doom-emacs-nix.hmModule home-manager-utils.hmModule ]; }; }; mobi = { name, nodes, pkgs, ... }: { deployment.targetHost = "${name}.private"; deployment.buildOnTarget = false; deployment.tags = [ "desktop" "usb" "private" ]; imports = [ grocy-scanner.nixosModule ]; home-manager.users.mainUser = { imports = [ doom-emacs-nix.hmModule home-manager-utils.hmModule ]; }; }; }; }; }