{ # "git+file:///" for fixing an input inputs = { clan-core.inputs.flake-parts.follows = "flake-parts"; clan-core.inputs.nixpkgs.follows = "nixpkgs"; clan-core.url = "git+https://git.clan.lol/clan/clan-core"; clan-fact-generators.inputs.clan-core.follows = "clan-core"; clan-fact-generators.url = "github:mrvandalo/clan-fact-generators"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; flake-parts.url = "github:hercules-ci/flake-parts"; healthchecks.inputs.nixpkgs.follows = "nixpkgs"; healthchecks.url = "github:mrvandalo/nixos-healthchecks"; #healthchecks.url = "git+file:///home/palo/dev/nixos/healthcheck"; home-manager-utils.inputs.home-manager.follows = "home-manager"; home-manager-utils.url = "github:mrvandalo/home-manager-utils"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.url = "github:nix-community/home-manager"; landingpage.url = "github:mrVanDalo/landingpage"; nix-topology.inputs.nixpkgs.follows = "nixpkgs"; nix-topology.url = "github:oddlama/nix-topology"; nixos-anywhere.url = "github:nix-community/nixos-anywhere"; nixos-hardware.url = "github:nixos/nixos-hardware"; nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs-legacy_2411.url = "github:nixos/nixpkgs/nixos-24.11"; nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; permown.inputs.nixpkgs.follows = "nixpkgs"; permown.url = "github:mrVanDalo/module.permown"; polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git"; private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main"; #private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts"; retiolum.url = "github:Mic92/retiolum"; share-http.inputs.nixpkgs.follows = "nixpkgs"; # only private input share-http.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/share-host.git?ref=main"; srvos.url = "github:nix-community/srvos"; stylix.inputs.home-manager.follows = "home-manager"; stylix.inputs.nixpkgs.follows = "nixpkgs"; stylix.url = "github:danth/stylix"; taskwarrior.inputs.nixpkgs.follows = "nixpkgs"; taskwarrior.url = "github:mrvandalo/taskwarrior-flake"; #taskwarrior.url = "git+file:///home/palo/dev/nixos/taskwarrior-flake"; telemetry.inputs.nixpkgs.follows = "nixpkgs"; telemetry.url = "github:mrvandalo/nixos-telemetry"; #telemetry.url = "git+file:///home/palo/dev/nixos/nixos-telemetry"; treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; treefmt-nix.url = "github:numtide/treefmt-nix"; # smoke test framwork to trigger tests (enable if I want to use it for real) #smoke = { # url = github:SamirTalwar/smoke; # inputs.nixpkgs.follows = "nixpkgs"; #}; }; outputs = inputs@{ clan-core, clan-fact-generators, flake-parts, healthchecks, home-manager, home-manager-utils, landingpage, nix-topology, nixos-anywhere, nixos-hardware, nixpkgs, nixpkgs-legacy_2211, nixpkgs-legacy_2311, nixpkgs-legacy_2405, nixpkgs-legacy_2411, nixpkgs-unstable-small, permown, polygon-art, private-parts, retiolum, self, share-http, srvos, stylix, taskwarrior, telemetry, treefmt-nix, }: let inherit (nixpkgs) lib; meta = rec { system = "x86_64-linux"; pkgs = let allowUnfree = true; permittedInsecurePackages = [ "electron-24.8.6" # for bitwarden "python-2.7.18.6" "python-2.7.18.7" "python-2.7.18.8" "electron-27.3.11" # for logseq "electron-28.3.3" # for logseq ]; in import nixpkgs { inherit system; config = { inherit allowUnfree permittedInsecurePackages; }; overlays = [ (_self: _super: { unstable-small = import nixpkgs-unstable-small { inherit system; config = { inherit allowUnfree permittedInsecurePackages; }; }; legacy_2211 = import nixpkgs-legacy_2211 { inherit system; config = { inherit allowUnfree permittedInsecurePackages; }; }; legacy_2311 = import nixpkgs-legacy_2311 { inherit system; config = { inherit allowUnfree permittedInsecurePackages; }; }; legacy_2405 = import nixpkgs-legacy_2405 { inherit system; config = { inherit allowUnfree permittedInsecurePackages; }; }; polygon-art = polygon-art.packages.${system}; landingpage = landingpage.packages.${system}.plain; share-via-http = share-http.packages.${system}.default; inherit (taskwarrior.packages.${system}) bugwarrior tasksh taskwarrior-hooks ; inherit (self.packages.${system}) otpmenu nsxiv ; }) ]; }; specialArgs = { inherit inputs; assets = ./assets; factsGenerator = clan-fact-generators.lib { inherit pkgs; }; clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; }; # https://git.clan.lol/clan/clan-core/issues/1575 < here is how I could do this generic zerotierInterface = "ztbn67ogn2"; components = ./components; features = ./features; }; }; clanSetup = { name, host, modules, }: { clan.core.networking.targetHost = lib.mkDefault "root@${host}"; nixpkgs.pkgs = meta.pkgs; nixpkgs.hostPlatform = meta.system; clan.core.facts.secretStore = "password-store"; imports = modules ++ defaultModules ++ [ ./machines/${name}/configuration.nix nix-topology.nixosModules.default ]; }; zerotierControllerModule = { clan.core.networking.zerotier.controller = { enable = true; public = false; }; }; zerotierModules = { pkgs, ... }: { imports = [ # this magically adds all my machines in the zero tier network # and makes the controller accept them. # will automatic look into `/machines//facts/zerotier-ip inputs.clan-core.clanModules.zerotier-static-peers # Statically configure the host names of machines based on their respective zerotier-ip. inputs.clan-core.clanModules.static-hosts # generate ssh host keys with facts inputs.clan-core.clanModules.sshd # manual configs { clan.static-hosts.topLevelDomain = "bear"; components.network.zerotier.enable = true; environment.systemPackages = [ clan-core.packages.${pkgs.system}.clan-cli (pkgs.writers.writeBashBin "zerotier-script-nodeid" '' sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3 '') ]; } ]; }; defaultAuthorizedKeys = { config, pkgs, ... }: { users.users.root.openssh.authorizedKeys.keyFiles = [ # yubikey key ./assets/mrvandalo_rsa.pub # backup key "${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub" "${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub" "${config.clan.core.clanDir}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub" ]; environment.systemPackages = [ pkgs.borgbackup ]; }; defaultModules = [ # make flake inputs accessiable in NixOS { _module.args.self = self; _module.args.inputs = self.inputs; } { # disable emergency mode everywhere, although it might be needed on laptops boot.initrd.systemd.emergencyAccess = false; boot.initrd.systemd.suppressedUnits = [ "emergency.service" "emergency.target" ]; systemd.enableEmergencyMode = false; } # configure nix ( { pkgs, lib, clanLib, ... }: { nix.settings.substituters = [ "http://cache.orbi.wg0" ]; nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.max-jobs = 1; # no channesl needed this way nix.nixPath = [ "nixpkgs=${pkgs.path}" ]; # documentation # ============= documentation.nixos.enable = true; #documentation.nixos.includeAllModules = true; # fixme : not working (see down there) documentation.nixos.options.warningsAreErrors = false; # todo make this true again documentation.nixos.extraModules = [ ./components ./features #./modules clan-core.nixosModules.clanCore telemetry.nixosModules.telemetry { clan.core.clanDir = ./.; # fixes issues with clanCore https://git.clan.lol/clan/clan-core/issues/1979 } # inputs.stylix.nixosModules.stylix # fixme: not working permown.nixosModules.permown home-manager.nixosModules.home-manager # retiolum.nixosModules.retiolum # fixme: not working ]; boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10; boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10; boot.loader.grub.configurationLimit = lib.mkDefault 10; } ) # My Structure ./components ./features ./modules # todo : spread this across features and components #./system/all # todo : spread this across features and components ( { lib, pkgs, ... }: { telemetry.netdata.enable = false; # "fixes" https://github.com/NixOS/nixpkgs/issues/356708 #services.opentelemetry-collector.package = lib.mkForce pkgs.legacy_2405.opentelemetry-collector-contrib; services.opentelemetry-collector.package = lib.mkForce ( pkgs.opentelemetry-collector-contrib.overrideAttrs (old: rec { version = "0.110.0"; src = pkgs.fetchFromGitHub { owner = "open-telemetry"; repo = "opentelemetry-collector-contrib"; rev = "v${version}"; hash = "sha256-bDtP7EFKus0NJpLccbD+HlzEusc+KAbKWmS/KGthtwY="; }; vendorHash = "sha256-pDDEqtXu167b+J1+k7rC1BE5/ehxzG0ZAkhxqmJpHsg="; }) ); } ) # some modules I always use telemetry.nixosModules.telemetry permown.nixosModules.permown # some default things I always want ( { pkgs, ... }: { boot.tmp.useTmpfs = lib.mkDefault true; } ) ]; stylixModules = { pkgs, config, lib, ... }: { imports = [ stylix.nixosModules.stylix ]; stylix.enable = true; stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml"; stylix.image = ./assets/wallpaper.png; home-manager.sharedModules = [ { # no need for hyperland # https://github.com/danth/stylix/issues/543 stylix.targets.hyprpaper.enable = lib.mkForce false; stylix.targets.hyprland.enable = lib.mkForce false; } ]; stylix.fonts = { serif = { package = pkgs.nerdfonts.override { fonts = [ "Ubuntu" ]; }; name = "Ubuntu"; }; sansSerif = { package = pkgs.nerdfonts.override { fonts = [ "Ubuntu" ]; }; name = "Ubuntu"; }; monospace = { package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; }; name = "JetBrains Mono"; }; emoji = config.stylix.fonts.monospace; # emoji = { # package = pkgs.noto-fonts-emoji; # name = "Noto Color Emoji"; # }; sizes.popups = 15; }; }; homeManagerModules = { pkgs, config, ... }: { imports = [ home-manager.nixosModules.home-manager ]; home-manager.extraSpecialArgs = { assets = ./assets; }; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.sharedModules = [ home-manager-utils.hmModule taskwarrior.hmModules.bugwarrior ]; }; in flake-parts.lib.mkFlake { inherit inputs; } ( { self, self', pkgs, ... }: { systems = [ "x86_64-linux" ]; imports = [ clan-core.flakeModules.default healthchecks.flakeModule ./nix/formatter.nix ./nix/packages ./nix/topology ]; # Define your clan clan = { # Clan wide settings. meta.name = "gummybears"; # Ensure to choose a unique name. specialArgs = meta.specialArgs; machines = { cherry = clanSetup { name = "cherry"; host = "cherry.bear"; modules = [ healthchecks.nixosModules.default zerotierModules nixos-hardware.nixosModules.framework-13th-gen-intel retiolum.nixosModules.retiolum private-parts.nixosModules.cherry homeManagerModules stylixModules { home-manager.users.mainUser.gui.enable = true; } { home-manager.users.mainUser = import ./homes/palo; home-manager.users.root = import ./homes/root; } { clan.core.machineDescription = "Laptop"; } ( { config, ... }: { # keys only to access cherry users.users.root.openssh.authorizedKeys.keyFiles = [ "${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.cherry.id_ed25519.pub" ]; } ) ]; }; chungus = clanSetup { name = "chungus"; host = "chungus.bear"; modules = [ healthchecks.nixosModules.default zerotierModules zerotierControllerModule homeManagerModules stylixModules retiolum.nixosModules.retiolum private-parts.nixosModules.chungus { home-manager.users.mainUser = import ./homes/palo; home-manager.users.root = import ./homes/root; } { clan.core.machineDescription = "Home Server"; } ( { config, ... }: { # keys only to access chungus users.users.root.openssh.authorizedKeys.keyFiles = [ "${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.chungus.id_ed25519.pub" ]; } ) ]; }; orbi = clanSetup { name = "orbi"; host = "orbi.bear"; #host = "95.216.66.212"; modules = [ defaultAuthorizedKeys healthchecks.nixosModules.default homeManagerModules stylixModules zerotierModules srvos.nixosModules.hardware-hetzner-online-intel #srvos.nixosModules.server #srvos.nixosModules.mixins-terminfo { home-manager.users.mainUser = import ./homes/palo; home-manager.users.root = import ./homes/root; } { clan.core.machineDescription = "Internet Server"; } ]; }; probe = clanSetup { name = "probe"; #host = "167.235.205.150"; host = "95.217.18.54"; modules = [ defaultAuthorizedKeys homeManagerModules stylixModules srvos.nixosModules.hardware-hetzner-cloud srvos.nixosModules.server srvos.nixosModules.mixins-terminfo #inputs.clan-core.clanModules.sshd { home-manager.users.mainUser = import ./homes/palo; home-manager.users.root = import ./homes/root; } { clan.core.machineDescription = "Dummy Internet Server"; } ]; }; usbstick = clanSetup { name = "usbstick"; #host = "usbstick.bear"; host = "10.100.0.100"; modules = [ defaultAuthorizedKeys homeManagerModules stylixModules zerotierModules { home-manager.users.mainUser.gui.enable = true; } { home-manager.users.mainUser = import ./homes/palo; home-manager.users.root = import ./homes/root; } { clan.core.machineDescription = "USB-Stick for Backup"; } ]; }; }; }; } ); }