nixos-config/flake.nix
2024-08-08 16:39:50 +02:00

511 lines
16 KiB
Nix

{
inputs = {
flake-parts.url = "github:hercules-ci/flake-parts";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
clan-fact-generators = {
url = "github:mrvandalo/clan-fact-generators";
inputs.clan-core.follows = "clan-core";
};
clan-core = {
url = "git+https://git.clan.lol/clan/clan-core";
#url = "git+file:///home/palo/dev/clan-core";
inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
inputs.flake-parts.follows = "flake-parts";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
home-manager = {
#url = "github:nix-community/home-manager/release-23.11";
url = "github:nix-community/home-manager";
#inputs.nixpkgs.follows = "nixpkgs";
};
polygon-art = {
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
};
home-manager-utils = {
url = "github:mrvandalo/home-manager-utils";
inputs.home-manager.follows = "home-manager";
};
permown = {
url = "github:mrVanDalo/module.permown";
#url = "git+file:///home/palo/dev/nixos/permown";
inputs.nixpkgs.follows = "nixpkgs";
};
private_assets = {
#url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
flake = true;
};
retiolum = {
url = "github:Mic92/retiolum";
#url = "git+file:///home/palo/dev/nixos/retiolum";
};
srvos.url = "github:nix-community/srvos";
landingpage = {
#url = "git+file:///home/palo/dev/landingpage";
url = "github:mrVanDalo/landingpage";
};
# todo: mabye use https://github.com/jtroo/kanata instead
# fixme: kmonad crashes every now and than and the keyboard is not usable anymore.
kmonad = {
url = "github:kmonad/kmonad?dir=nix";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = {
url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
# smoke test framwork to trigger tests (enable if I want to use it for real)
#smoke = {
# url = github:SamirTalwar/smoke;
# inputs.nixpkgs.follows = "nixpkgs";
#};
# had to override it to remove colors
taskshell = {
url = "github:mrvandalo/taskshell";
inputs.nixpkgs.follows = "nixpkgs";
};
# my own tool
overviewer.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
};
outputs =
inputs@{ self
, clan-core
, clan-fact-generators
, flake-parts
, home-manager
, home-manager-utils
, kmonad
, landingpage
, nixos-anywhere
, nixos-hardware
, nixpkgs
, nixpkgs-legacy_2211
, nixpkgs-legacy_2311
, nixpkgs-legacy_2405
, nixpkgs-unstable-small
, overviewer
, permown
, polygon-art
, private_assets
, retiolum
, srvos
, stylix
, taskshell
}:
let
#system = "x86_64-linux";
#pkgs = nixpkgs.legacyPackages.${system};
inherit (nixpkgs) lib;
meta = rec {
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
config.permittedInsecurePackages = [
"electron-24.8.6" # for bitwarden
"python-2.7.18.6"
"python-2.7.18.7"
"python-2.7.18.8"
"electron-27.3.11" # for logseq
"electron-28.3.3" # for logseq
];
overlays = [
(_self: _super: {
unstable-small = import nixpkgs-unstable-small {
inherit system;
config.allowUnfree = true;
};
legacy_2211 = import nixpkgs-legacy_2211 {
inherit system;
config.allowUnfree = true;
};
legacy_2311 = import nixpkgs-legacy_2311 {
inherit system;
config.allowUnfree = true;
};
legacy_2405 = import nixpkgs-legacy_2405 {
inherit system;
config.allowUnfree = true;
};
polygon-art = polygon-art.packages.${system};
landingpage = landingpage.packages.${system}.plain;
kmonad = kmonad.packages.${system}.kmonad;
tasksh = taskshell.packages.${system}.tasksh;
overviewer = overviewer.packages.${system}.overviewer;
pkl = self.packages.${system}.pkl;
})
(import ./pkgs)
];
};
specialArgs = {
inherit private_assets inputs;
assets = ./assets;
factsGenerator = clan-fact-generators.lib { inherit pkgs; };
clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
zerotierDeviceName = "ztbn67ogn2";
components = ./components;
features = ./features;
};
};
clanSetup =
{ name
, host
, modules
}: {
clan.core.networking.targetHost = lib.mkDefault "root@${host}";
nixpkgs.pkgs = meta.pkgs;
nixpkgs.hostPlatform = meta.system;
clan.core.facts.secretStore = "password-store";
imports = modules ++ defaultModules ++ [
./machines/${name}/configuration.nix
];
};
zerotierControllerModule =
{
clan.core.networking.zerotier.controller = {
enable = true;
public = false;
};
};
zerotierModules = { pkgs, ... }: {
imports = [
# this magically adds all my machines in the zero tier network
# and makes the controller accept them.
# will automatic look into `/machines/<name>/facts/zerotier-ip
inputs.clan-core.clanModules.zerotier-static-peers
# Statically configure the host names of machines based on their respective zerotier-ip.
inputs.clan-core.clanModules.static-hosts
# generate ssh host keys with facts
inputs.clan-core.clanModules.sshd
# manual configs
{
clan.static-hosts.topLevelDomain = "bear";
components.network.zerotier.enable = true;
environment.systemPackages = [
clan-core.packages.${pkgs.system}.clan-cli
(pkgs.writers.writeBashBin "zerotier-script-nodeid" ''
sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3
'')
];
}
];
};
defaultModules = [
# make flake inputs accessiable in NixOS
{
_module.args.self = self;
_module.args.inputs = self.inputs;
}
# ssh keys
({ config, ... }: {
users.users.root.openssh.authorizedKeys.keyFiles = [
# master key
./assets/mrvandalo_rsa.pub
# backup key
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
];
})
# configure nix
({ pkgs, lib, clanLib, ... }:
{
nix.settings.substituters = [ "http://cache.orbi.wg0" ];
nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.max-jobs = 1;
# no channesl needed this way
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
# documentation
# =============
documentation.nixos.enable = true;
#documentation.nixos.includeAllModules = true; # fixme : not working (see down there)
documentation.nixos.options.warningsAreErrors = false; # todo make this true again
documentation.nixos.extraModules = [
./components
./features
#./modules
inputs.clan-core.nixosModules.clanCore
# inputs.stylix.nixosModules.stylix # fixme: not working
permown.nixosModules.permown
kmonad.nixosModules.default
home-manager.nixosModules.home-manager
# retiolum.nixosModules.retiolum # fixme: not working
];
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
boot.loader.grub.configurationLimit = lib.mkDefault 10;
})
# My Structure
./components
./features
./modules # todo : spread this across features and components
#./system/all # todo : spread this across features and components
# some modules I always use
permown.nixosModules.permown
kmonad.nixosModules.default
# some default things I always want
({ pkgs, ... }: {
boot.tmp.useTmpfs = lib.mkDefault true;
environment.systemPackages = [
pkgs.nixpkgs-fmt
];
})
];
stylixModules = { pkgs, config, ... }: {
imports = [ stylix.nixosModules.stylix ];
stylix.enable = true;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.image = ./assets/wallpaper.png;
stylix.fonts = {
serif = {
package = pkgs.ubuntu_font_family;
name = "Ubuntu";
};
sansSerif = {
package = pkgs.ubuntu_font_family;
name = "Ubuntu";
};
monospace = {
package = pkgs.jetbrains-mono;
name = "JetBrains Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
sizes.popups = 15;
};
# todo: remove this if not needed anymore
#home-manager.sharedModules = [
# { stylix.targets.bemenu.enable = false; }
#];
};
homeManagerModules = { pkgs, config, ... }: {
imports = [
home-manager.nixosModules.home-manager
];
home-manager.extraSpecialArgs = {
inherit private_assets;
assets = ./assets;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup";
home-manager.sharedModules = [
home-manager-utils.hmModule
];
};
in
flake-parts.lib.mkFlake { inherit inputs; } ({ self, pkgs, ... }: {
# We define our own systems below. you can still use this to add system specific outputs to your flake.
# See: https://flake.parts/getting-started
systems = [ "x86_64-linux" ];
# import clan-core modules
imports = [
clan-core.flakeModules.default
];
perSystem = { pkgs, ... }: {
packages.pkl = pkgs.callPackage ./pkgs/pkl { };
};
# Define your clan
clan = {
# Clan wide settings.
meta.name = "gummybears"; # Ensure to choose a unique name.
specialArgs = meta.specialArgs;
machines = {
sternchen = clanSetup {
name = "sternchen";
host = "sternchen.bear";
#host = "192.168.178.25";
modules = [
nixos-hardware.nixosModules.lenovo-thinkpad-x220
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/tina;
home-manager.users.root = import ./homes/root;
}
# todo : strange overrides, this should be an option kinda an be changed on another level (the homes/<name> folders or something)
({ lib, ... }: {
home-manager.sharedModules = [
{
programs.atuin.enable = lib.mkForce false;
}
];
})
{
clan.core.machineDescription = "LaLaptop";
}
];
};
cream = clanSetup {
name = "cream";
host = "cream.bear";
modules = [
zerotierModules
nixos-hardware.nixosModules.framework-12th-gen-intel
retiolum.nixosModules.retiolum
private_assets.nixosModules.cream
private_assets.nixosModules.yubikey
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Laptop";
}
];
};
cherry = clanSetup {
name = "cherry";
host = "cherry.bear";
modules = [
zerotierModules
nixos-hardware.nixosModules.framework-13th-gen-intel
retiolum.nixosModules.retiolum
private_assets.nixosModules.yubikey
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Laptop";
}
];
};
chungus = clanSetup {
name = "chungus";
host = "chungus.bear";
modules = [
zerotierModules
zerotierControllerModule
homeManagerModules
stylixModules
retiolum.nixosModules.retiolum
private_assets.nixosModules.chungus
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Home Server";
}
];
};
orbi = clanSetup {
name = "orbi";
host = "orbi.bear";
#host = "95.216.66.212";
modules = [
zerotierModules
homeManagerModules
stylixModules
srvos.nixosModules.hardware-hetzner-online-intel
#srvos.nixosModules.server
#srvos.nixosModules.mixins-terminfo
{
# not needed for servers in general
boot.initrd.systemd.emergencyAccess = false;
systemd.enableEmergencyMode = false;
}
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Internet Server";
}
];
};
probe = clanSetup {
name = "probe";
#host = "167.235.205.150";
host = "95.217.18.54";
modules = [
homeManagerModules
stylixModules
srvos.nixosModules.hardware-hetzner-cloud
srvos.nixosModules.server
srvos.nixosModules.mixins-terminfo
#inputs.clan-core.clanModules.sshd
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Dummy Internet Server";
}
];
};
};
};
});
}