{ description = "pbsds' system/home flake"; inputs = { # https://github.com/nixos/nixpkgs nixpkgs-edge.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-2311.url = "github:NixOS/nixpkgs/nixos-23.11"; nixpkgs-2305.url = "github:NixOS/nixpkgs/nixos-23.05"; nixpkgs-2211.url = "github:NixOS/nixpkgs/nixos-22.11"; # for old docs nixpkgs-2205.url = "github:NixOS/nixpkgs/nixos-22.05"; # for old docs nixpkgs-2111.url = "github:NixOS/nixpkgs/nixos-21.11"; # for old docs nixpkgs-2105.url = "github:NixOS/nixpkgs/nixos-21.05"; # for old docs nixpkgs-2009.url = "github:NixOS/nixpkgs/nixos-20.09"; # for old docs nixpkgs-2003.url = "github:NixOS/nixpkgs/nixos-20.03"; # for old docs nixpkgs-1909.url = "github:NixOS/nixpkgs/nixos-19.09"; # for old docs nixpkgs-1909.flake = false; # Earlier versions are not flake-pure # https://github.com/nix-community/home-manager home-manager-edge.url = "github:nix-community/home-manager/master"; home-manager-edge.inputs.nixpkgs.follows = "nixpkgs-edge"; home-manager-2311.url = "github:nix-community/home-manager/release-23.11"; home-manager-2311.inputs.nixpkgs.follows = "nixpkgs-2311"; home-manager-2305.url = "github:nix-community/home-manager/release-23.05"; home-manager-2305.inputs.nixpkgs.follows = "nixpkgs-2305"; # https://github.com/NixOS/nixos-hardware nixos-hardware.url = "github:NixOS/nixos-hardware"; # https://github.com/NixOS/nixos-hardware nixos-nspawn.url = "github:tfc/nspawn-nixos"; nixos-nspawn.flake = false; # we don't use it /shrug # https://github.com/wamserma/flake-programs-sqlite flake-programs-sqlite-2311.url = "github:wamserma/flake-programs-sqlite"; flake-programs-sqlite-2311.inputs.nixpkgs.follows = "nixpkgs-2311"; # https://github.com/nix-community/nixos-generators nixos-generators-2311.url = "github:nix-community/nixos-generators"; nixos-generators-2311.inputs.nixpkgs.follows = "nixpkgs-2311"; # https://github.com/Mic92/sops-nix sops-nix-edge.url = "github:Mic92/sops-nix"; sops-nix-edge.inputs.nixpkgs.follows = "nixpkgs-edge"; sops-nix-edge.inputs.nixpkgs-stable.follows = "nixpkgs-2311"; sops-nix-2311.url = "github:Mic92/sops-nix"; sops-nix-2311.inputs.nixpkgs.follows = "nixpkgs-2311"; sops-nix-2311.inputs.nixpkgs-stable.follows = "nixpkgs-2311"; sops-nix-2305.url = "github:Mic92/sops-nix"; sops-nix-2305.inputs.nixpkgs.follows = "nixpkgs-2305"; sops-nix-2305.inputs.nixpkgs-stable.follows = "nixpkgs-2305"; /** / https://willbush.dev/blog/impermanent-nixos/ matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix #https://github.com/considerate/nixos-odroidhc4 #https://cyberchaos.dev/cyberchaoscreatures/musl-nixos/ #https://github.com/numtide/system-manager nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions" #https://github.com/numtide/nixpkgs-unfree # has a cache #https://github.com/matthewbauer/nixiosk # https://github.com/cachix/pre-commit-hooks.nix inputs.pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; inputs.pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs-edge"; inputs.pre-commit-hooks.inputs.nixpkgs-stable.follows = "nixpkgs-2311"; /**/ #pbsds-papers.url = "git+ssh://git@github.com/pbsds/papers.git"; }; nixConfig.extra-substituters = [ "https://cuda-maintainers.cachix.org" "https://nix-community.cachix.org" "https://nixos-rocm.cachix.org" "https://nixpkgs-unfree.cachix.org" "https://numtide.cachix.org" ]; nixConfig.extra-trusted-public-keys = [ "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE=" "nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs=" "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" ]; outputs = { self, nixos-hardware, nixos-nspawn, nixos-generators-2311, ... } @ inputs': let inputs-edge = inputs' // { nixpkgs = inputs'.nixpkgs-edge; unstable = inputs'.nixpkgs-edge; home-manager = inputs'.home-manager-edge; sops-nix = inputs'.sops-nix-edge; }; inputs-2311 = inputs' // { nixpkgs = inputs'.nixpkgs-2311; unstable = inputs'.nixpkgs-edge; home-manager = inputs'.home-manager-2311; sops-nix = inputs'.sops-nix-2311; }; inputs-2305 = inputs' // { nixpkgs = inputs'.nixpkgs-2305; unstable = inputs'.nixpkgs-2311; home-manager = inputs'.home-manager-2305; sops-nix = inputs'.sops-nix-2305; }; inputs-2211 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-2211; }; inputs-2205 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-2205; }; inputs-2111 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-2111; }; inputs-2105 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-2105; }; inputs-2009 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-2009; }; inputs-2003 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-2003; }; inputs-1909 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-1909; }; mkFlakeView = inputs: system: inputs.nixpkgs.lib.mapAttrs (name: flake: { # TODO filter non-flake inputs nixos = flake.nixosModules or null; pkgs = flake.packages.${system} or flake.legacyPackages.${system} or null; lib = flake.lib.${system} or flake.lib or null; }) inputs; forSystems = systems: f: inputs-edge.nixpkgs.lib.genAttrs systems (system: f rec { inherit system; inputs = inputs-edge; pkgs = inputs.nixpkgs.legacyPackages.${system}; lib = inputs.nixpkgs.legacyPackages.${system}.lib; flakes = mkFlakeView inputs system; }); forAllSystems = forSystems [ "x86_64-linux" "aarch64-linux" #"riscv64-linux" ]; mkModule = extra-modules: domain: system: inputs: stateVersion: modules: hostname: ({ lib, ... }: { system.stateVersion = lib.mkDefault stateVersion; # TODO: home-manager imports = let ifExists = p: if builtins.pathExists p then p else {}; in [ ./base.nix (ifExists "${self}/hosts/${hostname}") inputs.sops-nix.nixosModules.sops inputs.home-manager.nixosModule ] ++ modules ++ extra-modules; #++ inputs.flake-programs-sqlite.nixosModules.programs-sqlite; # TODO: make work sops.defaultSopsFile = lib.mkIf (builtins.pathExists ./secrets/${hostname}.yaml) ./secrets/${hostname}.yaml; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.keyFile = "/var/lib/sops-nix/key.txt"; sops.age.generateKey = true; home-manager.useGlobalPkgs = true; # go brrr, reuse overrides home-manager.extraSpecialArgs = { inherit inputs; flakes = mkFlakeView inputs system; }; home-manager.sharedModules = [ inputs.sops-nix.homeManagerModules.sops ]; # still needed even if using networkd networking.hostName = hostname; networking.domain = domain; networking.search = [ domain ]; nixpkgs.overlays = [ (final: prev: { #unstable = unstable.legacyPackages.${final.system}; unstable = import inputs.unstable { inherit system; config.allowUnfree = true; }; # TODO: inherit nixos config from stable }) ]; # This makes commandline tools like 'nix run nixpkgs#hello' # and 'nix-shell -p hello' use the same channel as system was built with nix.registry.nixpkgs.flake = inputs.nixpkgs; nix.registry.nixpkgs-unstable.flake = inputs.unstable; nix.registry.nixpkgs-git = { from.id = "nixpkgs-git"; from.type = "indirect"; to.type = "github"; to.owner = "NixOS"; to.repo = "nixpkgs"; to.ref = "nixpkgs-unstable-small"; }; nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" "nixpkgs-unstable=${inputs.unstable}" "nixpkgs-git=github:NixOS/nixpkgs/nixos-unstable-small" ]; }); mkConfig = extra-modules: domain: system: inputs: stateVersion: modules: hostname: inputs.nixpkgs.lib.nixosSystem { inherit system; specialArgs = { inherit inputs; flakes = mkFlakeView inputs system; }; modules = [ (mkModule extra-modules domain system inputs stateVersion modules hostname) ]; }; mkReport = extra-modules: domain: system: inputs: stateVersion: modules: hostname: let nixos = mkConfig extra-modules domain system inputs stateVersion modules hostname; cfg = nixos.config; inherit (nixos.pkgs) lib; in { inherit system; # TODO: cross system fqdn = cfg.networking.fqdn; allowedTCPPorts = cfg.networking.firewall.allowedTCPPorts; allowedUDPPorts = cfg.networking.firewall.allowedUDPPorts; bootloader = if cfg.boot.loader.grub.enable then "grub" else if cfg.boot.loader.systemd-boot.enable then "systemd-boot" else null; mounts = lib.pipe cfg.fileSystems [ (lib.filterAttrs (mount: fs: fs.fsType != "nfs")) (lib.mapAttrs (mount: fs: "${fs.fsType}://${fs.device}")) ]; nginx-vhosts = lib.pipe cfg.services.nginx.virtualHosts [ #(lib.filterAttrs (domain: vhost: ) (lib.mapAttrs (domain: vhost: vhost.serverAliases or [])) ]; }; mkHosts = mk: let ls = imports: { inherit imports; }; hw = nixos-hardware.nixosModules; amd = ls [ hw.common-pc hw.common-pc-ssd hw.common-cpu-amd ]; intel = ls [ hw.common-pc hw.common-pc-ssd hw.common-cpu-intel ./hardware/gpu/intel.nix ]; intel-novga = ls [ hw.common-pc hw.common-pc-ssd hw.common-cpu-intel-cpu-only ]; cuda = ls [ ./hardware/gpu/cuda.nix hw.common-gpu-nvidia-nonprime ]; cuda-prime = ls [ ./hardware/gpu/cuda.nix hw.common-gpu-nvidia ]; rocm = ls [ ./hardware/gpu/rocm.nix hw.common-gpu-amd ]; nspawn = ls [ "${nixos-nspawn}/nspawn-image.nix" { boot.isContainer = true; } ]; hidpi = hw.common-hidpi; p1005 = ./hardware/printer/hp-laserjet-p1005.nix; in builtins.mapAttrs (hostname: curried: curried hostname) { #hostname "domain" "system" inputs "state" [ modules ... ] noximilien = mk "pbsds.net" "x86_64-linux" inputs-2311 "22.11" [ intel ]; brumlebasse = mk "pbsds.net" "x86_64-linux" inputs-2311 "23.11" [ amd nspawn ]; nord = mk "pbsds.net" "x86_64-linux" inputs-2311 "23.11" [ intel-novga hw.common-cpu-intel-sandy-bridge rocm hidpi ]; sopp = mk "pbsds.net" "x86_64-linux" inputs-2311 "23.11" [ intel cuda p1005 ]; bolle = mk "pbsds.net" "x86_64-linux" inputs-2311 "23.11" [ intel ]; eple = mk "pbsds.net" "x86_64-linux" inputs-2311 "23.11" [ intel ]; garp = mk "pbsds.net" "x86_64-linux" inputs-2311 "23.11" [ intel-novga cuda ]; hasselknippe= mk "pbsds.net" "aarch64-linux" inputs-2311 "23.11" [ hw.pine64-pinebook-pro ]; #gomperud smattkuken skrytebiffen skalkesnerken balleby bingus skjrlaltatjlstad #bergjlot snortheimsmoen ditlefsen skrukkerud podebusk zmaragd makrell alfnes blix urke pytte uddu imdorf rosenqvist }; in { inputs = inputs'; lib = { inherit mkFlakeView forSystems; } // forAllSystems ({ system, ... }: { inherit mkFlakeView forSystems; flakes = mkFlakeView inputs-edge system; flakes-2311 = mkFlakeView inputs-2311 system; flakes-2305 = mkFlakeView inputs-2305 system; }); nixosModules = mkHosts (mkModule []); nixosConfigurations = mkHosts (mkConfig []); nixosReports = mkHosts (mkReport []); packages = forAllSystems ({ inputs, pkgs, lib, flakes, ... }: let mk-nspawn-deployer = hostname: # TODO: nspawn-tarball.nix populates /etc/nixos with junk (pkgs.callPackage ./pkgs/mk-nspawn-deployer {}) (mkHosts (mkConfig [ "${nixos-nspawn}/nspawn-tarball.nix" ])).${hostname}; in { # TODO: get faketty to work ${expect}/bin/unbuffer is bad nixos-rebuild-nom = pkgs.writeScriptBin "nixos-rebuild" '' exec ${lib.getExe pkgs.nixos-rebuild} "$@" |& ${lib.getExe pkgs.nix-output-monitor} ''; nspawn-setup-brumlebasse = mk-nspawn-deployer "brumlebasse"; # nixos-generators images image-brumlebasse-openstack = nixos-generators-2311.nixosGenerate { system = "x86_64-linux"; specialArgs = { inherit inputs flakes; }; modules = [ (mkHosts (mkModule [])).brumlebasse ]; format = "openstack"; }; }); homeConfigurations = forAllSystems ({ system, ... }: let mkHome = user: home: inputs: modules: inputs.home-manager.lib.homeManagerConfiguration { pkgs = inputs.nixpkgs.legacyPackages.${system}; modules = modules ++ [{ home.username = user; home.homeDirectory = home; home-manager.sharedModules = [ inputs.sops-nix.homeManagerModules.sops ]; }]; extraSpecialArgs = { inherit inputs; flakes = mkFlakeView inputs system; }; }; in { # TODO: pvv pbsds = mkHome "pbsds" "/home/pbsds" inputs-edge [ ./users/pbsds/home ]; pbsds-2311 = mkHome "pbsds" "/home/pbsds" inputs-2311 [ ./users/pbsds/home ]; pbsds-2305 = mkHome "pbsds" "/home/pbsds" inputs-2305 [ ./users/pbsds/home ]; pbsds-gnome = mkHome "pbsds" "/home/pbsds" inputs-edge [ ./users/pbsds/home/gnome.nix ]; pbsds-gnome-2311 = mkHome "pbsds" "/home/pbsds" inputs-2311 [ ./users/pbsds/home/gnome.nix ]; pbsds-gnome-2305 = mkHome "pbsds" "/home/pbsds" inputs-2305 [ ./users/pbsds/home/gnome.nix ]; }); devShells = forAllSystems ({ pkgs, flakes, ... }: let mkShell = packages: pkgs.mkShellNoCC { inherit packages; }; envrc-pkgs = [ flakes.self.pkgs.nixos-rebuild-nom pkgs.home-manager pkgs.nix-output-monitor pkgs.cachix pkgs.age pkgs.sops pkgs.ssh-to-age pkgs.just pkgs.gum ]; in { envrc-local = mkShell envrc-pkgs; envrc-remote = mkShell (envrc-pkgs ++ [ (pkgs.remote-exec or flakes.unstable.pkgs.remote-exec) pkgs.yq pkgs.rsync ]); remoteenv = mkShell [ flakes.self.pkgs.nixos-rebuild-nom pkgs.age pkgs.ssh-to-age pkgs.just pkgs.gum ]; }); }; }