{ description = "pbsds' system/home flake"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; # https://github.com/nix-community/home-manager home-manager.url = "github:nix-community/home-manager/release-23.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; # https://github.com/NixOS/nixos-hardware nixos-hardware.url = "github:NixOS/nixos-hardware"; # https://github.com/wamserma/flake-programs-sqlite flake-programs-sqlite.url = "github:wamserma/flake-programs-sqlite"; flake-programs-sqlite.inputs.nixpkgs.follows = "nixpkgs"; # https://github.com/nix-community/nixos-generators nixos-generators.url = "github:nix-community/nixos-generators"; nixos-generators.inputs.nixpkgs.follows = "nixpkgs"; # https://github.com/Mic92/sops-nix sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; /** / matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix #https://github.com/considerate/nixos-odroidhc4 #https://cyberchaos.dev/cyberchaoscreatures/musl-nixos/ #https://github.com/numtide/system-manager nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions" #https://github.com/numtide/nixpkgs-unfree # has a cache #https://github.com/matthewbauer/nixiosk inputs.pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; # used to host old docs nixpkgs-22.url = "github:NixOS/nixpkgs/nixos-22.11"; nixpkgs-21.url = "github:NixOS/nixpkgs/nixos-21.11"; nixpkgs-20.url = "github:NixOS/nixpkgs/nixos-20.09"; nixpkgs-19.url = "github:NixOS/nixpkgs/nixos-19.09"; nixpkgs-19.flake = false; # Earlier versions are not flake-pure /**/ # TODO: somehow make these private repos optional (a lazy fetch would be nice) pbsds-papers.url = "git+ssh://git@github.com/pbsds/papers.git"; }; nixConfig.extra-substituters = [ "https://cuda-maintainers.cachix.org" "https://nix-community.cachix.org" "https://nixos-rocm.cachix.org" "https://nixpkgs-unfree.cachix.org" "https://numtide.cachix.org" ]; nixConfig.extra-trusted-public-keys = [ "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE=" "nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs=" "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" ]; outputs = { self, nixpkgs, unstable, nixos-hardware, nixos-generators, home-manager, sops-nix, #flake-programs-sqlite, ... } @ inputs: let flake = inputs: system: nixpkgs.lib.mapAttrs (name: flake: { # TODO filter non-flake inputs nixos = flake.nixosModules or null; pkgs = flake.packages.${system} or flake.legacyPackages.${system} or null; lib = flake.lib.${system} or flake.lib or null; }) inputs; forSystems = systems: f: nixpkgs.lib.genAttrs systems (system: f rec { inherit system; pkgs = nixpkgs.legacyPackages.${system}; lib = nixpkgs.legacyPackages.${system}.lib; flakes = flake inputs system; }); forAllSystems = forSystems [ "x86_64-linux" "aarch64-linux" #"riscv64-linux" ]; mkModule = hostname: domain: system: modules: ({ lib, ... }: { #TODO: fix infinite recursion: /** / _module.args = lib.mkFinal { inherit inputs; flakes = flake inputs system; }; /**/ imports = [ ./base.nix "${self}/hosts/${hostname}" sops-nix.nixosModules.sops ] ++ modules; #++ flake-programs-sqlite.nixosModules.programs-sqlite; # TODO: make work sops = lib.mkIf (builtins.pathExists ./secrets/${hostname}.yaml) { defaultSopsFile = ./secrets/${hostname}.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.keyFile = "/var/lib/sops-nix/key.txt"; age.generateKey = true; }; # still needed even if using networkd networking.hostName = hostname; networking.domain = domain; networking.search = [ domain ]; nixpkgs.overlays = [ (final: prev: { #unstable = unstable.legacyPackages.${final.system}; unstable = import unstable { inherit system; config.allowUnfree = true; }; # TODO: inherit nixos config from stable }) ]; # This makes commandline tools like 'nix run nixpkgs#hello' # and 'nix-shell -p hello' use the same channel as system was built with nix.registry.nixpkgs.flake = inputs.nixpkgs; nix.registry.nixpkgs-unstable.flake = inputs.unstable; #nix.registry.nixpkgs-unstable.flake.url = "github:NixOS/nixpkgs/nixos-unstable"; nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" "nixpkgs-unstable=${inputs.unstable}" #"nixpkgs-unstable=github:NixOS/nixpkgs/nixos-unstable" ]; }); mkConfig = hostname: domain: system: modules: nixpkgs.lib.nixosSystem { inherit system; specialArgs = { inherit inputs; flakes = flake inputs system; }; modules = [ (mkModule hostname domain system modules) ]; }; mkHosts = mk: with nixos-hardware.nixosModules; { # TODO: move nixos-hardware imports to the nixos configs? noximilien = mk "noximilien" "pbsds.net" "x86_64-linux" [ common-pc common-pc-ssd common-cpu-intel ]; brumlebasse = mk "brumlebasse" "pbsds.net" "x86_64-linux" [ common-pc common-pc-ssd common-cpu-amd ]; nord = mk "nord" "pbsds.net" "x86_64-linux" [ common-pc common-pc-ssd common-cpu-intel-cpu-only common-cpu-intel-sandy-bridge common-gpu-amd common-hidpi ]; sopp = mk "sopp" "pbsds.net" "x86_64-linux" [ common-pc common-pc-ssd common-cpu-intel common-gpu-nvidia-nonprime ]; bolle = mk "bolle" "pbsds.net" "x86_64-linux" [ common-pc common-pc-ssd common-cpu-intel ]; garp = mk "garp" "pbsds.net" "x86_64-linux" [ common-pc common-pc-ssd common-cpu-intel ]; # TODO: common-gpu-nvidia-nonprime ]; #gomperud smattkuken skrytebiffen skalkesnerken balleby brumlebasse bingus skjrlaltatjlstad #bergjlot snortheimsmoen ditlefsen skrukkerud podebusk zmaragd makrell alfnes blix urke eple hasselknippe pytte uddu imdorf rosenqvist }; in { inherit inputs; packages = forAllSystems ({ pkgs, flakes, ... }: let nm = nixos-hardware.nixosModules; in { mpv-webm = pkgs.callPackage ./pkgs/mpv-webm.nix {}; # TODO: https://github.com/NixOS/nixpkgs/pull/238659 nixos-rebuild-nom = with pkgs; writeScriptBin "nixos-rebuild" '' exec ${nixos-rebuild}/bin/nixos-rebuild "$@" |& ${nix-output-monitor}/bin/nom ''; # nixos-generators images image-brumlebasse-openstack = nixos-generators.nixosGenerate { system = "x86_64-linux"; specialArgs = { inherit inputs flakes; }; modules = [ (mkHosts mkModule).brumlebasse ]; format = "openstack"; }; }); lib = { inherit flake forSystems; } // forAllSystems ({ ... }: { inherit flake forSystems; }); nixosModules = mkHosts mkModule; nixosConfigurations = mkHosts mkConfig; homeConfigurations = forAllSystems ({ pkgs, flakes, ... }: let mkHome = user: home: modules: home-manager.lib.homeManagerConfiguration { inherit pkgs; modules = modules ++ [{ home.username = user; home.homeDirectory = home; }]; extraSpecialArgs = { inherit inputs flakes; }; }; in { pbsds = mkHome "pbsds" "/home/pbsds" [ ./users/pbsds/home ]; pbsds-gnome = mkHome "pbsds" "/home/pbsds" [ ./users/pbsds/home/gnome.nix ]; }); devShells = forAllSystems ({ pkgs, flakes, ... }: let mkShell = packages: pkgs.mkShellNoCC { inherit packages; }; envrc-pkgs = [ flakes.self.pkgs.nixos-rebuild-nom pkgs.home-manager pkgs.nix-output-monitor pkgs.cachix pkgs.age pkgs.sops pkgs.ssh-to-age ]; in { envrc-local = mkShell envrc-pkgs; envrc-remote = mkShell (envrc-pkgs ++ [ flakes.unstable.pkgs.remote-exec # TODO: stable pkgs.yq pkgs.rsync ]); remoteenv = mkShell [ flakes.self.pkgs.nixos-rebuild-nom pkgs.age pkgs.ssh-to-age ]; }); }; }