config/flake.nix

233 lines
8.5 KiB
Nix

{
description = "pbsds' system/home flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
# https://github.com/nix-community/home-manager
home-manager.url = "github:nix-community/home-manager/release-23.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
# https://github.com/NixOS/nixos-hardware
nixos-hardware.url = "github:NixOS/nixos-hardware";
# https://github.com/wamserma/flake-programs-sqlite
flake-programs-sqlite.url = "github:wamserma/flake-programs-sqlite";
flake-programs-sqlite.inputs.nixpkgs.follows = "nixpkgs";
# https://github.com/nix-community/nixos-generators
nixos-generators.url = "github:nix-community/nixos-generators";
nixos-generators.inputs.nixpkgs.follows = "nixpkgs";
# https://github.com/Mic92/sops-nix
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
/** /
matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix
#https://github.com/considerate/nixos-odroidhc4
#https://cyberchaos.dev/cyberchaoscreatures/musl-nixos/
#https://github.com/numtide/system-manager
nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions"
#https://github.com/numtide/nixpkgs-unfree # has a cache
#https://github.com/matthewbauer/nixiosk
inputs.pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
# used to host old docs
nixpkgs-22.url = "github:NixOS/nixpkgs/nixos-22.11";
nixpkgs-21.url = "github:NixOS/nixpkgs/nixos-21.11";
nixpkgs-20.url = "github:NixOS/nixpkgs/nixos-20.09";
nixpkgs-19.url = "github:NixOS/nixpkgs/nixos-19.09";
nixpkgs-19.flake = false; # Earlier versions are not flake-pure
/**/
# TODO: somehow make these private repos optional (a lazy fetch would be nice)
pbsds-papers.url = "git+ssh://git@github.com/pbsds/papers.git";
};
nixConfig.extra-substituters = [
"https://cuda-maintainers.cachix.org"
"https://nix-community.cachix.org"
"https://nixos-rocm.cachix.org"
"https://nixpkgs-unfree.cachix.org"
"https://numtide.cachix.org"
];
nixConfig.extra-trusted-public-keys = [
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE="
"nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
"numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
];
outputs = {
self,
nixpkgs,
unstable,
nixos-hardware,
nixos-generators,
home-manager,
sops-nix,
#flake-programs-sqlite,
...
} @ inputs:
let
flake = inputs: system: nixpkgs.lib.mapAttrs (name: flake: {
# TODO filter non-flake inputs
nixos = flake.nixosModules
or null;
pkgs = flake.packages.${system}
or flake.legacyPackages.${system}
or null;
lib = flake.lib.${system}
or flake.lib
or null;
}) inputs;
forSystems = systems: f: nixpkgs.lib.genAttrs systems (system: f rec {
inherit system;
pkgs = nixpkgs.legacyPackages.${system};
lib = nixpkgs.legacyPackages.${system}.lib;
flakes = flake inputs system;
});
forAllSystems = forSystems [
"x86_64-linux"
"aarch64-linux"
#"riscv64-linux"
];
mkModule = hostname: domain: system: modules: ({ lib, ... }: {
#TODO: fix infinite recursion:
/** /
_module.args = lib.mkFinal {
inherit inputs;
flakes = flake inputs system;
};
/**/
imports = [
./base.nix
"${self}/hosts/${hostname}"
sops-nix.nixosModules.sops
] ++ modules;
#++ flake-programs-sqlite.nixosModules.programs-sqlite; # TODO: make work
sops = lib.mkIf (builtins.pathExists ./secrets/${hostname}.yaml) {
defaultSopsFile = ./secrets/${hostname}.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
age.keyFile = "/var/lib/sops-nix/key.txt";
age.generateKey = true;
};
# still needed even if using networkd
networking.hostName = hostname;
networking.domain = domain;
networking.search = [ domain ];
nixpkgs.overlays = [
(final: prev: {
#unstable = unstable.legacyPackages.${final.system};
unstable = import unstable { inherit system; config.allowUnfree = true; }; # TODO: inherit nixos config from stable
})
];
# This makes commandline tools like 'nix run nixpkgs#hello'
# and 'nix-shell -p hello' use the same channel as system was built with
nix.registry.nixpkgs.flake = inputs.nixpkgs;
nix.registry.nixpkgs-unstable.flake = inputs.unstable;
#nix.registry.nixpkgs-unstable.flake.url = "github:NixOS/nixpkgs/nixos-unstable";
nix.nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"nixpkgs-unstable=${inputs.unstable}"
#"nixpkgs-unstable=github:NixOS/nixpkgs/nixos-unstable"
];
});
mkConfig = hostname: domain: system: modules: nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs;
flakes = flake inputs system;
};
modules = [ (mkModule hostname domain system modules) ];
};
mkHosts = mk: with nixos-hardware.nixosModules; {
# TODO: move nixos-hardware imports to the nixos configs?
noximilien = mk "noximilien" "pbsds.net" "x86_64-linux" [ common-pc common-pc-ssd common-cpu-intel ];
brumlebasse = mk "brumlebasse" "pbsds.net" "x86_64-linux" [ common-pc common-pc-ssd common-cpu-amd ];
nord = mk "nord" "pbsds.net" "x86_64-linux" [ common-pc common-pc-ssd common-cpu-intel-cpu-only common-cpu-intel-sandy-bridge common-gpu-amd common-hidpi ];
sopp = mk "sopp" "pbsds.net" "x86_64-linux" [ common-pc common-pc-ssd common-cpu-intel common-gpu-nvidia-nonprime ];
bolle = mk "bolle" "pbsds.net" "x86_64-linux" [ common-pc common-pc-ssd common-cpu-intel ];
garp = mk "garp" "pbsds.net" "x86_64-linux" [ common-pc common-pc-ssd common-cpu-intel ]; # TODO: common-gpu-nvidia-nonprime ];
#gomperud smattkuken skrytebiffen skalkesnerken balleby brumlebasse bingus skjrlaltatjlstad
#bergjlot snortheimsmoen ditlefsen skrukkerud podebusk zmaragd makrell alfnes blix urke eple hasselknippe pytte uddu imdorf rosenqvist
};
in {
inherit inputs;
packages = forAllSystems ({ pkgs, flakes, ... }: let
nm = nixos-hardware.nixosModules;
in {
mpv-webm = pkgs.callPackage ./pkgs/mpv-webm.nix {}; # TODO: https://github.com/NixOS/nixpkgs/pull/238659
nixos-rebuild-nom = with pkgs; writeScriptBin "nixos-rebuild" ''
exec ${nixos-rebuild}/bin/nixos-rebuild "$@" |& ${nix-output-monitor}/bin/nom
'';
# nixos-generators images
image-brumlebasse-openstack = nixos-generators.nixosGenerate {
system = "x86_64-linux";
specialArgs = { inherit inputs flakes; };
modules = [ (mkHosts mkModule).brumlebasse ];
format = "openstack";
};
});
lib = {
inherit flake forSystems;
} // forAllSystems ({ ... }: {
inherit flake forSystems;
});
nixosModules = mkHosts mkModule;
nixosConfigurations = mkHosts mkConfig;
homeConfigurations = forAllSystems ({ pkgs, flakes, ... }: let
mkHome = user: home: modules: home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = modules ++ [{
home.username = user;
home.homeDirectory = home;
}];
extraSpecialArgs = {
inherit inputs flakes;
};
};
in {
pbsds = mkHome "pbsds" "/home/pbsds" [ ./users/pbsds/home ];
pbsds-gnome = mkHome "pbsds" "/home/pbsds" [ ./users/pbsds/home/gnome.nix ];
});
devShells = forAllSystems ({ pkgs, flakes, ... }: let
mkShell = packages: pkgs.mkShellNoCC { inherit packages; };
envrc-pkgs = [
flakes.self.pkgs.nixos-rebuild-nom
pkgs.home-manager
pkgs.nix-output-monitor
pkgs.cachix
pkgs.age
pkgs.sops
pkgs.ssh-to-age
];
in {
envrc-local = mkShell envrc-pkgs;
envrc-remote = mkShell (envrc-pkgs ++ [
flakes.unstable.pkgs.remote-exec # TODO: stable
pkgs.yq
pkgs.rsync
]);
remoteenv = mkShell [
flakes.self.pkgs.nixos-rebuild-nom
pkgs.age
pkgs.ssh-to-age
];
});
};
}