288 lines
11 KiB
Nix
288 lines
11 KiB
Nix
{
|
|
description = "pbsds' system/home flake";
|
|
|
|
inputs = {
|
|
# https://github.com/nixos/nixpkgs
|
|
nixpkgs-edge.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
nixpkgs-2311.url = "github:NixOS/nixpkgs/nixos-23.11"; # gnome plugins broken
|
|
nixpkgs-2305.url = "github:NixOS/nixpkgs/nixos-23.05";
|
|
|
|
# https://github.com/nix-community/home-manager
|
|
home-manager-edge.url = "github:nix-community/home-manager/master";
|
|
home-manager-edge.inputs.nixpkgs.follows = "nixpkgs-edge";
|
|
home-manager-2311.url = "github:nix-community/home-manager/release-23.11";
|
|
home-manager-2311.inputs.nixpkgs.follows = "nixpkgs-2311";
|
|
home-manager-2305.url = "github:nix-community/home-manager/release-23.05";
|
|
home-manager-2305.inputs.nixpkgs.follows = "nixpkgs-2305";
|
|
|
|
# https://github.com/NixOS/nixos-hardware
|
|
nixos-hardware.url = "github:NixOS/nixos-hardware";
|
|
|
|
# https://github.com/wamserma/flake-programs-sqlite
|
|
flake-programs-sqlite-2311.url = "github:wamserma/flake-programs-sqlite";
|
|
flake-programs-sqlite-2311.inputs.nixpkgs.follows = "nixpkgs-2311";
|
|
|
|
# https://github.com/nix-community/nixos-generators
|
|
nixos-generators-2311.url = "github:nix-community/nixos-generators";
|
|
nixos-generators-2311.inputs.nixpkgs.follows = "nixpkgs-2311";
|
|
|
|
# https://github.com/Mic92/sops-nix
|
|
sops-nix-edge.url = "github:Mic92/sops-nix";
|
|
sops-nix-edge.inputs.nixpkgs.follows = "nixpkgs-edge";
|
|
sops-nix-2311.url = "github:Mic92/sops-nix";
|
|
sops-nix-2311.inputs.nixpkgs.follows = "nixpkgs-2311";
|
|
sops-nix-2305.url = "github:Mic92/sops-nix";
|
|
sops-nix-2305.inputs.nixpkgs.follows = "nixpkgs-2305";
|
|
|
|
/** /
|
|
matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix
|
|
#https://github.com/considerate/nixos-odroidhc4
|
|
#https://cyberchaos.dev/cyberchaoscreatures/musl-nixos/
|
|
#https://github.com/numtide/system-manager
|
|
nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions"
|
|
#https://github.com/numtide/nixpkgs-unfree # has a cache
|
|
#https://github.com/matthewbauer/nixiosk
|
|
inputs.pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
|
|
|
|
# used to host old docs
|
|
nixpkgs-22.url = "github:NixOS/nixpkgs/nixos-22.11";
|
|
nixpkgs-21.url = "github:NixOS/nixpkgs/nixos-21.11";
|
|
nixpkgs-20.url = "github:NixOS/nixpkgs/nixos-20.09";
|
|
nixpkgs-19.url = "github:NixOS/nixpkgs/nixos-19.09";
|
|
nixpkgs-19.flake = false; # Earlier versions are not flake-pure
|
|
/**/
|
|
|
|
#pbsds-papers.url = "git+ssh://git@github.com/pbsds/papers.git";
|
|
};
|
|
|
|
nixConfig.extra-substituters = [
|
|
"https://cuda-maintainers.cachix.org"
|
|
"https://nix-community.cachix.org"
|
|
"https://nixos-rocm.cachix.org"
|
|
"https://nixpkgs-unfree.cachix.org"
|
|
"https://numtide.cachix.org"
|
|
];
|
|
nixConfig.extra-trusted-public-keys = [
|
|
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
|
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
"nixos-rocm.cachix.org-1:VEpsf7pRIijjd8csKjFNBGzkBqOmw8H9PRmgAq14LnE="
|
|
"nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
|
|
"numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
|
|
];
|
|
|
|
outputs = {
|
|
self,
|
|
nixos-hardware,
|
|
nixos-generators-2311,
|
|
...
|
|
} @ inputs':
|
|
let
|
|
inputs-edge = inputs' // {
|
|
nixpkgs = inputs'.nixpkgs-edge;
|
|
unstable = inputs'.nixpkgs-edge;
|
|
home-manager = inputs'.home-manager-edge;
|
|
sops-nix = inputs'.sops-nix-edge;
|
|
};
|
|
inputs-2311 = inputs' // {
|
|
nixpkgs = inputs'.nixpkgs-2311;
|
|
unstable = inputs'.nixpkgs-edge;
|
|
home-manager = inputs'.home-manager-2311;
|
|
sops-nix = inputs'.sops-nix-2311;
|
|
};
|
|
inputs-2305 = inputs' // {
|
|
nixpkgs = inputs'.nixpkgs-2305;
|
|
unstable = inputs'.nixpkgs-2311;
|
|
home-manager = inputs'.home-manager-2305;
|
|
sops-nix = inputs'.sops-nix-2305;
|
|
};
|
|
|
|
mkFlakeView = inputs: system: inputs.nixpkgs.lib.mapAttrs (name: flake: {
|
|
# TODO filter non-flake inputs
|
|
nixos = flake.nixosModules
|
|
or null;
|
|
pkgs = flake.packages.${system}
|
|
or flake.legacyPackages.${system}
|
|
or null;
|
|
lib = flake.lib.${system}
|
|
or flake.lib
|
|
or null;
|
|
}) inputs;
|
|
|
|
forSystems = systems: f: inputs-edge.nixpkgs.lib.genAttrs systems (system: f rec {
|
|
inherit system;
|
|
inputs = inputs-edge;
|
|
pkgs = inputs.nixpkgs.legacyPackages.${system};
|
|
lib = inputs.nixpkgs.legacyPackages.${system}.lib;
|
|
flakes = mkFlakeView inputs system;
|
|
});
|
|
forAllSystems = forSystems [
|
|
"x86_64-linux"
|
|
"aarch64-linux"
|
|
#"riscv64-linux"
|
|
];
|
|
|
|
mkModule = hostname: domain: system: inputs: modules: ({ lib, ... }: {
|
|
#TODO: fix infinite recursion:
|
|
/** /
|
|
_module.args = lib.mkFinal {
|
|
inherit inputs;
|
|
flakes = mkFlakeView inputs system;
|
|
};
|
|
/**/
|
|
imports = [
|
|
./base.nix
|
|
"${self}/hosts/${hostname}"
|
|
inputs.sops-nix.nixosModules.sops
|
|
inputs.home-manager.nixosModule
|
|
] ++ modules;
|
|
#++ inputs.flake-programs-sqlite.nixosModules.programs-sqlite; # TODO: make work
|
|
|
|
sops = {
|
|
defaultSopsFile = lib.mkIf (builtins.pathExists ./secrets/${hostname}.yaml)
|
|
./secrets/${hostname}.yaml;
|
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
age.keyFile = "/var/lib/sops-nix/key.txt";
|
|
age.generateKey = true;
|
|
};
|
|
|
|
home-manager.useGlobalPkgs = true; # go brrr, reuse overrides
|
|
home-manager.extraSpecialArgs = {
|
|
inherit inputs;
|
|
flakes = mkFlakeView inputs system;
|
|
};
|
|
home-manager.sharedModules = [
|
|
inputs.sops-nix.homeManagerModules.sops
|
|
];
|
|
|
|
# still needed even if using networkd
|
|
networking.hostName = hostname;
|
|
networking.domain = domain;
|
|
networking.search = [ domain ];
|
|
nixpkgs.overlays = [
|
|
(final: prev: {
|
|
#unstable = unstable.legacyPackages.${final.system};
|
|
unstable = import inputs.unstable { inherit system; config.allowUnfree = true; }; # TODO: inherit nixos config from stable
|
|
})
|
|
];
|
|
# This makes commandline tools like 'nix run nixpkgs#hello'
|
|
# and 'nix-shell -p hello' use the same channel as system was built with
|
|
nix.registry.nixpkgs.flake = inputs.nixpkgs;
|
|
nix.registry.nixpkgs-unstable.flake = inputs.unstable;
|
|
nix.registry.nixpkgs-git = {
|
|
from.id = "nixpkgs";
|
|
from.type = "indirect";
|
|
to.type = "github";
|
|
to.owner = "NixOS";
|
|
to.repo = "nixpkgs";
|
|
to.ref = "nixpkgs-unstable-small";
|
|
};
|
|
nix.nixPath = [
|
|
"nixpkgs=${inputs.nixpkgs}"
|
|
"nixpkgs-unstable=${inputs.unstable}"
|
|
"nixpkgs-git=github:NixOS/nixpkgs/nixos-unstable-small"
|
|
];
|
|
});
|
|
mkConfig = hostname: domain: system: inputs: modules: inputs.nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs;
|
|
flakes = mkFlakeView inputs system;
|
|
};
|
|
modules = [ (mkModule hostname domain system inputs modules) ];
|
|
};
|
|
mkHosts = mk: with nixos-hardware.nixosModules; {
|
|
# TODO: move nixos-hardware imports to the nixos configs?
|
|
#attrpath "hostname" "domain" "system" inputs [ modules ... ]
|
|
noximilien = mk "noximilien" "pbsds.net" "x86_64-linux" inputs-2311 [ common-pc common-pc-ssd common-cpu-intel ];
|
|
brumlebasse = mk "brumlebasse" "pbsds.net" "x86_64-linux" inputs-2311 [ common-pc common-pc-ssd common-cpu-amd ];
|
|
nord = mk "nord" "pbsds.net" "x86_64-linux" inputs-2305 [ common-pc common-pc-ssd common-cpu-intel-cpu-only common-cpu-intel-sandy-bridge common-gpu-amd common-hidpi ];
|
|
sopp = mk "sopp" "pbsds.net" "x86_64-linux" inputs-2305 [ common-pc common-pc-ssd common-cpu-intel common-gpu-nvidia-nonprime ];
|
|
bolle = mk "bolle" "pbsds.net" "x86_64-linux" inputs-2311 [ common-pc common-pc-ssd common-cpu-intel ];
|
|
eple = mk "eple" "pbsds.net" "x86_64-linux" inputs-2311 [ common-pc common-pc-ssd common-cpu-intel ];
|
|
garp = mk "garp" "pbsds.net" "x86_64-linux" inputs-2305 [ common-pc common-pc-ssd common-cpu-intel-cpu-only common-gpu-nvidia-nonprime ];
|
|
#gomperud smattkuken skrytebiffen skalkesnerken balleby brumlebasse bingus skjrlaltatjlstad
|
|
#bergjlot snortheimsmoen ditlefsen skrukkerud podebusk zmaragd makrell alfnes blix urke eple hasselknippe pytte uddu imdorf rosenqvist
|
|
};
|
|
in {
|
|
inputs = inputs';
|
|
|
|
lib = {
|
|
inherit mkFlakeView forSystems;
|
|
} // forAllSystems ({ system, ... }: {
|
|
inherit mkFlakeView forSystems;
|
|
flakes = mkFlakeView inputs-edge system;
|
|
flakes-2311 = mkFlakeView inputs-2311 system;
|
|
flakes-2305 = mkFlakeView inputs-2305 system;
|
|
});
|
|
|
|
nixosModules = mkHosts mkModule;
|
|
nixosConfigurations = mkHosts mkConfig;
|
|
|
|
packages = forAllSystems ({ inputs, pkgs, flakes, ... }: {
|
|
mpv-webm = pkgs.callPackage ./pkgs/mpv-webm.nix {}; # TODO: https://github.com/NixOS/nixpkgs/pull/238659, remove when i switch to 23.11
|
|
|
|
nixos-rebuild-nom = with pkgs; writeScriptBin "nixos-rebuild" ''
|
|
exec ${nixos-rebuild}/bin/nixos-rebuild "$@" |& ${nix-output-monitor}/bin/nom
|
|
'';
|
|
|
|
# nixos-generators images
|
|
image-brumlebasse-openstack = nixos-generators-2311.nixosGenerate {
|
|
system = "x86_64-linux";
|
|
specialArgs = { inherit inputs flakes; };
|
|
modules = [ (mkHosts mkModule).brumlebasse ];
|
|
format = "openstack";
|
|
};
|
|
});
|
|
|
|
homeConfigurations = forAllSystems ({ pkgs, flakes, ... }: let
|
|
mkHome = user: home: inputs: modules: inputs.home-manager.lib.homeManagerConfiguration {
|
|
inherit pkgs;
|
|
modules = modules ++ [{
|
|
home.username = user;
|
|
home.homeDirectory = home;
|
|
home-manager.sharedModules = [
|
|
inputs.sops-nix.homeManagerModules.sops
|
|
];
|
|
}];
|
|
extraSpecialArgs = {
|
|
inherit inputs flakes;
|
|
};
|
|
};
|
|
in {
|
|
# TODO: pvv
|
|
pbsds-2305 = mkHome "pbsds" "/home/pbsds" inputs-2305 [ ./users/pbsds/home ];
|
|
pbsds-2311 = mkHome "pbsds" "/home/pbsds" inputs-2311 [ ./users/pbsds/home ];
|
|
pbsds = mkHome "pbsds" "/home/pbsds" inputs-edge [ ./users/pbsds/home ];
|
|
pbsds-gnome-2305 = mkHome "pbsds" "/home/pbsds" inputs-2305 [ ./users/pbsds/home/gnome.nix ];
|
|
pbsds-gnome-2311 = mkHome "pbsds" "/home/pbsds" inputs-2311 [ ./users/pbsds/home/gnome.nix ];
|
|
pbsds-gnome = mkHome "pbsds" "/home/pbsds" inputs-edge [ ./users/pbsds/home/gnome.nix ];
|
|
});
|
|
|
|
devShells = forAllSystems ({ pkgs, flakes, ... }: let
|
|
mkShell = packages: pkgs.mkShellNoCC { inherit packages; };
|
|
envrc-pkgs = [
|
|
flakes.self.pkgs.nixos-rebuild-nom
|
|
pkgs.home-manager
|
|
pkgs.nix-output-monitor
|
|
pkgs.cachix
|
|
pkgs.age
|
|
pkgs.sops
|
|
pkgs.ssh-to-age
|
|
];
|
|
in {
|
|
envrc-local = mkShell envrc-pkgs;
|
|
envrc-remote = mkShell (envrc-pkgs ++ [
|
|
flakes.unstable.pkgs.remote-exec # TODO: stable
|
|
pkgs.yq
|
|
pkgs.rsync
|
|
]);
|
|
remoteenv = mkShell [
|
|
flakes.self.pkgs.nixos-rebuild-nom
|
|
pkgs.age
|
|
pkgs.ssh-to-age
|
|
];
|
|
});
|
|
|
|
};
|
|
}
|