c8h4/nixos-config
1
0
Fork 0
Code Issues Actions Activity
nixos-config/flake.nix
Christoph Heiss 8486f7815a
flake: bump inputs to 31-08-2024 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
2024-09-19 17:18:17 +02:00

220 lines
7.2 KiB
Nix
Raw Blame History

{
description = "c8h4.io NixOS configuration";
inputs = {
nixpkgs = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
rev =
"7e7941b89e9d2ad4d01892a5af4f17c8e34e3b2b"; # nixos-unstable; 31-08-2024
};
home-manager = {
type = "github";
owner = "nix-community";
repo = "home-manager";
rev = "c2cd2a52e02f1dfa1c88f95abeb89298d46023be"; # master; 23-08-2024
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware = {
type = "github";
owner = "NixOS";
repo = "nixos-hardware";
rev = "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef"; # master; 28-08-2024
};
simple-nixos-mailserver = {
type = "gitlab";
owner = "simple-nixos-mailserver";
repo = "nixos-mailserver";
rev = "af7d3bf5daeba3fc28089b015c0dd43f06b176f2"; # master; 05-08-2023
inputs.nixpkgs.follows = "nixpkgs";
};
nixgl = {
type = "github";
owner = "nix-community";
repo = "nixGL";
rev = "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a"; # main; 19-04-2024
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
flake-utils.url = "github:numtide/flake-utils";
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixinate = {
url = "github:MatthewCroughan/nixinate";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
type = "github";
owner = "Mic92";
repo = "sops-nix";
rev = "be0eec2d27563590194a9206f551a6f73d52fa34"; # master; 13-08-2024
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs-stable.follows = "nixpkgs";
};
lix-module = {
url =
"git+https://git.lix.systems/lix-project/nixos-module?ref=refs/tags/2.91.0";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
};
outputs = { self, nixpkgs, home-manager, nixos-hardware
, simple-nixos-mailserver, nixgl, flake-utils, treefmt-nix, nixinate
, sops-nix, lix-module, ... }:
let
lib = nixpkgs.lib.extend (import ./lib);
overlays = [
(nixpkgs.lib.composeManyExtensions
[ (import ./pkgs/build-support.nix) ])
(_: super: import ./pkgs super)
(_: super: {
vimPlugins = super.vimPlugins
// (import ./pkgs/vim-plugins.nix super);
})
];
in (flake-utils.lib.eachSystem [ "x86_64-linux" "aarch64-linux" ] (system:
let
pkgs = import nixpkgs { inherit lib overlays system; };
inherit (flake-utils.lib) mkApp;
treefmt = treefmt-nix.lib.evalModule pkgs {
projectRootFile = "flake.nix";
programs = {
deadnix.enable = true;
nixfmt = {
enable = true;
package = pkgs.nixfmt-classic;
};
prettier.enable = true;
shellcheck.enable = true;
statix.enable = true;
stylua.enable = true;
taplo.enable = true;
};
};
mkHomeManagerFlake = name:
pkgs.writeShellApplication {
name = "hm-flake-${name}";
runtimeInputs = with pkgs; [ home-manager ];
text = ''
set -x
home-manager switch --flake .#${name} -b bak
'';
};
checkGitHistory = pkgs.writeShellApplication {
name = "check-git-history";
runtimeInputs = with pkgs; [ git gnugrep gnupg ];
text = ''
set +o pipefail # `git verify-commit` exits with 1 on expired keys
result=0
ret=
for h in $(git log --format=%h | tac); do
git verify-commit --raw "$h" 2>&1 | grep -qP '^\[GNUPG:\] VALIDSIG (\S+ )+9C561D6430B28D6BDCBC9CEB73D5E7FDEE3DE49A$'
ret=$?
if [ $ret -ne 0 ]; then
echo "[!] found unsigned commit: $h" >&2
result=1
fi
done
exit $result
'';
};
setupGitHooks = pkgs.writeShellApplication {
name = "setup-git-hooks";
text = ''
echo -e '#!/usr/bin/env sh\nexec nix flake check' >.git/hooks/pre-commit
chmod +x .git/hooks/pre-commit
'';
};
in {
apps = (nixinate.nixinate.${system} self).nixinate // {
maui = mkApp { drv = mkHomeManagerFlake "maui"; };
check-git-history = mkApp { drv = checkGitHistory; };
setup-git-hooks = mkApp { drv = setupGitHooks; };
};
checks = {
formatting = treefmt.config.build.check self;
} // self.packages.${system};
formatter = treefmt.config.build.wrapper;
devShells.default = pkgs.mkShell {
inputsFrom = [ treefmt.config.build.devShell ];
nativeBuildInputs = with pkgs; [ age nix-tree sops ];
};
packages = (import ./pkgs pkgs) // (import ./pkgs/vim-plugins.nix pkgs);
})) // (let
machines = {
back = { };
fort = { };
tank = { };
trek.extraModules =
[ nixos-hardware.nixosModules.framework-12th-gen-intel ];
zero = { };
};
mkSystem = name:
{ extraModules ? [ ], system ? "x86_64-linux" }:
nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit lib; };
modules = [
sops-nix.nixosModules.sops
simple-nixos-mailserver.nixosModules.mailserver
lix-module.nixosModules.default
home-manager.nixosModules.home-manager
# who doesn't love a bit of composability
({ config, ... }:
let my = import ./secrets/my.nix;
in {
_module.args = rec {
inherit (config.sops) secrets;
inherit my;
nixinate = {
host = "${name}.${my.domain}";
sshUser = "christoph";
buildOn = "local";
substituteOnTarget = true;
};
};
imports = [ (./machines + "/${name}.nix") ];
nixpkgs = { inherit overlays; };
networking = {
hostName = name;
hosts."127.0.0.1" = [ "${name}.${my.domain}" ];
};
sops.age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
})
] ++ (builtins.attrValues self.nixosModules) ++ extraModules;
};
in {
homeConfigurations.maui = home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs {
system = "x86_64-linux";
overlays = overlays ++ [ nixgl.overlay ];
};
modules = [ ./machines/maui.nix lix-module.nixosModules.default ];
};
nixosConfigurations = builtins.mapAttrs mkSystem machines;
nixosModules = import ./modules;
overlays.default = final: prev: map (f: f final prev) overlays;
});
}
Reference in a new issue View git blame Copy permalink