nixos/flake.nix

387 lines
12 KiB
Nix

{
description = "Malte Tammena's system configuration";
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
nixos-hardware = {
url = "github:NixOS/nixos-hardware";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-wayland = {
url = "github:nix-community/nixpkgs-wayland";
inputs.nixpkgs.follows = "nixpkgs";
};
emulator-2a = {
url = "github:MalteT/2a-emulator/develop";
inputs.nixpkgs.follows = "nixpkgs";
};
mensa = {
url = "github:MalteT/mensa/main";
inputs.nixpkgs.follows = "nixpkgs";
};
custom-udev-rules = {
url = "github:MalteT/custom-udev-rules";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
};
colmena = {
url = "github:zhaofengli/colmena";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
glados = {
url = "git+https://git.sr.ht/~megamanmalte/GLaDOS?ref=main";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
gruvbox-material-gtk = {
url = "github:sainnhe/gruvbox-material-gtk";
flake = false;
};
rip = {
url = "github:nivekuil/rip";
flake = false;
};
"2i-emulator" = {
url = "github:klemens/2i-emulator";
flake = false;
};
"cataclysm-dda" = {
url = "github:CleverRaven/Cataclysm-DDA";
flake = false;
};
fend = {
url = "github:MalteT/fend/flake";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, nixos-hardware, home-manager, ... }@inputs: {
colmena = {
meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; };
helix-texta = { name, nodes, pkgs, ... }: {
imports = [ self.nixosModules.helix-texta ];
config.deployment = {
allowLocalDeployment = true;
targetHost = null;
};
};
murex-pecten = { name, nodes, pkgs, ... }: {
imports = [ self.nixosModules.murex-pecten ];
config.deployment = {
#allowLocalDeployment = true;
targetHost = "murex-pecten";
targetUser = "root";
};
};
cornu-aspersum = { ... }: {
imports = [ self.nixosModules.cornu-aspersum ];
config.deployment = {
targetHost = "ccqcraft.de";
targetUser = "root";
};
};
elysia-clarki = { ... }: {
imports = [ self.nixosModules.elysia-clarki ];
config.deployment = {
targetHost = "elysia-clarki";
targetUser = "root";
};
};
trochulus-hispidus = { ... }: {
imports = [ self.nixosModules.trochulus-hispidus ];
config.deployment = {
targetHost = "trochulus-hispidus";
targetUser = "root";
};
};
};
nixosModules = {
helix-texta = { pkgs, config, ... }: {
imports = [
./hosts/helix-texta.nix
./modules/light-actkbd.nix
./modules/scanner.nix
self.nixosModules.thinkpad-p1-gen3
home-manager.nixosModules.home-manager
self.nixosModules.home-manager-config
self.nixosModules.x86_64-linux-basics
];
config = {
nix = {
# add binary caches
binaryCachePublicKeys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
];
binaryCaches = nixpkgs.lib.mkForce [
"https://cache.nixos.org"
"https://nixpkgs-wayland.cachix.org"
];
};
environment.systemPackages =
[ inputs.colmena.packages.${config.nixpkgs.system}.colmena ];
# Overwrite basics
services.openssh.enable = false;
programs.mosh.enable = false;
# Overlays only relevant to my primary laptop
nixpkgs.overlays = [
inputs.nixpkgs-wayland.overlay
inputs.fenix.overlay
(import ./overlays/sane-backends.nix)
(import ./overlays/logisim.nix)
];
};
};
murex-pecten = { ... }: {
imports = [
self.nixosModules.x86_64-linux-basics
nixos-hardware.nixosModules.common-pc
nixos-hardware.nixosModules.common-pc-ssd
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
home-manager.nixosModules.home-manager
self.nixosModules.home-manager-config
./hosts/murex-pecten.nix
./hardware/aorus.nix
];
config = { nixpkgs.overlays = [ inputs.fenix.overlay ]; };
};
cornu-aspersum = { ... }: {
imports = [
self.nixosModules.x86_64-linux-basics
./hosts/cornu-aspersum.nix
./hardware/netcup-rs-2000-g9.nix
./modules/nginx-reverse-proxy.nix
./modules/ccqcraft.nix
inputs.glados.nixosModules.glados
./modules/radicale.nix
./modules/grafana.nix
];
};
elysia-clarki = { pkgs, ... }: {
imports = [
self.nixosModules.x86_64-linux-basics
./hosts/elysia-clarki.nix
./hardware/intel-nuc.nix
./modules/local-build-service.nix
./modules/nginx-reverse-proxy.nix
#./modules/binary-cache.nix
./modules/ccqcraft-backups.nix
./modules/restic.nix
];
config = {
# Override kernel version for zfs
boot.kernelPackages = pkgs.linuxPackages_5_10;
};
};
trochulus-hispidus = { pkgs, ... }: {
imports = [
home-manager.nixosModules.home-manager
self.nixosModules.x86_64-linux-basics
self.nixosModules.home-manager-config
./hosts/trochulus-hispidus.nix
./hardware/latitude-e7440.nix
];
};
};
nixosModules.thinkpad-p1-gen3 = { ... }: {
imports = [
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-nvidia
nixos-hardware.nixosModules.common-pc-laptop
nixos-hardware.nixosModules.common-pc-laptop-ssd
nixos-hardware.nixosModules.common-pc-laptop-acpi_call
./hardware/thinkpad-p1-gen3.nix
];
};
nixosModules.home-manager-config = { ... }: {
home-manager.verbose = true;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
};
# Necessary for flakes to work
nixosModules.nixUnstable = { pkgs, ... }: {
nix.registry.nixpkgs.flake = nixpkgs;
nix.package = pkgs.nixUnstable;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
nixpkgs.overlays = [ (self: super: { nix = super.nixUnstable; }) ];
# Enable store optimiser
nix.optimise = {
automatic = true;
dates = [ "04:00" ];
};
};
# Some basics that every machine should have
nixosModules.x86_64-linux-basics = { pkgs, config, ... }: {
imports = [
inputs.custom-udev-rules.nixosModule
inputs.sops-nix.nixosModules.sops
self.nixosModules.nixUnstable
./modules/neovim.nix
./modules/base-system.nix
];
config = {
# Set the system revision if this flake has it
system.configurationRevision = pkgs.lib.mkIf (self ? rev) self.rev;
# Add some useful overlays
# TODO: How would I do this inside ./modules/base-system.nix?
nixpkgs.overlays = [
(self: super: {
# Add FiraCode as a package, but use NerdFonts
firaCodeNerd = super.nerdfonts.override { fonts = [ "FiraCode" ]; };
# Add the emulator
"2a-emulator" =
inputs.emulator-2a.packages.x86_64-linux."2a-emulator";
# Add my mensa tool
mensa = inputs.mensa.packages.x86_64-linux.mensa;
# TODO: Replace with upstream
fend = inputs.fend.packages.x86_64-linux.fend;
})
# Override cataclysm to use git
(import ./overlays/cataclysm-dda.nix)
];
};
};
# My thinkpad P1
nixosConfigurations.helix-texta = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ self.nixosModules.helix-texta ];
};
# My tower
nixosConfigurations.murex-pecten = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ self.nixosModules.murex-pecten ];
};
# Currently hosted by NetCup
nixosConfigurations.cornu-aspersum = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ self.nixosModules.cornu-aspersum ];
};
# Server @home
nixosConfigurations.elysia-clarki = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ self.nixosModules.elysia-clarki ];
};
# Marie's laptop
nixosConfigurations.trochulus-hispidus = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ self.nixosModules.trochulus-hispidus ];
};
devShell.x86_64-linux =
let pkgs = import nixpkgs { system = "x86_64-linux"; };
in pkgs.mkShell {
packages = [
(with pkgs;
writeScriptBin "rebuild" ''
#!${stdenv.shell}
if [ -z $1 ]; then
echo "Need 'switch|boot|...'"
exit 1
fi
today=`${coreutils}/bin/date +%Y-%m-%d`
branch=`${git}/bin/git branch --show-current`
rev=`${git}/bin/git log -1 --format=%h`
dirty=`${git}/bin/git diff --quiet || echo '~'`
NIXOS_LABEL_VERSION=$today-$branch-$rev$dirty
# Extract build secrets
echo Extracting build secrets..
${sops}/bin/sops --extract '["multimc-client-id"]' -d secrets/secrets.yaml > build-secrets/multimc-client-id
sudo ${nixos-rebuild}/bin/nixos-rebuild $1 --flake .
'')
(with pkgs;
writeScriptBin "all-hosts" ''
nix eval --json .#nixosConfigurations --apply builtins.attrNames 2>/dev/null | jq -r .[]
'')
(with pkgs;
writeScriptBin "push-to" ''
if [ -z $2 ]; then
echo "Need 'switch|boot|...'"
exit 1
fi
host=$1
action=$2
nixos-rebuild --flake .#$host --build-host root@$host --target-host root@$host $action
'')
(with pkgs;
writeScriptBin "option" ''
host=$1
option=$2
nix eval .#nixosConfigurations.$host.config.$option 2>/dev/null
'')
(with pkgs;
writeScriptBin "hm-option" ''
host=$1
option=$2
user=$3
if [[ -z $user ]]; then
user=$USER
fi
nix eval .#nixosConfigurations.$host.config.home-manager.users.$user.$option 2>/dev/null
'')
(with pkgs;
writeScriptBin "test-config" ''
#!${stdenv.shell}
for host in $(all-hosts); do
echo == Checking ''${host}..
nixos-rebuild --flake .#$host dry-build 2> /tmp/build-output
if [[ $? -ne 0 ]]; then
bat --file-name "Failed to verify config for $host" /tmp/build-output
exit 1
fi
done
echo === All checks passed
'')
inputs.colmena.packages.x86_64-linux.colmena
];
};
};
}