nix/flake.nix
Daniel Flanagan fd4d4ffa1a
Some checks failed
/ check (push) Failing after 9s
Update flake, nixos 24.11
2024-12-02 13:05:36 -06:00

819 lines
24 KiB
Nix

{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
disko.url = "github:nix-community/disko/master";
disko.inputs.nixpkgs.follows = "nixpkgs";
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable";
# sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs";
git-hooks.url = "github:cachix/git-hooks.nix";
git-hooks.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager/release-24.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
home-manager-unstable.url = "github:nix-community/home-manager";
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
helix.url = "github:helix-editor/helix/master";
hardware.url = "github:nixos/nixos-hardware";
hyprland.url = "github:hyprwm/Hyprland";
wezterm.url = "github:wez/wezterm?dir=nix";
wezterm.inputs.nixpkgs.follows = "nixpkgs-unstable";
slippi.url = "github:lytedev/slippi-nix";
# slippi.url = "git+file:///home/daniel/code/open-source/slippi-nix";
slippi.inputs.nixpkgs.follows = "nixpkgs-unstable";
slippi.inputs.home-manager.follows = "home-manager-unstable";
jovian.url = "github:Jovian-Experiments/Jovian-NixOS/development";
jovian.inputs.nixpkgs.follows = "nixpkgs-unstable";
# nnf.url = "github:thelegy/nixos-nftables-firewall?rev=71fc2b79358d0dbacde83c806a0f008ece567b7b";
mobile-nixos = {
url = "github:lytedev/mobile-nixos";
flake = false;
};
};
nixConfig = {
extra-experimental-features = ["nix-command" "flakes"];
extra-substituters = [
"https://cache.nixos.org/"
"https://helix.cachix.org"
"https://nix-community.cachix.org"
"https://nix.h.lyte.dev"
"https://hyprland.cachix.org"
];
extra-trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"h.lyte.dev-2:te9xK/GcWPA/5aXav8+e5RHImKYMug8hIIbhHsKPN0M="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
];
};
outputs = {
self,
nixpkgs,
nixpkgs-unstable,
disko,
sops-nix,
git-hooks,
wezterm,
home-manager,
home-manager-unstable,
helix,
hardware,
jovian,
mobile-nixos,
# nnf,
# hyprland,
slippi,
...
}: let
inherit (self) outputs;
inherit (outputs) nixosModules homeManagerModules overlays;
# TODO: make @ inputs unnecessary by making arguments explicit in all modules?
systems = ["aarch64-linux" "aarch64-darwin" "x86_64-darwin" "x86_64-linux"];
forSystems = nixpkgs.lib.genAttrs systems;
pkgsFor = system: (import nixpkgs {inherit system;}).extend overlays.default;
genPkgs = func: (forSystems (system: func (pkgsFor system)));
pkg = callee: overrides: genPkgs (pkgs: pkgs.callPackage callee overrides);
unstable = {
forSystems = nixpkgs-unstable.lib.genAttrs systems;
pkgsFor = system: (import nixpkgs-unstable {inherit system;}).extend overlays.default;
genPkgs = func: (forSystems (system: func (pkgsFor system)));
pkg = callee: overrides: genPkgs (pkgs: pkgs.callPackage callee overrides);
};
style = {
colors = (import ./lib/colors.nix {inherit (nixpkgs) lib;}).schemes.catppuccin-mocha-sapphire;
font = {
name = "IosevkaLyteTerm";
size = 12;
};
};
/*
moduleArgs = {
# inherit style;
inherit helix slippi hyprland hardware disko home-manager;
inherit (outputs) nixosModules homeManagerModules diskoConfigurations overlays;
};
*/
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev";
in {
/*
kind of a quirk, but package definitions are actually in the "additions"
overlay I did this to work around some recursion problems
TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880
*/
packages = genPkgs (pkgs: {inherit (pkgs) iosevkaLyteTerm iosevkaLyteTermSubset nix-base-container-image;});
diskoConfigurations = import ./disko {inherit (nixpkgs) lib;};
templates = import ./templates;
formatter = genPkgs (p: p.alejandra);
checks = genPkgs ({system, ...}: {
git-hooks = git-hooks.lib.${system}.run {
src = ./.;
hooks = {
alejandra.enable = true;
};
};
});
devShells = genPkgs ({
system,
pkgs,
mkShell,
...
}: {
default = mkShell {
inherit (outputs.checks.${system}.git-hooks) shellHook;
packages = with pkgs; [
lua-language-server
nodePackages.bash-language-server
];
};
});
overlays = {
# the default overlay composes all the other overlays together
default = final: prev: {
overlays = with overlays; [
additions
modifications
unstable-packages
];
};
additions = final: prev: let
iosevkaLyteTerm = prev.callPackage ./packages/iosevkaLyteTerm.nix {};
in {
inherit iosevkaLyteTerm;
iosevkaLyteTermSubset = prev.callPackage ./packages/iosevkaLyteTermSubset.nix {
inherit iosevkaLyteTerm;
};
nix-base-container-image = final.dockerTools.buildImageWithNixDb {
name = "git.lyte.dev/lytedev/nix";
tag = "latest";
copyToRoot = with final; [
bash
coreutils
curl
gawk
gitFull
git-lfs
gnused
nodejs
wget
sudo
nixFlakes
cacert
gnutar
gzip
openssh
xz
(pkgs.writeTextFile {
name = "nix.conf";
destination = "/etc/nix/nix.conf";
text = ''
accept-flake-config = true
experimental-features = nix-command flakes
build-users-group =
substituters = https://nix.h.lyte.dev https://cache.nixos.org/
trusted-substituters = https://nix.h.lyte.dev https://cache.nixos.org/
trusted-public-keys = h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
'';
})
];
extraCommands = ''
# enable /usr/bin/env for scripts
mkdir -p usr
ln -s ../bin usr/bin
# create /tmp
mkdir -p tmp
# create HOME
mkdir -vp root
'';
config = {
Cmd = ["/bin/bash"];
Env = [
"LANG=en_GB.UTF-8"
"ENV=/etc/profile.d/nix.sh"
"BASH_ENV=/etc/profile.d/nix.sh"
"NIX_BUILD_SHELL=/bin/bash"
"PAGER=cat"
"PATH=/usr/bin:/bin"
"SSL_CERT_FILE=${final.cacert}/etc/ssl/certs/ca-bundle.crt"
"USER=root"
];
};
};
};
modifications = final: prev: let
wezterm-input = wezterm;
in rec {
helix = helix.outputs.packages.${prev.system}.helix;
final.helix = helix;
/*
TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage
source: https://github.com/wez/wezterm/issues/3771
not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737
I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing
*/
wezterm = wezterm-input.outputs.packages.${prev.system}.default;
# wezterm = (import nixpkgs {inherit (prev) system;}).wezterm;
final.wezterm = wezterm;
zellij = prev.zellij.overrideAttrs rec {
version = "0.41.0";
src = prev.fetchFromGitHub {
owner = "zellij-org";
repo = "zellij";
rev = "v0.41.0";
hash = "sha256-A+JVWYz0t9cVA8XZciOwDkCecsC2r5TU2O9i9rVg7do=";
};
cargoDeps = prev.zellij.cargoDeps.overrideAttrs (prev.lib.const {
name = "zellij-vendor.tar.gz";
inherit src;
outputHash = "sha256-WxrMI7fV0pNsGjbNpXLr+xnMdWYkC4WxIeN4OK3ZPIE=";
});
};
final.zellij = zellij;
};
unstable-packages = final: _prev: {
unstable-packages = import nixpkgs-unstable {
system = final.system;
config.allowUnfree = true;
};
};
};
nixosModules = import ./modules/nixos {
inherit home-manager home-manager-unstable helix nixosModules homeManagerModules pubkey overlays style sops-nix disko;
flakeInputs = self.inputs;
};
homeManagerModules = import ./modules/home-manager {
inherit home-manager home-manager-unstable helix nixosModules homeManagerModules pubkey overlays style;
inherit (nixpkgs) lib;
flakeInputs = self.inputs;
};
nixosConfigurations = {
beefcake = let
system = "x86_64-linux";
in
nixpkgs.lib.nixosSystem {
inherit system;
modules = with nixosModules; [
home-manager-defaults
# TODO: disko?
hardware.nixosModules.common-cpu-intel
outputs.nixosModules.deno-netlify-ddns-client
{
services.deno-netlify-ddns-client = {
enable = true;
username = "beefcake.h";
# TODO: router doesn't even do ipv6 yet...
ipv6 = false;
};
}
family-users
common
podman
troubleshooting-tools
virtual-machines
virtual-machines-gui
linux
fonts
./nixos/beefcake.nix
{
services.kanidm.package = (unstable.pkgsFor system).kanidm;
}
];
};
dragon = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
home-manager-unstable-defaults
outputs.diskoConfigurations.standard
hardware.nixosModules.common-cpu-amd
hardware.nixosModules.common-pc-ssd
common
password-manager
wifi
graphical-workstation
virtual-machines
virtual-machines-gui
music-production
plasma6
gaming
slippi.nixosModules.default
outputs.nixosModules.deno-netlify-ddns-client
{
services.deno-netlify-ddns-client = {
enable = true;
username = "dragon.h";
# TODO: router doesn't even do ipv6 yet...
ipv6 = false;
};
}
./nixos/dragon.nix
{
home-manager.users.daniel = {
imports = with homeManagerModules; [
senpai
iex
cargo
firefox-no-tabs
linux-desktop-environment-config
slippi.homeManagerModules.default
];
};
}
];
};
bigtower = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
home-manager-unstable-defaults
outputs.diskoConfigurations.unencrypted
hardware.nixosModules.common-cpu-amd
hardware.nixosModules.common-pc-ssd
common
# wifi
graphical-workstation
music-production
gaming
./nixos/bigtower.nix
{
home-manager.users.daniel = {
imports = with homeManagerModules; [
firefox-no-tabs
linux-desktop-environment-config
];
};
}
];
};
htpc = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
home-manager-defaults
hardware.nixosModules.common-pc-ssd
common
gaming
graphical-workstation
plasma6
./nixos/htpc.nix
{
home-manager.users.daniel = {
imports = with homeManagerModules; [
linux-desktop-environment-config
];
};
}
];
};
steamdeck1 = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
home-manager-unstable-defaults
outputs.diskoConfigurations.standard
hardware.nixosModules.common-pc-ssd
common
gaming
graphical-workstation
plasma6
jovian.outputs.nixosModules.jovian
{
networking.hostName = "steamdeck1";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
hardware.bluetooth.enable = true;
networking.networkmanager.enable = true;
home-manager.users.daniel = {
imports = with homeManagerModules; [
firefox-no-tabs
linux-desktop-environment-config
];
};
}
];
};
foxtrot = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
home-manager-unstable-defaults
outputs.diskoConfigurations.standard
hardware.nixosModules.framework-13-7040-amd
common
kde-connect
password-manager
graphical-workstation
virtual-machines
virtual-machines-gui
laptop
gaming
cross-compiler
./nixos/foxtrot.nix
({pkgs, ...}: {
home-manager.users.daniel = {
imports = with homeManagerModules; [
senpai
iex
cargo
firefox-no-tabs
linux-desktop-environment-config
];
};
environment.systemPackages = with pkgs; [
fw-ectool
(writeShellApplication
{
name = "reset-wifi-module";
runtimeInputs = with pkgs; [kmod];
text = ''
modprobe -rv mt7921e
modprobe -v mt7921e
'';
})
(writeShellApplication
{
name = "perfmode";
# we use command -v $cmd here because we only want to invoke these calls _if_ the related package is installed on the system
# otherwise, they will likely have no effect anyways
text = ''
command -v powerprofilesctl &>/dev/null && bash -x -c 'powerprofilesctl set balanced'
command -v swaymsg &>/dev/null && bash -x -c 'swaymsg output eDP-1 mode 2880x1920@120Hz'
'';
})
(writeShellApplication
{
name = "battmode";
text = ''
command -v powerprofilesctl &>/dev/null && bash -x -c 'powerprofilesctl set power-saver'
command -v swaymsg &>/dev/null && bash -x -c 'swaymsg output eDP-1 mode 2880x1920@60Hz'
'';
})
];
})
];
};
thablet = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
home-manager-unstable-defaults
outputs.diskoConfigurations.standard
hardware.nixosModules.lenovo-thinkpad-x1-yoga
common
password-manager
graphical-workstation
music-production
laptop
gaming
./nixos/thablet.nix
{
home-manager.users.daniel = {
imports = with homeManagerModules; [
senpai
iex
cargo
firefox-no-tabs
linux-desktop-environment-config
# slippi.homeManagerModules.default
];
};
}
];
};
/*
grablet = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
common
outputs.diskoConfigurations.standard
hardware.nixosModules.common-cpu-intel-kaby-lake
hardware.nixosModules.common-pc-laptopp-ssd
graphical-workstation
laptop
gaming
./nixos/thablet.nix
{
home-manager.users.daniel = {
imports = with homeManagerModules; [
iex
cargo
linux-desktop-environment-config
];
};
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
}
];
};
*/
thinker = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
home-manager-unstable-defaults
{
_module.args = {
disks = ["/dev/nvme0n1"];
swapSize = "32G";
};
}
outputs.diskoConfigurations.standardWithHibernateSwap
hardware.nixosModules.lenovo-thinkpad-t480
hardware.nixosModules.common-pc-laptop-ssd
music-production
common
password-manager
graphical-workstation
laptop
gaming
./nixos/thinker.nix
{
home-manager.users.daniel = {
imports = with homeManagerModules; [
senpai
iex
cargo
firefox-no-tabs
linux-desktop-environment-config
slippi.homeManagerModules.default
];
};
}
];
};
musicbox = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
home-manager-defaults
{
_module.args = {
disks = ["/dev/sda"];
# swapSize = "8G";
};
}
outputs.diskoConfigurations.unencrypted
hardware.nixosModules.common-pc-laptop-ssd
music-production
common
graphical-workstation
wifi
# ./nixos/musicbox.nix
{
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
hardware.bluetooth.enable = true;
networking.networkmanager.enable = true;
home-manager.users.daniel = {
imports = with homeManagerModules; [
firefox-no-tabs
linux-desktop-environment-config
];
};
}
];
};
rascal = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
home-manager-defaults
hardware.nixosModules.common-cpu-amd
common
linux
./nixos/rascal.nix
];
};
router = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
home-manager-defaults
outputs.diskoConfigurations.unencrypted
common
linux
troubleshooting-tools
outputs.nixosModules.deno-netlify-ddns-client
{
services.deno-netlify-ddns-client = {
enable = true;
username = "router.h";
# TODO: ipv6
ipv6 = false;
};
}
/*
NOTE: maybe use this someday, but I think I need more concrete
networking knowledge before I know how to use it well. Additionally,
I can use my existing firewall configuration more easily if I manage
it directly.
nnf.nixosModules.default
*/
./nixos/router.nix
];
};
# pinephone-image =
# (import "${mobile-nixos}/lib/eval-with-configuration.nix" {
# configuration = with nixosModules; [
# linux
# home-manager-defaults
# # outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
# common
# wifi
# # TODO: how do I get a minimally useful mobile environment?
# # for me, this means an on-screen keyboard and suspend support I think?
# # I can live in a tty if needed and graphical stuff can all evolve later
# # not worried about modem
# # maybe/hopefully I can pull in or define my own sxmo via nix?
# ];
# device = "pine64-pinephone";
# pkgs = pkgsFor "aarch64-linux";
# })
# .outputs
# .disk-image;
pinephone = let
inherit (nixpkgs-unstable) lib;
in
lib.nixosSystem {
system = "aarch64-linux";
# lib.nixosSystem {
modules = with nixosModules; [
{
imports = [
(import "${mobile-nixos}/lib/configuration.nix" {
device = "pine64-pinephone";
})
];
# nixpkgs.hostPlatform.system = "aarch64-linux";
nixpkgs.buildPlatform = "x86_64-linux";
# TODO: quirk: since the pinephone kernel doesn't seem to have "rpfilter" support, firewall ain't working
networking.firewall.enable = lib.mkForce false;
# TODO: quirk: since git send-email requires perl support, which we don't seem to have on the pinephone, we're just disabling git for now
# TODO: would likely be easier/better to somehow ignore the assertion? probably a way to do that...
programs.git.enable = lib.mkForce false;
# this option is conflicted, presumably due to some assumption in my defaults/common config
# the sd-image module we're importing above has this set to true, so we better go with that?
# that said, I think the mobile-nixos bootloader module has this set to false, so...
# TODO: what does this mean?
boot.loader.generic-extlinux-compatible.enable = lib.mkForce true;
# another conflicting option since I think I default to NetworkManager and this conflicts with networking.wireless.enable
networking.networkmanager.enable = lib.mkForce false;
networking.wireless.enable = lib.mkForce true;
}
# TODO: how do I build this as a .img to flash to an SD card?
# for testing, this seems to work `nixos-rebuild build --impure --flake .#pinephone`
# TODO: would like to use the mobile-nixos installer?
"${nixpkgs-unstable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix"
linux
home-manager-unstable-defaults
# outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
common
wifi
{
system.stateVersion = "24.11";
}
{
# nixpkgs.buildPlatform = "x86_64-linux";
# nixpkgs.hostPlatform = lib.systems.examples.aarch64-multiplatform;
# nixpkgs.localSystem.system = lib.systems.examples.x86_64-linux;
# nixpkgs.crossSystem = lib.mkForce null;
}
];
};
};
images.pinephone = outputs.nixosConfigurations.pinephone.config.system.build.sdImage;
homeConfigurations = {
"deck" = let
system = "x86_64-linux";
pkgs = unstable.pkgsFor system;
in
home-manager-unstable.lib.homeManagerConfiguration {
inherit pkgs;
modules = with homeManagerModules; [
common
{
home = {
homeDirectory = "/home/deck";
username = "deck";
stateVersion = "24.11";
};
}
{
home.packages = with pkgs; [
ludusavi
rclone
];
}
linux
];
};
};
/*
TODO: nix-on-droid for phone terminal usage? mobile-nixos?
TODO: nix-darwin for work?
TODO: nixos ISO?
*/
};
}