/ flake.nix
flake.nix
1 { 2 description = "Your new nix config"; 3 4 inputs = { 5 #FIXME - Check inputs 6 7 # Nixpkgs 8 # nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; 9 # You can access packages and modules from different nixpkgs revs 10 # at the same time. Here's an working example: 11 nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; 12 # Home manager 13 home-manager.url = "github:nix-community/home-manager"; 14 home-manager.inputs.nixpkgs.follows = "nixpkgs"; 15 16 nix-ld.url = "github:Mic92/nix-ld"; 17 # this line assume that you also have nixpkgs as an input 18 nix-ld.inputs.nixpkgs.follows = "nixpkgs"; 19 20 stylix.url = "github:danth/stylix"; 21 22 firefox-addons = { 23 url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; 24 inputs.nixpkgs.follows = "nixpkgs"; 25 }; 26 /* 27 nur.url = "github:nix-community/NUR/master"; 28 nur.inputs.nixpkgs.follows = "nixpkgs"; 29 */ 30 31 #nixpkgs.follows = "nixvim/nixpkgs"; 32 nixvim.url = "github:nix-community/nixvim"; 33 kickstart-nixvim.url = "github:JMartJonesy/kickstart.nixvim"; 34 /* 35 kickstart-nixvim = { 36 url = "github:JMartJonesy/kickstart.nixvim"; 37 }; 38 */ 39 nix-flatpak.url = "github:gmodena/nix-flatpak"; # unstable branch. Use github:gmodena/nix-flatpak/?ref=<tag> to pin releases. 40 #flatpaks.url = "github:GermanBread/declarative-flatpak/stable"; 41 42 nixos-facter-modules.url = "github:numtide/nixos-facter-modules"; 43 44 #Neve.url = "github:redyf/Neve"; 45 #conduit = { 46 # url = "gitlab:famedly/conduit"; 47 # inputs.nixpkgs.follows = "nixpkgs"; 48 #}; 49 #hardware.url = "github:nixos/nixos-hardware"; 50 # nixos-hardware.url = "github:NixOS/nixos-hardware/master"; 51 impermanence.url = "github:nix-community/impermanence"; 52 jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; 53 54 lanzaboote = { 55 url = "github:nix-community/lanzaboote/v0.4.2"; 56 # Optional but recommended to limit the size of your system closure. 57 # inputs.nixpkgs.follows = "nixpkgs"; 58 }; 59 /* 60 openhab.url = "github:nagisa/nixpkg-openhab"; 61 openhab.inputs = { 62 # In case you already depend on `nixpkgs` in your flake, consider having `openhab` 63 # “follow” it: 64 nixpkgs.follows = "nixpkgs"; 65 # Similarly, for flake-utils: 66 #flake-utils.follows = "flake-utils"; 67 }; 68 */ 69 70 # Shameless plug: looking for a way to nixify your themes and make 71 # everything match nicely? Try nix-colors! 72 nix-colors.url = "github:misterio77/nix-colors"; 73 disko.url = "github:nix-community/disko"; 74 disko.inputs.nixpkgs.follows = "nixpkgs"; 75 76 sops-nix = { 77 url = "github:mic92/sops-nix"; 78 inputs.nixpkgs.follows = "nixpkgs"; 79 #inputs.nixpkgs-stable.follows = "nixpkgs"; 80 }; 81 /* 82 nixos-mailserver = { 83 url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; 84 #url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.04"; 85 inputs.nixpkgs.follows = "nixpkgs"; 86 #inputs.nixpkgs-22_11.follows = "nixpkgs"; 87 #inputs.nixpkgs-23_05.follows = "nixpkgs"; 88 #inputs.nixpkgs-23_11.follows = "nixpkgs"; 89 }; 90 */ 91 #firefox-addons = { 92 # url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; 93 # inputs.nixpkgs.follows = "nixpkgs"; 94 #}; 95 #nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions"; 96 nix4vscode = { 97 url = "github:nix-community/nix4vscode"; 98 inputs.nixpkgs.follows = "nixpkgs"; 99 }; 100 /* 101 wp4nix = { 102 url = "git+https://git.helsinki.tools/helsinki-systems/wp4nix.git?ref=master"; 103 flake = false; 104 #ref = "master"; 105 }; 106 */ 107 musnix = { 108 url = "github:musnix/musnix"; 109 }; 110 # vscode-server.url = "github:nix-community/nixos-vscode-server"; 111 deploy-rs.url = "github:serokell/deploy-rs"; 112 113 plasma-manager = { 114 url = "github:nix-community/plasma-manager"; 115 inputs.nixpkgs.follows = "nixpkgs"; 116 inputs.home-manager.follows = "home-manager"; 117 }; 118 /* 119 auto-cpufreq = { 120 url = "github:AdnanHodzic/auto-cpufreq"; 121 inputs.nixpkgs.follows = "nixpkgs"; 122 }; 123 */ 124 }; 125 outputs = 126 { 127 self, 128 nixpkgs, 129 home-manager, 130 deploy-rs, 131 sops-nix, 132 disko, 133 lanzaboote, 134 jovian, 135 stylix, 136 nix4vscode, 137 nix-ld, 138 ... 139 }@inputs: 140 let 141 inherit (self) outputs; 142 #inherit (nixpkgs) lib; 143 # Supported systems for your flake packages, shell, etc. 144 systems = [ 145 "x86_64-linux" 146 "aarch64-linux" 147 ]; 148 # This is a function that generates an attribute by calling a function you 149 # pass to it, with each system as an argument 150 forAllSystems = nixpkgs.lib.genAttrs systems; 151 #system = builtins.currentSystem; 152 # Unmodified nixpkgs 153 # pkgs = import nixpkgs { inherit system; }; 154 pkgs = import <nixpkgs> { 155 config.allowUnfree = true; 156 system = "x86_64-linux"; # One of supported systems 157 overlays = [ 158 nix4vscode.overlays.default 159 ]; 160 }; 161 # nixpkgs with deploy-rs overlay but force the nixpkgs package 162 163 rootPath = ./.; 164 165 deployPkgs = import nixpkgs { 166 inherit systems; 167 overlays = [ 168 deploy-rs.overlay 169 (_self: super: { 170 deploy-rs = { 171 inherit (pkgs) deploy-rs; 172 lib = super.deploy-rs.lib; 173 }; 174 }) 175 ]; 176 }; 177 in 178 { 179 # Your custom packages 180 # Accessible through 'nix build', 'nix shell', etc 181 packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); 182 183 /* 184 packages = forAllSystems ( 185 system: 186 let 187 nixvim' = nixvim.legacyPackages.${system}; 188 nvim = nixvim'.makeNixvim.config; 189 in 190 { 191 inherit nvim; 192 default = nvim; 193 } 194 ); 195 */ 196 197 # Formatter for your nix files, available through 'nix fmt' 198 # Other options beside 'alejandra' include 'nixpkgs-fmt' 199 formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); 200 201 # Your custom packages and modifications, exported as overlays 202 overlays = import ./overlays { 203 inherit inputs; 204 }; 205 206 # Reusable nixos modules you might want to export 207 # These are usually stuff you would upstream into nixpkgs 208 nixosModules = import ./modules/nixos; 209 # Reusable home-manager modules you might want to export 210 # These are usually stuff you would upstream into home-manager 211 homeManagerModules = import ./modules/home-manager; 212 # NixOS configuration entrypoint 213 # Available through 'nixos-rebuild --flake .#your-hostname' 214 nixosConfigurations = { 215 immortal = nixpkgs.lib.nixosSystem { 216 system = "x86_64-linux"; 217 specialArgs = { inherit inputs outputs; }; 218 modules = [ 219 ./hosts/immortal/configuration.nix 220 sops-nix.nixosModules.sops 221 disko.nixosModules.disko 222 lanzaboote.nixosModules.lanzaboote 223 ( 224 { 225 pkgs, 226 lib, 227 ... 228 }: 229 { 230 environment.systemPackages = [ 231 pkgs.sbctl 232 ]; 233 234 boot.loader.systemd-boot.enable = lib.mkForce false; 235 236 boot.lanzaboote = { 237 enable = true; 238 pkiBundle = "/var/lib/sbctl"; 239 }; 240 } 241 ) 242 243 #vscode-server.nixosModules.default 244 #({...}: { 245 # services.vscode-server.enable = true; 246 # services.vscode-server.installPath = "~/.vscodium-server"; 247 #}) 248 ]; 249 }; 250 luna = nixpkgs.lib.nixosSystem { 251 system = "x86_64-linux"; 252 specialArgs = { inherit inputs outputs; }; 253 modules = [ 254 ./hosts/luna/configuration.nix 255 sops-nix.nixosModules.sops 256 home-manager.nixosModules.home-manager 257 ( 258 { lib, ... }: 259 { 260 home-manager.useGlobalPkgs = true; 261 home-manager.useUserPackages = true; 262 home-manager.users.egor = import ./home-manager/home.nix; 263 home-manager.extraSpecialArgs = { inherit inputs; }; 264 home-manager.backupFileExtension = "backup"; 265 #home-manager.backupCommand = lib.literalExpression "''${pkgs.trash-cli}/bin/trash"; 266 } 267 ) 268 lanzaboote.nixosModules.lanzaboote 269 ( 270 { 271 pkgs, 272 lib, 273 ... 274 }: 275 { 276 environment.systemPackages = [ 277 pkgs.sbctl 278 ]; 279 280 boot.loader.systemd-boot.enable = lib.mkForce false; 281 282 boot.lanzaboote = { 283 enable = true; 284 pkiBundle = "/var/lib/sbctl"; 285 }; 286 } 287 ) 288 ]; 289 }; 290 horizon = nixpkgs.lib.nixosSystem { 291 system = "x86_64-linux"; 292 specialArgs = { inherit inputs outputs; }; 293 modules = [ 294 ./hosts/horizon/configuration.nix 295 sops-nix.nixosModules.sops 296 jovian.nixosModules.jovian 297 disko.nixosModules.disko 298 stylix.nixosModules.stylix 299 home-manager.nixosModules.home-manager 300 ( 301 { lib, ... }: 302 { 303 home-manager.useGlobalPkgs = true; 304 home-manager.useUserPackages = true; 305 home-manager.users.egor = import ./home-manager/saturn.nix; 306 home-manager.extraSpecialArgs = { inherit inputs outputs; }; 307 home-manager.backupFileExtension = "backup"; 308 #home-manager.backupCommand = lib.literalExpression "''${pkgs.trash-cli}/bin/trash"; 309 } 310 ) 311 312 { 313 nixpkgs.overlays = [ 314 nix4vscode.overlays.default 315 ]; 316 } 317 318 lanzaboote.nixosModules.lanzaboote 319 ( 320 { 321 pkgs, 322 lib, 323 ... 324 }: 325 { 326 environment.systemPackages = [ 327 pkgs.sbctl 328 ]; 329 330 boot.loader.systemd-boot.enable = lib.mkForce false; 331 332 boot.lanzaboote = { 333 enable = true; 334 pkiBundle = "/var/lib/sbctl"; 335 }; 336 } 337 ) 338 ]; 339 }; 340 saturn = nixpkgs.lib.nixosSystem { 341 system = "x86_64-linux"; 342 specialArgs = { inherit inputs outputs; }; 343 modules = with self.nixosModules; [ 344 ./hosts/saturn/configuration.nix 345 sops-nix.nixosModules.sops 346 disko.nixosModules.disko 347 stylix.nixosModules.stylix 348 home-manager.nixosModules.home-manager 349 ( 350 { lib, ... }: 351 { 352 home-manager.useGlobalPkgs = true; 353 home-manager.useUserPackages = true; 354 home-manager.users.egor = import ./home-manager/saturn.nix; 355 home-manager.extraSpecialArgs = { inherit inputs; }; 356 home-manager.backupFileExtension = "backup"; 357 #home-manager.backupCommand = lib.literalExpression "''${pkgs.trash-cli}/bin/trash"; 358 # Optionally, use home-manager.extraSpecialArgs to pass 359 # arguments to home.nix 360 } 361 ) 362 inputs.musnix.nixosModules.musnix 363 { 364 musnix.enable = true; 365 musnix.alsaSeq.enable = true; 366 musnix.ffado.enable = true; 367 musnix.rtcqs.enable = true; 368 #musnix.kernel.realtime = true; 369 } 370 ]; 371 }; 372 stellar = nixpkgs.lib.nixosSystem { 373 system = "x86_64-linux"; 374 specialArgs = { inherit inputs outputs; }; 375 modules = [ 376 ./hosts/stellar/configuration.nix 377 # ... add this line to the rest of your configuration modules 378 nix-ld.nixosModules.nix-ld 379 380 # The module in this repository defines a new module under (programs.nix-ld.dev) instead of (programs.nix-ld) 381 # to not collide with the nixpkgs version. 382 { programs.nix-ld.dev.enable = true; } 383 sops-nix.nixosModules.sops 384 disko.nixosModules.disko 385 stylix.nixosModules.stylix 386 home-manager.nixosModules.home-manager 387 ( 388 { lib, ... }: 389 { 390 home-manager.useGlobalPkgs = true; 391 home-manager.useUserPackages = true; 392 home-manager.users.egor = import ./home-manager/saturn.nix; 393 home-manager.extraSpecialArgs = { inherit inputs outputs; }; 394 home-manager.backupFileExtension = "backup"; 395 #home-manager.backupCommand = lib.literalExpression "''${pkgs.trash-cli}/bin/trash"; 396 397 # Optionally, use home-manager.extraSpecialArgs to pass 398 # arguments to home.nix 399 nixpkgs.overlays = [ 400 nix4vscode.overlays.default 401 ]; 402 } 403 ) 404 405 lanzaboote.nixosModules.lanzaboote 406 ( 407 { 408 pkgs, 409 lib, 410 ... 411 }: 412 { 413 environment.systemPackages = [ 414 pkgs.sbctl 415 ]; 416 417 boot.loader.systemd-boot.enable = lib.mkForce false; 418 419 boot.lanzaboote = { 420 enable = true; 421 pkiBundle = "/var/lib/sbctl"; 422 }; 423 } 424 ) 425 inputs.musnix.nixosModules.musnix 426 { 427 musnix.enable = true; 428 musnix.alsaSeq.enable = true; 429 musnix.ffado.enable = true; 430 musnix.rtcqs.enable = true; 431 musnix.kernel.realtime = false; 432 } 433 ]; 434 }; 435 pluto = nixpkgs.lib.nixosSystem { 436 system = "x86_64-linux"; 437 specialArgs = { inherit inputs outputs; }; 438 modules = [ 439 ./hosts/pluto/configuration.nix 440 disko.nixosModules.disko 441 #{disko.devices.disk.disk1.device = "/dev/vda";} 442 sops-nix.nixosModules.sops 443 # nixos-mailserver.nixosModule 444 ( 445 { config, ... }: 446 { 447 /* 448 services.dovecot2.sieve.extensions = [ "fileinto" ]; 449 mailserver = { 450 enable = true; 451 fqdn = "mail.egor.wtf"; 452 domains = [ "egor.wtf" ]; 453 # A list of all login accounts. To create the password hashes, use 454 # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' 455 loginAccounts = { 456 "me@egor.wtf" = { 457 hashedPasswordFile = config.sops.secrets."mail/egor.wtf/me".path; 458 aliases = [ "postmaster@egor.wtf" ]; 459 }; 460 "hello@egor.wtf" = { 461 hashedPasswordFile = config.sops.secrets."mail/egor.wtf/me".path; 462 }; 463 }; 464 certificateScheme = "acme-nginx"; 465 }; 466 */ 467 security.acme.acceptTerms = true; 468 security.acme.defaults.email = "ssl@egor.wtf"; 469 470 sops.secrets."mail/egor.wtf/me" = { 471 #owner = "nextcloud"; 472 }; 473 } 474 ) 475 ]; 476 }; 477 comet = nixpkgs.lib.nixosSystem { 478 system = "aarch64-linux"; 479 specialArgs = { inherit inputs outputs; }; 480 modules = [ 481 ./hosts/comet/configuration.nix 482 sops-nix.nixosModules.sops 483 ]; 484 }; 485 hole = nixpkgs.lib.nixosSystem { 486 system = "aarch64-linux"; 487 specialArgs = { inherit inputs outputs; }; 488 modules = with self.nixosModules; [ 489 ./hosts/hole/configuration.nix 490 #sops-nix.nixosModules.sops 491 nixos-facter-modules.nixosModules.facter 492 { config.facter.reportPath = ./hosts/hole/facter.json; } 493 disko.nixosModules.disko 494 /* 495 home-manager.nixosModules.home-manager 496 { 497 home-manager.useGlobalPkgs = true; 498 home-manager.useUserPackages = true; 499 home-manager.users.egor = import ./home-manager/saturn.nix; 500 home-manager.extraSpecialArgs = { inherit inputs; }; 501 home-manager.backupFileExtension = "backup"; 502 #home-manager.backupCommand = lib.literalExpression "''${pkgs.trash-cli}/bin/trash"; 503 # Optionally, use home-manager.extraSpecialArgs to pass 504 # arguments to home.nix 505 } 506 */ 507 ]; 508 }; 509 }; 510 deploy.nodes = { 511 immortal = { 512 sshOpts = [ 513 "-p" 514 "3370" 515 ]; 516 hostname = "100.64.0.1"; 517 fastConnection = true; 518 profiles = { 519 system = { 520 sshUser = "root"; 521 path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.immortal; 522 user = "root"; 523 remoteBuild = true; 524 }; 525 }; 526 }; 527 528 saturn = { 529 sshOpts = [ 530 "-p" 531 "3370" 532 ]; 533 hostname = "100.64.0.4"; 534 fastConnection = true; 535 profiles = { 536 system = { 537 sshUser = "root"; 538 path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.saturn; 539 user = "root"; 540 remoteBuild = true; 541 }; 542 }; 543 }; 544 545 luna = { 546 sshOpts = [ 547 "-p" 548 "3370" 549 ]; 550 hostname = "100.64.0.2"; 551 fastConnection = true; 552 profiles = { 553 system = { 554 sshUser = "root"; 555 path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.luna; 556 user = "root"; 557 }; 558 }; 559 }; 560 561 pluto = { 562 sshOpts = [ 563 "-p" 564 "3370" 565 ]; 566 hostname = "100.64.0.5"; 567 fastConnection = true; 568 profiles = { 569 system = { 570 sshUser = "root"; 571 path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.pluto; 572 user = "root"; 573 }; 574 }; 575 }; 576 horizon = { 577 sshOpts = [ 578 "-p" 579 "3370" 580 ]; 581 hostname = "100.64.0.6"; 582 fastConnection = true; 583 profiles = { 584 system = { 585 sshUser = "root"; 586 path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.horizon; 587 user = "root"; 588 remoteBuild = true; 589 }; 590 }; 591 }; 592 stellar = { 593 sshOpts = [ 594 "-p" 595 "3370" 596 ]; 597 hostname = "100.64.0.7"; 598 fastConnection = true; 599 profiles = { 600 system = { 601 sshUser = "root"; 602 path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.stellar; 603 user = "root"; 604 remoteBuild = true; 605 }; 606 }; 607 }; 608 hole = { 609 sshOpts = [ 610 "-p" 611 "3370" 612 ]; 613 hostname = "192.168.0.123"; 614 fastConnection = true; 615 profiles = { 616 system = { 617 sshUser = "root"; 618 path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.stellar; 619 user = "root"; 620 remoteBuild = true; 621 }; 622 }; 623 }; 624 }; 625 626 # This is highly advised, and will prevent many possible mistakes 627 checks = builtins.mapAttrs (_system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; 628 629 # homeConfigurations = { 630 # "egor@luna" = home-manager.lib.homeManagerConfiguration { 631 # inherit pkgs; 632 # extraSpecialArgs = {inherit inputs outputs;}; 633 # modules = [ 634 # 635 # ]; 636 # }; 637 # }; 638 # Standalone home-manager configuration entrypoint 639 # Available through 'home-manager --flake .#your-username@your-hostname' 640 # homeConfigurations = { 641 # "egor@immortal" = home-manager.lib.homeManagerConfiguration { 642 # pkgs = nixpkgs.x86_64-linux; # Home-manager requires 'pkgs' instance 643 # extraSpecialArgs = {inherit inputs outputs;}; 644 # modules = [ 645 # > Our main home-manager configuration file < 646 # ./home-manager/home.nix 647 # ]; 648 # }; 649 # "egor@saturn" = home-manager.lib.homeManagerConfiguration { 650 # pkgs = nixpkgs.x86_64-linux; # Home-manager requires 'pkgs' instance 651 # extraSpecialArgs = {inherit inputs outputs;}; 652 # modules = [ 653 # # > Our main home-manager configuration file < 654 # ./home-manager/home.nix 655 # ]; 656 # }; 657 # "egor@luna" = home-manager.lib.homeManagerConfiguration { 658 # pkgs = nixpkgs.x86_64-linux; # Home-manager requires 'pkgs' instance 659 # extraSpecialArgs = {inherit inputs outputs;}; 660 # modules = [ 661 # # > Our main home-manager configuration file < 662 # ./home-manager/home.nix 663 # ]; 664 # }; 665 # }; 666 }; 667 }