mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

so many sops

Browse Source
This commit is contained in:
mjallen18
2025-03-17 21:34:52 -05:00
parent 7741fc575f
commit 32eadb044d
53 changed files with 801 additions and 591 deletions
Download Patch File Download Diff File Expand all files Collapse all files

282
flake.nix
View File

@@ -122,12 +122,23 @@
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.matt = { pkgs, ...}: {
imports = [
./hosts/desktop/home.nix
steam-rom-manager.homeManagerModules.default
];
};
home-manager.users.matt =
{ ... }:
{
imports = [
./hosts/desktop/home.nix
steam-rom-manager.homeManagerModules.default
sops-nix.homeManagerModules.sops
];
};
home-manager.users.root =
{ ... }:
{
imports = [
./share/root-user
sops-nix.homeManagerModules.sops
];
};
home-manager.backupFileExtension = "backup";
}
@@ -156,7 +167,22 @@
{
home-manager.useGlobalPkgs = false;
home-manager.useUserPackages = true;
home-manager.users.admin = import ./hosts/nas/home.nix;
home-manager.users.admin =
{ ... }:
{
imports = [
./hosts/nas/home.nix
sops-nix.homeManagerModules.sops
];
};
home-manager.users.root =
{ ... }:
{
imports = [
./share/root-user
sops-nix.homeManagerModules.sops
];
};
home-manager.backupFileExtension = "backup";
}
@@ -167,10 +193,12 @@
crowdsec.nixosModules.crowdsec
crowdsec.nixosModules.crowdsec-firewall-bouncer
({ ... }:
{
nixpkgs.overlays = [ crowdsec.overlays.default ];
})
(
{ ... }:
{
nixpkgs.overlays = [ crowdsec.overlays.default ];
}
)
nixos-hardware.nixosModules.common-pc
nixos-hardware.nixosModules.common-cpu-amd
@@ -225,12 +253,14 @@
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.deck = { pkgs, ...}: {
imports = [
./hosts/deck/home.nix
steam-rom-manager.homeManagerModules.default
];
};
home-manager.users.deck =
{ ... }:
{
imports = [
./hosts/deck/home.nix
steam-rom-manager.homeManagerModules.default
];
};
home-manager.backupFileExtension = "backup";
}
@@ -279,117 +309,125 @@
];
};
};
# Improved build-all app
apps.x86_64-linux.build-all = let
pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
in {
type = "app";
program = toString (pkgs.writeShellScript "build-all" ''
#!/usr/bin/env bash
set -euo pipefail
# Get the list of system names directly from flake.nix
# This avoids JSON serialization issues
systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs))
echo "Found systems: ''${systems[@]}"
echo "Building all compatible systems..."
# Track success/failure
success=()
failure=()
for system in "''${systems[@]}"; do
echo "Attempting to build $system..."
# Detect system type without JSON evaluation
if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then
system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null || echo "unknown")
# Only build if we're on the same system type or can cross-compile
if [ "$system_type" = "x86_64-linux" ]; then
echo "Building $system (x86_64-linux)..."
if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --out-link "./result-$system" --no-link; then
echo " Successfully built $system"
apps.x86_64-linux.build-all =
let
pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
in
{
type = "app";
program = toString (
pkgs.writeShellScript "build-all" ''
#!/usr/bin/env bash
set -euo pipefail
# Get the list of system names directly from flake.nix
# This avoids JSON serialization issues
systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs))
echo "Found systems: ''${systems[@]}"
echo "Building all compatible systems..."
# Track success/failure
success=()
failure=()
for system in "''${systems[@]}"; do
echo "Attempting to build $system..."
# Detect system type without JSON evaluation
if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then
system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null || echo "unknown")
# Copy to the binary cache
echo "Copying $system to binary cache..."
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel"
success+=("$system")
# Only build if we're on the same system type or can cross-compile
if [ "$system_type" = "x86_64-linux" ]; then
echo "Building $system (x86_64-linux)..."
if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --out-link "./result-$system" --no-link; then
echo " Successfully built $system"
# Copy to the binary cache
echo "Copying $system to binary cache..."
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel"
success+=("$system")
else
echo " Failed to build $system"
failure+=("$system")
fi
elif [ "$system_type" = "aarch64-linux" ] && command -v qemu-aarch64-static >/dev/null 2>&1; then
echo "Cross-building $system (aarch64-linux)..."
if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --system aarch64-linux --out-link "./result-$system" --no-link; then
echo " Successfully built $system"
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel"
success+=("$system")
else
echo " Failed to build $system"
failure+=("$system")
fi
else
echo " Skipping $system ($system_type) - incompatible with this host"
failure+=("$system (incompatible)")
fi
elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then
echo "Found Darwin system $system, attempting to build packages..."
if nix build ".#darwinConfigurations.$system.system" --out-link "./result-darwin-$system" --no-link; then
echo " Successfully built $system packages"
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#darwinConfigurations.$system.system"
success+=("$system (darwin)")
else
echo " Failed to build $system packages"
failure+=("$system (darwin)")
fi
else
echo " Failed to build $system"
failure+=("$system")
echo " Skipping $system - could not determine system type"
failure+=("$system (unknown)")
fi
elif [ "$system_type" = "aarch64-linux" ] && command -v qemu-aarch64-static >/dev/null 2>&1; then
echo "Cross-building $system (aarch64-linux)..."
if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --system aarch64-linux --out-link "./result-$system" --no-link; then
echo " Successfully built $system"
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel"
success+=("$system")
else
echo " Failed to build $system"
failure+=("$system")
fi
else
echo " Skipping $system ($system_type) - incompatible with this host"
failure+=("$system (incompatible)")
done
# Summary
echo ""
echo "===== Build Summary ====="
echo " Successfully built: ''${success[*]:-none}"
echo " Failed to build: ''${failure[*]:-none}"
# Return error code if any builds failed
if [ ''${#failure[@]} -gt 0 ]; then
exit 1
fi
elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then
echo "Found Darwin system $system, attempting to build packages..."
if nix build ".#darwinConfigurations.$system.system" --out-link "./result-darwin-$system" --no-link; then
echo " Successfully built $system packages"
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#darwinConfigurations.$system.system"
success+=("$system (darwin)")
else
echo " Failed to build $system packages"
failure+=("$system (darwin)")
fi
else
echo " Skipping $system - could not determine system type"
failure+=("$system (unknown)")
fi
done
# Summary
echo ""
echo "===== Build Summary ====="
echo " Successfully built: ''${success[*]:-none}"
echo " Failed to build: ''${failure[*]:-none}"
# Return error code if any builds failed
if [ ''${#failure[@]} -gt 0 ]; then
exit 1
fi
'');
};
''
);
};
# You could also provide a separate script that only lists systems
apps.x86_64-linux.list-systems = let
pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
in {
type = "app";
program = toString (pkgs.writeShellScript "list-systems" ''
#!/usr/bin/env bash
set -euo pipefail
# Get systems from flake.nix
systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs))
echo "Found systems in flake.nix:"
for system in "''${systems[@]}"; do
# Try to determine if it's a NixOS or Darwin system
if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then
system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null)
echo " - $system (NixOS, $system_type)"
elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then
echo " - $system (Darwin)"
else
echo " - $system (unknown type)"
fi
done
'');
};
apps.x86_64-linux.list-systems =
let
pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
in
{
type = "app";
program = toString (
pkgs.writeShellScript "list-systems" ''
#!/usr/bin/env bash
set -euo pipefail
# Get systems from flake.nix
systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs))
echo "Found systems in flake.nix:"
for system in "''${systems[@]}"; do
# Try to determine if it's a NixOS or Darwin system
if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then
system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null)
echo " - $system (NixOS, $system_type)"
elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then
echo " - $system (Darwin)"
else
echo " - $system (unknown type)"
fi
done
''
);
};
# Expose the package set, including overlays, for convenience.
darwinPackages = self.darwinConfigurations."MacBook-Pro".pkgs;