{ description = "flake for matt-nixos"; inputs = { # nixpgs nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; # nixpkgs-unstable-small # nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; # nixpgs nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; # Authentik authentik-nix = { url = "github:nix-community/authentik-nix"; # url = "github:fpletz/authentik-nix/24.11"; # for some reason this is broken in stable and unstable inputs.nixpkgs.follows = "nixpkgs-stable"; }; # Chaotic-nix chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; # Impermenance impermanence.url = "github:nix-community/impermanence"; # Home Manager home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; home-manager-stable = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; # Lanzaboote lanzaboote = { url = "github:nix-community/lanzaboote/v0.4.2"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; # Nix hardware nixos-hardware.url = "github:NixOS/nixos-hardware/master"; # Sops-nix sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; crowdsec = { url = "git+https://codeberg.org/kampka/nix-flake-crowdsec.git"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; #Apple nixos-apple-silicon.url = "github:tpwrules/nixos-apple-silicon"; # nixos-apple-silicon.url = "github:mjallen18/nixos-apple-silicon"; # nixos-apple-silicon.url = "git+file:///home/matt/nixos-apple-silicon"; nix-darwin.url = "github:LnL7/nix-darwin"; manyfold.url = "github:mjallen18/manyfold-nixos"; jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; steam-rom-manager = { url = "github:mjallen18/nix-steam-rom-manager"; inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.home-manager.follows = "home-manager"; }; # cosmic = { # url = "github:lilyinstarlight/nixos-cosmic"; # inputs.nixpkgs.follows = "nixpkgs-unstable"; # }; }; outputs = { self, nixpkgs-unstable, # nixpkgs-unstable-small, nixpkgs-stable, chaotic, lanzaboote, impermanence, home-manager, home-manager-stable, nixos-hardware, nix-darwin, nixos-apple-silicon, # cosmic, authentik-nix, sops-nix, crowdsec, manyfold, jovian, steam-rom-manager, }@inputs: let inherit (self) outputs; in { overlays = import ./overlays { inherit inputs; }; nixosConfigurations = { # Desktop "matt-nixos" = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs outputs; }; modules = [ impermanence.nixosModules.impermanence lanzaboote.nixosModules.lanzaboote ./hosts/desktop/configuration.nix ./share/impermanence chaotic.nixosModules.default home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.matt = { pkgs, ...}: { imports = [ ./hosts/desktop/home.nix steam-rom-manager.homeManagerModules.default ]; }; home-manager.backupFileExtension = "backup"; } nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-hidpi nixos-hardware.nixosModules.common-pc sops-nix.nixosModules.sops # cosmic.nixosModules.default ]; }; # NAS "jallen-nas" = nixpkgs-stable.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs outputs; }; modules = [ impermanence.nixosModules.impermanence ./hosts/nas/configuration.nix ./hosts/nas/impermanence.nix home-manager-stable.nixosModules.home-manager { home-manager.useGlobalPkgs = false; home-manager.useUserPackages = true; home-manager.users.admin = import ./hosts/nas/home.nix; home-manager.backupFileExtension = "backup"; } authentik-nix.nixosModules.default sops-nix.nixosModules.sops crowdsec.nixosModules.crowdsec crowdsec.nixosModules.crowdsec-firewall-bouncer ({ ... }: { nixpkgs.overlays = [ crowdsec.overlays.default ]; }) nixos-hardware.nixosModules.common-pc nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-hidpi ]; }; # mac nix "mac-nixos" = nixpkgs-unstable.lib.nixosSystem { system = "aarch64-linux"; modules = [ nixos-apple-silicon.nixosModules.apple-silicon-support ./hosts/mac-nixos/configuration.nix home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.matt = import ./hosts/mac-nixos/home.nix; } ]; }; # Pi4 "pi4" = nixpkgs-unstable.lib.nixosSystem { system = "aarch64-linux"; modules = [ nixos-hardware.nixosModules.raspberry-pi-4 impermanence.nixosModules.impermanence ./hosts/pi4/configuration.nix sops-nix.nixosModules.sops home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.matt = import ./hosts/pi4/home.nix; } ]; }; "steamdeck" = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs outputs; }; modules = [ impermanence.nixosModules.impermanence lanzaboote.nixosModules.lanzaboote ./hosts/deck/configuration.nix ./share/impermanence home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.deck = { pkgs, ...}: { imports = [ ./hosts/deck/home.nix steam-rom-manager.homeManagerModules.default ]; }; home-manager.backupFileExtension = "backup"; } nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-hidpi nixos-hardware.nixosModules.common-pc sops-nix.nixosModules.sops jovian.nixosModules.jovian chaotic.nixosModules.default ]; }; # home assistant "jallen-hass" = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; modules = [ impermanence.nixosModules.impermanence ./hosts/homeassistant/configuration.nix sops-nix.nixosModules.sops home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.hass-admin = import ./hosts/homeassistant/home.nix; } ]; }; }; darwinConfigurations = { "MacBook-Pro" = nix-darwin.lib.darwinSystem { system = "aarch64-darwin"; modules = [ ./hosts/mac/configuration.nix home-manager.darwinModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.mattjallen = import ./hosts/mac/home.nix; } ]; }; }; # Improved build-all app apps.x86_64-linux.build-all = let pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux; in { type = "app"; program = toString (pkgs.writeShellScript "build-all" '' #!/usr/bin/env bash set -euo pipefail # Get the list of system names directly from flake.nix # This avoids JSON serialization issues systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs)) echo "Found systems: ''${systems[@]}" echo "Building all compatible systems..." # Track success/failure success=() failure=() for system in "''${systems[@]}"; do echo "Attempting to build $system..." # Detect system type without JSON evaluation if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null || echo "unknown") # Only build if we're on the same system type or can cross-compile if [ "$system_type" = "x86_64-linux" ]; then echo "Building $system (x86_64-linux)..." if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --out-link "./result-$system" --no-link; then echo "✅ Successfully built $system" # Copy to the binary cache echo "Copying $system to binary cache..." nix copy --to "http://localhost:5000?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel" success+=("$system") else echo "❌ Failed to build $system" failure+=("$system") fi elif [ "$system_type" = "aarch64-linux" ] && command -v qemu-aarch64-static >/dev/null 2>&1; then echo "Cross-building $system (aarch64-linux)..." if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --system aarch64-linux --out-link "./result-$system" --no-link; then echo "✅ Successfully built $system" nix copy --to "http://localhost:5000?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel" success+=("$system") else echo "❌ Failed to build $system" failure+=("$system") fi else echo "⚠️ Skipping $system ($system_type) - incompatible with this host" failure+=("$system (incompatible)") fi elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then echo "Found Darwin system $system, attempting to build packages..." if nix build ".#darwinConfigurations.$system.system" --out-link "./result-darwin-$system" --no-link; then echo "✅ Successfully built $system packages" nix copy --to "http://localhost:5000?secret-key=/etc/nix/cache-priv-key.pem" ".#darwinConfigurations.$system.system" success+=("$system (darwin)") else echo "❌ Failed to build $system packages" failure+=("$system (darwin)") fi else echo "⚠️ Skipping $system - could not determine system type" failure+=("$system (unknown)") fi done # Summary echo "" echo "===== Build Summary =====" echo "✅ Successfully built: ''${success[*]:-none}" echo "❌ Failed to build: ''${failure[*]:-none}" # Return error code if any builds failed if [ ''${#failure[@]} -gt 0 ]; then exit 1 fi ''); }; # You could also provide a separate script that only lists systems apps.x86_64-linux.list-systems = let pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux; in { type = "app"; program = toString (pkgs.writeShellScript "list-systems" '' #!/usr/bin/env bash set -euo pipefail # Get systems from flake.nix systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs)) echo "Found systems in flake.nix:" for system in "''${systems[@]}"; do # Try to determine if it's a NixOS or Darwin system if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null) echo " - $system (NixOS, $system_type)" elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then echo " - $system (Darwin)" else echo " - $system (unknown type)" fi done ''); }; # Expose the package set, including overlays, for convenience. darwinPackages = self.darwinConfigurations."MacBook-Pro".pkgs; # Set Git commit hash for darwin-version. system.configurationRevision = self.rev or self.dirtyRev or null; }; }