306 lines
10 KiB
Nix
Executable File
306 lines
10 KiB
Nix
Executable File
{
|
|
inputs = rec {
|
|
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
|
|
|
|
# Fork required: openthread-border-router is not yet in nixpkgs-unstable.
|
|
# Used by modules/nixos/homeassistant/services/thread/default.nix
|
|
nixpkgs-otbr.url = "github:mrene/nixpkgs/openthread-border-router";
|
|
|
|
home-manager-unstable = {
|
|
url = "github:nix-community/home-manager";
|
|
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
};
|
|
|
|
nixpkgs = nixpkgs-unstable;
|
|
home-manager = home-manager-unstable;
|
|
|
|
# The name "snowfall-lib" is required due to how Snowfall Lib processes your
|
|
# flake's inputs. Using a personal fork for custom changes.
|
|
snowfall-lib = {
|
|
url = "github:mjallen18/snowfall-lib";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
impermanence.url = "github:nix-community/impermanence";
|
|
|
|
lanzaboote.url = "github:nix-community/lanzaboote/v1.0.0";
|
|
|
|
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
|
|
|
sops-nix.url = "github:Mic92/sops-nix";
|
|
|
|
nix-cachyos-kernel.url = "github:xddxdd/nix-cachyos-kernel/release";
|
|
|
|
steam-rom-manager = {
|
|
url = "github:mjallen18/nix-steam-rom-manager";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
inputs.home-manager.follows = "home-manager";
|
|
};
|
|
|
|
cosmic = {
|
|
url = "github:lilyinstarlight/nixos-cosmic";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions";
|
|
|
|
authentik-nix = {
|
|
url = "github:nix-community/authentik-nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
disko = {
|
|
# the fork is needed for partition attributes support
|
|
# url = "github:nvmd/disko/gpt-attrs";
|
|
url = "github:nix-community/disko";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
darwin.url = "github:nix-darwin/nix-darwin/master";
|
|
|
|
nix-homebrew.url = "github:zhaofengli/nix-homebrew";
|
|
|
|
homebrew-core = {
|
|
url = "github:homebrew/homebrew-core";
|
|
flake = false;
|
|
};
|
|
|
|
homebrew-cask = {
|
|
url = "github:homebrew/homebrew-cask";
|
|
flake = false;
|
|
};
|
|
|
|
nixos-apple-silicon.url = "github:nix-community/nixos-apple-silicon";
|
|
|
|
pre-commit-hooks-nix = {
|
|
url = "github:cachix/pre-commit-hooks.nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
treefmt-nix = {
|
|
url = "github:numtide/treefmt-nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
nix-index-database = {
|
|
url = "github:nix-community/nix-index-database";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
lsfg-vk = {
|
|
url = "github:pabloaul/lsfg-vk-flake";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
nix-plist-manager.url = "github:sushydev/nix-plist-manager";
|
|
|
|
nix-rosetta-builder = {
|
|
url = "github:cpick/nix-rosetta-builder";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
stylix = {
|
|
url = "github:nix-community/stylix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
jovian = {
|
|
url = "github:Jovian-Experiments/Jovian-NixOS";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
llama-cpp = {
|
|
url = "github:ggml-org/llama.cpp";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
plasma-manager = {
|
|
url = "github:nix-community/plasma-manager";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
inputs.home-manager.follows = "home-manager";
|
|
};
|
|
};
|
|
|
|
# We will handle this in the next section.
|
|
outputs =
|
|
inputs:
|
|
inputs.snowfall-lib.mkFlake {
|
|
# You must provide our flake inputs to Snowfall Lib.
|
|
inherit inputs;
|
|
|
|
# The `src` must be the root of the flake. See configuration
|
|
# in the next section for information on how you can move your
|
|
# Nix files to a separate directory.
|
|
src = ./.;
|
|
|
|
overlays = with inputs; [
|
|
nix-vscode-extensions.overlays.default
|
|
nix-cachyos-kernel.overlays.default
|
|
# writeShellApplication uses lib.toShellVar which generates unquoted
|
|
# variable assignments for simple strings (e.g. username=admin).
|
|
# shellcheck SC2209 flags this as a warning, breaking the build when
|
|
# the value matches a command name. Exclude SC2209 globally.
|
|
(_final: prev: {
|
|
writeShellApplication =
|
|
args:
|
|
prev.writeShellApplication (
|
|
args
|
|
// {
|
|
excludeShellChecks = (args.excludeShellChecks or [ ]) ++ [ "SC2209" ];
|
|
}
|
|
);
|
|
})
|
|
];
|
|
|
|
# Add a module to a specific host.
|
|
systems = {
|
|
# common modules
|
|
modules = {
|
|
nixos = with inputs; [
|
|
authentik-nix.nixosModules.default
|
|
disko.nixosModules.disko
|
|
impermanence.nixosModules.impermanence
|
|
lanzaboote.nixosModules.lanzaboote
|
|
sops-nix.nixosModules.sops
|
|
home-manager.nixosModules.home-manager
|
|
nix-index-database.nixosModules.nix-index
|
|
stylix.nixosModules.stylix
|
|
];
|
|
|
|
# External HM modules injected into ALL homes — both standalone
|
|
# homeConfigurations and homes embedded in nixosConfigurations.
|
|
# The snowfall-lib fork patches create-systems to pass systems.modules.home
|
|
# into create-home-system-modules so both paths are covered from here.
|
|
# The ARM guard for steam-rom-manager is handled by that module itself.
|
|
home = with inputs; [
|
|
nix-index-database.homeModules.nix-index
|
|
steam-rom-manager.homeManagerModules.default
|
|
sops-nix.homeManagerModules.sops
|
|
stylix.homeModules.stylix
|
|
plasma-manager.homeModules.plasma-manager
|
|
];
|
|
|
|
darwin = with inputs; [
|
|
nix-homebrew.darwinModules.nix-homebrew
|
|
home-manager.darwinModules.home-manager
|
|
nix-plist-manager.darwinModules.default
|
|
nix-rosetta-builder.darwinModules.default
|
|
nix-index-database.darwinModules.nix-index
|
|
stylix.darwinModules.stylix
|
|
];
|
|
};
|
|
|
|
# Host config
|
|
hosts = {
|
|
# ######################################################
|
|
# Desktop #
|
|
# ######################################################
|
|
matt-nixos = {
|
|
modules = with inputs; [
|
|
nixos-hardware.nixosModules.common-cpu-amd
|
|
nixos-hardware.nixosModules.common-cpu-amd-pstate
|
|
# nixos-hardware.nixosModules.common-cpu-amd-zenpower
|
|
nixos-hardware.nixosModules.common-gpu-amd
|
|
nixos-hardware.nixosModules.common-hidpi
|
|
nixos-hardware.nixosModules.common-pc
|
|
lsfg-vk.nixosModules.default
|
|
];
|
|
};
|
|
|
|
# ######################################################
|
|
# NAS #
|
|
# ######################################################
|
|
jallen-nas = {
|
|
# home-manager is already in systems.modules.nixos above
|
|
modules = with inputs; [
|
|
nixos-hardware.nixosModules.common-pc
|
|
nixos-hardware.nixosModules.common-cpu-amd
|
|
nixos-hardware.nixosModules.common-cpu-amd-pstate
|
|
# nixos-hardware.nixosModules.common-cpu-amd-zenpower
|
|
nixos-hardware.nixosModules.common-hidpi
|
|
];
|
|
};
|
|
|
|
# ######################################################
|
|
# NUC #
|
|
# ######################################################
|
|
nuc-nixos = {
|
|
# disko is already in systems.modules.nixos above
|
|
modules = with inputs; [
|
|
nixos-hardware.nixosModules.common-cpu-amd
|
|
nixos-hardware.nixosModules.common-cpu-amd-pstate
|
|
# nixos-hardware.nixosModules.common-cpu-amd-zenpower
|
|
nixos-hardware.nixosModules.common-gpu-amd
|
|
nixos-hardware.nixosModules.common-hidpi
|
|
nixos-hardware.nixosModules.common-pc
|
|
];
|
|
};
|
|
|
|
# ######################################################
|
|
# Mac #
|
|
# ######################################################
|
|
macbook-pro-nixos = {
|
|
modules = with inputs; [
|
|
nixos-apple-silicon.nixosModules.default
|
|
lsfg-vk.nixosModules.default
|
|
];
|
|
};
|
|
|
|
# ######################################################
|
|
# AllyX #
|
|
# ######################################################
|
|
allyx = {
|
|
modules = with inputs; [
|
|
nixos-hardware.nixosModules.common-cpu-amd
|
|
nixos-hardware.nixosModules.common-cpu-amd-pstate
|
|
# nixos-hardware.nixosModules.common-cpu-amd-zenpower
|
|
nixos-hardware.nixosModules.common-gpu-amd
|
|
nixos-hardware.nixosModules.common-hidpi
|
|
nixos-hardware.nixosModules.common-pc
|
|
lsfg-vk.nixosModules.default
|
|
jovian.nixosModules.jovian
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
# Configure Snowfall Lib, all of these settings are optional.
|
|
snowfall = {
|
|
# Choose a namespace to use for your flake's packages, library,
|
|
# and overlays.
|
|
namespace = "mjallen";
|
|
|
|
# Add flake metadata that can be processed by tools like Snowfall Frost.
|
|
meta = {
|
|
# A slug to use in documentation when displaying things like file paths.
|
|
name = "mjallen";
|
|
|
|
# A title to show for your flake, typically the name.
|
|
title = "mjallen Flake";
|
|
};
|
|
};
|
|
|
|
channels-config = {
|
|
allowUnfree = true;
|
|
allowUnsupportedSystem = true;
|
|
permittedInsecurePackages = [
|
|
# ...
|
|
# "libsoup-2.74.3"
|
|
# "mbedtls-2.28.10"
|
|
# ecdsa is pulled in by srp → ha-icloud3 custom component.
|
|
# CVE-2024-23342 applies to timing-sensitive cryptographic use cases,
|
|
# not the SRP authentication usage here.
|
|
"python3.14-ecdsa-0.19.1"
|
|
];
|
|
};
|
|
|
|
outputs-builder = channels: {
|
|
formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix;
|
|
# mjallen-lib overlay is auto-discovered from overlays/mjallen-lib/default.nix
|
|
};
|
|
};
|
|
}
|