nix-config/flake.nix

{
  description = "flake for matt-nixos";

  inputs = {
    # nixpgs
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";

    # nixpkgs-unstable-small
    # nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";

    # nixpgs
    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11";

    # Authentik
    authentik-nix = {
      url = "github:nix-community/authentik-nix";
      # url = "github:fpletz/authentik-nix/24.11"; # for some reason  this is broken in stable and unstable
      inputs.nixpkgs.follows = "nixpkgs-stable";
    };

    # Chaotic-nix
    chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";

    # Impermenance
    impermanence.url = "github:nix-community/impermanence";

    # Home Manager
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };

    home-manager-stable = {
      url = "github:nix-community/home-manager/release-24.11";
      inputs.nixpkgs.follows = "nixpkgs-stable";
    };

    # Lanzaboote
    lanzaboote = {
      url = "github:nix-community/lanzaboote/v0.4.2";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };

    # Nix hardware
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";

    # Sops-nix
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs-stable";
    };

    crowdsec = {
      url = "git+https://codeberg.org/kampka/nix-flake-crowdsec.git";
      inputs.nixpkgs.follows = "nixpkgs-stable";
    };

    #Apple
    nixos-apple-silicon.url = "github:tpwrules/nixos-apple-silicon";
    # nixos-apple-silicon.url = "github:mjallen18/nixos-apple-silicon";
    # nixos-apple-silicon.url = "git+file:///home/matt/nixos-apple-silicon";
    nix-darwin.url = "github:LnL7/nix-darwin";

    manyfold.url = "github:mjallen18/manyfold-nixos";

    jovian.url = "github:Jovian-Experiments/Jovian-NixOS";

    steam-rom-manager = {
      url = "github:mjallen18/nix-steam-rom-manager";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
      inputs.home-manager.follows = "home-manager";
    };

    # cosmic = {
    #   url = "github:lilyinstarlight/nixos-cosmic";
    #   inputs.nixpkgs.follows = "nixpkgs-unstable";
    # };
  };

  outputs =
    {
      self,
      nixpkgs-unstable,
      # nixpkgs-unstable-small,
      nixpkgs-stable,
      chaotic,
      lanzaboote,
      impermanence,
      home-manager,
      home-manager-stable,
      nixos-hardware,
      nix-darwin,
      nixos-apple-silicon,
      # cosmic,
      authentik-nix,
      sops-nix,
      crowdsec,
      manyfold,
      jovian,
      steam-rom-manager,
    }@inputs:
    let
      inherit (self) outputs;
    in
    {
      overlays = import ./overlays { inherit inputs; };

      nixosConfigurations = {
        # Desktop
        "matt-nixos" = nixpkgs-unstable.lib.nixosSystem {
          system = "x86_64-linux";
          specialArgs = {
            inherit inputs outputs;
          };
          modules = [
            impermanence.nixosModules.impermanence
            lanzaboote.nixosModules.lanzaboote
            ./hosts/desktop/configuration.nix
            ./share/impermanence
            chaotic.nixosModules.default
            home-manager.nixosModules.home-manager
            {
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.users.matt = { pkgs, ...}: {
                 imports = [ 
                  ./hosts/desktop/home.nix
                  steam-rom-manager.homeManagerModules.default
                ];
              };
              home-manager.backupFileExtension = "backup";
            }

            nixos-hardware.nixosModules.common-cpu-amd
            nixos-hardware.nixosModules.common-gpu-amd
            nixos-hardware.nixosModules.common-hidpi
            nixos-hardware.nixosModules.common-pc

            sops-nix.nixosModules.sops

            # cosmic.nixosModules.default
          ];
        };

        # NAS
        "jallen-nas" = nixpkgs-stable.lib.nixosSystem {
          system = "x86_64-linux";
          specialArgs = {
            inherit inputs outputs;
          };
          modules = [
            impermanence.nixosModules.impermanence
            ./hosts/nas/configuration.nix
            ./hosts/nas/impermanence.nix
            home-manager-stable.nixosModules.home-manager
            {
              home-manager.useGlobalPkgs = false;
              home-manager.useUserPackages = true;
              home-manager.users.admin = import ./hosts/nas/home.nix;
              home-manager.backupFileExtension = "backup";
            }

            authentik-nix.nixosModules.default

            sops-nix.nixosModules.sops

            crowdsec.nixosModules.crowdsec
            crowdsec.nixosModules.crowdsec-firewall-bouncer

            ({ ... }:
            {
              nixpkgs.overlays = [ crowdsec.overlays.default ];
            })

            nixos-hardware.nixosModules.common-pc
            nixos-hardware.nixosModules.common-cpu-amd
            nixos-hardware.nixosModules.common-hidpi
          ];
        };

        # mac nix
        "mac-nixos" = nixpkgs-unstable.lib.nixosSystem {
          system = "aarch64-linux";
          modules = [
            nixos-apple-silicon.nixosModules.apple-silicon-support
            ./hosts/mac-nixos/configuration.nix
            home-manager.nixosModules.home-manager
            {
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.users.matt = import ./hosts/mac-nixos/home.nix;
            }
          ];
        };

        # Pi4
        "pi4" = nixpkgs-unstable.lib.nixosSystem {
          system = "aarch64-linux";
          modules = [
            nixos-hardware.nixosModules.raspberry-pi-4
            impermanence.nixosModules.impermanence
            ./hosts/pi4/configuration.nix
            sops-nix.nixosModules.sops

            home-manager.nixosModules.home-manager
            {
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.users.matt = import ./hosts/pi4/home.nix;
            }
          ];
        };

        "steamdeck" = nixpkgs-unstable.lib.nixosSystem {
          system = "x86_64-linux";
          specialArgs = {
            inherit inputs outputs;
          };
          modules = [
            impermanence.nixosModules.impermanence
            lanzaboote.nixosModules.lanzaboote
            ./hosts/deck/configuration.nix
            ./share/impermanence
            home-manager.nixosModules.home-manager
            {
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.users.deck = { pkgs, ...}: {
                 imports = [ 
                  ./hosts/deck/home.nix
                  steam-rom-manager.homeManagerModules.default
                ];
              };
              home-manager.backupFileExtension = "backup";
            }

            nixos-hardware.nixosModules.common-cpu-amd
            nixos-hardware.nixosModules.common-gpu-amd
            nixos-hardware.nixosModules.common-hidpi
            nixos-hardware.nixosModules.common-pc

            sops-nix.nixosModules.sops

            jovian.nixosModules.jovian

            chaotic.nixosModules.default
          ];
        };

        # home assistant
        "jallen-hass" = nixpkgs-unstable.lib.nixosSystem {
          system = "x86_64-linux";
          modules = [
            impermanence.nixosModules.impermanence
            ./hosts/homeassistant/configuration.nix
            sops-nix.nixosModules.sops

            home-manager.nixosModules.home-manager
            {
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.users.hass-admin = import ./hosts/homeassistant/home.nix;
            }
          ];
        };
      };

      darwinConfigurations = {
        "MacBook-Pro" = nix-darwin.lib.darwinSystem {
          system = "aarch64-darwin";
          modules = [
            ./hosts/mac/configuration.nix
            home-manager.darwinModules.home-manager
            {
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.users.mattjallen = import ./hosts/mac/home.nix;
            }
          ];
        };
      };
    
      # Improved build-all app
      apps.x86_64-linux.build-all = let
        pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
      in {
        type = "app";
        program = toString (pkgs.writeShellScript "build-all" ''
          #!/usr/bin/env bash
          set -euo pipefail
          
          # Get the list of system names directly from flake.nix
          # This avoids JSON serialization issues
          systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs))
          
          echo "Found systems: ''${systems[@]}"
          echo "Building all compatible systems..."
          
          # Track success/failure
          success=()
          failure=()
          
          for system in "''${systems[@]}"; do
            echo "Attempting to build $system..."
            
            # Detect system type without JSON evaluation
            if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then
              system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null || echo "unknown")
              
              # Only build if we're on the same system type or can cross-compile
              if [ "$system_type" = "x86_64-linux" ]; then
                echo "Building $system (x86_64-linux)..."
                if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --out-link "./result-$system" --no-link; then
                  echo "✅ Successfully built $system"
                  
                  # Copy to the binary cache
                  echo "Copying $system to binary cache..."
                  nix copy --to "http://localhost:5000?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel"
                  success+=("$system")
                else
                  echo "❌ Failed to build $system"
                  failure+=("$system")
                fi
              elif [ "$system_type" = "aarch64-linux" ] && command -v qemu-aarch64-static >/dev/null 2>&1; then
                echo "Cross-building $system (aarch64-linux)..."
                if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --system aarch64-linux --out-link "./result-$system" --no-link; then
                  echo "✅ Successfully built $system"
                  nix copy --to "http://localhost:5000?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel"
                  success+=("$system")
                else
                  echo "❌ Failed to build $system"
                  failure+=("$system")
                fi
              else
                echo "⚠️ Skipping $system ($system_type) - incompatible with this host"
                failure+=("$system (incompatible)")
              fi
            elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then
              echo "Found Darwin system $system, attempting to build packages..."
              if nix build ".#darwinConfigurations.$system.system" --out-link "./result-darwin-$system" --no-link; then
                echo "✅ Successfully built $system packages"
                nix copy --to "http://localhost:5000?secret-key=/etc/nix/cache-priv-key.pem" ".#darwinConfigurations.$system.system"
                success+=("$system (darwin)")
              else
                echo "❌ Failed to build $system packages"
                failure+=("$system (darwin)")
              fi
            else
              echo "⚠️ Skipping $system - could not determine system type"
              failure+=("$system (unknown)")
            fi
          done
          
          # Summary
          echo ""
          echo "===== Build Summary ====="
          echo "✅ Successfully built: ''${success[*]:-none}"
          echo "❌ Failed to build: ''${failure[*]:-none}"
          
          # Return error code if any builds failed
          if [ ''${#failure[@]} -gt 0 ]; then
            exit 1
          fi
        '');
      };
      
      # You could also provide a separate script that only lists systems
      apps.x86_64-linux.list-systems = let
        pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
      in {
        type = "app";
        program = toString (pkgs.writeShellScript "list-systems" ''
          #!/usr/bin/env bash
          set -euo pipefail
          
          # Get systems from flake.nix
          systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs))
          
          echo "Found systems in flake.nix:"
          for system in "''${systems[@]}"; do
            # Try to determine if it's a NixOS or Darwin system
            if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then
              system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null)
              echo "  - $system (NixOS, $system_type)"
            elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then
              echo "  - $system (Darwin)"
            else
              echo "  - $system (unknown type)"
            fi
          done
        '');
      };

      # Expose the package set, including overlays, for convenience.
      darwinPackages = self.darwinConfigurations."MacBook-Pro".pkgs;

      # Set Git commit hash for darwin-version.
      system.configurationRevision = self.rev or self.dirtyRev or null;
    };
}