433 lines
14 KiB
Nix
Executable File
433 lines
14 KiB
Nix
Executable File
{
|
||
description = "flake for matt-nixos";
|
||
|
||
inputs = {
|
||
# nixpgs
|
||
nixpkgs-unstable = {
|
||
url = "github:NixOS/nixpkgs/nixos-unstable";
|
||
};
|
||
|
||
# nixpkgs-unstable-small
|
||
nixpkgs-unstable-small = {
|
||
url = "github:NixOS/nixpkgs/nixos-unstable-small";
|
||
};
|
||
|
||
# nixpgs
|
||
nixpkgs-stable = {
|
||
url = "github:NixOS/nixpkgs/nixos-24.11";
|
||
};
|
||
|
||
# Authentik
|
||
authentik-nix = {
|
||
url = "github:nix-community/authentik-nix";
|
||
inputs.nixpkgs.follows = "nixpkgs-stable";
|
||
};
|
||
|
||
# Chaotic-nix
|
||
chaotic = {
|
||
url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
|
||
};
|
||
|
||
# Impermenance
|
||
impermanence = {
|
||
url = "github:nix-community/impermanence";
|
||
};
|
||
|
||
# Home Manager
|
||
home-manager = {
|
||
url = "github:nix-community/home-manager";
|
||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||
};
|
||
|
||
home-manager-stable = {
|
||
url = "github:nix-community/home-manager/release-24.11";
|
||
inputs.nixpkgs.follows = "nixpkgs-stable";
|
||
};
|
||
|
||
# Lanzaboote
|
||
lanzaboote = {
|
||
url = "github:nix-community/lanzaboote/v0.4.2";
|
||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||
};
|
||
|
||
# Nix hardware
|
||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||
|
||
# Sops-nix
|
||
sops-nix = {
|
||
url = "github:Mic92/sops-nix";
|
||
inputs.nixpkgs.follows = "nixpkgs-stable";
|
||
};
|
||
|
||
crowdsec = {
|
||
url = "git+https://codeberg.org/kampka/nix-flake-crowdsec.git";
|
||
inputs.nixpkgs.follows = "nixpkgs-stable";
|
||
};
|
||
|
||
#Apple
|
||
nix-darwin = {
|
||
url = "github:LnL7/nix-darwin";
|
||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||
};
|
||
|
||
# Joviain for steamdeck
|
||
jovian = {
|
||
url = "github:Jovian-Experiments/Jovian-NixOS";
|
||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||
};
|
||
|
||
steam-rom-manager = {
|
||
url = "github:mjallen18/nix-steam-rom-manager";
|
||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||
inputs.home-manager.follows = "home-manager";
|
||
};
|
||
|
||
cosmic = {
|
||
url = "github:lilyinstarlight/nixos-cosmic";
|
||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||
};
|
||
};
|
||
|
||
outputs =
|
||
{
|
||
self,
|
||
nixpkgs-unstable,
|
||
nixpkgs-unstable-small,
|
||
nixpkgs-stable,
|
||
chaotic,
|
||
lanzaboote,
|
||
impermanence,
|
||
home-manager,
|
||
home-manager-stable,
|
||
nixos-hardware,
|
||
nix-darwin,
|
||
cosmic,
|
||
authentik-nix,
|
||
sops-nix,
|
||
crowdsec,
|
||
jovian,
|
||
steam-rom-manager,
|
||
}@inputs:
|
||
let
|
||
inherit (self) outputs;
|
||
in
|
||
{
|
||
overlays = import ./overlays { inherit inputs; };
|
||
|
||
nixosConfigurations = {
|
||
# Desktop
|
||
"matt-nixos" = nixpkgs-unstable.lib.nixosSystem {
|
||
system = "x86_64-linux";
|
||
specialArgs = {
|
||
inherit inputs outputs;
|
||
};
|
||
modules = [
|
||
impermanence.nixosModules.impermanence
|
||
lanzaboote.nixosModules.lanzaboote
|
||
./hosts/desktop/configuration.nix
|
||
./share/impermanence
|
||
chaotic.nixosModules.default
|
||
home-manager.nixosModules.home-manager
|
||
{
|
||
home-manager.useGlobalPkgs = true;
|
||
home-manager.useUserPackages = true;
|
||
home-manager.users.matt =
|
||
{ ... }:
|
||
{
|
||
imports = [
|
||
./hosts/desktop/home.nix
|
||
steam-rom-manager.homeManagerModules.default
|
||
sops-nix.homeManagerModules.sops
|
||
];
|
||
};
|
||
home-manager.users.root =
|
||
{ ... }:
|
||
{
|
||
imports = [
|
||
./share/root-user
|
||
sops-nix.homeManagerModules.sops
|
||
];
|
||
};
|
||
home-manager.backupFileExtension = "backup";
|
||
}
|
||
|
||
nixos-hardware.nixosModules.common-cpu-amd
|
||
nixos-hardware.nixosModules.common-gpu-amd
|
||
nixos-hardware.nixosModules.common-hidpi
|
||
nixos-hardware.nixosModules.common-pc
|
||
|
||
sops-nix.nixosModules.sops
|
||
|
||
# cosmic.nixosModules.default
|
||
];
|
||
};
|
||
|
||
# NAS
|
||
"jallen-nas" = nixpkgs-stable.lib.nixosSystem {
|
||
system = "x86_64-linux";
|
||
specialArgs = {
|
||
inherit inputs outputs;
|
||
};
|
||
modules = [
|
||
impermanence.nixosModules.impermanence
|
||
./hosts/nas/configuration.nix
|
||
./hosts/nas/impermanence.nix
|
||
home-manager-stable.nixosModules.home-manager
|
||
{
|
||
home-manager.useGlobalPkgs = false;
|
||
home-manager.useUserPackages = true;
|
||
home-manager.users.admin =
|
||
{ ... }:
|
||
{
|
||
imports = [
|
||
./hosts/nas/home.nix
|
||
sops-nix.homeManagerModules.sops
|
||
];
|
||
};
|
||
home-manager.users.root =
|
||
{ ... }:
|
||
{
|
||
imports = [
|
||
./share/root-user
|
||
sops-nix.homeManagerModules.sops
|
||
];
|
||
};
|
||
home-manager.backupFileExtension = "backup";
|
||
}
|
||
|
||
authentik-nix.nixosModules.default
|
||
|
||
sops-nix.nixosModules.sops
|
||
|
||
crowdsec.nixosModules.crowdsec
|
||
crowdsec.nixosModules.crowdsec-firewall-bouncer
|
||
|
||
(
|
||
{ ... }:
|
||
{
|
||
nixpkgs.overlays = [ crowdsec.overlays.default ];
|
||
}
|
||
)
|
||
|
||
nixos-hardware.nixosModules.common-pc
|
||
nixos-hardware.nixosModules.common-cpu-amd
|
||
nixos-hardware.nixosModules.common-hidpi
|
||
];
|
||
};
|
||
|
||
# Pi4
|
||
"pi4" = nixpkgs-unstable.lib.nixosSystem {
|
||
system = "aarch64-linux";
|
||
modules = [
|
||
nixos-hardware.nixosModules.raspberry-pi-4
|
||
impermanence.nixosModules.impermanence
|
||
./hosts/pi4/configuration.nix
|
||
sops-nix.nixosModules.sops
|
||
|
||
home-manager.nixosModules.home-manager
|
||
{
|
||
home-manager.useGlobalPkgs = true;
|
||
home-manager.useUserPackages = true;
|
||
home-manager.users.matt = import ./hosts/pi4/home.nix;
|
||
}
|
||
];
|
||
};
|
||
|
||
"steamdeck" = nixpkgs-unstable.lib.nixosSystem {
|
||
system = "x86_64-linux";
|
||
specialArgs = {
|
||
inherit inputs outputs;
|
||
};
|
||
modules = [
|
||
impermanence.nixosModules.impermanence
|
||
lanzaboote.nixosModules.lanzaboote
|
||
./hosts/deck/configuration.nix
|
||
./share/impermanence
|
||
home-manager.nixosModules.home-manager
|
||
{
|
||
home-manager.useGlobalPkgs = true;
|
||
home-manager.useUserPackages = true;
|
||
home-manager.users.deck =
|
||
{ ... }:
|
||
{
|
||
imports = [
|
||
./hosts/deck/home.nix
|
||
steam-rom-manager.homeManagerModules.default
|
||
];
|
||
};
|
||
home-manager.backupFileExtension = "backup";
|
||
}
|
||
|
||
nixos-hardware.nixosModules.common-cpu-amd
|
||
nixos-hardware.nixosModules.common-gpu-amd
|
||
nixos-hardware.nixosModules.common-hidpi
|
||
nixos-hardware.nixosModules.common-pc
|
||
|
||
sops-nix.nixosModules.sops
|
||
|
||
jovian.nixosModules.jovian
|
||
|
||
chaotic.nixosModules.default
|
||
];
|
||
};
|
||
|
||
# home assistant
|
||
"jallen-hass" = nixpkgs-unstable.lib.nixosSystem {
|
||
system = "x86_64-linux";
|
||
modules = [
|
||
impermanence.nixosModules.impermanence
|
||
./hosts/homeassistant/configuration.nix
|
||
sops-nix.nixosModules.sops
|
||
|
||
home-manager.nixosModules.home-manager
|
||
{
|
||
home-manager.useGlobalPkgs = true;
|
||
home-manager.useUserPackages = true;
|
||
home-manager.users.hass-admin = import ./hosts/homeassistant/home.nix;
|
||
}
|
||
];
|
||
};
|
||
};
|
||
|
||
darwinConfigurations = {
|
||
"MacBook-Pro" = nix-darwin.lib.darwinSystem {
|
||
system = "aarch64-darwin";
|
||
modules = [
|
||
./hosts/mac/configuration.nix
|
||
home-manager.darwinModules.home-manager
|
||
{
|
||
home-manager.useGlobalPkgs = true;
|
||
home-manager.useUserPackages = true;
|
||
home-manager.users.mattjallen = import ./hosts/mac/home.nix;
|
||
}
|
||
];
|
||
};
|
||
};
|
||
|
||
# Improved build-all app
|
||
apps.x86_64-linux.build-all =
|
||
let
|
||
pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
|
||
in
|
||
{
|
||
type = "app";
|
||
program = toString (
|
||
pkgs.writeShellScript "build-all" ''
|
||
#!/usr/bin/env bash
|
||
set -euo pipefail
|
||
|
||
# Get the list of system names directly from flake.nix
|
||
# This avoids JSON serialization issues
|
||
systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs))
|
||
|
||
echo "Found systems: ''${systems[@]}"
|
||
echo "Building all compatible systems..."
|
||
|
||
# Track success/failure
|
||
success=()
|
||
failure=()
|
||
|
||
for system in "''${systems[@]}"; do
|
||
echo "Attempting to build $system..."
|
||
|
||
# Detect system type without JSON evaluation
|
||
if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then
|
||
system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null || echo "unknown")
|
||
|
||
# Only build if we're on the same system type or can cross-compile
|
||
if [ "$system_type" = "x86_64-linux" ]; then
|
||
echo "Building $system (x86_64-linux)..."
|
||
if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --out-link "./result-$system" --no-link; then
|
||
echo "✅ Successfully built $system"
|
||
|
||
# Copy to the binary cache
|
||
echo "Copying $system to binary cache..."
|
||
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel"
|
||
success+=("$system")
|
||
else
|
||
echo "❌ Failed to build $system"
|
||
failure+=("$system")
|
||
fi
|
||
elif [ "$system_type" = "aarch64-linux" ] && command -v qemu-aarch64-static >/dev/null 2>&1; then
|
||
echo "Cross-building $system (aarch64-linux)..."
|
||
if nix build ".#nixosConfigurations.$system.config.system.build.toplevel" --system aarch64-linux --out-link "./result-$system" --no-link; then
|
||
echo "✅ Successfully built $system"
|
||
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#nixosConfigurations.$system.config.system.build.toplevel"
|
||
success+=("$system")
|
||
else
|
||
echo "❌ Failed to build $system"
|
||
failure+=("$system")
|
||
fi
|
||
else
|
||
echo "⚠️ Skipping $system ($system_type) - incompatible with this host"
|
||
failure+=("$system (incompatible)")
|
||
fi
|
||
elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then
|
||
echo "Found Darwin system $system, attempting to build packages..."
|
||
if nix build ".#darwinConfigurations.$system.system" --out-link "./result-darwin-$system" --no-link; then
|
||
echo "✅ Successfully built $system packages"
|
||
nix copy --to "https://cache.mjallen.dev?secret-key=/etc/nix/cache-priv-key.pem" ".#darwinConfigurations.$system.system"
|
||
success+=("$system (darwin)")
|
||
else
|
||
echo "❌ Failed to build $system packages"
|
||
failure+=("$system (darwin)")
|
||
fi
|
||
else
|
||
echo "⚠️ Skipping $system - could not determine system type"
|
||
failure+=("$system (unknown)")
|
||
fi
|
||
done
|
||
|
||
# Summary
|
||
echo ""
|
||
echo "===== Build Summary ====="
|
||
echo "✅ Successfully built: ''${success[*]:-none}"
|
||
echo "❌ Failed to build: ''${failure[*]:-none}"
|
||
|
||
# Return error code if any builds failed
|
||
if [ ''${#failure[@]} -gt 0 ]; then
|
||
exit 1
|
||
fi
|
||
''
|
||
);
|
||
};
|
||
|
||
# You could also provide a separate script that only lists systems
|
||
apps.x86_64-linux.list-systems =
|
||
let
|
||
pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
|
||
in
|
||
{
|
||
type = "app";
|
||
program = toString (
|
||
pkgs.writeShellScript "list-systems" ''
|
||
#!/usr/bin/env bash
|
||
set -euo pipefail
|
||
|
||
# Get systems from flake.nix
|
||
systems=($(grep -o '"[^"]*"[[:space:]]*=' flake.nix | grep -v '_\|#\|"\.\|\*' | sed 's/"//g' | sed 's/=//g' | xargs))
|
||
|
||
echo "Found systems in flake.nix:"
|
||
for system in "''${systems[@]}"; do
|
||
# Try to determine if it's a NixOS or Darwin system
|
||
if nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null; then
|
||
system_type=$(nix eval --raw ".#nixosConfigurations.$system.pkgs.stdenv.hostPlatform.system" 2>/dev/null)
|
||
echo " - $system (NixOS, $system_type)"
|
||
elif nix eval --raw ".#darwinConfigurations.$system.system" 2>/dev/null; then
|
||
echo " - $system (Darwin)"
|
||
else
|
||
echo " - $system (unknown type)"
|
||
fi
|
||
done
|
||
''
|
||
);
|
||
};
|
||
|
||
# Expose the package set, including overlays, for convenience.
|
||
darwinPackages = self.darwinConfigurations."MacBook-Pro".pkgs;
|
||
|
||
# Set Git commit hash for darwin-version.
|
||
system.configurationRevision = self.rev or self.dirtyRev or null;
|
||
};
|
||
}
|