diff --git a/flake.nix b/flake.nix index 1f139292..8c8fbd93 100644 --- a/flake.nix +++ b/flake.nix @@ -1,206 +1,220 @@ { description = "NixOS configuration with flakes"; - outputs = { alejandra, cryptpad, darwin, disko, endless-sky, flake-compat - , flake-utils, helix, home-manager, nil, nix-ld, nixos-hardware - , nixpkgs-master, nixpkgs-nixos-unstable, nixpkgs-rust-analyzer - , nixpkgs-stable, nur, self, sops, }@inputs: - let - mkServer = pkgs: system: hostname: - pkgs.lib.nixosSystem { - inherit system; - modules = [ - (./. + "/nixos/boxes/${hostname}") - (import ./nixos/server-common.nix) - sops.nixosModules.sops - disko.nixosModules.disko - ({ pkgs, ... }: { - nixpkgs.overlays = [ inputs.cryptpad.overlays.default ]; - }) - inputs.cryptpad.nixosModules.cryptpad - ]; - specialArgs = { inherit inputs system; }; - }; - mkRaspi = pkgs: hostname: - pkgs.lib.nixosSystem { - system = "aarch64-linux"; - modules = - [ (./. + "/nixos/boxes/${hostname}") sops.nixosModules.sops ]; - specialArgs = { inherit inputs; }; - }; - mkKiosk = pkgs: system: hostname: - pkgs.lib.nixosSystem { - inherit system; - modules = [ - (./. + "/nixos/boxes/${hostname}") - (import ./nixos/common.nix) - sops.nixosModules.sops - - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.cyryl = { - imports = - [ ./nixos/home-manager ./nixos/home-manager/linux.nix ]; - _module.args.inputs = inputs; - _module.args.system = system; - }; - } - ]; - specialArgs = { - inherit inputs system; - nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable { - inherit system; - config = { allowUnfree = true; }; - }; - nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { - inherit system; - config = { allowUnfree = true; }; - }; - }; - }; - mkWorkstation = pkgs: system: hostname: - pkgs.lib.nixosSystem { - inherit system; - modules = [ - (./. + "/nixos/boxes/${hostname}") - (import ./nixos/email-accounts.nix) - (import ./nixos/common.nix) - sops.nixosModules.sops - disko.nixosModules.disko - nix-ld.nixosModules.nix-ld - { programs.nix-ld.dev.enable = true; } - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.cyryl = { - imports = - [ ./nixos/home-manager ./nixos/home-manager/linux.nix ]; - _module.args.inputs = inputs; - _module.args.system = system; - }; - } - ]; - specialArgs = { - inherit inputs system; - nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable { - inherit system; - config = { allowUnfree = true; }; - }; - nixpkgs-nixos-unstable = - import nixpkgs-nixos-unstable { inherit system; }; - nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { - inherit system; - config = { allowUnfree = true; }; - }; - }; - }; - mkShell = packageSet: system: - let pkgs = packageSet.legacyPackages.${system}; - in pkgs.mkShell { - packages = with pkgs; [ - inputs.alejandra.defaultPackage.${system} - cacert - git - git-lfs - nixpkgs-fmt - openssh - openssl - pkg-config - statix - ]; - }; - in { - devShells = { - "x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin"; - "x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux"; + outputs = { + alejandra, + cryptpad, + darwin, + disko, + endless-sky, + flake-compat, + flake-utils, + helix, + home-manager, + nil, + nix-ld, + nixos-hardware, + nixpkgs-master, + nixpkgs-nixos-unstable, + nixpkgs-rust-analyzer, + nixpkgs-stable, + nur, + self, + sops, + } @ inputs: let + mkServer = pkgs: system: hostname: + pkgs.lib.nixosSystem { + inherit system; + modules = [ + (./. + "/nixos/boxes/${hostname}") + (import ./nixos/server-common.nix) + sops.nixosModules.sops + disko.nixosModules.disko + ({pkgs, ...}: { + nixpkgs.overlays = [inputs.cryptpad.overlays.default]; + }) + inputs.cryptpad.nixosModules.cryptpad + ]; + specialArgs = {inherit inputs system;}; }; - darwinConfigurations = { - "FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec { - system = "x86_64-darwin"; - modules = [ - (./. + "/nixos/boxes/form3") - home-manager.darwinModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.cyryl = { - imports = [ ./nixos/home-manager ]; - _module.args.inputs = inputs; - _module.args.system = system; - }; - } - ]; + mkRaspi = pkgs: hostname: + pkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [(./. + "/nixos/boxes/${hostname}") sops.nixosModules.sops]; + specialArgs = {inherit inputs;}; + }; + mkKiosk = pkgs: system: hostname: + pkgs.lib.nixosSystem { + inherit system; + modules = [ + (./. + "/nixos/boxes/${hostname}") + (import ./nixos/common.nix) + sops.nixosModules.sops + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.cyryl = { + imports = [./nixos/home-manager ./nixos/home-manager/linux.nix]; + _module.args.inputs = inputs; + _module.args.system = system; + }; + } + ]; + specialArgs = { + inherit inputs system; + nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable { + inherit system; + config = {allowUnfree = true;}; + }; + nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { + inherit system; + config = {allowUnfree = true;}; + }; }; }; - - nixosConfigurations = { - foryog = mkWorkstation nixpkgs-nixos-unstable "x86_64-linux" "foryog"; - thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky"; - bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty"; - vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1"; - cupsnet = mkServer nixpkgs-stable "aarch64-linux" "cupsnet"; - mb1 = mkServer nixpkgs-stable "x86_64-linux" "mb1"; - homescreen = mkRaspi nixpkgs-stable "homescreen"; - - bootstrap = nixpkgs-stable.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = [ (./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops ]; - specialArgs = { - inherit inputs system; - nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { - inherit system; - config = { allowUnfree = true; }; + mkWorkstation = pkgs: system: hostname: + pkgs.lib.nixosSystem { + inherit system; + modules = [ + (./. + "/nixos/boxes/${hostname}") + (import ./nixos/email-accounts.nix) + (import ./nixos/common.nix) + sops.nixosModules.sops + disko.nixosModules.disko + nix-ld.nixosModules.nix-ld + {programs.nix-ld.dev.enable = true;} + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.cyryl = { + imports = [./nixos/home-manager ./nixos/home-manager/linux.nix]; + _module.args.inputs = inputs; + _module.args.system = system; }; + } + ]; + specialArgs = { + inherit inputs system; + nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable { + inherit system; + config = {allowUnfree = true;}; + }; + nixpkgs-nixos-unstable = + import nixpkgs-nixos-unstable {inherit system;}; + nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { + inherit system; + config = {allowUnfree = true;}; }; }; - # nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage - # sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress - # make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes - raspiimage = nixpkgs-stable.lib.nixosSystem { - system = "aarch64-linux"; - modules = [ - (import - "${inputs.nixpkgs-stable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix") - { - environment.systemPackages = - with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [ - neovim - htop - btop - atop - ]; - - networking.networkmanager.enable = false; - hardware.enableRedistributableFirmware = true; - networking.wireless.enable = true; - - services.openssh = { - enable = true; - permitRootLogin = - nixpkgs-stable.lib.mkForce "prohibit-password"; - passwordAuthentication = false; - }; - - services.xserver = { - enable = true; - displayManager.lightdm.enable = true; - desktopManager.gnome.enable = true; - libinput.enable = true; - }; - - users.extraUsers.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty" - ]; - sdImage.compressImage = false; - console.earlySetup = true; - } - ]; - specialArgs = { inherit inputs; }; - }; + }; + mkShell = packageSet: system: let + pkgs = packageSet.legacyPackages.${system}; + in + pkgs.mkShell { + packages = with pkgs; [ + inputs.alejandra.defaultPackage.${system} + cacert + git + git-lfs + nixpkgs-fmt + openssh + openssl + pkg-config + statix + ]; + }; + in { + devShells = { + "x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin"; + "x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux"; + "aarch64-linux".default = mkShell nixpkgs-stable "aarch64-linux"; + }; + darwinConfigurations = { + "FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec { + system = "x86_64-darwin"; + modules = [ + (./. + "/nixos/boxes/form3") + home-manager.darwinModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.cyryl = { + imports = [./nixos/home-manager]; + _module.args.inputs = inputs; + _module.args.system = system; + }; + } + ]; }; }; + + nixosConfigurations = { + foryog = mkWorkstation nixpkgs-nixos-unstable "x86_64-linux" "foryog"; + thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky"; + bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty"; + vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1"; + cupsnet = mkServer nixpkgs-stable "aarch64-linux" "cupsnet"; + mb1 = mkServer nixpkgs-stable "x86_64-linux" "mb1"; + homescreen = mkRaspi nixpkgs-stable "homescreen"; + + bootstrap = nixpkgs-stable.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = [(./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops]; + specialArgs = { + inherit inputs system; + nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { + inherit system; + config = {allowUnfree = true;}; + }; + }; + }; + # nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage + # sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress + # make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes + raspiimage = nixpkgs-stable.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + (import + "${inputs.nixpkgs-stable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix") + { + environment.systemPackages = with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [ + neovim + htop + btop + atop + ]; + + networking.networkmanager.enable = false; + hardware.enableRedistributableFirmware = true; + networking.wireless.enable = true; + + services.openssh = { + enable = true; + permitRootLogin = + nixpkgs-stable.lib.mkForce "prohibit-password"; + passwordAuthentication = false; + }; + + services.xserver = { + enable = true; + displayManager.lightdm.enable = true; + desktopManager.gnome.enable = true; + libinput.enable = true; + }; + + users.extraUsers.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty" + ]; + sdImage.compressImage = false; + console.earlySetup = true; + } + ]; + specialArgs = {inherit inputs;}; + }; + }; + }; inputs = { nixpkgs-master = { type = "github"; @@ -301,7 +315,7 @@ }; cryptpad = { url = "github:michaelshmitty/cryptpad-flake"; - inputs = { nixpkgs.follows = "nixpkgs-stable"; }; + inputs = {nixpkgs.follows = "nixpkgs-stable";}; }; disko = { url = "github:nix-community/disko";