jalr/nixos-configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-configuration/flake.nix
Jakob Lechner f405280724 Rename runCommandNoCC 
'runCommandNoCC' has been renamed to/replaced by 'runCommand'
2025-12-01 10:54:44 +01:00

251 lines
7.6 KiB
Nix
Raw Blame History

{
inputs = {
disko.inputs.nixpkgs.follows = "nixpkgs";
disko.url = "github:nix-community/disko";
flake-utils.url = "github:numtide/flake-utils";
nix-filter.url = "github:numtide/nix-filter";
gg-chatmix = {
url = "github:nilathedragon/gg-chatmix";
inputs.nixpkgs.follows = "nixpkgs";
};
gomod2nix = {
url = "github:nix-community/gomod2nix";
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence";
krops = {
url = "github:Mic92/krops";
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.3";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-pre-commit-hooks = {
url = "github:cachix/git-hooks.nix/master";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:nixos/nixos-hardware/master";
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgsMaster.url = "github:NixOS/nixpkgs/master";
nur.url = "github:nix-community/NUR";
poetry2nix = {
url = "github:nix-community/poetry2nix";
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
asterisk-sounds-de = {
url = "git+https://git.jalr.de/jalr/asterisk-sounds-de";
inputs = {
flake-utils.follows = "flake-utils";
nix-filter.follows = "nix-filter";
nixpkgs.follows = "nixpkgs";
};
};
vesc-tool = {
url = "github:vedderb/vesc_tool/master";
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{ self
, flake-utils
, home-manager
, krops
, nix-pre-commit-hooks
, nixpkgs
, nur
, ...
}@inputs: flake-utils.lib.eachSystem [
"x86_64-linux"
]
(system:
let
pkgs = import nixpkgs { inherit system; };
inherit (pkgs) lib;
in
{
checks = {
pre-commit-check = nix-pre-commit-hooks.lib.${system}.run {
src = self;
hooks = {
black.enable = true;
deadnix.enable = true;
nixpkgs-fmt.enable = true;
shellcheck.enable = true;
statix = {
enable = true;
settings.ignore = [ ".direnv" ];
};
};
excludes = [ ".envrc" ];
};
};
devShells.default = pkgs.mkShell {
buildInputs = with pkgs; [
black
just
nixpkgs-fmt
shellcheck
sops
ssh-to-age
];
shellHook = ''
${self.checks.${system}.pre-commit-check.shellHook}
'';
};
apps = lib.mapAttrs
(_: program: { type = "app"; program = toString program; })
(flake-utils.lib.flattenTree {
deploy = lib.recurseIntoAttrs (lib.mapAttrs
(hostname: machine:
let
inherit (krops.packages.${system}) writeCommand;
inherit (krops) lib;
in
writeCommand "deploy-${hostname}" {
target = lib.mkTarget "root@${machine.config.deployment.targetHost}" // {
extraOptions = [
# force allocation of tty to allow aborting with ^C and to show build progress
"-t"
];
};
source = lib.evalSource (lib.singleton {
config.file = {
path = toString ./.;
useChecksum = true;
};
});
command = targetPath: ''
nixos-rebuild switch --flake ${targetPath}/config -L --keep-going
'';
force = true;
}
)
self.nixosConfigurations);
argon2id =
let
python = pkgs.python3.withPackages (pp: with pp; [
argon2-cffi
]);
in
pkgs.writeTextFile {
name = "argon2id";
text = ''
#!${python}/bin/python
import getpass
from argon2 import PasswordHasher
pw = getpass.getpass()
ph = PasswordHasher(
time_cost=5,
memory_cost=2*1024*1024, # in kibibytes
parallelism=4,
)
print(ph.hash(pw))
'';
executable = true;
};
});
}) // {
overlays.default = import ./pkgs inputs;
nixosConfigurations = nixpkgs.lib.mapAttrs
(hostname: { system
, extraModules ? [ ]
, targetHost ? hostname
, nixpkgs ? inputs.nixpkgs
}: nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit self system; };
modules =
let
hostDir = ./hosts + "/${hostname}";
in
[
(hostDir + "/configuration.nix")
./modules
{
_module.args = {
inherit inputs;
custom-utils = import ./custom-utils { inherit (nixpkgs) lib; };
};
}
# deployment settings
({ lib, ... }: {
options.deployment = {
targetHost = lib.mkOption {
type = lib.types.str;
readOnly = true;
internal = true;
};
};
config.deployment = {
inherit targetHost;
};
})
# sops settings
({ lib, config, pkgs, ... }:
{
sops.defaultSopsFile = hostDir + "/secrets.yaml";
sops.secrets =
let
secretFile = config.sops.defaultSopsFile;
getSecrets = file: builtins.fromJSON (builtins.readFile (pkgs.runCommand "secretKeys" { } ''${pkgs.yq-go}/bin/yq -o json '[del .sops | .. | select(tag != "!!seq" and tag != "!!map") | path | join("/")]' ${file} > $out''));
secretNames = getSecrets secretFile;
secrets =
if builtins.pathExists secretFile then
lib.listToAttrs (builtins.map (name: lib.nameValuePair name { }) secretNames)
else
{ };
in
secrets;
})
] ++ [
{ nixpkgs.overlays = [ nur.overlays.default inputs.vesc-tool.overlays.default ]; }
home-manager.nixosModules.home-manager
inputs.asterisk-sounds-de.nixosModules.default
inputs.disko.nixosModules.disko
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
inputs.sops-nix.nixosModules.sops
inputs.gg-chatmix.nixosModule
] ++ extraModules;
})
(import ./hosts inputs);
};
}
Reference in a new issue View git blame Copy permalink