{ description = "Dala's unified NixOS configuration"; inputs = { # As we have machine using the unstable channel, and other machines using the stable one, # we import both, and we will select for each machine which one to use. nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; flake-utils.url = "github:numtide/flake-utils"; # Home-manager isn't used for anything except my workstations, which all use the unstable channel. home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; # For sops-nix, we keep the unstable nixpkgs, as it shouldn't break anything. # This input is made to manage secrets on this repository. sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; # Use Lix instead of Nix lix-module-unstable = { url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; lix-module-stable = { url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; lanzaboote.url = "github:nix-community/lanzaboote/v0.4.1"; nixpkgs-wayland = { url = "github:nix-community/nixpkgs-wayland"; }; extra-config.url = "git+ssh://forgejo@git.dalaran.fr/dala/nixos-config-extra.git"; }; outputs = { self, nixpkgs-unstable, nixpkgs-stable, home-manager, sops-nix, flake-utils, extra-config, lix-module-unstable, lix-module-stable, lanzaboote, nixpkgs-wayland, ... }@inputs: let machines = import ./machines.nix; my = import ./modules; lixModules = { stable = lix-module-stable; unstable = lix-module-unstable; }; nixpkgsVersions = { stable = nixpkgs-stable; unstable = nixpkgs-unstable; }; machinesNodes = builtins.mapAttrs ( name: config: { lib, ... }: { imports = [ ( if (config.system == "x86_64-linux") then lixModules.${config.nixpkgs}.nixosModules.default else { } ) ./configurations/${name} (if config.enableHomeManager then home-manager.nixosModules.home-manager else { }) (if (config.system == "x86_64-linux") then lanzaboote.nixosModules.lanzaboote else { }) ]; # FIXME: Dirty hack, fuck Nvidia nixpkgs.overlays = (if (name == "london") then [ inputs.nixpkgs-wayland.overlay ] else [ ]); deployment.allowLocalDeployment = config.localDeployment; networking.hostName = name; system.stateVersion = config.stateVersion; } ) machines; buildOptionnalSpecialArgsForMachine = config: { machineProps = config; } // (if config.enableHomeManager then { sopsHmModule = sops-nix.homeManagerModules.sops; } else { }); in { colmena = { meta = { name = "dala's infrastructure"; # Here we have to set this value because colmena needs it, but it will be overriden on all hosts # by the nodeNixpkgs attribute nixpkgs = import nixpkgsVersions.stable { system = "x86_64-linux"; }; nodeNixpkgs = builtins.mapAttrs ( name: config: import nixpkgsVersions.${config.nixpkgs} { system = config.system; } ) machines; nodeSpecialArgs = builtins.mapAttrs ( name: config: { extraInfo = extra-config.extraSecrets; } // (buildOptionnalSpecialArgsForMachine config) ) machines; }; defaults = { ... }: { imports = [ sops-nix.nixosModules.sops my.modules ]; }; } // machinesNodes; formatter = builtins.listToAttrs ( map ( system: let pkgs = import nixpkgsVersions.unstable { inherit system; }; in { name = system; value = pkgs.nixfmt-rfc-style; } ) flake-utils.lib.defaultSystems ); devShells = builtins.listToAttrs ( map ( system: let pkgs = import nixpkgsVersions.unstable { inherit system; }; in { name = system; value.default = pkgs.mkShell { name = "Nix development environment"; packages = with pkgs; [ colmena nixfmt-rfc-style nil sops ]; }; } ) flake-utils.lib.defaultSystems ); }; }