148 lines
4.3 KiB
Nix
148 lines
4.3 KiB
Nix
{
|
|
description = "Dala's unified NixOS configuration";
|
|
inputs = {
|
|
# As we have machine using the unstable channel, and other machines using the stable one,
|
|
# we import both, and we will select for each machine which one to use.
|
|
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11";
|
|
flake-utils.url = "github:numtide/flake-utils";
|
|
|
|
# Home-manager isn't used for anything except my workstations, which all use the unstable channel.
|
|
home-manager = {
|
|
url = "github:nix-community/home-manager";
|
|
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
};
|
|
|
|
# For sops-nix, we keep the unstable nixpkgs, as it shouldn't break anything.
|
|
# This input is made to manage secrets on this repository.
|
|
sops-nix = {
|
|
url = "github:Mic92/sops-nix";
|
|
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
};
|
|
|
|
# Use Lix instead of Nix
|
|
lix.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz";
|
|
|
|
lanzaboote.url = "github:nix-community/lanzaboote/v0.4.1";
|
|
|
|
dalaran-fr.url = "https://git.dalaran.fr/dala/dalaran.fr/archive/main.tar.gz";
|
|
|
|
extra-config.url = "git+ssh://forgejo@git.dalaran.fr/dala/nixos-config-extra.git";
|
|
};
|
|
|
|
outputs =
|
|
{
|
|
self,
|
|
nixpkgs-unstable,
|
|
nixpkgs-stable,
|
|
home-manager,
|
|
sops-nix,
|
|
flake-utils,
|
|
extra-config,
|
|
lix,
|
|
lanzaboote,
|
|
dalaran-fr,
|
|
}:
|
|
let
|
|
machines = import ./machines.nix;
|
|
my = import ./modules;
|
|
lixModule = lix.nixosModules.lixFromNixpkgs;
|
|
nixpkgsVersions = {
|
|
stable = nixpkgs-stable;
|
|
unstable = nixpkgs-unstable;
|
|
};
|
|
machinesNodes = builtins.mapAttrs (
|
|
name: config:
|
|
{ ... }:
|
|
{
|
|
imports = [
|
|
lixModule
|
|
./configurations/${name}
|
|
(if config.enableHomeManager then home-manager.nixosModules.home-manager else { })
|
|
(if (config.system == "x86_64-linux") then lanzaboote.nixosModules.lanzaboote else { })
|
|
];
|
|
|
|
deployment.allowLocalDeployment = config.localDeployment;
|
|
|
|
networking.hostName = name;
|
|
system.stateVersion = config.stateVersion;
|
|
}
|
|
) machines;
|
|
buildOptionnalSpecialArgsForMachine =
|
|
config:
|
|
{
|
|
machineProps = config;
|
|
}
|
|
// (if config.enableHomeManager then { sopsHmModule = sops-nix.homeManagerModules.sops; } else { });
|
|
in
|
|
{
|
|
colmena = {
|
|
meta = {
|
|
name = "dala's infrastructure";
|
|
|
|
# Here we have to set this value because colmena needs it, but it will be overriden on all hosts
|
|
# by the nodeNixpkgs attribute
|
|
nixpkgs = import nixpkgsVersions.stable { system = "x86_64-linux"; };
|
|
|
|
nodeNixpkgs = builtins.mapAttrs (
|
|
name: config:
|
|
import nixpkgsVersions.${config.nixpkgs} {
|
|
system = config.system;
|
|
overlays = [
|
|
dalaran-fr.overlays.default
|
|
];
|
|
}
|
|
) machines;
|
|
|
|
nodeSpecialArgs = builtins.mapAttrs (
|
|
name: config:
|
|
{ extraInfo = extra-config.extraSecrets; } // (buildOptionnalSpecialArgsForMachine config)
|
|
) machines;
|
|
};
|
|
|
|
defaults =
|
|
{ ... }:
|
|
{
|
|
imports = [
|
|
sops-nix.nixosModules.sops
|
|
my.modules
|
|
];
|
|
};
|
|
} // machinesNodes;
|
|
|
|
formatter = builtins.listToAttrs (
|
|
map (
|
|
system:
|
|
let
|
|
pkgs = import nixpkgsVersions.unstable { inherit system; };
|
|
in
|
|
{
|
|
name = system;
|
|
value = pkgs.nixfmt-rfc-style;
|
|
}
|
|
) flake-utils.lib.defaultSystems
|
|
);
|
|
|
|
devShells = builtins.listToAttrs (
|
|
map (
|
|
system:
|
|
let
|
|
pkgs = import nixpkgsVersions.unstable { inherit system; };
|
|
in
|
|
{
|
|
name = system;
|
|
value.default = pkgs.mkShell {
|
|
name = "Nix development environment";
|
|
|
|
packages = with pkgs; [
|
|
colmena
|
|
nixfmt-rfc-style
|
|
nil
|
|
sops
|
|
];
|
|
};
|
|
}
|
|
) flake-utils.lib.defaultSystems
|
|
);
|
|
};
|
|
}
|