dotfiles/flake.nix

374 lines
13 KiB
Nix
Raw Normal View History

# SPDX-FileCopyrightText: 2022 Richard Brežák <richard@brezak.sk>
#
# SPDX-License-Identifier: LGPL-3.0-or-later
{
inputs = {
nixpkgs.follows = "nixpkgs-unstable";
nixpkgs-unstable.url = "github:NixOS/nixpkgs?ref=nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs?ref=nixos-24.05";
home-manager.follows = "home-manager-unstable";
home-manager-stable.url = "github:nix-community/home-manager?ref=release-24.05";
home-manager-unstable.url = "github:nix-community/home-manager?ref=master";
nixng.url = "path:///home/main/repos/NixNG"; # "github:nix-community/NixNG";
flake-parts.url = "github:hercules-ci/flake-parts";
nix-gaming.url = "github:fufexan/nix-gaming";
nix-gaming.inputs.nixpkgs.follows = "nixpkgs";
nix-gaming.inputs.flake-parts.follows = "flake-parts";
nil.url = "github:oxalica/nil";
uterranix.url = "sourcehut:~magic_rb/uterranix";
dwarffs.url = "github:edolstra/dwarffs";
dwarffs.inputs.nix.follows = "nix";
website.url = "sourcehut:~magic_rb/website";
microvm.url = "github:astro/microvm.nix";
notnft.url = "github:chayleaf/notnft";
impermenance.url = "github:MagicRB/impermanence";
hydra.url = "github:NixOS/hydra";
nix.url = "github:NixOS/nix";
thingiverse-downloader.url = "sourcehut:~magic_rb/thingiverse_downloader";
thingiverse-downloader.flake = false;
nix-snapshotter.url = "github:pdtpartners/nix-snapshotter";
uk3s-nix.url = "path:///home/main/repos/uk3s.nix"; # "sourcehut:~magic_rb/uk3s.nix";
uk3s-nix.inputs.nix-snapshotter.follows = "nix-snapshotter";
uk3s-nix.inputs.nixng.follows = "nixng";
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
nix-eval-jobs.url = "github:nix-community/nix-eval-jobs";
nix-fast-build.url = "github:Mic92/nix-fast-build";
buildbot-nix.url = "path:///home/main/repos/buildbot-nix"; # "github:magicrb/buildbot-nix?ref=github_app";
buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
haumea = {
url = "github:nix-community/haumea/v0.2.2";
inputs.nixpkgs.follows = "nixpkgs";
};
yafas.url = "github:UbiqueLambda/yafas";
yafas.inputs.flake-schemas.follows = "nix-empty-flake";
nix-empty-flake.url = "github:chaotic-cx/nix-empty-flake";
chaotic-nyx.url = "github:chaotic-cx/nyx";
chaotic-nyx.inputs.nixpkgs.follows = "nixpkgs";
chaotic-nyx.inputs.home-manager.follows = "home-manager";
chaotic-nyx.inputs.compare-to.follows = "nix-empty-flake";
chaotic-nyx.inputs.yafas.follows = "yafas";
chaotic-nyx.inputs.flake-schemas.follows = "nix-empty-flake";
chaotic-nyx.inputs.attic.follows = "nix-empty-flake";
chaotic-nyx.inputs.crane.follows = "nix-empty-flake";
chaotic-nyx.inputs.flake-compat.follows = "nix-empty-flake";
chaotic-nyx.inputs.flake-utils.follows = "nix-empty-flake";
chaotic-nyx.inputs.fenix.follows = "nix-empty-flake";
chaotic-nyx.inputs.nix-filter.follows = "nix-empty-flake";
disko.url = "github:nix-community/disko";
nixos-anywhere.url = "github:numtide/nixos-anywhere";
tuxedo-rs.url = "github:AaronErhardt/tuxedo-rs";
tuxedo-rs.inputs.nixpkgs.follows = "nixpkgs";
tuxedo-nixos.url = "github:blitz/tuxedo-nixos";
tuxedo-nixos.inputs.nixpkgs.follows = "nixpkgs";
emacs.url = "sourcehut:~magic_rb/emacs";
emacs.flake = false;
vtermModule.url = "github:akermu/emacs-libvterm";
vtermModule.flake = false;
secret.url = "path:///home/main/dotfiles/secret";
secret.flake = false;
ical2org.url = "sourcehut:~magic_rb/ical2orgpy";
ical2org.flake = false;
udp-over-tcp.url = "github:mullvad/udp-over-tcp";
udp-over-tcp.flake = false;
};
outputs = inputs @ {
flake-parts,
self,
secret,
...
}:
flake-parts.lib.mkFlake {inherit inputs;} ({
config,
lib',
...
}: {
imports = [
modules/nixngConfigurations.nix
modules/lib_overlays.nix
lib/load_secrets.nix
nixos/systems/omen
nixos/systems/buildbot-container
nixos/systems/heater
nixos/systems/toothpick
nixos/systems/liveusb
nixos/systems/blowhole
nixos/systems/altra
nixos/systems/gooseberry
nixos/systems/grasshopper
nixos/systems/inkbook
nixng/containers/ingress-blowhole
nixng/containers/ingress-toothpick
nixng/containers/matrix/mautrix-signal
nixng/containers/matrix/mautrix-discord
nixng/containers/matrix/mautrix-slack
nixng/containers/matrix/mautrix-facebook
nixng/containers/matrix/heisenbridge
nixng/containers/matrix/synapse
nixng/containers/website
nixng/containers/home-assistant
nixng/containers/email/getmail
nixng/containers/email/dovecot.nix
nixng/containers/email/postfix
nixng/containers/gitea
nixng/containers/hydra
nixng/containers/syncthing
nixng/containers/minecraft/enigmatica-6
# nixng/containers/minecraft/vanilla
# nixng/containers/minecraft/ftb-infinity
# nixng/containers/minecraft/ftb-integrations
overlays/udp-over-tcp.nix
overlays/emacsclient-remote
overlays/magic-screenshot
overlays/emacs-rofi
overlays/tree-sitter-grammars.nix
overlays/emacs-master-nativecomp
overlays/zfs-relmount
overlays/mautrix-discord.nix
overlays/mautrix-slack.nix
overlays/getmail6
overlays/maildrop
overlays/courier-unicode.nix
overlays/ds3os.nix
overlays/terraform-provider-vault.nix
overlays/terraform-provider-influxdb-v2.nix
overlays/bootloadHID.nix
overlays/itp
overlays/virtiofsd-zfs
overlays/show-files-to-be-deleted
overlays/rolling_datasets
overlays/ledger-compat
overlays/ifstate
overlays/microvmp
overlays/symlink-state
overlays/thingiverse-downloader
overlays/bumps.nix
overlays/kobo-firmware-extractor
dev-shells/default.nix
inputs.uterranix.flakeModule
inputs.uk3s-nix.flakeModules.helmCharts
];
_module.args.lib' = let
inherit (inputs.nixpkgs) lib;
inherit
(inputs.nixpkgs.lib)
extend
;
in
lib.foldl (acc: x: acc.extend x) lib (with config.flake.libOverlays; [
loadSecrets
]);
flake.hydraJobs = let
inherit
(lib')
mapAttrs
filterAttrs
;
recurseIntoAttrs = attrs: attrs // {recurseForDerivations = {};};
in {
nixng = recurseIntoAttrs (mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixngConfigurations);
nixos = recurseIntoAttrs (mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixosConfigurations);
packages =
recurseIntoAttrs
(mapAttrs (_: v: recurseIntoAttrs v)
(filterAttrs (n: v: n != "armv8-linux" && n != "riscv64-linux") config.flake.packages));
};
flake.evalJobs = let
tweak =
lib'.mapAttrs
(
name: val:
if name == "recurseForDerivations"
then true
else if lib'.isAttrs val && val.type or null != "derivation"
then lib'.recurseIntoAttrs (tweak val)
else val
);
in
tweak config.flake.hydraJobs;
uterranix.configurations.main = [
./terranix/main/default.nix
{
_module.args.secret = lib'.loadSecrets secret;
_module.args.vars = {
flake_rev = self.rev or (lib'.warn "No flake revision available, do not deploy containers!" "");
flake_sha = self.narHash or (lib'.warn "No flake nar hash available, do not deploy containers!" "");
flake_ref = "master";
flake_host = "git+https://git.sr.ht/~magic_rb/dotfiles";
};
_module.args.config' = config;
}
];
uterranix.configurations.prepare = [
./terranix/prepare/default.nix
];
uterranix.specialArgs = {pkgs, ...}: {
paths.root = ./.;
elib = import ./terranix/lib {
lib = lib';
inherit pkgs;
tflib = inputs.uterranix.lib;
};
};
uterranix.preInit = ''
TEMPFILE="$(ssh -t blowhole.hosts.in.redalder.org mktemp)"
ssh -t blowhole.hosts.in.redalder.org $"sudo sh -c $'kubectl -s https://172.26.96.2:6443 create token --duration=10m cluster-admin --namespace kube-system 1>$TEMPFILE ; chown \"\$SUDO_USER:root\" $TEMPFILE'"
export KUBE_TOKEN=$(ssh blowhole.hosts.in.redalder.org "cat $TEMPFILE")
ssh blowhole.hosts.in.redalder.org "rm $TEMPFILE"
export FLAKE_ROOT="$(pwd)"
'';
uterranix.terraform = pkgs: let
hpkgs = import inputs.nixpkgs {
inherit (pkgs.stdenv) system;
overlays = with self.overlays; [
terraform-provider-vault
terraform-provider-influxdb-v2
];
config.allowUnfreePredicate = pkgs:
builtins.elem (lib'.getName pkgs) [
"terraform"
];
};
in
hpkgs.terraform.withPlugins (p: [
p.consul
p.kubernetes
p.nomad
p.local
p.vault
p.random
p.null
p.external
p.influxdb-v2
p.hcloud
]);
flake.nixosModules = {
hashicorp = nixos/modules/hashicorp.nix;
acme-sh = nixos/modules/acme-sh.nix;
hashicorp-envoy = nixos/modules/hashicorp-envoy.nix;
telegraf = nixos/modules/telegraf.nix;
grafana = nixos/modules/grafana.nix;
influx-provisioning = nixos/modules/influx-provisioning.nix;
microvm-extras = nixos/modules/microvm-extras.nix;
microvm-extras-host = nixos/modules/microvm-extras-host.nix;
notnft = nixos/modules/notnft.nix;
ucontainers = nixos/modules/ucontainers.nix;
netboot-xyz = nixos/modules/netboot-xyz.nix;
};
flake.apps = inputs.nixpkgs.lib.genAttrs config.systems (system: {
nixos-anywhere.program = inputs.nixos-anywhere.packages.${system}.nixos-anywhere;
nixos-anywhere.type = "app";
});
perSystem = {
system,
pkgs,
...
}: {
helmCharts.main = {
};
checks.pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
alejandra.enable = true;
};
};
packages = let
inherit
(lib')
attrValues
;
pkgs' = pkgs.appendOverlays (attrValues config.flake.overlays
++ [
inputs.nixng.overlays.default
]);
in {
terraform-provider-influxdb-v2 = pkgs'.terraform-providers.influxdb-v2;
terraform-provider-vault = pkgs'.terraform-providers.vault;
ubootClaraHD = pkgs.pkgsCross.armv7l-hf-multiplatform.buildUBoot {
version = "kobo-2023-10";
src = pkgs.fetchFromGitHub {
owner = "akemnade";
repo = "u-boot-fslc";
rev = "3247fa27aed27bb5ac24bd9966fd7dadd9c4c373";
hash = "sha256-MUAiiXTfxt/o/6rnoI7A76IMRPDUhXodjnguKwQKrVs=";
};
defconfig = "mx6sllclarahd_defconfig";
extraMeta.platforms = ["armv7l-linux"];
filesToInstall = ["u-boot-dtb.imx"];
extraConfig = ''
CONFIG_FASTBOOT_OEM_RUN=y
CONFIG_USB_FUNCTION_ACM=y
CONFIG_BOOTCOMMAND="detect_clara_rev ; run distro_bootcmd ; setenv stdin usbacm ; setenv stdout usbacm ; setenv stderr usbacm"
'';
};
inherit
(pkgs')
thingiverse-downloader-bash
emacsclient-remote
emacs-master-nativecomp
emacs-rofi
getmail6
magic-screenshot
maildrop
zfs-relmount
bootloadHID
tree-sitter-grammars
udp-over-tcp
itp
rolling_datasets
ifstate
microvmp
symlink-state
kobo-firmware-extractor
;
# ds3os;
};
};
flake.patches = {
hashicorp-nomad.revert-change-consul-si-tokens-to-be-local = patches/0001-Revert-Change-consul-SI-tokens-to-be-local.patch;
hashicorp-nomad.add-nix-integration = patches/0001-Add-Nix-integration.patch;
hostapd.intel_lar-and-noscan = patches/0001-intel_lar-and-noscan.patch;
hostapd.hostapd-2_10-lar = patches/999-hostapd-2.10-lar.patch;
hostapd.hostapd-2_10-lar-2 = patches/hostapd-2.10-lar.patch;
terraform-provider-nomad.allow-null-in-authMountTuneSchema = patches/vault-provider-Allow-null-in-authMountTuneSchema.patch;
systemd.override-cgroup-hierarchy = patches/0001-Add-env-SYSTEMD_UNIFIED_CGROUP_HIERARCHY.patch;
};
systems = [
"x86_64-linux"
"aarch64-linux"
"armv7l-linux"
];
});
}