dotfiles/flake.nix

354 lines
13 KiB
Nix
Raw Normal View History

# SPDX-FileCopyrightText: 2022 Richard Brežák <richard@brezak.sk>
#
# SPDX-License-Identifier: LGPL-3.0-or-later
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs?ref=nixos-23.05";
nixpkgs-hashicorp.url = "github:NixOS/nixpkgs?ref=nixos-unstable";
nixinate.url = "github:MagicRB/nixinate";
home-manager.url = "github:nix-community/home-manager?ref=master";
nixng.url = "github:nix-community/NixNG";
flake-parts.url = "github:hercules-ci/flake-parts";
nil.url = "github:oxalica/nil";
uterranix.url = "sourcehut:~magic_rb/uterranix";
dwarffs.url = "github:edolstra/dwarffs";
haskell-nix.url = "github:input-output-hk/haskell.nix";
serokell-nix.url = "github:magicrb/serokell.nix";
serokell-nix.inputs.haskell-nix.follows = "haskell-nix";
website.url = "sourcehut:~magic_rb/website";
microvm.url = "github:astro/microvm.nix";
notnft.url = "github:chayleaf/notnft";
impermenance.url = "github:MagicRB/impermanence";
numen-nix.url = "github:anpandey/numen-nix";
hydra.url = "github:t184256/hydra/nix-ca-reprise";
nix.url = "github:NixOS/nix";
disko.url = "github:nix-community/disko";
nixos-anywhere.url = "github:numtide/nixos-anywhere";
tuxedo-rs.url = "github:AaronErhardt/tuxedo-rs";
tuxedo-rs.inputs.nixpkgs.follows = "nixpkgs";
tuxedo-nixos.url = "github:blitz/tuxedo-nixos";
tuxedo-nixos.inputs.nixpkgs.follows = "nixpkgs";
emacs.url = "sourcehut:~magic_rb/emacs";
emacs.flake = false;
vtermModule.url = "github:akermu/emacs-libvterm";
vtermModule.flake = false;
secret.url = "path:///home/main/dotfiles/secret";
secret.flake = false;
ical2org.url = "git+https://git.sr.ht/~magic_rb/ical2orgpy";
ical2org.flake = false;
udp-over-tcp.url = "github:mullvad/udp-over-tcp";
udp-over-tcp.flake = false;
};
outputs = inputs@{ flake-parts, self, secret, ... }:
flake-parts.lib.mkFlake { inherit inputs; } ({ config, lib', ... }: {
imports = [
modules/nixngConfigurations.nix
modules/lib_overlays.nix
lib/load_secrets.nix
nixos/systems/omen
nixos/systems/heater
nixos/systems/toothpick
nixos/systems/liveusb
nixos/systems/blowhole
nixos/systems/altra
nixos/systems/gooseberry
nixng/containers/ingress-blowhole
nixng/containers/ingress-toothpick
nixng/containers/matrix/mautrix-signal
nixng/containers/matrix/mautrix-discord
nixng/containers/matrix/mautrix-facebook
nixng/containers/matrix/heisenbridge
nixng/containers/matrix/synapse
nixng/containers/website
nixng/containers/home-assistant
nixng/containers/email/getmail
nixng/containers/email/dovecot.nix
nixng/containers/email/postfix
nixng/containers/gitea
nixng/containers/hydra
nixng/containers/syncthing
# nixng/containers/minecraft/vanilla
# nixng/containers/minecraft/ftb-infinity
# nixng/containers/minecraft/ftb-integrations
overlays/udp-over-tcp.nix
overlays/emacsclient-remote
overlays/magic-screenshot
overlays/emacs-rofi
overlays/tree-sitter-grammars.nix
overlays/emacs-master-nativecomp
overlays/zfs-relmount
overlays/mautrix-discord.nix
overlays/getmail6
overlays/maildrop
overlays/courier-unicode.nix
overlays/ds3os.nix
overlays/terraform-provider-vault.nix
overlays/terraform-provider-influxdb-v2.nix
overlays/bootloadHID.nix
overlays/itp
overlays/virtiofsd-zfs
overlays/show-files-to-be-deleted
overlays/rolling_datasets
overlays/ledger-compat
inputs.uterranix.flakeModule
];
_module.args.lib' =
let
inherit (inputs.nixpkgs) lib;
inherit (inputs.nixpkgs.lib)
extend;
in
lib.foldl (acc: x: acc.extend x) lib (with config.flake.libOverlays; [
loadSecrets
]);
flake.hydraJobs =
let
inherit (lib')
mapAttrs;
in
{
nixng = mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixngConfigurations;
nixos = mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixosConfigurations;
packages = mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixosConfigurations;
};
uterranix.config = [
./terranix/default.nix
{
_module.args.secret = lib'.loadSecrets secret;
_module.args.vars = {
flake_rev = self.rev or (lib'.warn "No flake revision available, do not deploy containers!" "");
flake_sha = self.narHash or (lib'.warn "No flake nar hash available, do not deploy containers!" "");
flake_ref = "master";
flake_host = "git+https://git.sr.ht/~magic_rb/dotfiles-2.0";
};
_module.args.config' = config;
}
];
uterranix.terraform = pkgs:
let
hpkgs = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.system}.appendOverlays (with config.flake.overlays; [
terraform-provider-vault
terraform-provider-influxdb-v2
]);
in
hpkgs.terraform.withPlugins (p: [
p.consul
p.nomad
p.local
p.vault
p.random
p.null
p.influxdb-v2
p.hcloud
] );
flake.nixosModules = {
hashicorp = nixos/modules/hashicorp.nix;
hashicorp-envoy = nixos/modules/hashicorp-envoy.nix;
telegraf = nixos/modules/telegraf.nix;
grafana = nixos/modules/grafana.nix;
influx-provisioning = nixos/modules/influx-provisioning.nix;
microvm-extras = nixos/modules/microvm-extras.nix;
microvm-extras-host = nixos/modules/microvm-extras-host.nix;
notnft = nixos/modules/notnft.nix;
};
flake.apps = inputs.nixpkgs.lib.genAttrs config.systems (system: {
nixos-anywhere.program = (inputs.nixos-anywhere.packages.${system}.nixos-anywhere);
nixos-anywhere.type = "app";
});
perSystem = { system, pkgs, ... }:
{
packages =
let
inherit (lib')
attrValues;
pkgs' = pkgs.appendOverlays (attrValues config.flake.overlays ++ [
inputs.nixng.overlays.default
inputs.nix-matlab.overlay
]);
in
{
terraform-provider-influxdb-v2 = pkgs'.terraform-providers.influxdb-v2;
terraform-provider-vault = pkgs'.terraform-providers.vault;
inherit (pkgs')
emacsclient-remote
emacs-master-nativecomp
emacs-rofi
getmail6
magic-screenshot
maildrop
zfs-relmount
bootloadHID
tree-sitter-grammars
udp-over-tcp
itp
rolling_datasets;
# ds3os;
};
devShells.default =
let
unpackSrc = package: pkgs.stdenv.mkDerivation {
pname = package.pname;
version = package.version;
src = package.src;
phases = [ "unpackPhase" "installPhase" ];
installPhase = ''
mkdir $out
cp -r . $out
'';
};
prepareDeps = pkgs.writeShellScript "prepare-deps.sh" ''
cd "$(git rev-parse --show-toplevel)/home-manager/modules/xmonad"
mkdir -p .packages
_rsync_args=("--no-perms" "--no-owner" "--no-group" "--del" "--exclude=.stack-work" "--chmod=ugo=rwX" "-crvP")
rsync "''${_rsync_args[@]}" ${unpackSrc pkgs.haskell.packages.ghc946.xmonad}/. .packages/xmonad >/dev/null 2>&1
rsync "''${_rsync_args[@]}" ${unpackSrc pkgs.haskell.packages.ghc946.xmonad-contrib}/. .packages/xmonad-contrib >/dev/null 2>&1
rsync "''${_rsync_args[@]}" ${unpackSrc pkgs.haskell.packages.ghc946.xmobar}/. .packages/xmobar >/dev/null 2>&1
'';
stack-wrapped = pkgs.symlinkJoin {
name = "stack"; # will be available as the usual `stack` in terminal
paths = [ pkgs.stack ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/stack \
--run "${prepareDeps}"\
--add-flags "\
--no-nix \
--system-ghc \
--no-install-ghc \
"
'';
};
nix-wrapped = pkgs.writeShellScriptBin "nix" ''
pre_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')"
new_args=()
i="0"
flake=0
immutable=0
for arg in "$@" ; do
if [[ "$arg" =~ "^git+file://.*$" ]] ; then
immutable=1
fi
done
for arg in "$@" ; do
case "$arg" in
build|eval|run)
new_args[$i]="$arg"
new_args[$(($i + 1))]="--reference-lock-file"
new_args[$(($i + 2))]="flake-secret.lock"
if [[ "$immutable" != 0 ]] ; then
new_args[$(($i + 3))]="--output-lock-file"
new_args[$(($i + 4))]="flake-secret.lock"
i="$(($i + 2))"
fi
i="$(($i + 3))"
;;
flake)
new_args[$i]="$arg"
i="$(($i + 1))"
flake=1
;;
--*|-*)
new_args[$i]="$arg"
i="$(($i + 1))"
;;
*)
if [[ "$flake" == "1" ]] ; then
new_args[$i]="$arg"
new_args[$(($i + 1))]="--reference-lock-file"
new_args[$(($i + 2))]="flake-secret.lock"
new_args[$(($i + 3))]="--output-lock-file"
new_args[$(($i + 4))]="flake-secret.lock"
i="$(($i + 5))"
else
new_args[$i]="$arg"
i="$(($i + 1))"
fi
;;
esac
done
( exec -a $0 .nix-unwrapped "''${new_args[@]}" )
post_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')"
if ! [[ "$pre_lock_hash" == "$post_lock_hash" ]] ; then
cp flake-secret.lock flake.lock
.nix-unwrapped flake lock --override-input secret path:///var/empty
fi
'';
nix-with-wrapper = pkgs.symlinkJoin {
name = "nix";
paths = [ pkgs.nixUnstable ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
mv $out/bin/nix $out/bin/.nix-unwrapped
cp ${nix-wrapped}/bin/nix $out/bin/nix
'';
};
nixos-rebuild = pkgs.nixos-rebuild.override { nix = nix-with-wrapper; };
in
pkgs.mkShell {
nativeBuildInputs = with pkgs; [
(pkgs.writeShellScriptBin "update-secret" ''
nix flake lock --update-input secret
'')
nil nix-with-wrapper nixos-rebuild
nomad consul vault
haskell.compiler.ghc946
stack-wrapped
pkg-config
haskell.packages.ghc946.haskell-language-server
jq
alejandra
] ++ (lib.foldl (acc: x: acc ++ x) [] (map (x: pkgs.haskell.packages.ghc946.${x}.buildInputs) [ "gi-pangocairo" "X11" "cairo" "glib" ]));
};
};
flake.patches = {
hashicorp-nomad.revert-change-consul-si-tokens-to-be-local = patches/0001-Revert-Change-consul-SI-tokens-to-be-local.patch;
hashicorp-nomad.add-nix-integration = patches/0001-Add-Nix-integration.patch;
hostapd.intel_lar-and-noscan = patches/0001-intel_lar-and-noscan.patch;
hostapd.hostapd-2_10-lar = patches/999-hostapd-2.10-lar.patch;
hostapd.hostapd-2_10-lar-2 = patches/hostapd-2.10-lar.patch;
terraform-provider-nomad.allow-null-in-authMountTuneSchema = patches/vault-provider-Allow-null-in-authMountTuneSchema.patch;
};
systems = [
"x86_64-linux"
"armv8-linux"
"riscv64-linux"
];
});
}