# SPDX-FileCopyrightText: 2022 Richard Brežák # # SPDX-License-Identifier: LGPL-3.0-or-later { inputs = { nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; nixpkgs-stable.url = "github:NixOS/nixpkgs?ref=nixos-23.05"; nixpkgs-hashicorp.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; nixinate.url = "github:MagicRB/nixinate"; home-manager.url = "github:nix-community/home-manager?ref=master"; nixng.url = "github:nix-community/NixNG"; flake-parts.url = "github:hercules-ci/flake-parts"; nix-gaming.url = "github:fufexan/nix-gaming"; nix-gaming.inputs.nixpkgs.follows = "nixpkgs"; nix-gaming.inputs.flake-parts.follows = "flake-parts"; nil.url = "github:oxalica/nil"; uterranix.url = "sourcehut:~magic_rb/uterranix"; dwarffs.url = "github:edolstra/dwarffs"; haskell-nix.url = "github:input-output-hk/haskell.nix"; serokell-nix.url = "github:magicrb/serokell.nix"; serokell-nix.inputs.haskell-nix.follows = "haskell-nix"; website.url = "sourcehut:~magic_rb/website"; microvm.url = "github:astro/microvm.nix"; notnft.url = "github:chayleaf/notnft"; impermenance.url = "github:MagicRB/impermanence"; numen-nix.url = "github:anpandey/numen-nix"; hydra.url = "github:NixOS/hydra"; nix.url = "github:NixOS/nix"; disko.url = "github:nix-community/disko"; nixos-anywhere.url = "github:numtide/nixos-anywhere"; tuxedo-rs.url = "github:AaronErhardt/tuxedo-rs"; tuxedo-rs.inputs.nixpkgs.follows = "nixpkgs"; tuxedo-nixos.url = "github:blitz/tuxedo-nixos"; tuxedo-nixos.inputs.nixpkgs.follows = "nixpkgs"; emacs.url = "sourcehut:~magic_rb/emacs"; emacs.flake = false; vtermModule.url = "github:akermu/emacs-libvterm"; vtermModule.flake = false; secret.url = "path:///home/main/dotfiles/secret"; secret.flake = false; ical2org.url = "sourcehut:~magic_rb/ical2orgpy"; ical2org.flake = false; udp-over-tcp.url = "github:mullvad/udp-over-tcp"; udp-over-tcp.flake = false; }; outputs = inputs @ { flake-parts, self, secret, ... }: flake-parts.lib.mkFlake {inherit inputs;} ({ config, lib', ... }: { imports = [ modules/nixngConfigurations.nix modules/lib_overlays.nix lib/load_secrets.nix nixos/systems/omen nixos/systems/heater nixos/systems/toothpick nixos/systems/liveusb nixos/systems/blowhole nixos/systems/altra nixos/systems/gooseberry nixng/containers/ingress-blowhole nixng/containers/ingress-toothpick nixng/containers/matrix/mautrix-signal nixng/containers/matrix/mautrix-discord nixng/containers/matrix/mautrix-slack nixng/containers/matrix/mautrix-facebook nixng/containers/matrix/heisenbridge nixng/containers/matrix/synapse nixng/containers/website nixng/containers/home-assistant nixng/containers/email/getmail nixng/containers/email/dovecot.nix nixng/containers/email/postfix nixng/containers/gitea nixng/containers/hydra nixng/containers/syncthing # nixng/containers/minecraft/vanilla # nixng/containers/minecraft/ftb-infinity # nixng/containers/minecraft/ftb-integrations overlays/udp-over-tcp.nix overlays/emacsclient-remote overlays/magic-screenshot overlays/emacs-rofi overlays/tree-sitter-grammars.nix overlays/emacs-master-nativecomp overlays/zfs-relmount overlays/mautrix-discord.nix overlays/mautrix-slack.nix overlays/getmail6 overlays/maildrop overlays/courier-unicode.nix overlays/ds3os.nix overlays/terraform-provider-vault.nix overlays/terraform-provider-influxdb-v2.nix overlays/bootloadHID.nix overlays/itp overlays/virtiofsd-zfs overlays/show-files-to-be-deleted overlays/rolling_datasets overlays/ledger-compat overlays/ifstate overlays/microvmp overlays/symlink-state inputs.uterranix.flakeModule ]; _module.args.lib' = let inherit (inputs.nixpkgs) lib; inherit (inputs.nixpkgs.lib) extend ; in lib.foldl (acc: x: acc.extend x) lib (with config.flake.libOverlays; [ loadSecrets ]); flake.hydraJobs = let inherit (lib') mapAttrs recurseIntoAttrs ; in { nixng = recurseIntoAttrs (mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixngConfigurations); nixos = recurseIntoAttrs (mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixosConfigurations); packages = recurseIntoAttrs config.flake.packages; }; uterranix.config = [ ./terranix/default.nix { _module.args.secret = lib'.loadSecrets secret; _module.args.vars = { flake_rev = self.rev or (lib'.warn "No flake revision available, do not deploy containers!" ""); flake_sha = self.narHash or (lib'.warn "No flake nar hash available, do not deploy containers!" ""); flake_ref = "master"; flake_host = "git+https://git.sr.ht/~magic_rb/dotfiles"; }; _module.args.config' = config; } ]; uterranix.terraform = pkgs: let hpkgs = import inputs.nixpkgs { inherit (pkgs.stdenv) system; overlays = with self.overlays; [ terraform-provider-vault terraform-provider-influxdb-v2 ]; config.allowUnfreePredicate = lib'.traceVal (pkgs: builtins.elem (lib'.getName pkgs) [ "terraform" ]); }; in hpkgs.terraform.withPlugins (p: [ p.consul p.nomad p.local p.vault p.random p.null p.influxdb-v2 p.hcloud ]); flake.nixosModules = { hashicorp = nixos/modules/hashicorp.nix; hashicorp-envoy = nixos/modules/hashicorp-envoy.nix; telegraf = nixos/modules/telegraf.nix; grafana = nixos/modules/grafana.nix; influx-provisioning = nixos/modules/influx-provisioning.nix; microvm-extras = nixos/modules/microvm-extras.nix; microvm-extras-host = nixos/modules/microvm-extras-host.nix; notnft = nixos/modules/notnft.nix; }; flake.apps = inputs.nixpkgs.lib.genAttrs config.systems (system: { nixos-anywhere.program = inputs.nixos-anywhere.packages.${system}.nixos-anywhere; nixos-anywhere.type = "app"; }); perSystem = { system, pkgs, ... }: { packages = let inherit (lib') attrValues ; pkgs' = pkgs.appendOverlays (attrValues config.flake.overlays ++ [ inputs.nixng.overlays.default ]); in { terraform-provider-influxdb-v2 = pkgs'.terraform-providers.influxdb-v2; terraform-provider-vault = pkgs'.terraform-providers.vault; inherit (pkgs') emacsclient-remote emacs-master-nativecomp emacs-rofi getmail6 magic-screenshot maildrop zfs-relmount bootloadHID tree-sitter-grammars udp-over-tcp itp rolling_datasets ifstate symlink-state ; # ds3os; }; devShells.default = let unpackSrc = package: pkgs.stdenv.mkDerivation { pname = package.pname; version = package.version; src = package.src; phases = ["unpackPhase" "installPhase"]; installPhase = '' mkdir $out cp -r . $out ''; }; prepareDeps = pkgs.writeShellScript "prepare-deps.sh" '' cd "$(git rev-parse --show-toplevel)/home-manager/modules/xmonad" mkdir -p .packages _rsync_args=("--no-perms" "--no-owner" "--no-group" "--del" "--exclude=.stack-work" "--chmod=ugo=rwX" "-crvP") rsync "''${_rsync_args[@]}" ${unpackSrc pkgs.haskell.packages.ghc946.xmonad}/. .packages/xmonad >/dev/null 2>&1 rsync "''${_rsync_args[@]}" ${unpackSrc pkgs.haskell.packages.ghc946.xmonad-contrib}/. .packages/xmonad-contrib >/dev/null 2>&1 rsync "''${_rsync_args[@]}" ${unpackSrc pkgs.haskell.packages.ghc946.xmobar}/. .packages/xmobar >/dev/null 2>&1 ''; stack-wrapped = pkgs.symlinkJoin { name = "stack"; # will be available as the usual `stack` in terminal paths = [pkgs.stack]; buildInputs = [pkgs.makeWrapper]; postBuild = '' wrapProgram $out/bin/stack \ --run "${prepareDeps}"\ --add-flags "\ --no-nix \ --system-ghc \ --no-install-ghc \ " ''; }; nix-wrapped = pkgs.writeShellScriptBin "nix" '' if [[ "$NIX_SECRET_WRAPPER_DEBUG" = 1 ]] ; then set -x fi if ! [ -z $NIX_GET_COMPLETIONS ] ; then exec .nix-unwrapped "$@" fi pre_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')" new_args=() i="0" flake=0 immutable=0 local=0 for arg in "$@" ; do if [[ "$arg" =~ ^git\+file://.*$ ]] ; then immutable=1 local=1 fi if [[ "$arg" =~ ^.\#.*$ ]] ; then local=1 fi done for arg in "$@" ; do case "$arg" in build|eval|run) new_args[$i]="$arg" new_args[$(($i + 1))]="--reference-lock-file" new_args[$(($i + 2))]="flake-secret.lock" if [[ "$immutable" == 0 ]] ; then new_args[$(($i + 3))]="--output-lock-file" new_args[$(($i + 4))]="flake-secret.lock" i="$(($i + 2))" fi i="$(($i + 3))" if [[ "$local" = 0 ]] ; then exec .nix-unwrapped "$@" fi ;; flake) new_args[$i]="$arg" i="$(($i + 1))" flake=1 ;; --*|-*) new_args[$i]="$arg" i="$(($i + 1))" ;; *) if [[ "$flake" == "1" ]] ; then new_args[$i]="$arg" new_args[$(($i + 1))]="--reference-lock-file" new_args[$(($i + 2))]="flake-secret.lock" new_args[$(($i + 3))]="--output-lock-file" new_args[$(($i + 4))]="flake-secret.lock" flake=0 i="$(($i + 5))" else new_args[$i]="$arg" i="$(($i + 1))" fi ;; esac done ( exec -a $0 .nix-unwrapped "''${new_args[@]}" ) ret_code=$? post_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')" if ! [[ "$pre_lock_hash" == "$post_lock_hash" ]] ; then cp flake-secret.lock flake.lock .nix-unwrapped flake lock --override-input secret path:///var/empty fi exit $ret_code ''; nix-with-wrapper = pkgs.symlinkJoin { name = "nix"; paths = [pkgs.nixUnstable]; buildInputs = [pkgs.makeWrapper]; postBuild = '' mv $out/bin/nix $out/bin/.nix-unwrapped cp ${nix-wrapped}/bin/nix $out/bin/nix ''; }; nixos-rebuild = pkgs.nixos-rebuild.override {nix = nix-with-wrapper;}; in pkgs.mkShell { nativeBuildInputs = with pkgs; [ (pkgs.writeShellScriptBin "update-secret" '' nix flake lock --update-input secret '') nil nix-with-wrapper nixos-rebuild (nomad.overrideAttrs (old: {meta = old.meta // {license = "mpl-2.0";};})) (consul.overrideAttrs (old: {meta = old.meta // {license = "mpl-2.0";};})) (vault.overrideAttrs (old: {meta = old.meta // {license = "mpl-2.0";};})) haskell.compiler.ghc946 stack-wrapped pkg-config haskell.packages.ghc946.haskell-language-server jq alejandra ] ++ (lib.foldl (acc: x: acc ++ x) [] (map (x: pkgs.haskell.packages.ghc946.${x}.buildInputs) ["gi-pangocairo" "X11" "cairo" "glib"])); }; }; flake.patches = { hashicorp-nomad.revert-change-consul-si-tokens-to-be-local = patches/0001-Revert-Change-consul-SI-tokens-to-be-local.patch; hashicorp-nomad.add-nix-integration = patches/0001-Add-Nix-integration.patch; hostapd.intel_lar-and-noscan = patches/0001-intel_lar-and-noscan.patch; hostapd.hostapd-2_10-lar = patches/999-hostapd-2.10-lar.patch; hostapd.hostapd-2_10-lar-2 = patches/hostapd-2.10-lar.patch; terraform-provider-nomad.allow-null-in-authMountTuneSchema = patches/vault-provider-Allow-null-in-authMountTuneSchema.patch; }; systems = [ "x86_64-linux" "armv8-linux" "riscv64-linux" ]; }); }