# SPDX-FileCopyrightText: 2022 Richard Brežák # # SPDX-License-Identifier: LGPL-3.0-or-later { inputs = { nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; nixpkgs-stable.url = "github:NixOS/nixpkgs?ref=nixos-23.05"; nixpkgs-hashicorp.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; nixinate.url = "github:MagicRB/nixinate"; home-manager.url = "github:nix-community/home-manager?ref=master"; nixng.url = "github:nix-community/NixNG"; flake-parts.url = "github:hercules-ci/flake-parts"; nil.url = "github:oxalica/nil"; uterranix.url = "sourcehut:~magic_rb/uterranix"; dwarffs.url = "github:edolstra/dwarffs"; haskell-nix.url = "github:input-output-hk/haskell.nix"; serokell-nix.url = "github:magicrb/serokell.nix"; serokell-nix.inputs.haskell-nix.follows = "haskell-nix"; website.url = "sourcehut:~magic_rb/website"; microvm.url = "github:astro/microvm.nix"; notnft.url = "github:chayleaf/notnft"; impermenance.url = "github:MagicRB/impermanence"; numen-nix.url = "github:anpandey/numen-nix"; hydra.url = "github:t184256/hydra/nix-ca-reprise"; nix.url = "github:NixOS/nix"; disko.url = "github:nix-community/disko"; nixos-anywhere.url = "github:numtide/nixos-anywhere"; tuxedo-rs.url = "github:AaronErhardt/tuxedo-rs"; tuxedo-rs.inputs.nixpkgs.follows = "nixpkgs"; tuxedo-nixos.url = "github:blitz/tuxedo-nixos"; tuxedo-nixos.inputs.nixpkgs.follows = "nixpkgs"; emacs.url = "sourcehut:~magic_rb/emacs"; emacs.flake = false; vtermModule.url = "github:akermu/emacs-libvterm"; vtermModule.flake = false; secret.url = "path:///home/main/dotfiles/secret"; secret.flake = false; ical2org.url = "git+https://git.sr.ht/~magic_rb/ical2orgpy"; ical2org.flake = false; udp-over-tcp.url = "github:mullvad/udp-over-tcp"; udp-over-tcp.flake = false; }; outputs = inputs@{ flake-parts, self, secret, ... }: flake-parts.lib.mkFlake { inherit inputs; } ({ config, lib', ... }: { imports = [ modules/nixngConfigurations.nix modules/lib_overlays.nix lib/load_secrets.nix nixos/systems/omen nixos/systems/heater nixos/systems/toothpick nixos/systems/liveusb nixos/systems/blowhole nixos/systems/altra nixos/systems/gooseberry nixng/containers/ingress-blowhole nixng/containers/ingress-toothpick nixng/containers/matrix/mautrix-signal nixng/containers/matrix/mautrix-discord nixng/containers/matrix/mautrix-facebook nixng/containers/matrix/heisenbridge nixng/containers/matrix/synapse nixng/containers/website nixng/containers/home-assistant nixng/containers/email/getmail nixng/containers/email/dovecot.nix nixng/containers/email/postfix nixng/containers/gitea nixng/containers/hydra nixng/containers/syncthing # nixng/containers/minecraft/vanilla # nixng/containers/minecraft/ftb-infinity # nixng/containers/minecraft/ftb-integrations overlays/udp-over-tcp.nix overlays/emacsclient-remote overlays/magic-screenshot overlays/emacs-rofi overlays/tree-sitter-grammars.nix overlays/emacs-master-nativecomp overlays/zfs-relmount overlays/mautrix-discord.nix overlays/getmail6 overlays/maildrop overlays/courier-unicode.nix overlays/ds3os.nix overlays/terraform-provider-vault.nix overlays/terraform-provider-influxdb-v2.nix overlays/bootloadHID.nix overlays/itp overlays/virtiofsd-zfs overlays/show-files-to-be-deleted overlays/rolling_datasets overlays/ledger-compat inputs.uterranix.flakeModule ]; _module.args.lib' = let inherit (inputs.nixpkgs) lib; inherit (inputs.nixpkgs.lib) extend; in lib.foldl (acc: x: acc.extend x) lib (with config.flake.libOverlays; [ loadSecrets ]); flake.hydraJobs = let inherit (lib') mapAttrs; in { nixng = mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixngConfigurations; nixos = mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixosConfigurations; packages = mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixosConfigurations; }; uterranix.config = [ ./terranix/default.nix { _module.args.secret = lib'.loadSecrets secret; _module.args.vars = { flake_rev = self.rev or (lib'.warn "No flake revision available, do not deploy containers!" ""); flake_sha = self.narHash or (lib'.warn "No flake nar hash available, do not deploy containers!" ""); flake_ref = "master"; flake_host = "git+https://git.sr.ht/~magic_rb/dotfiles-2.0"; }; _module.args.config' = config; } ]; uterranix.terraform = pkgs: let hpkgs = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.system}.appendOverlays (with config.flake.overlays; [ terraform-provider-vault terraform-provider-influxdb-v2 ]); in hpkgs.terraform.withPlugins (p: [ p.consul p.nomad p.local p.vault p.random p.null p.influxdb-v2 p.hcloud ] ); flake.nixosModules = { hashicorp = nixos/modules/hashicorp.nix; hashicorp-envoy = nixos/modules/hashicorp-envoy.nix; telegraf = nixos/modules/telegraf.nix; grafana = nixos/modules/grafana.nix; influx-provisioning = nixos/modules/influx-provisioning.nix; microvm-extras = nixos/modules/microvm-extras.nix; microvm-extras-host = nixos/modules/microvm-extras-host.nix; notnft = nixos/modules/notnft.nix; }; flake.apps = inputs.nixpkgs.lib.genAttrs config.systems (system: { nixos-anywhere.program = (inputs.nixos-anywhere.packages.${system}.nixos-anywhere); nixos-anywhere.type = "app"; }); perSystem = { system, pkgs, ... }: { packages = let inherit (lib') attrValues; pkgs' = pkgs.appendOverlays (attrValues config.flake.overlays ++ [ inputs.nixng.overlays.default inputs.nix-matlab.overlay ]); in { terraform-provider-influxdb-v2 = pkgs'.terraform-providers.influxdb-v2; terraform-provider-vault = pkgs'.terraform-providers.vault; inherit (pkgs') emacsclient-remote emacs-master-nativecomp emacs-rofi getmail6 magic-screenshot maildrop zfs-relmount bootloadHID tree-sitter-grammars udp-over-tcp itp rolling_datasets; # ds3os; }; devShells.default = let unpackSrc = package: pkgs.stdenv.mkDerivation { pname = package.pname; version = package.version; src = package.src; phases = [ "unpackPhase" "installPhase" ]; installPhase = '' mkdir $out cp -r . $out ''; }; prepareDeps = pkgs.writeShellScript "prepare-deps.sh" '' cd "$(git rev-parse --show-toplevel)/home-manager/modules/xmonad" mkdir -p .packages _rsync_args=("--no-perms" "--no-owner" "--no-group" "--del" "--exclude=.stack-work" "--chmod=ugo=rwX" "-crvP") rsync "''${_rsync_args[@]}" ${unpackSrc pkgs.haskell.packages.ghc946.xmonad}/. .packages/xmonad >/dev/null 2>&1 rsync "''${_rsync_args[@]}" ${unpackSrc pkgs.haskell.packages.ghc946.xmonad-contrib}/. .packages/xmonad-contrib >/dev/null 2>&1 rsync "''${_rsync_args[@]}" ${unpackSrc pkgs.haskell.packages.ghc946.xmobar}/. .packages/xmobar >/dev/null 2>&1 ''; stack-wrapped = pkgs.symlinkJoin { name = "stack"; # will be available as the usual `stack` in terminal paths = [ pkgs.stack ]; buildInputs = [ pkgs.makeWrapper ]; postBuild = '' wrapProgram $out/bin/stack \ --run "${prepareDeps}"\ --add-flags "\ --no-nix \ --system-ghc \ --no-install-ghc \ " ''; }; nix-wrapped = pkgs.writeShellScriptBin "nix" '' pre_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')" new_args=() i="0" flake=0 immutable=0 for arg in "$@" ; do if [[ "$arg" =~ "^git+file://.*$" ]] ; then immutable=1 fi done for arg in "$@" ; do case "$arg" in build|eval|run) new_args[$i]="$arg" new_args[$(($i + 1))]="--reference-lock-file" new_args[$(($i + 2))]="flake-secret.lock" if [[ "$immutable" != 0 ]] ; then new_args[$(($i + 3))]="--output-lock-file" new_args[$(($i + 4))]="flake-secret.lock" i="$(($i + 2))" fi i="$(($i + 3))" ;; flake) new_args[$i]="$arg" i="$(($i + 1))" flake=1 ;; --*|-*) new_args[$i]="$arg" i="$(($i + 1))" ;; *) if [[ "$flake" == "1" ]] ; then new_args[$i]="$arg" new_args[$(($i + 1))]="--reference-lock-file" new_args[$(($i + 2))]="flake-secret.lock" new_args[$(($i + 3))]="--output-lock-file" new_args[$(($i + 4))]="flake-secret.lock" i="$(($i + 5))" else new_args[$i]="$arg" i="$(($i + 1))" fi ;; esac done ( exec -a $0 .nix-unwrapped "''${new_args[@]}" ) post_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')" if ! [[ "$pre_lock_hash" == "$post_lock_hash" ]] ; then cp flake-secret.lock flake.lock .nix-unwrapped flake lock --override-input secret path:///var/empty fi ''; nix-with-wrapper = pkgs.symlinkJoin { name = "nix"; paths = [ pkgs.nixUnstable ]; buildInputs = [ pkgs.makeWrapper ]; postBuild = '' mv $out/bin/nix $out/bin/.nix-unwrapped cp ${nix-wrapped}/bin/nix $out/bin/nix ''; }; nixos-rebuild = pkgs.nixos-rebuild.override { nix = nix-with-wrapper; }; in pkgs.mkShell { nativeBuildInputs = with pkgs; [ (pkgs.writeShellScriptBin "update-secret" '' nix flake lock --update-input secret '') nil nix-with-wrapper nixos-rebuild nomad consul vault haskell.compiler.ghc946 stack-wrapped pkg-config haskell.packages.ghc946.haskell-language-server jq alejandra ] ++ (lib.foldl (acc: x: acc ++ x) [] (map (x: pkgs.haskell.packages.ghc946.${x}.buildInputs) [ "gi-pangocairo" "X11" "cairo" "glib" ])); }; }; flake.patches = { hashicorp-nomad.revert-change-consul-si-tokens-to-be-local = patches/0001-Revert-Change-consul-SI-tokens-to-be-local.patch; hashicorp-nomad.add-nix-integration = patches/0001-Add-Nix-integration.patch; hostapd.intel_lar-and-noscan = patches/0001-intel_lar-and-noscan.patch; hostapd.hostapd-2_10-lar = patches/999-hostapd-2.10-lar.patch; hostapd.hostapd-2_10-lar-2 = patches/hostapd-2.10-lar.patch; terraform-provider-nomad.allow-null-in-authMountTuneSchema = patches/vault-provider-Allow-null-in-authMountTuneSchema.patch; }; systems = [ "x86_64-linux" "armv8-linux" "riscv64-linux" ]; }); }