auto-update-daily-20260202
1{
2 description = "System Config";
3
4 nixConfig = {
5 extra-substituters = [
6 "https://nixos-raspberrypi.cachix.org"
7 ];
8 extra-trusted-public-keys = [
9 "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
10 ];
11 };
12
13 outputs =
14 { self, ... }@inputs:
15 let
16 inherit (self) outputs;
17 stateVersion = "24.11";
18
19 libx = import ./lib {
20 inherit
21 self
22 inputs
23 outputs
24 stateVersion
25 ;
26 };
27
28 supportedSystems = [
29 "x86_64-linux"
30 "aarch64-linux"
31 ];
32 forAllSystems = inputs.nixpkgs.lib.genAttrs supportedSystems;
33 in
34 {
35 githubActions = inputs.nix-github-actions.lib.mkGithubMatrix {
36 checks = inputs.nixpkgs.lib.getAttrs [ "x86_64-linux" ] self.packages;
37 };
38 githubActionsMatrix = builtins.toJSON (
39 inputs.nixpkgs.lib.mapAttrsToList
40 (name: value: {
41 inherit name;
42 arch = value._module.specialArgs.system;
43 })
44 (
45 inputs.nixpkgs.lib.attrsets.filterAttrs (
46 _: config:
47 (
48 builtins.hasAttr "system" config._module.specialArgs && config._module.specialArgs.hostname != "foo"
49 )
50 ) self.nixosConfigurations
51 )
52 );
53 # Standalone home configurations
54 # FIXME set this up
55 homeConfigurations = {
56 # headless machine
57 "vincent@aion" = libx.mkHome {
58 username = "vincent";
59 hostname = "aion";
60 system = "aarch64-linux";
61 };
62 "houbeb@aion" = libx.mkHome {
63 username = "houbeb";
64 hostname = "aion";
65 system = "aarch64-linux";
66 };
67 # TODO vincent@honshu (darwin)
68 # TODO vincent@okinawa (wsl ?)
69 };
70 nixosConfigurations = {
71 # Work laptop (unstable)
72 kyushu = libx.mkHost {
73 hostname = "kyushu";
74 # desktop = "sway";
75 desktop = "niri";
76 };
77 # Servers (unstable)
78 aomi = libx.mkHost {
79 hostname = "aomi";
80 };
81 sakhalin = libx.mkHost {
82 hostname = "sakhalin";
83 };
84 # kobe = libx.mkHost {
85 # hostname = "kobe";
86 # };
87 # shikoku = libx.mkHost {
88 # hostname = "shikoku";
89 # };
90 # Servers (stable)
91 athena = libx.mkHost {
92 hostname = "athena";
93 system = "aarch64-linux";
94 hardwareType = "rpi4";
95 pkgsInput = inputs.nixpkgs-25_11;
96 homeInput = inputs.home-manager-25_11;
97 };
98 demeter = libx.mkHost {
99 hostname = "demeter";
100 system = "aarch64-linux";
101 hardwareType = "rpi4";
102 pkgsInput = inputs.nixpkgs-25_11;
103 homeInput = inputs.home-manager-25_11;
104 };
105 aix = libx.mkHost {
106 hostname = "aix";
107 system = "aarch64-linux";
108 hardwareType = "rpi4";
109 pkgsInput = inputs.nixpkgs-25_11;
110 homeInput = inputs.home-manager-25_11;
111 };
112 aion = libx.mkHost {
113 hostname = "aion";
114 system = "aarch64-linux";
115 pkgsInput = inputs.nixpkgs-25_11;
116 homeInput = inputs.home-manager-25_11;
117 };
118 rhea = libx.mkHost {
119 hostname = "rhea";
120 system = "aarch64-linux";
121 pkgsInput = inputs.nixpkgs-25_11;
122 homeInput = inputs.home-manager-25_11;
123 };
124 kerkouane = libx.mkHost {
125 hostname = "kerkouane";
126 pkgsInput = inputs.nixpkgs-25_11;
127 homeInput = inputs.home-manager-25_11;
128 };
129 # NOTE: experimentations
130 #foo = libx.newMkHost {
131 # hostname = "foo";
132 #};
133 };
134
135 nixosModules = {
136 # provided modules (to be upstreamed)
137 wireguard-client = ./modules/wireguard/client.nix;
138 wireguard-server = ./modules/wireguard/server.nix;
139 govanityurl = ./modules/govanityurl;
140 gosmee = ./modules/gosmee;
141 rsync-replica = ./modules/rsync-replica;
142 nixpkgs-consolidate = ./modules/nixpkgs-consolidate;
143 microshift = ./modules/microshift;
144 harmonia = ./modules/harmonia;
145 };
146
147 # system-manager configurations
148 systemConfigs = {
149 aion = libx.mkSystemManager {
150 hostname = "aion";
151 system = "aarch64-linux";
152 };
153 nagoya = libx.mkSystemManager {
154 hostname = "nagoya";
155 system = "aarch64-linux";
156 };
157 };
158
159 images = {
160 # sdimages
161 aix =
162 (self.nixosConfigurations.aix.extendModules {
163 modules = [
164 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
165 ];
166 }).config.system.build.sdImage;
167 athena =
168 (self.nixosConfigurations.athena.extendModules {
169 modules = [
170 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
171 ];
172 }).config.system.build.sdImage;
173 demeter =
174 (self.nixosConfigurations.demeter.extendModules {
175 modules = [
176 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
177 ];
178 }).config.system.build.sdImage;
179 nagoya =
180 (self.nixosConfigurations.nagoya.extendModules {
181 modules = [
182 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
183 ];
184 }).config.system.build.sdImage;
185 };
186
187 overlays = import ./overlays { inherit inputs; };
188
189 packages = forAllSystems (
190 system:
191 let
192 pkgs = import inputs.nixpkgs {
193 system = system;
194 config.allowAliases = false;
195 overlays = [
196 self.overlays.additions
197 ];
198 };
199 skipDarwinPackages =
200 system: n:
201 if lib.strings.hasSuffix "darwin" system then !(lib.strings.hasPrefix "koff" n) else true;
202 inherit (inputs.nixpkgs) lib;
203 drvAttrs = builtins.filter (n: lib.isDerivation pkgs.${n} && skipDarwinPackages system n) (
204 builtins.attrNames (self.overlays.additions pkgs pkgs)
205 );
206 in
207 lib.listToAttrs (map (n: lib.nameValuePair n pkgs.${n}) drvAttrs)
208 );
209
210 checks = forAllSystems (system: {
211 pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
212 src = ./.;
213 # Run hooks on pre-push instead of pre-commit for less intrusive workflow
214 default_stages = [
215 "manual"
216 "pre-push"
217 ];
218 hooks = {
219 # go
220 gofmt.enable = true;
221 # golangci-lint.enable = true;
222 # nix
223 deadnix.enable = true;
224 nixfmt.enable = true;
225 # statix.enable = true;
226 # python
227 ruff.enable = true;
228 # shell
229 shellcheck.enable = true;
230 # emacs lisp - basic syntax checking
231 elisp-byte-compile = {
232 enable = false; # Disabled - causes issues with missing packages in pre-push hook
233 name = "Emacs Lisp byte-compile";
234 entry =
235 let
236 pkgs = import inputs.nixpkgs { system = system; };
237 # Create a wrapper that runs Emacs byte-compilation
238 elisp-check = pkgs.writeShellScript "elisp-check" ''
239 ${pkgs.emacs}/bin/emacs --batch \
240 --eval "(setq byte-compile-error-on-warn t)" \
241 -f batch-byte-compile "$@"
242 '';
243 in
244 toString elisp-check;
245 files = "\\.el$";
246 excludes = [
247 "dots/\\.config/emacs/old/.*"
248 "dots/\\.config/emacs/elpa/.*"
249 "dots/\\.config/emacs/transient/.*"
250 "dots/\\.config/emacs/eshell/.*"
251 "dots/\\.config/emacs/custom\\.el"
252 "dots/\\.config/emacs/\\.chatgpt-shell\\.el"
253 "dots/\\.config/emacs/site-lisp/.*"
254 "\\.dir-locals\\.el"
255 ];
256 };
257 };
258 };
259 });
260
261 devShells = forAllSystems (system: {
262 default =
263 let
264 pkgs = import inputs.nixpkgs {
265 system = system;
266 config.allowUnfree = true;
267 };
268 in
269 inputs.nixpkgs.legacyPackages.${system}.mkShell {
270 inherit (self.checks.${system}.pre-commit-check) shellHook;
271 buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
272 packages = [
273 pkgs.git
274 pkgs.nodePackages.prettier
275 pkgs.deadnix
276 pkgs.nixfmt
277 inputs.agenix.packages.${system}.default
278 ];
279 name = "home";
280 DIRENV_LOG_FORMAT = "";
281 };
282 });
283 };
284
285 inputs = {
286 # Flake for compatibility with non-flake commands
287 flake-compat = {
288 type = "github";
289 owner = "edolstra";
290 repo = "flake-compat";
291 flake = false;
292 };
293
294 buildkit-tekton = {
295 url = "github:vdemeester/buildkit-tekton";
296 inputs.nixpkgs.follows = "nixpkgs";
297 };
298 go-org-readwise = {
299 url = "github:vdemeester/go-org-readwise";
300 inputs.nixpkgs.follows = "nixpkgs";
301 };
302
303 # microvm.nix for ephemeral coding agent VMs
304 microvm = {
305 url = "github:astro/microvm.nix";
306 inputs.nixpkgs.follows = "nixpkgs";
307 };
308
309 # nixpkgs
310 nixpkgs = {
311 type = "github";
312 owner = "NixOS";
313 repo = "nixpkgs";
314 ref = "nixos-unstable";
315 };
316 nixpkgs-25_11 = {
317 type = "github";
318 owner = "NixOS";
319 repo = "nixpkgs";
320 ref = "nixos-25.11";
321 };
322 nixpkgs-master.url = "github:nixos/nixpkgs/master";
323 nixpkgs-wip-consolidated = {
324 type = "github";
325 owner = "vdemeester";
326 repo = "nixpkgs";
327 ref = "wip-consolidated";
328 };
329 pre-commit-hooks.url = "github:cachix/git-hooks.nix";
330 pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
331 pre-commit-hooks.inputs.flake-compat.follows = "flake-compat";
332 # Home Manager
333 home-manager = {
334 type = "github";
335 owner = "nix-community";
336 repo = "home-manager";
337 inputs.nixpkgs.follows = "nixpkgs";
338 };
339 dns = {
340 url = "github:nix-community/dns.nix";
341 inputs.nixpkgs.follows = "nixpkgs";
342 };
343 home-manager-25_11 = {
344 type = "github";
345 owner = "nix-community";
346 repo = "home-manager";
347 ref = "release-25.11";
348 inputs.nixpkgs.follows = "nixpkgs-25_11";
349 };
350
351 dagger = {
352 type = "github";
353 owner = "dagger";
354 repo = "nix";
355 inputs.nixpkgs.follows = "nixpkgs";
356 };
357
358 emacs-overlay = {
359 url = "github:nix-community/emacs-overlay";
360 inputs.nixpkgs.follows = "nixpkgs";
361 inputs.nixpkgs-stable.follows = "nixpkgs-25_11";
362 };
363
364 nixos-hardware = {
365 type = "github";
366 owner = "NixOS";
367 "repo" = "nixos-hardware";
368 };
369
370 # Me :D
371 chick-group = {
372 type = "github";
373 owner = "vdemeester";
374 repo = "chick-group";
375 inputs.nixpkgs.follows = "nixpkgs";
376 inputs.pre-commit-hooks.follows = "pre-commit-hooks";
377 };
378 # Red Hat
379 chapeau-rouge = {
380 type = "github";
381 owner = "vdemeester";
382 repo = "chapeau-rouge";
383 inputs.nixpkgs.follows = "nixpkgs";
384 inputs.pre-commit-hooks.follows = "pre-commit-hooks";
385 };
386 agenix.url = "github:ryantm/agenix";
387 agenix.inputs.nixpkgs.follows = "nixpkgs";
388 agenix.inputs.home-manager.follows = "home-manager";
389 agenix-25_11.url = "github:ryantm/agenix";
390 agenix-25_11.inputs.nixpkgs.follows = "nixpkgs-25_11";
391 agenix-25_11.inputs.home-manager.follows = "home-manager-25_11";
392
393 lanzaboote.url = "github:nix-community/lanzaboote";
394 lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
395
396 disko.url = "github:nix-community/disko";
397 disko.inputs.nixpkgs.follows = "nixpkgs";
398
399 harmonia.url = "github:nix-community/harmonia";
400 harmonia.inputs.nixpkgs.follows = "nixpkgs";
401
402 system-manager.url = "github:numtide/system-manager";
403 system-manager.inputs.nixpkgs.follows = "nixpkgs";
404
405 nix-github-actions.url = "github:nix-community/nix-github-actions";
406 nix-github-actions.inputs.nixpkgs.follows = "nixpkgs";
407
408 nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi/develop";
409 nixos-raspberrypi.inputs.flake-compat.follows = "flake-compat";
410
411 copilot-cli.url = "github:scarisey/copilot-cli-flake";
412 copilot-cli.inputs.nixpkgs.follows = "nixpkgs";
413
414 voxtype.url = "github:peteonrails/voxtype/main";
415 voxtype.inputs.nixpkgs.follows = "nixpkgs";
416 };
417}