fedora-csb-system-manager
1{
2 description = "System Config";
3
4 nixConfig = {
5 extra-substituters = [
6 "https://nixos-raspberrypi.cachix.org"
7 ];
8 extra-trusted-public-keys = [
9 "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
10 ];
11 };
12
13 outputs =
14 { self, ... }@inputs:
15 let
16 inherit (self) outputs;
17 stateVersion = "24.11";
18
19 libx = import ./lib {
20 inherit
21 self
22 inputs
23 outputs
24 stateVersion
25 ;
26 };
27
28 supportedSystems = [
29 "x86_64-linux"
30 "aarch64-linux"
31 ];
32 forAllSystems = inputs.nixpkgs.lib.genAttrs supportedSystems;
33 in
34 {
35 githubActions = inputs.nix-github-actions.lib.mkGithubMatrix {
36 checks = inputs.nixpkgs.lib.getAttrs [ "x86_64-linux" ] self.packages;
37 };
38 githubActionsMatrix = builtins.toJSON (
39 inputs.nixpkgs.lib.mapAttrsToList
40 (name: value: {
41 inherit name;
42 arch = value._module.specialArgs.system;
43 })
44 (
45 inputs.nixpkgs.lib.attrsets.filterAttrs (
46 _: config:
47 (
48 builtins.hasAttr "system" config._module.specialArgs && config._module.specialArgs.hostname != "foo"
49 )
50 ) self.nixosConfigurations
51 )
52 );
53 # Standalone home configurations
54 # FIXME set this up
55 homeConfigurations = {
56 # headless machine
57 "vincent@aion" = libx.mkHome {
58 username = "vincent";
59 hostname = "aion";
60 system = "aarch64-linux";
61 };
62 "houbeb@aion" = libx.mkHome {
63 username = "houbeb";
64 hostname = "aion";
65 system = "aarch64-linux";
66 };
67 # TODO vincent@honshu (darwin)
68 # TODO vincent@okinawa (wsl ?)
69 };
70 nixosConfigurations = {
71 # Work laptop (unstable)
72 kyushu = libx.mkHost {
73 hostname = "kyushu";
74 # desktop = "sway";
75 desktop = "niri";
76 };
77 # Servers (unstable)
78 aomi = libx.mkHost {
79 hostname = "aomi";
80 };
81 sakhalin = libx.mkHost {
82 hostname = "sakhalin";
83 };
84 # kobe = libx.mkHost {
85 # hostname = "kobe";
86 # };
87 # shikoku = libx.mkHost {
88 # hostname = "shikoku";
89 # };
90 # Servers (stable)
91 athena = libx.mkHost {
92 hostname = "athena";
93 system = "aarch64-linux";
94 hardwareType = "rpi4";
95 pkgsInput = inputs.nixpkgs-25_11;
96 homeInput = inputs.home-manager-25_11;
97 };
98 demeter = libx.mkHost {
99 hostname = "demeter";
100 system = "aarch64-linux";
101 hardwareType = "rpi4";
102 pkgsInput = inputs.nixpkgs-25_11;
103 homeInput = inputs.home-manager-25_11;
104 };
105 aix = libx.mkHost {
106 hostname = "aix";
107 system = "aarch64-linux";
108 hardwareType = "rpi4";
109 pkgsInput = inputs.nixpkgs-25_11;
110 homeInput = inputs.home-manager-25_11;
111 };
112 aion = libx.mkHost {
113 hostname = "aion";
114 system = "aarch64-linux";
115 pkgsInput = inputs.nixpkgs-25_11;
116 homeInput = inputs.home-manager-25_11;
117 };
118 rhea = libx.mkHost {
119 hostname = "rhea";
120 system = "aarch64-linux";
121 pkgsInput = inputs.nixpkgs-25_11;
122 homeInput = inputs.home-manager-25_11;
123 };
124 kerkouane = libx.mkHost {
125 hostname = "kerkouane";
126 pkgsInput = inputs.nixpkgs-25_11;
127 homeInput = inputs.home-manager-25_11;
128 };
129 # NOTE: experimentations
130 foo = libx.newMkHost {
131 hostname = "foo";
132 };
133 };
134
135 nixosModules = {
136 # provided modules (to be upstreamed)
137 wireguard-client = ./modules/wireguard/client.nix;
138 wireguard-server = ./modules/wireguard/server.nix;
139 govanityurl = ./modules/govanityurl;
140 gosmee = ./modules/gosmee;
141 rsync-replica = ./modules/rsync-replica;
142 nixpkgs-consolidate = ./modules/nixpkgs-consolidate;
143 microshift = ./modules/microshift;
144 harmonia = ./modules/harmonia;
145 };
146
147 # system-manager configurations
148 systemConfigs = {
149 aion = libx.mkSystemManager {
150 hostname = "aion";
151 system = "aarch64-linux";
152 };
153 nagoya = libx.mkSystemManager {
154 hostname = "nagoya";
155 system = "aarch64-linux";
156 };
157 fedora-csb = libx.mkSystemManager {
158 hostname = "fedora-csb";
159 system = "x86_64-linux";
160 };
161 };
162
163 images = {
164 # sdimages
165 aix =
166 (self.nixosConfigurations.aix.extendModules {
167 modules = [
168 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
169 ];
170 }).config.system.build.sdImage;
171 athena =
172 (self.nixosConfigurations.athena.extendModules {
173 modules = [
174 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
175 ];
176 }).config.system.build.sdImage;
177 demeter =
178 (self.nixosConfigurations.demeter.extendModules {
179 modules = [
180 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
181 ];
182 }).config.system.build.sdImage;
183 nagoya =
184 (self.nixosConfigurations.nagoya.extendModules {
185 modules = [
186 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
187 ];
188 }).config.system.build.sdImage;
189 };
190
191 overlays = import ./overlays { inherit inputs; };
192
193 packages = forAllSystems (
194 system:
195 let
196 pkgs = import inputs.nixpkgs {
197 system = system;
198 config.allowAliases = false;
199 overlays = [
200 self.overlays.additions
201 ];
202 };
203 skipDarwinPackages =
204 system: n:
205 if lib.strings.hasSuffix "darwin" system then !(lib.strings.hasPrefix "koff" n) else true;
206 inherit (inputs.nixpkgs) lib;
207 drvAttrs = builtins.filter (n: lib.isDerivation pkgs.${n} && skipDarwinPackages system n) (
208 builtins.attrNames (self.overlays.additions pkgs pkgs)
209 );
210 in
211 lib.listToAttrs (map (n: lib.nameValuePair n pkgs.${n}) drvAttrs)
212 );
213
214 checks = forAllSystems (system: {
215 pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
216 src = ./.;
217 # Run hooks on pre-push instead of pre-commit for less intrusive workflow
218 default_stages = [
219 "manual"
220 "pre-push"
221 ];
222 hooks = {
223 # go
224 gofmt.enable = true;
225 # golangci-lint.enable = true;
226 # nix
227 deadnix.enable = true;
228 nixfmt.enable = true;
229 # statix.enable = true;
230 # python
231 ruff.enable = true;
232 # shell
233 shellcheck.enable = true;
234 # emacs lisp - basic syntax checking
235 elisp-byte-compile = {
236 enable = false; # Disabled - causes issues with missing packages in pre-push hook
237 name = "Emacs Lisp byte-compile";
238 entry =
239 let
240 pkgs = import inputs.nixpkgs { system = system; };
241 # Create a wrapper that runs Emacs byte-compilation
242 elisp-check = pkgs.writeShellScript "elisp-check" ''
243 ${pkgs.emacs}/bin/emacs --batch \
244 --eval "(setq byte-compile-error-on-warn t)" \
245 -f batch-byte-compile "$@"
246 '';
247 in
248 toString elisp-check;
249 files = "\\.el$";
250 excludes = [
251 "dots/\\.config/emacs/old/.*"
252 "dots/\\.config/emacs/elpa/.*"
253 "dots/\\.config/emacs/transient/.*"
254 "dots/\\.config/emacs/eshell/.*"
255 "dots/\\.config/emacs/custom\\.el"
256 "dots/\\.config/emacs/\\.chatgpt-shell\\.el"
257 "dots/\\.config/emacs/site-lisp/.*"
258 "\\.dir-locals\\.el"
259 ];
260 };
261 };
262 };
263 });
264
265 devShells = forAllSystems (system: {
266 default =
267 let
268 pkgs = import inputs.nixpkgs {
269 system = system;
270 config.allowUnfree = true;
271 };
272 in
273 inputs.nixpkgs.legacyPackages.${system}.mkShell {
274 inherit (self.checks.${system}.pre-commit-check) shellHook;
275 buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
276 packages = [
277 pkgs.git
278 pkgs.nodePackages.prettier
279 pkgs.deadnix
280 pkgs.nixfmt
281 inputs.agenix.packages.${system}.default
282 ];
283 name = "home";
284 DIRENV_LOG_FORMAT = "";
285 };
286 });
287 };
288
289 inputs = {
290 # Flake for compatibility with non-flake commands
291 flake-compat = {
292 type = "github";
293 owner = "edolstra";
294 repo = "flake-compat";
295 flake = false;
296 };
297
298 buildkit-tekton = {
299 url = "github:vdemeester/buildkit-tekton";
300 inputs.nixpkgs.follows = "nixpkgs";
301 };
302 go-org-readwise = {
303 url = "github:vdemeester/go-org-readwise";
304 inputs.nixpkgs.follows = "nixpkgs";
305 };
306
307 # nixpkgs
308 nixpkgs = {
309 type = "github";
310 owner = "NixOS";
311 repo = "nixpkgs";
312 ref = "nixos-unstable";
313 };
314 nixpkgs-25_11 = {
315 type = "github";
316 owner = "NixOS";
317 repo = "nixpkgs";
318 ref = "nixos-25.11";
319 };
320 nixpkgs-master.url = "github:nixos/nixpkgs/master";
321 nixpkgs-wip-consolidated = {
322 type = "github";
323 owner = "vdemeester";
324 repo = "nixpkgs";
325 ref = "wip-consolidated";
326 };
327 pre-commit-hooks.url = "github:cachix/git-hooks.nix";
328 pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
329 pre-commit-hooks.inputs.flake-compat.follows = "flake-compat";
330 # Home Manager
331 home-manager = {
332 type = "github";
333 owner = "nix-community";
334 repo = "home-manager";
335 inputs.nixpkgs.follows = "nixpkgs";
336 };
337 dns = {
338 url = "github:nix-community/dns.nix";
339 inputs.nixpkgs.follows = "nixpkgs";
340 };
341 home-manager-25_11 = {
342 type = "github";
343 owner = "nix-community";
344 repo = "home-manager";
345 ref = "release-25.11";
346 inputs.nixpkgs.follows = "nixpkgs-25_11";
347 };
348
349 dagger = {
350 type = "github";
351 owner = "dagger";
352 repo = "nix";
353 inputs.nixpkgs.follows = "nixpkgs";
354 };
355
356 emacs-overlay = {
357 url = "github:nix-community/emacs-overlay";
358 inputs.nixpkgs.follows = "nixpkgs";
359 inputs.nixpkgs-stable.follows = "nixpkgs-25_11";
360 };
361
362 nixos-hardware = {
363 type = "github";
364 owner = "NixOS";
365 "repo" = "nixos-hardware";
366 };
367
368 # Me :D
369 chick-group = {
370 type = "github";
371 owner = "vdemeester";
372 repo = "chick-group";
373 inputs.nixpkgs.follows = "nixpkgs";
374 inputs.pre-commit-hooks.follows = "pre-commit-hooks";
375 };
376 # Red Hat
377 chapeau-rouge = {
378 type = "github";
379 owner = "vdemeester";
380 repo = "chapeau-rouge";
381 inputs.nixpkgs.follows = "nixpkgs";
382 inputs.pre-commit-hooks.follows = "pre-commit-hooks";
383 };
384 agenix.url = "github:ryantm/agenix";
385 agenix.inputs.nixpkgs.follows = "nixpkgs";
386 agenix.inputs.home-manager.follows = "home-manager";
387 agenix-25_11.url = "github:ryantm/agenix";
388 agenix-25_11.inputs.nixpkgs.follows = "nixpkgs-25_11";
389 agenix-25_11.inputs.home-manager.follows = "home-manager-25_11";
390
391 lanzaboote.url = "github:nix-community/lanzaboote";
392 lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
393
394 disko.url = "github:nix-community/disko";
395 disko.inputs.nixpkgs.follows = "nixpkgs";
396
397 harmonia.url = "github:nix-community/harmonia";
398 harmonia.inputs.nixpkgs.follows = "nixpkgs";
399
400 system-manager.url = "github:numtide/system-manager";
401 system-manager.inputs.nixpkgs.follows = "nixpkgs";
402
403 nix-github-actions.url = "github:nix-community/nix-github-actions";
404 nix-github-actions.inputs.nixpkgs.follows = "nixpkgs";
405
406 nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi/develop";
407 nixos-raspberrypi.inputs.flake-compat.follows = "flake-compat";
408
409 copilot-cli.url = "github:scarisey/copilot-cli-flake";
410 copilot-cli.inputs.nixpkgs.follows = "nixpkgs";
411 };
412}