flake-update-20260201
1{
2 description = "System Config";
3
4 nixConfig = {
5 extra-substituters = [
6 "https://nixos-raspberrypi.cachix.org"
7 ];
8 extra-trusted-public-keys = [
9 "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
10 ];
11 };
12
13 outputs =
14 { self, ... }@inputs:
15 let
16 inherit (self) outputs;
17 stateVersion = "24.11";
18
19 libx = import ./lib {
20 inherit
21 self
22 inputs
23 outputs
24 stateVersion
25 ;
26 };
27
28 supportedSystems = [
29 "x86_64-linux"
30 "aarch64-linux"
31 ];
32 forAllSystems = inputs.nixpkgs.lib.genAttrs supportedSystems;
33 in
34 {
35 githubActions = inputs.nix-github-actions.lib.mkGithubMatrix {
36 checks = inputs.nixpkgs.lib.getAttrs [ "x86_64-linux" ] self.packages;
37 };
38 githubActionsMatrix = builtins.toJSON (
39 inputs.nixpkgs.lib.mapAttrsToList
40 (name: value: {
41 inherit name;
42 arch = value._module.specialArgs.system;
43 })
44 (
45 inputs.nixpkgs.lib.attrsets.filterAttrs (
46 _: config:
47 (
48 builtins.hasAttr "system" config._module.specialArgs && config._module.specialArgs.hostname != "foo"
49 )
50 ) self.nixosConfigurations
51 )
52 );
53 # Standalone home configurations
54 # FIXME set this up
55 homeConfigurations = {
56 # headless machine
57 "vincent@aion" = libx.mkHome {
58 username = "vincent";
59 hostname = "aion";
60 system = "aarch64-linux";
61 };
62 "houbeb@aion" = libx.mkHome {
63 username = "houbeb";
64 hostname = "aion";
65 system = "aarch64-linux";
66 };
67 # TODO vincent@honshu (darwin)
68 # TODO vincent@okinawa (wsl ?)
69 };
70 nixosConfigurations = {
71 # Work laptop (unstable)
72 kyushu = libx.mkHost {
73 hostname = "kyushu";
74 # desktop = "sway";
75 desktop = "niri";
76 };
77 # Servers (unstable)
78 aomi = libx.mkHost {
79 hostname = "aomi";
80 };
81 sakhalin = libx.mkHost {
82 hostname = "sakhalin";
83 };
84 # kobe = libx.mkHost {
85 # hostname = "kobe";
86 # };
87 # shikoku = libx.mkHost {
88 # hostname = "shikoku";
89 # };
90 # Servers (stable)
91 athena = libx.mkHost {
92 hostname = "athena";
93 system = "aarch64-linux";
94 hardwareType = "rpi4";
95 pkgsInput = inputs.nixpkgs-25_11;
96 homeInput = inputs.home-manager-25_11;
97 };
98 demeter = libx.mkHost {
99 hostname = "demeter";
100 system = "aarch64-linux";
101 hardwareType = "rpi4";
102 pkgsInput = inputs.nixpkgs-25_11;
103 homeInput = inputs.home-manager-25_11;
104 };
105 aix = libx.mkHost {
106 hostname = "aix";
107 system = "aarch64-linux";
108 hardwareType = "rpi4";
109 pkgsInput = inputs.nixpkgs-25_11;
110 homeInput = inputs.home-manager-25_11;
111 };
112 aion = libx.mkHost {
113 hostname = "aion";
114 system = "aarch64-linux";
115 pkgsInput = inputs.nixpkgs-25_11;
116 homeInput = inputs.home-manager-25_11;
117 };
118 rhea = libx.mkHost {
119 hostname = "rhea";
120 system = "aarch64-linux";
121 pkgsInput = inputs.nixpkgs-25_11;
122 homeInput = inputs.home-manager-25_11;
123 };
124 kerkouane = libx.mkHost {
125 hostname = "kerkouane";
126 pkgsInput = inputs.nixpkgs-25_11;
127 homeInput = inputs.home-manager-25_11;
128 };
129 # NOTE: experimentations
130 #foo = libx.newMkHost {
131 # hostname = "foo";
132 #};
133 };
134
135 nixosModules = {
136 # provided modules (to be upstreamed)
137 wireguard-client = ./modules/wireguard/client.nix;
138 wireguard-server = ./modules/wireguard/server.nix;
139 govanityurl = ./modules/govanityurl;
140 gosmee = ./modules/gosmee;
141 rsync-replica = ./modules/rsync-replica;
142 nixpkgs-consolidate = ./modules/nixpkgs-consolidate;
143 microshift = ./modules/microshift;
144 harmonia = ./modules/harmonia;
145 };
146
147 # system-manager configurations
148 systemConfigs = {
149 aion = libx.mkSystemManager {
150 hostname = "aion";
151 system = "aarch64-linux";
152 };
153 nagoya = libx.mkSystemManager {
154 hostname = "nagoya";
155 system = "aarch64-linux";
156 };
157 };
158
159 images = {
160 # sdimages
161 aix =
162 (self.nixosConfigurations.aix.extendModules {
163 modules = [
164 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
165 ];
166 }).config.system.build.sdImage;
167 athena =
168 (self.nixosConfigurations.athena.extendModules {
169 modules = [
170 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
171 ];
172 }).config.system.build.sdImage;
173 demeter =
174 (self.nixosConfigurations.demeter.extendModules {
175 modules = [
176 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
177 ];
178 }).config.system.build.sdImage;
179 nagoya =
180 (self.nixosConfigurations.nagoya.extendModules {
181 modules = [
182 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
183 ];
184 }).config.system.build.sdImage;
185 };
186
187 overlays = import ./overlays { inherit inputs; };
188
189 packages = forAllSystems (
190 system:
191 let
192 pkgs = import inputs.nixpkgs {
193 system = system;
194 config.allowAliases = false;
195 overlays = [
196 self.overlays.additions
197 ];
198 };
199 skipDarwinPackages =
200 system: n:
201 if lib.strings.hasSuffix "darwin" system then !(lib.strings.hasPrefix "koff" n) else true;
202 inherit (inputs.nixpkgs) lib;
203 drvAttrs = builtins.filter (n: lib.isDerivation pkgs.${n} && skipDarwinPackages system n) (
204 builtins.attrNames (self.overlays.additions pkgs pkgs)
205 );
206 in
207 lib.listToAttrs (map (n: lib.nameValuePair n pkgs.${n}) drvAttrs)
208 );
209
210 checks = forAllSystems (system: {
211 pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
212 src = ./.;
213 # Run hooks on pre-push instead of pre-commit for less intrusive workflow
214 default_stages = [
215 "manual"
216 "pre-push"
217 ];
218 hooks = {
219 # go
220 gofmt.enable = true;
221 # golangci-lint.enable = true;
222 # nix
223 deadnix.enable = true;
224 nixfmt.enable = true;
225 # statix.enable = true;
226 # python
227 ruff.enable = true;
228 # shell
229 shellcheck.enable = true;
230 # emacs lisp - basic syntax checking
231 elisp-byte-compile = {
232 enable = false; # Disabled - causes issues with missing packages in pre-push hook
233 name = "Emacs Lisp byte-compile";
234 entry =
235 let
236 pkgs = import inputs.nixpkgs { system = system; };
237 # Create a wrapper that runs Emacs byte-compilation
238 elisp-check = pkgs.writeShellScript "elisp-check" ''
239 ${pkgs.emacs}/bin/emacs --batch \
240 --eval "(setq byte-compile-error-on-warn t)" \
241 -f batch-byte-compile "$@"
242 '';
243 in
244 toString elisp-check;
245 files = "\\.el$";
246 excludes = [
247 "dots/\\.config/emacs/old/.*"
248 "dots/\\.config/emacs/elpa/.*"
249 "dots/\\.config/emacs/transient/.*"
250 "dots/\\.config/emacs/eshell/.*"
251 "dots/\\.config/emacs/custom\\.el"
252 "dots/\\.config/emacs/\\.chatgpt-shell\\.el"
253 "dots/\\.config/emacs/site-lisp/.*"
254 "\\.dir-locals\\.el"
255 ];
256 };
257 };
258 };
259 });
260
261 devShells = forAllSystems (system: {
262 default =
263 let
264 pkgs = import inputs.nixpkgs {
265 system = system;
266 config.allowUnfree = true;
267 };
268 in
269 inputs.nixpkgs.legacyPackages.${system}.mkShell {
270 inherit (self.checks.${system}.pre-commit-check) shellHook;
271 buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
272 packages = [
273 pkgs.git
274 pkgs.nodePackages.prettier
275 pkgs.deadnix
276 pkgs.nixfmt
277 inputs.agenix.packages.${system}.default
278 ];
279 name = "home";
280 DIRENV_LOG_FORMAT = "";
281 };
282 });
283 };
284
285 inputs = {
286 # Flake for compatibility with non-flake commands
287 flake-compat = {
288 type = "github";
289 owner = "edolstra";
290 repo = "flake-compat";
291 flake = false;
292 };
293
294 buildkit-tekton = {
295 url = "github:vdemeester/buildkit-tekton";
296 inputs.nixpkgs.follows = "nixpkgs";
297 };
298 go-org-readwise = {
299 url = "github:vdemeester/go-org-readwise";
300 inputs.nixpkgs.follows = "nixpkgs";
301 };
302
303 # nixpkgs
304 nixpkgs = {
305 type = "github";
306 owner = "NixOS";
307 repo = "nixpkgs";
308 ref = "nixos-unstable";
309 };
310 nixpkgs-25_11 = {
311 type = "github";
312 owner = "NixOS";
313 repo = "nixpkgs";
314 ref = "nixos-25.11";
315 };
316 nixpkgs-master.url = "github:nixos/nixpkgs/master";
317 nixpkgs-wip-consolidated = {
318 type = "github";
319 owner = "vdemeester";
320 repo = "nixpkgs";
321 ref = "wip-consolidated";
322 };
323 pre-commit-hooks.url = "github:cachix/git-hooks.nix";
324 pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
325 pre-commit-hooks.inputs.flake-compat.follows = "flake-compat";
326 # Home Manager
327 home-manager = {
328 type = "github";
329 owner = "nix-community";
330 repo = "home-manager";
331 inputs.nixpkgs.follows = "nixpkgs";
332 };
333 dns = {
334 url = "github:nix-community/dns.nix";
335 inputs.nixpkgs.follows = "nixpkgs";
336 };
337 home-manager-25_11 = {
338 type = "github";
339 owner = "nix-community";
340 repo = "home-manager";
341 ref = "release-25.11";
342 inputs.nixpkgs.follows = "nixpkgs-25_11";
343 };
344
345 dagger = {
346 type = "github";
347 owner = "dagger";
348 repo = "nix";
349 inputs.nixpkgs.follows = "nixpkgs";
350 };
351
352 emacs-overlay = {
353 url = "github:nix-community/emacs-overlay";
354 inputs.nixpkgs.follows = "nixpkgs";
355 inputs.nixpkgs-stable.follows = "nixpkgs-25_11";
356 };
357
358 nixos-hardware = {
359 type = "github";
360 owner = "NixOS";
361 "repo" = "nixos-hardware";
362 };
363
364 # Me :D
365 chick-group = {
366 type = "github";
367 owner = "vdemeester";
368 repo = "chick-group";
369 inputs.nixpkgs.follows = "nixpkgs";
370 inputs.pre-commit-hooks.follows = "pre-commit-hooks";
371 };
372 # Red Hat
373 chapeau-rouge = {
374 type = "github";
375 owner = "vdemeester";
376 repo = "chapeau-rouge";
377 inputs.nixpkgs.follows = "nixpkgs";
378 inputs.pre-commit-hooks.follows = "pre-commit-hooks";
379 };
380 agenix.url = "github:ryantm/agenix";
381 agenix.inputs.nixpkgs.follows = "nixpkgs";
382 agenix.inputs.home-manager.follows = "home-manager";
383 agenix-25_11.url = "github:ryantm/agenix";
384 agenix-25_11.inputs.nixpkgs.follows = "nixpkgs-25_11";
385 agenix-25_11.inputs.home-manager.follows = "home-manager-25_11";
386
387 lanzaboote.url = "github:nix-community/lanzaboote";
388 lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
389
390 disko.url = "github:nix-community/disko";
391 disko.inputs.nixpkgs.follows = "nixpkgs";
392
393 harmonia.url = "github:nix-community/harmonia";
394 harmonia.inputs.nixpkgs.follows = "nixpkgs";
395
396 system-manager.url = "github:numtide/system-manager";
397 system-manager.inputs.nixpkgs.follows = "nixpkgs";
398
399 nix-github-actions.url = "github:nix-community/nix-github-actions";
400 nix-github-actions.inputs.nixpkgs.follows = "nixpkgs";
401
402 nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi/develop";
403 nixos-raspberrypi.inputs.flake-compat.follows = "flake-compat";
404
405 copilot-cli.url = "github:scarisey/copilot-cli-flake";
406 copilot-cli.inputs.nixpkgs.follows = "nixpkgs";
407
408 voxtype.url = "github:peteonrails/voxtype/main";
409 voxtype.inputs.nixpkgs.follows = "nixpkgs";
410 };
411}