flake-update-20260505
1{
2 description = "System Config";
3
4 nixConfig = {
5 extra-substituters = [
6 "https://nixos-raspberrypi.cachix.org"
7 ];
8 extra-trusted-public-keys = [
9 "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
10 ];
11 };
12
13 outputs =
14 { self, ... }@inputs:
15 let
16 inherit (self) outputs;
17 stateVersion = "24.11";
18
19 libx = import ./lib {
20 inherit
21 self
22 inputs
23 outputs
24 stateVersion
25 ;
26 };
27
28 supportedSystems = [
29 "x86_64-linux"
30 "aarch64-linux"
31 ];
32 forAllSystems = inputs.nixpkgs.lib.genAttrs supportedSystems;
33 in
34 {
35 githubActions = inputs.nix-github-actions.lib.mkGithubMatrix {
36 checks = inputs.nixpkgs.lib.getAttrs [ "x86_64-linux" ] self.packages;
37 };
38 githubActionsMatrix = builtins.toJSON (
39 inputs.nixpkgs.lib.mapAttrsToList
40 (name: value: {
41 inherit name;
42 arch = value._module.specialArgs.system;
43 })
44 (
45 inputs.nixpkgs.lib.attrsets.filterAttrs (
46 _: config:
47 (
48 builtins.hasAttr "system" config._module.specialArgs && config._module.specialArgs.hostname != "foo"
49 )
50 ) self.nixosConfigurations
51 )
52 );
53 # Standalone home configurations
54 # FIXME set this up
55 homeConfigurations = {
56 # headless machine
57 "vincent@aion" = libx.mkHome {
58 username = "vincent";
59 hostname = "aion";
60 system = "aarch64-linux";
61 };
62 "houbeb@aion" = libx.mkHome {
63 username = "houbeb";
64 hostname = "aion";
65 system = "aarch64-linux";
66 };
67 };
68 nixosConfigurations = {
69 # Work laptop (unstable)
70 kyushu = libx.mkHost {
71 hostname = "kyushu";
72 # desktop = "sway";
73 desktop = "niri";
74 };
75 # Laptop for LLM workloads (unstable)
76 okinawa = libx.mkHost {
77 hostname = "okinawa";
78 desktop = "niri"; # or "sway"
79 };
80 # Servers (unstable)
81 aomi = libx.mkHost {
82 hostname = "aomi";
83 };
84 sakhalin = libx.mkHost {
85 hostname = "sakhalin";
86 };
87 # shikoku = libx.mkHost {
88 # hostname = "shikoku";
89 # };
90 # Servers (stable)
91 athena = libx.mkHost {
92 hostname = "athena";
93 system = "aarch64-linux";
94 hardwareType = "rpi4";
95 pkgsInput = inputs.nixpkgs-25_11;
96 homeInput = inputs.home-manager-25_11;
97 agenixInput = inputs.agenix-25_11;
98 };
99 demeter = libx.mkHost {
100 hostname = "demeter";
101 system = "aarch64-linux";
102 hardwareType = "rpi4";
103 pkgsInput = inputs.nixpkgs-25_11;
104 homeInput = inputs.home-manager-25_11;
105 agenixInput = inputs.agenix-25_11;
106 };
107 aix = libx.mkHost {
108 hostname = "aix";
109 system = "aarch64-linux";
110 hardwareType = "rpi4";
111 pkgsInput = inputs.nixpkgs-25_11;
112 homeInput = inputs.home-manager-25_11;
113 agenixInput = inputs.agenix-25_11;
114 };
115 aion = libx.mkHost {
116 hostname = "aion";
117 system = "aarch64-linux";
118 pkgsInput = inputs.nixpkgs-25_11;
119 homeInput = inputs.home-manager-25_11;
120 agenixInput = inputs.agenix-25_11;
121 };
122 rhea = libx.mkHost {
123 hostname = "rhea";
124 system = "aarch64-linux";
125 pkgsInput = inputs.nixpkgs-25_11;
126 homeInput = inputs.home-manager-25_11;
127 agenixInput = inputs.agenix-25_11;
128 };
129 kerkouane = libx.mkHost {
130 hostname = "kerkouane";
131 pkgsInput = inputs.nixpkgs-25_11;
132 homeInput = inputs.home-manager-25_11;
133 agenixInput = inputs.agenix-25_11;
134 };
135 carthage = libx.mkHost {
136 hostname = "carthage";
137 pkgsInput = inputs.nixpkgs-25_11;
138 homeInput = inputs.home-manager-25_11;
139 agenixInput = inputs.agenix-25_11;
140 };
141 };
142
143 nixosModules = {
144 # provided modules (to be upstreamed)
145 wireguard-client = ./modules/wireguard/client.nix;
146 wireguard-server = ./modules/wireguard/server.nix;
147 govanityurl = ./modules/govanityurl;
148 gosmee = ./modules/gosmee;
149 rsync-replica = ./modules/rsync-replica;
150 microshift = ./modules/microshift;
151 harmonia = ./modules/harmonia;
152 };
153
154 # system-manager configurations
155 systemConfigs = {
156 aion = libx.mkSystemManager {
157 hostname = "aion";
158 system = "aarch64-linux";
159 };
160 nagoya = libx.mkSystemManager {
161 hostname = "nagoya";
162 system = "aarch64-linux";
163 };
164 };
165
166 images = {
167 # sdimages
168 aix =
169 (self.nixosConfigurations.aix.extendModules {
170 modules = [
171 "${inputs.nixpkgs-25_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
172 ];
173 }).config.system.build.sdImage;
174 athena =
175 (self.nixosConfigurations.athena.extendModules {
176 modules = [
177 "${inputs.nixpkgs-25_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
178 ];
179 }).config.system.build.sdImage;
180 demeter =
181 (self.nixosConfigurations.demeter.extendModules {
182 modules = [
183 "${inputs.nixpkgs-25_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
184 ];
185 }).config.system.build.sdImage;
186 };
187
188 overlays = import ./overlays { inherit inputs; };
189
190 packages = forAllSystems (
191 system:
192 let
193 pkgs = import inputs.nixpkgs {
194 system = system;
195 config.allowAliases = false;
196 overlays = [
197 self.overlays.additions
198 ];
199 };
200 skipDarwinPackages =
201 system: n:
202 if lib.strings.hasSuffix "darwin" system then !(lib.strings.hasPrefix "koff" n) else true;
203 inherit (inputs.nixpkgs) lib;
204 drvAttrs = builtins.filter (n: lib.isDerivation pkgs.${n} && skipDarwinPackages system n) (
205 builtins.attrNames (self.overlays.additions pkgs pkgs)
206 );
207 in
208 lib.listToAttrs (map (n: lib.nameValuePair n pkgs.${n}) drvAttrs)
209 );
210
211 checks = forAllSystems (system: {
212 pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
213 src = ./.;
214 # Run hooks on pre-push instead of pre-commit for less intrusive workflow
215 default_stages = [
216 "manual"
217 "pre-push"
218 ];
219 hooks = {
220 # go
221 gofmt.enable = true;
222 # golangci-lint.enable = true;
223 # nix
224 deadnix.enable = true;
225 nixfmt.enable = true;
226 # statix.enable = true;
227 # python
228 ruff.enable = true;
229 # shell
230 shellcheck = {
231 enable = true;
232 excludes = [ "dots/config/zsh/.*" ]; # zsh files use zsh-specific syntax
233 };
234 # emacs lisp - basic syntax checking
235 elisp-byte-compile = {
236 enable = false; # Disabled - causes issues with missing packages in pre-push hook
237 name = "Emacs Lisp byte-compile";
238 entry =
239 let
240 pkgs = import inputs.nixpkgs { system = system; };
241 # Create a wrapper that runs Emacs byte-compilation
242 elisp-check = pkgs.writeShellScript "elisp-check" ''
243 ${pkgs.emacs}/bin/emacs --batch \
244 --eval "(setq byte-compile-error-on-warn t)" \
245 -f batch-byte-compile "$@"
246 '';
247 in
248 toString elisp-check;
249 files = "\\.el$";
250 excludes = [
251 "dots/\\.config/emacs/old/.*"
252 "dots/\\.config/emacs/elpa/.*"
253 "dots/\\.config/emacs/transient/.*"
254 "dots/\\.config/emacs/eshell/.*"
255 "dots/\\.config/emacs/custom\\.el"
256 "dots/\\.config/emacs/\\.chatgpt-shell\\.el"
257 "dots/\\.config/emacs/site-lisp/.*"
258 "\\.dir-locals\\.el"
259 ];
260 };
261 };
262 };
263 });
264
265 devShells = forAllSystems (system: {
266 default =
267 let
268 pkgs = import inputs.nixpkgs {
269 system = system;
270 config.allowUnfree = true;
271 };
272 in
273 inputs.nixpkgs.legacyPackages.${system}.mkShell {
274 inherit (self.checks.${system}.pre-commit-check) shellHook;
275 buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
276 packages = [
277 pkgs.git
278 pkgs.prettier
279 pkgs.deadnix
280 pkgs.nixfmt
281 inputs.agenix.packages.${system}.default
282 ];
283 name = "home";
284 DIRENV_LOG_FORMAT = "";
285 };
286 });
287 };
288
289 inputs = {
290 # Flake for compatibility with non-flake commands
291 flake-compat = {
292 type = "github";
293 owner = "edolstra";
294 repo = "flake-compat";
295 flake = false;
296 };
297
298 buildkit-tekton = {
299 url = "github:vdemeester/buildkit-tekton";
300 inputs.nixpkgs.follows = "nixpkgs";
301 };
302 flake-parts.url = "github:hercules-ci/flake-parts";
303 go-org-readwise = {
304 url = "github:vdemeester/go-org-readwise";
305 inputs.nixpkgs.follows = "nixpkgs";
306 inputs.flake-parts.follows = "flake-parts";
307 };
308 pass-run = {
309 url = "github:vdemeester/pass-run/v0.1.0";
310 inputs.nixpkgs.follows = "nixpkgs";
311 };
312 radian = {
313 url = "github:vdemeester/radian";
314 inputs.nixpkgs.follows = "nixpkgs";
315 inputs.flake-parts.follows = "flake-parts";
316 };
317
318 # nixpkgs
319 nixpkgs = {
320 type = "github";
321 owner = "NixOS";
322 repo = "nixpkgs";
323 ref = "nixos-unstable";
324 };
325 nixpkgs-25_11 = {
326 type = "github";
327 owner = "NixOS";
328 repo = "nixpkgs";
329 ref = "nixos-25.11";
330 };
331 nixpkgs-master.url = "github:nixos/nixpkgs/master";
332 nixpkgs-wip-consolidated = {
333 type = "github";
334 owner = "vdemeester";
335 repo = "nixpkgs";
336 ref = "wip-consolidated";
337 };
338 pre-commit-hooks.url = "github:cachix/git-hooks.nix";
339 pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
340 pre-commit-hooks.inputs.flake-compat.follows = "flake-compat";
341 # Home Manager
342 home-manager = {
343 type = "github";
344 owner = "nix-community";
345 repo = "home-manager";
346 inputs.nixpkgs.follows = "nixpkgs";
347 };
348 dns = {
349 url = "github:nix-community/dns.nix";
350 inputs.nixpkgs.follows = "nixpkgs";
351 };
352 home-manager-25_11 = {
353 type = "github";
354 owner = "nix-community";
355 repo = "home-manager";
356 ref = "release-25.11";
357 inputs.nixpkgs.follows = "nixpkgs-25_11";
358 };
359
360 dagger = {
361 type = "github";
362 owner = "dagger";
363 repo = "nix";
364 inputs.nixpkgs.follows = "nixpkgs";
365 };
366
367 emacs-overlay = {
368 url = "github:nix-community/emacs-overlay";
369 inputs.nixpkgs.follows = "nixpkgs";
370 inputs.nixpkgs-stable.follows = "nixpkgs-25_11";
371 };
372
373 nixos-hardware = {
374 type = "github";
375 owner = "NixOS";
376 "repo" = "nixos-hardware";
377 };
378
379 # Me :D
380 chick-group = {
381 type = "github";
382 owner = "vdemeester";
383 repo = "chick-group";
384 inputs.nixpkgs.follows = "nixpkgs";
385 inputs.flake-parts.follows = "flake-parts";
386 inputs.pre-commit-hooks.follows = "pre-commit-hooks";
387 };
388 # Red Hat
389 chapeau-rouge = {
390 type = "github";
391 owner = "vdemeester";
392 repo = "chapeau-rouge";
393 inputs.nixpkgs.follows = "nixpkgs";
394 inputs.flake-parts.follows = "flake-parts";
395 inputs.pre-commit-hooks.follows = "pre-commit-hooks";
396 };
397 agenix.url = "github:ryantm/agenix";
398 agenix.inputs.nixpkgs.follows = "nixpkgs";
399 agenix.inputs.home-manager.follows = "home-manager";
400 agenix-25_11.url = "github:ryantm/agenix";
401 agenix-25_11.inputs.nixpkgs.follows = "nixpkgs-25_11";
402 agenix-25_11.inputs.home-manager.follows = "home-manager-25_11";
403
404 lanzaboote.url = "github:nix-community/lanzaboote";
405 lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
406
407 disko.url = "github:nix-community/disko";
408 disko.inputs.nixpkgs.follows = "nixpkgs";
409
410 harmonia.url = "github:nix-community/harmonia";
411 harmonia.inputs.nixpkgs.follows = "nixpkgs";
412 harmonia.inputs.flake-parts.follows = "flake-parts";
413
414 system-manager.url = "github:numtide/system-manager";
415 system-manager.inputs.nixpkgs.follows = "nixpkgs";
416
417 nix-github-actions.url = "github:nix-community/nix-github-actions";
418 nix-github-actions.inputs.nixpkgs.follows = "nixpkgs";
419
420 nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi/develop";
421 nixos-raspberrypi.inputs.nixpkgs.follows = "nixpkgs";
422 nixos-raspberrypi.inputs.flake-compat.follows = "flake-compat";
423
424 copilot-cli.url = "github:scarisey/copilot-cli-flake";
425 copilot-cli.inputs.nixpkgs.follows = "nixpkgs";
426
427 voxtype.url = "github:peteonrails/voxtype/main";
428 voxtype.inputs.nixpkgs.follows = "nixpkgs";
429
430 daneel.url = "git+ssh://carthage.vpn/home/vincent/git/public/daneel.git";
431 daneel.inputs.nixpkgs.follows = "nixpkgs";
432 };
433}