nftable-migration
1{
2 description = "System Config";
3
4 nixConfig = {
5 extra-substituters = [
6 "https://nixos-raspberrypi.cachix.org"
7 ];
8 extra-trusted-public-keys = [
9 "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
10 ];
11 };
12
13 outputs =
14 { self, ... }@inputs:
15 let
16 inherit (self) outputs;
17 stateVersion = "24.11";
18
19 libx = import ./lib {
20 inherit
21 self
22 inputs
23 outputs
24 stateVersion
25 ;
26 };
27
28 supportedSystems = [
29 "x86_64-linux"
30 "aarch64-linux"
31 ];
32 forAllSystems = inputs.nixpkgs.lib.genAttrs supportedSystems;
33 in
34 {
35 githubActions = inputs.nix-github-actions.lib.mkGithubMatrix {
36 checks = inputs.nixpkgs.lib.getAttrs [ "x86_64-linux" ] self.packages;
37 };
38 githubActionsMatrix = builtins.toJSON (
39 inputs.nixpkgs.lib.mapAttrsToList
40 (name: value: {
41 inherit name;
42 arch = value._module.specialArgs.system;
43 })
44 (
45 inputs.nixpkgs.lib.attrsets.filterAttrs (
46 _: config:
47 (
48 builtins.hasAttr "system" config._module.specialArgs && config._module.specialArgs.hostname != "foo"
49 )
50 ) self.nixosConfigurations
51 )
52 );
53 # Standalone home configurations
54 # FIXME set this up
55 homeConfigurations = {
56 # headless machine
57 "vincent@aion" = libx.mkHome {
58 username = "vincent";
59 hostname = "aion";
60 system = "aarch64-linux";
61 };
62 "houbeb@aion" = libx.mkHome {
63 username = "houbeb";
64 hostname = "aion";
65 system = "aarch64-linux";
66 };
67 # TODO vincent@honshu (darwin)
68 # TODO vincent@okinawa (wsl ?)
69 };
70 nixosConfigurations = {
71 # Work laptop (unstable)
72 kyushu = libx.mkHost {
73 hostname = "kyushu";
74 # desktop = "sway";
75 desktop = "niri";
76 };
77 # Servers (unstable)
78 aomi = libx.mkHost {
79 hostname = "aomi";
80 };
81 sakhalin = libx.mkHost {
82 hostname = "sakhalin";
83 };
84 # kobe = libx.mkHost {
85 # hostname = "kobe";
86 # };
87 # shikoku = libx.mkHost {
88 # hostname = "shikoku";
89 # };
90 # Servers (stable)
91 athena = libx.mkHost {
92 hostname = "athena";
93 system = "aarch64-linux";
94 hardwareType = "rpi4";
95 pkgsInput = inputs.nixpkgs-25_11;
96 homeInput = inputs.home-manager-25_11;
97 };
98 demeter = libx.mkHost {
99 hostname = "demeter";
100 system = "aarch64-linux";
101 hardwareType = "rpi4";
102 pkgsInput = inputs.nixpkgs-25_11;
103 homeInput = inputs.home-manager-25_11;
104 };
105 aix = libx.mkHost {
106 hostname = "aix";
107 system = "aarch64-linux";
108 hardwareType = "rpi4";
109 pkgsInput = inputs.nixpkgs-25_11;
110 homeInput = inputs.home-manager-25_11;
111 };
112 aion = libx.mkHost {
113 hostname = "aion";
114 system = "aarch64-linux";
115 pkgsInput = inputs.nixpkgs-25_11;
116 homeInput = inputs.home-manager-25_11;
117 };
118 rhea = libx.mkHost {
119 hostname = "rhea";
120 system = "aarch64-linux";
121 pkgsInput = inputs.nixpkgs-25_11;
122 homeInput = inputs.home-manager-25_11;
123 };
124 kerkouane = libx.mkHost {
125 hostname = "kerkouane";
126 pkgsInput = inputs.nixpkgs-25_11;
127 homeInput = inputs.home-manager-25_11;
128 };
129 # NOTE: experimentations
130 foo = libx.newMkHost {
131 hostname = "foo";
132 };
133 };
134
135 nixosModules = {
136 # provided modules (to be upstreamed)
137 wireguard-client = ./modules/wireguard-client.nix;
138 wireguard-server = ./modules/wireguard-server.nix;
139 govanityurl = ./modules/govanityurl.nix;
140 gosmee = ./modules/gosmee.nix;
141 };
142
143 # system-manager configurations
144 # FIXME set this up
145 systemConfigs = {
146 aion = libx.mkSystemManager {
147 hostname = "aion";
148 system = "aarch64-linux";
149 };
150 };
151
152 images = {
153 # sdimages
154 aix =
155 (self.nixosConfigurations.aix.extendModules {
156 modules = [
157 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
158 ];
159 }).config.system.build.sdImage;
160 athena =
161 (self.nixosConfigurations.athena.extendModules {
162 modules = [
163 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
164 ];
165 }).config.system.build.sdImage;
166 demeter =
167 (self.nixosConfigurations.demeter.extendModules {
168 modules = [
169 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
170 ];
171 }).config.system.build.sdImage;
172 nagoya =
173 (self.nixosConfigurations.nagoya.extendModules {
174 modules = [
175 "${inputs.nixpkgs-25_05}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
176 ];
177 }).config.system.build.sdImage;
178 };
179
180 overlays = import ./overlays { inherit inputs; };
181
182 packages = forAllSystems (
183 system:
184 let
185 pkgs = import inputs.nixpkgs {
186 inherit system;
187 config.allowAliases = false;
188 overlays = [
189 self.overlays.additions
190 ];
191 };
192 skipDarwinPackages =
193 system: n:
194 if lib.strings.hasSuffix "darwin" system then !(lib.strings.hasPrefix "koff" n) else true;
195 inherit (inputs.nixpkgs) lib;
196 drvAttrs = builtins.filter (n: lib.isDerivation pkgs.${n} && skipDarwinPackages system n) (
197 builtins.attrNames (self.overlays.additions pkgs pkgs)
198 );
199 in
200 lib.listToAttrs (map (n: lib.nameValuePair n pkgs.${n}) drvAttrs)
201 );
202
203 checks = forAllSystems (system: {
204 pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
205 src = ./.;
206 hooks = {
207 # go
208 gofmt.enable = true;
209 # golangci-lint.enable = true;
210 # nix
211 deadnix.enable = true;
212 nixfmt-rfc-style.enable = true;
213 # statix.enable = true;
214 # python
215 flake8.enable = true;
216 ruff.enable = true;
217 # shell
218 shellcheck.enable = true;
219 };
220 };
221 });
222
223 devShells = forAllSystems (system: {
224 default =
225 let
226 pkgs = import inputs.nixpkgs {
227 inherit system;
228 config.allowUnfree = true;
229 };
230 in
231 inputs.nixpkgs.legacyPackages.${system}.mkShell {
232 inherit (self.checks.${system}.pre-commit-check) shellHook;
233 buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
234 packages = [
235 pkgs.git
236 pkgs.nodePackages.prettier
237 pkgs.deadnix
238 pkgs.nixfmt-rfc-style
239 inputs.agenix.packages.${system}.default
240 ];
241 name = "home";
242 DIRENV_LOG_FORMAT = "";
243 };
244 });
245 };
246
247 inputs = {
248 # Flake for compatibility with non-flake commands
249 flake-compat = {
250 type = "github";
251 owner = "edolstra";
252 repo = "flake-compat";
253 flake = false;
254 };
255
256 buildkit-tekton = {
257 url = "github:vdemeester/buildkit-tekton";
258 inputs.nixpkgs.follows = "nixpkgs";
259 };
260 go-org-readwise = {
261 url = "github:vdemeester/go-org-readwise";
262 inputs.nixpkgs.follows = "nixpkgs";
263 };
264
265 # nixpkgs
266 nixpkgs = {
267 type = "github";
268 owner = "NixOS";
269 repo = "nixpkgs";
270 ref = "nixos-unstable";
271 };
272 nixpkgs-25_11 = {
273 type = "github";
274 owner = "NixOS";
275 repo = "nixpkgs";
276 ref = "nixos-25.11";
277 };
278 nixpkgs-master.url = "github:nixos/nixpkgs/master";
279 pre-commit-hooks.url = "github:cachix/git-hooks.nix";
280 pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
281 pre-commit-hooks.inputs.flake-compat.follows = "flake-compat";
282 # Home Manager
283 home-manager = {
284 type = "github";
285 owner = "nix-community";
286 repo = "home-manager";
287 inputs.nixpkgs.follows = "nixpkgs";
288 };
289 dns = {
290 url = "github:nix-community/dns.nix";
291 inputs.nixpkgs.follows = "nixpkgs";
292 };
293 home-manager-25_11 = {
294 type = "github";
295 owner = "nix-community";
296 repo = "home-manager";
297 ref = "release-25.11";
298 inputs.nixpkgs.follows = "nixpkgs-25_11";
299 };
300
301 niri = {
302 type = "github";
303 owner = "sodiboo";
304 repo = "niri-flake";
305 inputs.nixpkgs.follows = "nixpkgs";
306 inputs.nixpkgs-stable.follows = "nixpkgs-25_11";
307 };
308
309 dagger = {
310 type = "github";
311 owner = "dagger";
312 repo = "nix";
313 inputs.nixpkgs.follows = "nixpkgs";
314 };
315
316 emacs-overlay = {
317 url = "github:nix-community/emacs-overlay";
318 inputs.nixpkgs.follows = "nixpkgs";
319 inputs.nixpkgs-stable.follows = "nixpkgs-25_11";
320 };
321
322 nixos-hardware = {
323 type = "github";
324 owner = "NixOS";
325 "repo" = "nixos-hardware";
326 };
327
328 # Me :D
329 chick-group = {
330 type = "github";
331 owner = "vdemeester";
332 repo = "chick-group";
333 inputs.nixpkgs.follows = "nixpkgs";
334 inputs.pre-commit-hooks.follows = "pre-commit-hooks";
335 };
336 # Red Hat
337 chapeau-rouge = {
338 type = "github";
339 owner = "vdemeester";
340 repo = "chapeau-rouge";
341 inputs.nixpkgs.follows = "nixpkgs";
342 inputs.pre-commit-hooks.follows = "pre-commit-hooks";
343 };
344 agenix.url = "github:ryantm/agenix";
345 agenix.inputs.nixpkgs.follows = "nixpkgs";
346 agenix.inputs.home-manager.follows = "home-manager";
347 agenix-25_11.url = "github:ryantm/agenix";
348 agenix-25_11.inputs.nixpkgs.follows = "nixpkgs-25_11";
349 agenix-25_11.inputs.home-manager.follows = "home-manager-25_11";
350
351 lanzaboote.url = "github:nix-community/lanzaboote";
352 lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
353
354 disko.url = "github:nix-community/disko";
355 disko.inputs.nixpkgs.follows = "nixpkgs";
356
357 system-manager.url = "github:numtide/system-manager";
358 system-manager.inputs.nixpkgs.follows = "nixpkgs";
359
360 nix-github-actions.url = "github:nix-community/nix-github-actions";
361 nix-github-actions.inputs.nixpkgs.follows = "nixpkgs";
362
363 nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi/develop";
364 nixos-raspberrypi.inputs.flake-compat.follows = "flake-compat";
365
366 copilot-cli.url = "github:scarisey/copilot-cli-flake";
367 copilot-cli.inputs.nixpkgs.follows = "nixpkgs";
368 };
369}