Commit 39a461ee6ced
Changed files (6)
lib/default.nix
@@ -0,0 +1,81 @@
+{ self
+, inputs
+, outputs
+, stateVersion
+, ...
+}:
+{
+ # Function for generating home-manage configs
+ mkHome =
+ { hostname
+ , user
+ , desktop ? null
+ , system ? "x86_64-linux"
+ ,
+ }:
+ inputs.home-manager.lib.homeManagerConfiguration {
+ pkgs = inputs.nixpkgs.legacyPackages.${system};
+ extraSpecialArgs = {
+ inherit
+ self
+ inputs
+ outputs
+ stateVersion
+ hostname
+ desktop
+ ;
+ username = user;
+ };
+ modules = [
+ # ../home
+ ];
+ };
+
+ # Function for generating host configs
+ mkHost =
+ { hostname
+ , desktop ? null
+ , system ? "x86_64-linux"
+ , pkgsInput ? inputs.nixpkgs
+ , homeInput ? inputs.home-manager
+ , ,
+ }:
+ pkgsInput.lib.nixosSystem {
+ specialArgs = {
+ inherit
+ self
+ inputs
+ outputs
+ stateVersion
+ hostname
+ desktop
+ system
+ ;
+ };
+ system = system;
+ modules = [
+ inputs.agenix.nixosModules.default
+ # inputs.lanzaboote.nixosModules.lanzaboote
+ homeInput.nixosModules.home-manager
+ ../host
+ ];
+ };
+
+ # Function to create a system manager
+ mkSystemManager =
+ { hostname
+ , system ? "x86_64-linux"
+ ,
+ }:
+ inputs.system-manager.lib-makeSystemConfig {
+ modules = [
+ # ../modules ?
+ {
+ config = {
+ nixpkgs.hostPlatform = system;
+ system-manager.allowAnyDistro = true;
+ };
+ }
+ ];
+ };
+};
systems/hosts/kyushu.nix
@@ -0,0 +1,10 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ ../hardware/thinkpad-x1g12.nix
+ ];
+
+ # TODO use disko
+ # TODO Use better modules
+}
flake.lock
@@ -4,7 +4,9 @@
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
- "nixpkgs": "nixpkgs",
+ "nixpkgs": [
+ "nixpkgs"
+ ],
"systems": "systems"
},
"locked": {
@@ -88,6 +90,21 @@
"type": "github"
}
},
+ "crane": {
+ "locked": {
+ "lastModified": 1741148495,
+ "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=",
+ "owner": "ipetkov",
+ "repo": "crane",
+ "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53",
+ "type": "github"
+ },
+ "original": {
+ "owner": "ipetkov",
+ "repo": "crane",
+ "type": "github"
+ }
+ },
"dagger": {
"inputs": {
"nixpkgs": [
@@ -130,6 +147,26 @@
"type": "github"
}
},
+ "disko": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1744145203,
+ "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=",
+ "owner": "nix-community",
+ "repo": "disko",
+ "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "disko",
+ "type": "github"
+ }
+ },
"emacs-overlay": {
"inputs": {
"nixpkgs": [
@@ -217,6 +254,22 @@
"type": "github"
}
},
+ "flake-compat_5": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1733328505,
+ "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@@ -259,6 +312,27 @@
"type": "github"
}
},
+ "flake-parts_3": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "lanzaboote",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1740872218,
+ "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "3876f6b87db82f33775b1ef5ea343986105db764",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
"gitignore": {
"inputs": {
"nixpkgs": [
@@ -303,6 +377,28 @@
"type": "github"
}
},
+ "gitignore_3": {
+ "inputs": {
+ "nixpkgs": [
+ "lanzaboote",
+ "pre-commit-hooks-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "type": "github"
+ }
+ },
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -401,6 +497,31 @@
"type": "github"
}
},
+ "lanzaboote": {
+ "inputs": {
+ "crane": "crane",
+ "flake-compat": "flake-compat_4",
+ "flake-parts": "flake-parts_3",
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "pre-commit-hooks-nix": "pre-commit-hooks-nix",
+ "rust-overlay": "rust-overlay"
+ },
+ "locked": {
+ "lastModified": 1741442524,
+ "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=",
+ "owner": "nix-community",
+ "repo": "lanzaboote",
+ "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "lanzaboote",
+ "type": "github"
+ }
+ },
"nix-github-actions": {
"inputs": {
"nixpkgs": [
@@ -517,7 +638,7 @@
},
"nixos-wsl": {
"inputs": {
- "flake-compat": "flake-compat_4",
+ "flake-compat": "flake-compat_5",
"nixpkgs": [
"nixpkgs"
]
@@ -538,16 +659,16 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1703013332,
- "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
+ "lastModified": 1730768919,
+ "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
+ "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-unstable",
+ "ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
@@ -584,23 +705,23 @@
"type": "github"
}
},
- "nixpkgs_2": {
+ "nixpkgs-master": {
"locked": {
- "lastModified": 1730768919,
- "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=",
- "owner": "NixOS",
+ "lastModified": 1744577007,
+ "narHash": "sha256-2rcE3NDqQVYjdrUHFFgJSJG7ATUkJzAFaBz8ybTp2fU=",
+ "owner": "nixos",
"repo": "nixpkgs",
- "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc",
+ "rev": "fe24d8526fe90e49fd04bd36e18722a1894ea41f",
"type": "github"
},
"original": {
- "owner": "NixOS",
- "ref": "nixpkgs-unstable",
+ "owner": "nixos",
+ "ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
- "nixpkgs_3": {
+ "nixpkgs_2": {
"locked": {
"lastModified": 1743964447,
"narHash": "sha256-nEo1t3Q0F+0jQ36HJfbJtiRU4OI+/0jX/iITURKe3EE=",
@@ -620,7 +741,7 @@
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
- "nixpkgs": "nixpkgs_2"
+ "nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1740870877,
@@ -636,6 +757,32 @@
"type": "github"
}
},
+ "pre-commit-hooks-nix": {
+ "inputs": {
+ "flake-compat": [
+ "lanzaboote",
+ "flake-compat"
+ ],
+ "gitignore": "gitignore_3",
+ "nixpkgs": [
+ "lanzaboote",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1740915799,
+ "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=",
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "type": "github"
+ }
+ },
"pre-commit-hooks_2": {
"inputs": {
"flake-compat": "flake-compat_2",
@@ -666,18 +813,63 @@
"chapeau-rouge": "chapeau-rouge",
"chick-group": "chick-group",
"dagger": "dagger",
+ "disko": "disko",
"emacs-overlay": "emacs-overlay",
"flake-compat": "flake-compat_3",
"home-manager": "home-manager_2",
"home-manager-24_05": "home-manager-24_05",
"home-manager-24_11": "home-manager-24_11",
"impermanence": "impermanence",
+ "lanzaboote": "lanzaboote",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixos-wsl": "nixos-wsl",
- "nixpkgs": "nixpkgs_3",
+ "nixpkgs": "nixpkgs_2",
"nixpkgs-24_05": "nixpkgs-24_05",
- "nixpkgs-24_11": "nixpkgs-24_11"
+ "nixpkgs-24_11": "nixpkgs-24_11",
+ "nixpkgs-master": "nixpkgs-master",
+ "system-manager": "system-manager"
+ }
+ },
+ "rust-overlay": {
+ "inputs": {
+ "nixpkgs": [
+ "lanzaboote",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1741228283,
+ "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=",
+ "owner": "oxalica",
+ "repo": "rust-overlay",
+ "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403",
+ "type": "github"
+ },
+ "original": {
+ "owner": "oxalica",
+ "repo": "rust-overlay",
+ "type": "github"
+ }
+ },
+ "system-manager": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1744139528,
+ "narHash": "sha256-ABIcmxzf8399pJzXqHzShXtzw7iC+zxjhOxp/qS0fQk=",
+ "owner": "numtide",
+ "repo": "system-manager",
+ "rev": "803322102ed51f29c250d4bff2973625adc4a521",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "system-manager",
+ "type": "github"
}
},
"systems": {
flake.nix
@@ -3,6 +3,18 @@
outputs = { self, ... } @ inputs:
let
+ inherit (self) outputs;
+ stateVersion = "24.11";
+
+ libx = import ./lib {
+ inherit
+ self
+ inputs
+ outputs
+ stateVersion
+ ;
+ };
+
stableModules = [
inputs.home-manager-24_11.nixosModules.home-manager
];
@@ -45,29 +57,31 @@
];
in
{
- images = {
- # ami(s) (AWS)
- carthage = inputs.nixos-generators.nixosGenerate rec {
+ homeConfigurations = {
+ # headless machine
+ "vincent@aion" = libx.mkHome {
+ username = "vincent";
+ hostname = "aion";
+ system = "aarch64-linux";
+ };
+ "houbeb@aion" = libx.mkHome {
+ username = "houbeb";
+ hostname = "aion";
system = "aarch64-linux";
- format = "amazon";
- modules = commonModules ++ stableModules ++ [
- ./systems/hosts/carthage.nix
- ];
};
- # sdimages
- athena = (self.nixosConfigurations.athena.extendModules {
- modules = [
- "${inputs.nixpkgs-24_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
- ];
- }).config.system.build.sdImage;
- demeter = (self.nixosConfigurations.demeter.extendModules {
- modules = [
- "${inputs.nixpkgs-24_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
- ];
- }).config.system.build.sdImage;
};
nixosConfigurations =
{
+ # Work laptop (unstable)
+ kyushu = libx.mkHost {
+ hostname = "kyushu";
+ desktop = "sway";
+ };
+ # sakhalin = libx.mkHost {
+ # hostname = "sakhalin";
+ # pkgsInput = inputs.nixpkgs-24_11;
+ # homeInput = inputs.home-manager-24_11;
+ # };
# Work laptop (unstable)
wakasu = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
@@ -128,6 +142,35 @@
};
};
+ # system-manager configurations
+ systemConfigs = {
+ aion = libx.mkSystemmanager {
+ hostname = "aion";
+ system = "aarch64-linux";
+ };
+ };
+
+ images = {
+ # ami(s) (AWS)
+ carthage = inputs.nixos-generators.nixosGenerate rec {
+ system = "aarch64-linux";
+ format = "amazon";
+ modules = commonModules ++ stableModules ++ [
+ ./systems/hosts/carthage.nix
+ ];
+ };
+ # sdimages
+ athena = (self.nixosConfigurations.athena.extendModules {
+ modules = [
+ "${inputs.nixpkgs-24_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
+ ];
+ }).config.system.build.sdImage;
+ demeter = (self.nixosConfigurations.demeter.extendModules {
+ modules = [
+ "${inputs.nixpkgs-24_11}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
+ ];
+ }).config.system.build.sdImage;
+ };
# TODO: expose some packages ?
# This is probably not gonna happen, instead I should move any internal package here outside, in their
# own repository and flake. If they are useful upstream.
@@ -158,6 +201,7 @@
nixpkgs = { type = "github"; owner = "NixOS"; repo = "nixpkgs"; ref = "nixos-unstable"; };
nixpkgs-24_05 = { type = "github"; owner = "NixOS"; repo = "nixpkgs"; ref = "nixos-24.05"; };
nixpkgs-24_11 = { type = "github"; owner = "NixOS"; repo = "nixpkgs"; ref = "nixos-24.11"; };
+ nixpkgs-master.url = "github:nixos/nixpkgs/master";
# Home Manager
home-manager = { type = "github"; owner = "nix-community"; repo = "home-manager"; inputs.nixpkgs.follows = "nixpkgs"; };
home-manager-24_05 = { type = "github"; owner = "nix-community"; repo = "home-manager"; ref = "release-24.05"; inputs.nixpkgs.follows = "nixpkgs-24_05"; };
@@ -197,5 +241,18 @@
inputs.nixpkgs.follows = "nixpkgs";
};
agenix.url = "github:ryantm/agenix";
+ agenix.inputs.nixpkgs.follows = "nixpkgs";
+
+ lanzaboote.url = "github:nix-community/lanzaboote";
+ lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
+
+ disko.url = "github:nix-community/disko";
+ disko.inputs.nixpkgs.follows = "nixpkgs";
+
+ system-manager.url = "github:numtide/system-manager";
+ system-manager.inputs.nixpkgs.follows = "nixpkgs";
+
+ # nix-system-graphics.url = "github:soupglasses/nix-system-graphics";
+ # nix-system-graphics.inputs.nixpkgs.follows = "nixpkgs";
};
}
nixpkgs.nix
@@ -0,0 +1,9 @@
+# A nixpkgs instance that is grabbed from the pinned nixpkgs commit in the lock file
+# Useful to avoid using channels when using legacy nix commands
+let
+ lock = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked;
+in
+import (fetchTarball {
+ url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz";
+ sha256 = lock.narHash;
+})
shell.nix
@@ -1,3 +1,23 @@
+# Shell for bootstrapping flake-enabled nix and home-manager
+# Access development shell with 'nix develop' or (legacy) 'nix-shell'
+# { pkgs ? (import ./nixpkgs.nix) { }
+# ,
+# }:
+# {
+# default = pkgs.mkShell {
+# name = "home-flake";
+# # Enable experimental features without having to specify the argument
+# NIX_CONFIG = "experimental-features = nix-command flakes";
+# nativeBuildInputs = with pkgs; [
+# nix
+# home-manager
+# git
+# ];
+# shellHook = ''
+# exec zsh
+# '';
+# };
+# }
{ system ? builtins.currentSystem }:
# Use flake.nix devshell, similar to "nix develop"