nix-config/flake.nix

{
  description = "patricks tolle nix config";

  inputs = {
    nixpkgs-wayland = {
      url = "github:nix-community/nixpkgs-wayland";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

    nixos-extra-modules = {
      url = "github:oddlama/nixos-extra-modules";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    microvm = {
      url = "github:astro/microvm.nix";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.flake-utils.follows = "flake-utils";
    };

    # to prevent multiple instances of systems
    systems.url = "github:nix-systems/default";

    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    nixos-generators = {
      url = "github:nix-community/nixos-generators";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    home-manager = {
      url = "github:nix-community/home-manager";
      # should use system nixpkgs instead of their own
      inputs.nixpkgs.follows = "nixpkgs";
    };

    agenix = {
      url = "github:ryantm/agenix";
      inputs.home-manager.follows = "home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    # Bin zu faul des zu kopieren
    agenix-rekey = {
      url = "github:oddlama/agenix-rekey";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.flake-utils.follows = "flake-utils";
    };

    flake-utils = {
      url = "github:numtide/flake-utils";
      inputs.systems.follows = "systems";
    };

    pre-commit-hooks = {
      url = "github:cachix/pre-commit-hooks.nix";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.flake-utils.follows = "flake-utils";
    };

    templates.url = "git+https://git.lel.lol/patrick/nix-templates.git";

    impermanence.url = "github:nix-community/impermanence";

    nixos-hardware.url = "github:nixos/nixos-hardware";

    devshell = {
      url = "github:numtide/devshell";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nix-index-database = {
      url = "github:nix-community/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    lanzaboote = {
      url = "github:nix-community/lanzaboote/v0.3.0";

      inputs.nixpkgs.follows = "nixpkgs";
    };

    stylix.url = "github:danth/stylix";

    wired-notify = {
      url = "github:Toqozz/wired-notify";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.utils.follows = "flake-utils";
    };

    spicetify-nix.url = "github:the-argus/spicetify-nix";

    nixvim = {
      url = "github:nix-community/nixvim";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = {
    self,
    nixpkgs,
    flake-utils,
    agenix-rekey,
    nixos-generators,
    pre-commit-hooks,
    devshell,
    wired-notify,
    nixvim,
    nixos-extra-modules,
    ...
  } @ inputs: let
    inherit (nixpkgs) lib;
    stateVersion = "23.05";
  in
    {
      secretsConfig = {
        # This should be a link to one of the age public keys is './keys'
        masterIdentities = ["/run/decrypt.key.pub"];
        extraEncryptionPubkeys = [./secrets/recipients.txt];
      };
      agenix-rekey = agenix-rekey.configure {
        userFlake = self;
        inherit (self) nodes pkgs;
      };

      inherit stateVersion;
      inherit
        (import ./nix/hosts.nix inputs)
        hosts
        nixosConfigurations
        minimalConfigurations
        guestConfigurations
        ;
      nodes = self.nixosConfigurations // self.guestConfigurations;

      inherit
        (lib.foldl' lib.recursiveUpdate {}
          (lib.mapAttrsToList
            (import ./nix/generate-installer-package.nix inputs)
            self.minimalConfigurations))
        packages
        ;
    }
    // flake-utils.lib.eachDefaultSystem (system: rec {
      apps.setupHetznerStorageBoxes = import (nixos-extra-modules + "/apps/setup-hetzner-storage-boxes.nix") {
        inherit pkgs;
        nixosConfigurations = self.nodes;
        decryptIdentity = builtins.head self.secretsConfig.masterIdentities;
      };
      pkgs = import nixpkgs {
        overlays =
          import ./lib inputs
          ++ import ./pkgs
          ++ [
            # nixpkgs-wayland.overlay
            nixos-extra-modules.overlays.default
            devshell.overlays.default
            agenix-rekey.overlays.default
            wired-notify.overlays.default
            nixvim.overlays.default
          ];
        inherit system;
        config.allowUnfree = true;
      };

      images.live-iso = nixos-generators.nixosGenerate {
        inherit pkgs;
        modules = [
          ./nix/installer-configuration.nix
          ./modules/config/ssh.nix
        ];
        format =
          {
            x86_64-linux = "install-iso";
            aarch64-linux = "sd-aarch64-installer";
          }
          .${system};
      };

      checks.pre-commit-check =
        pre-commit-hooks.lib.${system}.run
        {
          src = lib.cleanSource ./.;
          hooks = {
            alejandra.enable = true;
            deadnix.enable = true;
            statix.enable = true;
          };
        };
      devShell = import ./nix/devshell.nix inputs system;
      formatter = pkgs.alejandra;
    });
}
feat: switched to flake based config 2023-01-25 17:53:02 +01:00			`{`
feat: added nvim config 2023-04-08 17:33:59 +02:00			`description = "patricks tolle nix config";`

WIP: rekey module to rekey all secrets using the yubikey Work apart from interactivity. Pins are thus currently unsopported Will be supperseeded by a flake runable to rekey secrets on demand 2023-01-28 02:50:14 +01:00			`inputs = {`
WIP 2023-09-05 21:00:29 +02:00			`nixpkgs-wayland = {`
			`url = "github:nix-community/nixpkgs-wayland";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
WIP: rekey module to rekey all secrets using the yubikey Work apart from interactivity. Pins are thus currently unsopported Will be supperseeded by a flake runable to rekey secrets on demand 2023-01-28 02:50:14 +01:00			`nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";`
feat: added nvim config 2023-04-08 17:33:59 +02:00
feat: added nixos extra modules 2023-12-22 01:45:26 +01:00			`nixos-extra-modules = {`
			`url = "github:oddlama/nixos-extra-modules";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
chore: newest extra modules update 2024-01-11 15:41:03 +01:00			`microvm = {`
			`url = "github:astro/microvm.nix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`inputs.flake-utils.follows = "flake-utils";`
			`};`
feat: added nixos extra modules 2023-12-22 01:45:26 +01:00
feat: switched devshell to utilize devshell 2023-05-22 14:25:00 +02:00			`# to prevent multiple instances of systems`
			`systems.url = "github:nix-systems/default";`

feat: added filesystem for desktopnix 2023-08-30 14:25:52 +02:00			`disko = {`
			`url = "github:nix-community/disko";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`

feat: added nixos generators 2023-08-30 16:38:30 +02:00			`nixos-generators = {`
			`url = "github:nix-community/nixos-generators";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`

WIP: rekey module to rekey all secrets using the yubikey Work apart from interactivity. Pins are thus currently unsopported Will be supperseeded by a flake runable to rekey secrets on demand 2023-01-28 02:50:14 +01:00			`home-manager = {`
			`url = "github:nix-community/home-manager";`
			`# should use system nixpkgs instead of their own`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
feat: added nvim config 2023-04-08 17:33:59 +02:00
WIP: rekey module to rekey all secrets using the yubikey Work apart from interactivity. Pins are thus currently unsopported Will be supperseeded by a flake runable to rekey secrets on demand 2023-01-28 02:50:14 +01:00			`agenix = {`
			`url = "github:ryantm/agenix";`
chore: system update 2023-05-19 06:54:56 +02:00			`inputs.home-manager.follows = "home-manager";`
WIP: rekey module to rekey all secrets using the yubikey Work apart from interactivity. Pins are thus currently unsopported Will be supperseeded by a flake runable to rekey secrets on demand 2023-01-28 02:50:14 +01:00			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
feat: rekey funktioniert. 2023-01-28 18:41:31 +01:00
chore: switched to colmena and sane file layout 2023-05-02 15:08:36 +02:00			`# Bin zu faul des zu kopieren`
			`agenix-rekey = {`
			`url = "github:oddlama/agenix-rekey";`
			`inputs.nixpkgs.follows = "nixpkgs";`
feat: systemd update und agenix rekey update 2023-09-25 13:53:07 +02:00			`inputs.flake-utils.follows = "flake-utils";`
chore: switched to colmena and sane file layout 2023-05-02 15:08:36 +02:00			`};`

feat: switched devshell to utilize devshell 2023-05-22 14:25:00 +02:00			`flake-utils = {`
			`url = "github:numtide/flake-utils";`
			`inputs.systems.follows = "systems";`
			`};`
feat: implemented flake check (closes #15) 2023-02-08 21:12:32 +01:00
			`pre-commit-hooks = {`
			`url = "github:cachix/pre-commit-hooks.nix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`inputs.flake-utils.follows = "flake-utils";`
			`};`
feat: added flake templates 2023-03-06 07:47:49 +01:00
chore: switched to my own template repo 2023-05-11 12:59:16 +02:00			`templates.url = "git+https://git.lel.lol/patrick/nix-templates.git";`
chore: switched to colmena and sane file layout 2023-05-02 15:08:36 +02:00
feat: impermanence 2023-05-26 17:30:37 +02:00			`impermanence.url = "github:nix-community/impermanence";`
chore: switched to colmena and sane file layout 2023-05-02 15:08:36 +02:00
			`nixos-hardware.url = "github:nixos/nixos-hardware";`

feat: switched devshell to utilize devshell 2023-05-22 14:25:00 +02:00			`devshell = {`
			`url = "github:numtide/devshell";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
feat(zsh): added nix-index and comma 2023-09-18 13:04:44 +02:00			`nix-index-database = {`
			`url = "github:nix-community/nix-index-database";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
feat: stylix 2023-09-22 20:57:08 +02:00
feat: secureboot 2023-09-21 01:43:10 +02:00			`lanzaboote = {`
			`url = "github:nix-community/lanzaboote/v0.3.0";`

			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
feat: stylix 2023-09-22 20:57:08 +02:00
			`stylix.url = "github:danth/stylix";`
feat: spicetify 2023-10-13 16:55:01 +02:00
WIP: added wired-notify feat: added autostart for systemd services 2023-10-12 02:30:03 +02:00			`wired-notify = {`
			`url = "github:Toqozz/wired-notify";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`inputs.utils.follows = "flake-utils";`
			`};`
feat: spicetify 2023-10-13 16:55:01 +02:00
			`spicetify-nix.url = "github:the-argus/spicetify-nix";`
feat: boilerplate for nixvim 2023-10-25 00:21:15 +02:00
			`nixvim = {`
			`url = "github:nix-community/nixvim";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
feat: switched to flake based config 2023-01-25 17:53:02 +01:00			`};`

WIP: rekey module to rekey all secrets using the yubikey Work apart from interactivity. Pins are thus currently unsopported Will be supperseeded by a flake runable to rekey secrets on demand 2023-01-28 02:50:14 +01:00			`outputs = {`
			`self,`
			`nixpkgs,`
feat: rekey funktioniert. 2023-01-28 18:41:31 +01:00			`flake-utils,`
chore: switched to colmena and sane file layout 2023-05-02 15:08:36 +02:00			`agenix-rekey,`
feat: added nixos generators 2023-08-30 16:38:30 +02:00			`nixos-generators,`
feat: simplified checks 2023-09-20 14:19:13 +02:00			`pre-commit-hooks,`
feat: remove colmena 2023-09-25 21:28:30 +02:00			`devshell,`
WIP: added wired-notify feat: added autostart for systemd services 2023-10-12 02:30:03 +02:00			`wired-notify,`
feat: boilerplate for nixvim 2023-10-25 00:21:15 +02:00			`nixvim,`
chore: newest extra modules update 2024-01-11 15:41:03 +01:00			`nixos-extra-modules,`
WIP: rekey module to rekey all secrets using the yubikey Work apart from interactivity. Pins are thus currently unsopported Will be supperseeded by a flake runable to rekey secrets on demand 2023-01-28 02:50:14 +01:00			`...`
feat: added nixos generators 2023-08-30 16:38:30 +02:00			`} @ inputs: let`
			`inherit (nixpkgs) lib;`
			`stateVersion = "23.05";`
			`in`
feat: rekey funktioniert. 2023-01-28 18:41:31 +01:00			`{`
feat: modularize secrets 2023-05-27 07:12:18 +02:00			`secretsConfig = {`
feat: added masterIdentitiy symlink to allow for host specific decryption 2023-11-07 20:07:45 +01:00			`# This should be a link to one of the age public keys is './keys'`
			`masterIdentities = ["/run/decrypt.key.pub"];`
chore: switched to colmena and sane file layout 2023-05-02 15:08:36 +02:00			`extraEncryptionPubkeys = [./secrets/recipients.txt];`
feat: rekey funktioniert. 2023-01-28 18:41:31 +01:00			`};`
feat: systemd update und agenix rekey update 2023-09-25 13:53:07 +02:00			`agenix-rekey = agenix-rekey.configure {`
			`userFlake = self;`
			`inherit (self) nodes pkgs;`
			`};`
feat: implemented flake check (closes #15) 2023-02-08 21:12:32 +01:00
feat: added nixos generators 2023-08-30 16:38:30 +02:00			`inherit stateVersion;`
feat: simplified colmena config 2023-09-20 14:37:21 +02:00			`inherit`
			`(import ./nix/hosts.nix inputs)`
			`hosts`
			`nixosConfigurations`
feat: reimaged laptop 2023-09-26 22:25:58 +02:00			`minimalConfigurations`
feat: more nextcloud/container config 2023-12-18 02:11:24 +01:00			`guestConfigurations`
feat: simplified colmena config 2023-09-20 14:37:21 +02:00			`;`
feat: more nextcloud/container config 2023-12-18 02:11:24 +01:00			`nodes = self.nixosConfigurations // self.guestConfigurations;`
feat: added nixos generators 2023-08-30 16:38:30 +02:00
			`inherit`
			`(lib.foldl' lib.recursiveUpdate {}`
			`(lib.mapAttrsToList`
			`(import ./nix/generate-installer-package.nix inputs)`
feat: reimaged laptop 2023-09-26 22:25:58 +02:00			`self.minimalConfigurations))`
feat: added nixos generators 2023-08-30 16:38:30 +02:00			`packages`
			`;`
chore: switched to colmena and sane file layout 2023-05-02 15:08:36 +02:00			`}`
			`// flake-utils.lib.eachDefaultSystem (system: rec {`
feat: added remote backups 2024-01-15 02:13:46 +01:00			`apps.setupHetznerStorageBoxes = import (nixos-extra-modules + "/apps/setup-hetzner-storage-boxes.nix") {`
			`inherit pkgs;`
			`nixosConfigurations = self.nodes;`
			`decryptIdentity = builtins.head self.secretsConfig.masterIdentities;`
			`};`
chore: switched to colmena and sane file layout 2023-05-02 15:08:36 +02:00			`pkgs = import nixpkgs {`
WIP 2023-09-05 21:00:29 +02:00			`overlays =`
			`import ./lib inputs`
feat: added nixpkgs overlay 2023-09-18 14:36:41 +02:00			`++ import ./pkgs`
WIP 2023-09-05 21:00:29 +02:00			`++ [`
feat: more laptop shit 2023-09-30 18:08:54 +02:00			`# nixpkgs-wayland.overlay`
chore: newest extra modules update 2024-01-11 15:41:03 +01:00			`nixos-extra-modules.overlays.default`
feat: remove colmena 2023-09-25 21:28:30 +02:00			`devshell.overlays.default`
			`agenix-rekey.overlays.default`
WIP: added wired-notify feat: added autostart for systemd services 2023-10-12 02:30:03 +02:00			`wired-notify.overlays.default`
feat: boilerplate for nixvim 2023-10-25 00:21:15 +02:00			`nixvim.overlays.default`
WIP 2023-09-05 21:00:29 +02:00			`];`
chore: switched to colmena and sane file layout 2023-05-02 15:08:36 +02:00			`inherit system;`
			`config.allowUnfree = true;`
FEAT: Implemented devShell 2023-02-08 19:52:31 +01:00			`};`
feat: added nixos generators 2023-08-30 16:38:30 +02:00
			`images.live-iso = nixos-generators.nixosGenerate {`
			`inherit pkgs;`
			`modules = [`
			`./nix/installer-configuration.nix`
feat: reimaged laptop 2023-09-26 22:25:58 +02:00			`./modules/config/ssh.nix`
feat: added nixos generators 2023-08-30 16:38:30 +02:00			`];`
			`format =`
			`{`
			`x86_64-linux = "install-iso";`
			`aarch64-linux = "sd-aarch64-installer";`
			`}`
			`.${system};`
			`};`

feat: simplified checks 2023-09-20 14:19:13 +02:00			`checks.pre-commit-check =`
			`pre-commit-hooks.lib.${system}.run`
			`{`
			`src = lib.cleanSource ./.;`
			`hooks = {`
			`alejandra.enable = true;`
feat: enable deadnix check 2023-12-22 01:30:46 +01:00			`deadnix.enable = true;`
feat: simplified checks 2023-09-20 14:19:13 +02:00			`statix.enable = true;`
			`};`
			`};`
feat: Wrote README improving folder structure otw 2023-06-03 11:05:10 +02:00			`devShell = import ./nix/devshell.nix inputs system;`
chore: switched to colmena and sane file layout 2023-05-02 15:08:36 +02:00			`formatter = pkgs.alejandra;`
feat: rekey funktioniert. 2023-01-28 18:41:31 +01:00			`});`
feat: switched to flake based config 2023-01-25 17:53:02 +01:00			`}`