dots/flake.nix

{
  description = "Price Hiller's home manager configuration";

  inputs = {
    nix.url = "github:nixos/nix";
    deploy-rs.url = "github:serokell/deploy-rs";
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs-master.url = "github:nixos/nixpkgs";
    flake-utils.url = "github:numtide/flake-utils";
    lanzaboote = {
      url = "github:nix-community/lanzaboote";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    bob = {
      flake = false;
      url = "github:MordechaiHadad/bob";
    };
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    wezterm = {
      url = "github:wez/wezterm?dir=nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    agenix = {
      url = "github:yaxitech/ragenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    impermanence = {
      url = "github:nix-community/impermanence";
    };
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    blog = {
      url = "git+https://git.orion-technologies.io/blog/blog";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    emacs-overlay = {
      url = "github:nix-community/emacs-overlay";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.flake-utils.follows = "flake-utils";
    };
    secrets = {
      url = "git+file:secrets?submodules=1";
      flake = false;
    };
  };

  outputs =
    inputs@{ self, nixpkgs, ... }:
    let
      inherit (self) outputs;
      forAllSystems =
        function:
        nixpkgs.lib.genAttrs
          [
            "aarch64-linux"
            "i686-linux"
            "x86_64-linux"
            "aarch64-darwin"
            "x86_64-darwin"
          ]
          (
            system:
            function (
              import nixpkgs {
                inherit system;
                overlays = [
                  inputs.agenix.overlays.default
                  self.overlays.modifications
                  self.overlays.additions
                ];
              }
            )
          );
      mkHomeCfg =
        user: home-config:
        let
          username = "${builtins.head (builtins.match "(.+)(@.+)?" user)}";
        in
        inputs.home-manager.lib.homeManagerConfiguration {
          pkgs = nixpkgs.legacyPackages.x86_64-linux;
          extraSpecialArgs = {
            clib = (import ./lib { lib = nixpkgs.lib; });
            inherit inputs;
          };
          modules = [
            ({
              imports = [ inputs.agenix.homeManagerModules.default ];
              nixpkgs.overlays = [
                inputs.emacs-overlay.overlays.default
                self.overlays.modifications
                self.overlays.additions
              ];
              home = {
                stateVersion = "24.05";
                username = "${username}";
                homeDirectory = "/home/${username}";
              };
            })
            home-config
          ];
        };
    in
    {
      formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);
      packages = forAllSystems (pkgs: import ./pkgs pkgs);
      homeConfigurations = builtins.mapAttrs (mkHomeCfg) { "price" = ./users/price/home.nix; };
      overlays = import ./overlays { inherit inputs; };
      devShells = forAllSystems (pkgs: {
        default = pkgs.mkShell {
          packages = with pkgs; [
            age
            agenix
            age-plugin-yubikey
            nixos-rebuild
            nixos-install-tools
            pkgs.deploy-rs
          ];
          shellHook = ''
            export RULES="$PWD/secrets/secrets.nix"
          '';
        };
      });
      checks = forAllSystems (pkgs: {
        formatting =
          pkgs.runCommand "check-fmt"
            {
              buildInputs = with pkgs; [
                fd
                (import ./pkgs { inherit pkgs; }).Fmt
              ];
            }
            ''
              set -eEuo pipefail
              fd --exec-batch=Fmt
              touch $out
            '';
      });
      apps = forAllSystems (pkgs: {
        home-manager-init = {
          type = "app";
          program = "${
            pkgs.writeShellApplication {
              name = "home-manager-init";
              runtimeInputs = with pkgs; [
                git
                nix
              ];
              text = ''
                #!${pkgs.bash}/bin/bash
                cd "$(git rev-parse --show-toplevel)"
                nix run --extra-experimental-features 'nix-command flakes' github:nix-community/home-manager -- switch --extra-experimental-features 'nix-command flakes' --flake "git+file://$(pwd)?submodules=1" "$@"
              '';
            }
          }/bin/home-manager-init";
        };
        install-host = {
          type = "app";
          program = "${
            pkgs.writeShellApplication {
              name = "install-host";
              runtimeInputs = with pkgs; [
                openssh
                coreutils-full
                git
                agenix
                nix
              ];
              text = (
                ''
                  #!${pkgs.bash}/bin/bash
                  # The below `cd` invocation ensures the installer is running from the toplevel of
                  # the flake and thus has correct paths available.
                  cd "$(git rev-parse --show-toplevel)"
                ''
                + builtins.readFile ./scripts/install-host.bash
              );
            }
          }/bin/install-host";
        };
      });
      nixosConfigurations =
        let
          clib = (import ./lib { lib = nixpkgs.lib; });
        in
        {
          orion =
            let
              hostname = "orion";
            in
            nixpkgs.lib.nixosSystem {
              system = "x86_64-linux";
              specialArgs = {
                inherit self;
                inherit inputs;
                inherit outputs;
                inherit hostname;
                inherit clib;
              };
              modules = [
                ./modules/btrfs-rollback.nix
                inputs.lanzaboote.nixosModules.lanzaboote
                inputs.impermanence.nixosModules.impermanence
                inputs.agenix.nixosModules.default
                inputs.disko.nixosModules.disko
                {
                  config =
                    (import "${inputs.secrets}" {
                      agenix = false;
                      inherit clib;
                    }).${hostname};
                }
                ./hosts/${hostname}
              ];
            };
          luna =
            let
              hostname = "luna";
            in
            nixpkgs.lib.nixosSystem {
              system = "x86_64-linux";
              specialArgs = {
                inherit self;
                inherit inputs;
                inherit hostname;
                inherit nixpkgs;
                inherit clib;
              };
              modules = [
                ./modules/btrfs-rollback.nix
                inputs.impermanence.nixosModules.impermanence
                inputs.agenix.nixosModules.default
                inputs.disko.nixosModules.disko
                {
                  config =
                    (import "${inputs.secrets}" {
                      agenix = false;
                      inherit clib;
                    }).${hostname};
                }
                ./hosts/${hostname}
              ];
            };
        };
      deploy.nodes =
        let
          deploy-rs = inputs.deploy-rs;
        in
        {
          luna = {
            hostname = "luna.hosts.orion-technologies.io";
            fastConnection = true;
            profiles.system = {
              sshUser = "price";
              user = "root";
              path = deploy-rs.lib.x86_64-linux.activate.nixos outputs.nixosConfigurations.luna;
            };
          };
        };
    };
}
feat: migrate to nix home-manager 🚀 2023-11-30 00:49:32 -06:00			`{`
			`description = "Price Hiller's home manager configuration";`

			`inputs = {`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`nix.url = "github:nixos/nix";`
			`deploy-rs.url = "github:serokell/deploy-rs";`
refactor(nix): use nixpkgs-unstable instead of master 2024-04-23 10:36:34 -05:00			`nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";`
feat(nix): use nixpkgs master version for zathura 2024-09-05 10:57:43 -05:00			`nixpkgs-master.url = "github:nixos/nixpkgs";`
chore(nix-hm): integrate with nixd lsp 2024-02-13 12:31:59 -06:00			`flake-utils.url = "github:numtide/flake-utils";`
feat(hosts/orion): enable secureboot 2024-09-27 00:36:41 -05:00			`lanzaboote = {`
			`url = "github:nix-community/lanzaboote";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
feat(nix-hm): add bob-nvim flake to install bob 2024-01-06 00:39:19 -06:00			`bob = {`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`flake = false;`
			`url = "github:MordechaiHadad/bob";`
refactor: improve handling of `Fmt` command 2024-03-16 15:21:25 -05:00			`};`
feat: migrate to nix home-manager 🚀 2023-11-30 00:49:32 -06:00			`home-manager = {`
			`url = "github:nix-community/home-manager";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
Revert "refactor(nix/hm/price): do not use `wezterm` from upstream" This reverts commit 0f9fd6d017b762e63f514dd221bd7cda7d389134. 2024-07-26 01:05:18 -05:00			`wezterm = {`
			`url = "github:wez/wezterm?dir=nix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
feat(nix-hm): add initial integration of `agenix` 2024-03-14 03:37:02 -05:00			`agenix = {`
			`url = "github:yaxitech/ragenix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`impermanence = {`
			`url = "github:nix-community/impermanence";`
			`};`
			`disko = {`
			`url = "github:nix-community/disko";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
			`blog = {`
			`url = "git+https://git.orion-technologies.io/blog/blog";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
feat(nix): use `emacs-overlay` 2024-07-09 23:26:57 -05:00			`emacs-overlay = {`
			`url = "github:nix-community/emacs-overlay";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`inputs.flake-utils.follows = "flake-utils";`
			`};`
refactor: remove `secrets` dir from repo to submodule 2024-09-26 23:43:49 -05:00			`secrets = {`
			`url = "git+file:secrets?submodules=1";`
			`flake = false;`
			`};`
feat: migrate to nix home-manager 🚀 2023-11-30 00:49:32 -06:00			`};`

style(nix): format with `Fmt` 2024-04-19 22:27:46 -05:00			`outputs =`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`inputs@{ self, nixpkgs, ... }:`
feat: migrate to nix home-manager 🚀 2023-11-30 00:49:32 -06:00			`let`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`inherit (self) outputs;`
			`forAllSystems =`
			`function:`
			`nixpkgs.lib.genAttrs`
			`[`
			`"aarch64-linux"`
			`"i686-linux"`
			`"x86_64-linux"`
			`"aarch64-darwin"`
			`"x86_64-darwin"`
			`]`
			`(`
			`system:`
			`function (`
			`import nixpkgs {`
			`inherit system;`
			`overlays = [`
			`inputs.agenix.overlays.default`
fix(nix): ensure `agenix-plugin-yubikey` gets deps 2024-05-10 02:41:46 -05:00			`self.overlays.modifications`
			`self.overlays.additions`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`];`
			`}`
			`)`
			`);`
			`mkHomeCfg =`
			`user: home-config:`
			`let`
			`username = "${builtins.head (builtins.match "(.+)(@.+)?" user)}";`
			`in`
			`inputs.home-manager.lib.homeManagerConfiguration {`
			`pkgs = nixpkgs.legacyPackages.x86_64-linux;`
			`extraSpecialArgs = {`
refactor(nix/hm/price): use `programs.bat` to configure bat 2024-05-27 12:59:14 -05:00			`clib = (import ./lib { lib = nixpkgs.lib; });`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`inherit inputs;`
			`};`
			`modules = [`
			`({`
			`imports = [ inputs.agenix.homeManagerModules.default ];`
			`nixpkgs.overlays = [`
feat(nix): use `emacs-overlay` 2024-07-09 23:26:57 -05:00			`inputs.emacs-overlay.overlays.default`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`self.overlays.modifications`
			`self.overlays.additions`
refactor(nix-hm): various improvements 2024-02-04 22:26:55 -06:00			`];`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`home = {`
			`stateVersion = "24.05";`
			`username = "${username}";`
			`homeDirectory = "/home/${username}";`
			`};`
			`})`
			`home-config`
			`];`
refactor(nix-hm): various improvements 2024-02-04 22:26:55 -06:00			`};`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`in`
			`{`
			`formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);`
			`packages = forAllSystems (pkgs: import ./pkgs pkgs);`
feat(nix/hosts/orion): add swaylock support in pam 2024-05-28 11:39:43 -05:00			`homeConfigurations = builtins.mapAttrs (mkHomeCfg) { "price" = ./users/price/home.nix; };`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`overlays = import ./overlays { inherit inputs; };`
			`devShells = forAllSystems (pkgs: {`
			`default = pkgs.mkShell {`
feat(nix-hm): add initial integration of `agenix` 2024-03-14 03:37:02 -05:00			`packages = with pkgs; [`
			`age`
fix(nix): ensure `agenix-plugin-yubikey` gets deps 2024-05-10 02:41:46 -05:00			`agenix`
feat(nix-hm): add initial integration of `agenix` 2024-03-14 03:37:02 -05:00			`age-plugin-yubikey`
			`nixos-rebuild`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`nixos-install-tools`
feat(nix-hm): add initial integration of `agenix` 2024-03-14 03:37:02 -05:00			`pkgs.deploy-rs`
			`];`
			`shellHook = ''`
			`export RULES="$PWD/secrets/secrets.nix"`
			`'';`
			`};`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`});`
test(nix): add formatting check 2024-05-10 00:02:07 -05:00			`checks = forAllSystems (pkgs: {`
			`formatting =`
			`pkgs.runCommand "check-fmt"`
			`{`
			`buildInputs = with pkgs; [`
refactor(nix): improve formatting check 2024-06-28 03:22:50 -05:00			`fd`
test(nix): add formatting check 2024-05-10 00:02:07 -05:00			`(import ./pkgs { inherit pkgs; }).Fmt`
			`];`
			`}`
			`''`
refactor(nix): improve formatting check 2024-06-28 03:22:50 -05:00			`set -eEuo pipefail`
			`fd --exec-batch=Fmt`
test(nix): add formatting check 2024-05-10 00:02:07 -05:00			`touch $out`
			`'';`
			`});`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`apps = forAllSystems (pkgs: {`
			`home-manager-init = {`
			`type = "app";`
			`program = "${`
			`pkgs.writeShellApplication {`
			`name = "home-manager-init";`
			`runtimeInputs = with pkgs; [`
			`git`
			`nix`
			`];`
			`text = ''`
			`#!${pkgs.bash}/bin/bash`
			`cd "$(git rev-parse --show-toplevel)"`
			`nix run --extra-experimental-features 'nix-command flakes' github:nix-community/home-manager -- switch --extra-experimental-features 'nix-command flakes' --flake "git+file://$(pwd)?submodules=1" "$@"`
			`'';`
			`}`
			`}/bin/home-manager-init";`
			`};`
			`install-host = {`
			`type = "app";`
			`program = "${`
			`pkgs.writeShellApplication {`
			`name = "install-host";`
			`runtimeInputs = with pkgs; [`
			`openssh`
			`coreutils-full`
			`git`
			`agenix`
			`nix`
			`];`
			`text = (`
			`''`
			`#!${pkgs.bash}/bin/bash`
			# The below `cd` invocation ensures the installer is running from the toplevel of
			`# the flake and thus has correct paths available.`
			`cd "$(git rev-parse --show-toplevel)"`
			`''`
			`+ builtins.readFile ./scripts/install-host.bash`
			`);`
			`}`
			`}/bin/install-host";`
			`};`
			`});`
			`nixosConfigurations =`
			`let`
refactor(nix): cleanup toplevel flake 2024-08-25 00:28:11 -05:00			`clib = (import ./lib { lib = nixpkgs.lib; });`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`in`
			`{`
			`orion =`
			`let`
			`hostname = "orion";`
			`in`
			`nixpkgs.lib.nixosSystem {`
			`system = "x86_64-linux";`
			`specialArgs = {`
			`inherit self;`
			`inherit inputs;`
			`inherit outputs;`
			`inherit hostname;`
refactor(nix): cleanup toplevel flake 2024-08-25 00:28:11 -05:00			`inherit clib;`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`};`
			`modules = [`
refactor(nix): extract orion's btrfs rollback to NixOS module 2024-08-24 23:38:27 -05:00			`./modules/btrfs-rollback.nix`
feat(hosts/orion): enable secureboot 2024-09-27 00:36:41 -05:00			`inputs.lanzaboote.nixosModules.lanzaboote`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`inputs.impermanence.nixosModules.impermanence`
			`inputs.agenix.nixosModules.default`
			`inputs.disko.nixosModules.disko`
			`{`
			`config =`
refactor: remove `secrets` dir from repo to submodule 2024-09-26 23:43:49 -05:00			`(import "${inputs.secrets}" {`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`agenix = false;`
refactor(nix): cleanup toplevel flake 2024-08-25 00:28:11 -05:00			`inherit clib;`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`}).${hostname};`
			`}`
			`./hosts/${hostname}`
			`];`
			`};`
			`luna =`
			`let`
			`hostname = "luna";`
			`in`
			`nixpkgs.lib.nixosSystem {`
			`system = "x86_64-linux";`
			`specialArgs = {`
			`inherit self;`
			`inherit inputs;`
			`inherit hostname;`
			`inherit nixpkgs;`
refactor(nix): cleanup toplevel flake 2024-08-25 00:28:11 -05:00			`inherit clib;`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`};`
			`modules = [`
refactor(hosts/luna): use btrfs-rollback service for handling rollbacks 2024-08-25 00:26:25 -05:00			`./modules/btrfs-rollback.nix`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`inputs.impermanence.nixosModules.impermanence`
			`inputs.agenix.nixosModules.default`
			`inputs.disko.nixosModules.disko`
			`{`
			`config =`
refactor: remove `secrets` dir from repo to submodule 2024-09-26 23:43:49 -05:00			`(import "${inputs.secrets}" {`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`agenix = false;`
refactor(nix): cleanup toplevel flake 2024-08-25 00:28:11 -05:00			`inherit clib;`
refactor!: the big nix refactor 2024-05-03 14:35:00 -05:00			`}).${hostname};`
			`}`
			`./hosts/${hostname}`
			`];`
			`};`
			`};`
			`deploy.nodes =`
			`let`
			`deploy-rs = inputs.deploy-rs;`
			`in`
			`{`
			`luna = {`
			`hostname = "luna.hosts.orion-technologies.io";`
			`fastConnection = true;`
			`profiles.system = {`
			`sshUser = "price";`
			`user = "root";`
			`path = deploy-rs.lib.x86_64-linux.activate.nixos outputs.nixosConfigurations.luna;`
			`};`
			`};`
			`};`
			`};`
feat: migrate to nix home-manager 🚀 2023-11-30 00:49:32 -06:00			`}`