{ description = "Configs for shelvacu's nix things"; inputs = { nixpkgs.url = "nixpkgs/nixos-24.11-small"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable-small"; flake-utils.url = "github:numtide/flake-utils"; nixvim = { url = "github:nix-community/nixvim/nixos-24.11"; inputs.nixpkgs.follows = "nixpkgs"; inputs.home-manager.follows = "home-manager"; }; nixvim-unstable = { url = "github:nix-community/nixvim"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; nix-inspect = { url = "github:bluskript/nix-inspect"; inputs.nixpkgs.follows = "nixpkgs"; }; nix-inspect-unstable = { url = "github:bluskript/nix-inspect"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; vscode-server-unstable = { url = "github:nix-community/nixos-vscode-server"; inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.flake-utils.follows = "flake-utils"; }; vscode-server = { url = "github:nix-community/nixos-vscode-server"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; nix-on-droid = { url = "github:nix-community/nix-on-droid"; inputs.nixpkgs.follows = "nixpkgs"; inputs.home-manager.follows = "home-manager"; }; jovian-unstable = { # there is no stable jovian :cry: url = "github:Jovian-Experiments/Jovian-NixOS"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; disko-unstable = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; home-manager-unstable = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; nix-search-cli-unstable = { url = "github:peterldowns/nix-search-cli"; inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.flake-utils.follows = "flake-utils"; }; nix-search-cli = { url = "github:peterldowns/nix-search-cli"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; padtype-unstable = { url = "git+https://git.uninsane.org/shelvacu/padtype.git"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = "github:nixos/nixos-hardware"; most-winningest = { url = "github:captain-jean-luc/most-winningest"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; nixos-apple-silicon-unstable = { url = "github:tpwrules/nixos-apple-silicon"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; sm64baserom.url = "git+https://git.uninsane.org/shelvacu/sm64baserom.git"; dns = { url = "github:nix-community/dns.nix"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; treefmt-nix = { url = "github:numtide/treefmt-nix"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; determinate-nix = { url = "https://flakehub.com/f/DeterminateSystems/nix-src/3.0.0"; inputs.nixpkgs.follows = "nixpkgs"; }; determinate-nix-unstable = { url = "https://flakehub.com/f/DeterminateSystems/nix-src/3.0.0"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; }; outputs = { self, nixpkgs, nix-on-droid, ... }@inputs: let x86 = "x86_64-linux"; arm = "aarch64-linux"; lib = import "${nixpkgs}/lib"; overlays = import ./overlays; mkPlainInner = pkgs: lib.evalModules { modules = [ ./common { vacu.systemKind = "server"; } ]; specialArgs = { inherit pkgs; inherit lib; inherit (inputs) dns; vacuModuleType = "plain"; inherit inputs; }; }; mkPlain = pkgs: let inner = mkPlainInner pkgs; in inner.config.vacu.withAsserts inner; mkPkgs = arg: let argAttrAll = if builtins.isString arg then { system = arg; } else arg; useUnstable = argAttrAll.useUnstable or false; whichpkgs = if useUnstable then inputs.nixpkgs-unstable else inputs.nixpkgs; argAttr = lib.removeAttrs argAttrAll [ "useUnstable" ]; config = { allowUnfree = true; permittedInsecurePackages = [ "olm-3.2.16" ]; } // (argAttr.config or { }); in import whichpkgs ( argAttr // { inherit config; } // { overlays = (argAttr.overlays or [ ]) ++ overlays; } ); pkgs = mkPkgs x86; defaultInputs = [ "nix-search-cli" "nix-inspect" "nixvim" # "determinate-nix" ]; mkInputs = { unstable ? false, inp ? [ ], }: let suffix = if unstable then "-unstable" else ""; nixpkgs = inputs.${"nixpkgs" + suffix}; inp' = inp ++ defaultInputs; thisInputsA = builtins.listToAttrs ( map (name: lib.nameValuePair name inputs.${name + suffix}) inp' ); in thisInputsA // { inherit nixpkgs; inherit (inputs) self; }; mkNixosConfig = { unstable ? false, module, system ? "x86_64-linux", inp ? [ ], }: let inputs = mkInputs { inherit unstable inp; }; in inputs.nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; inherit (inputs) dns; vacuModuleType = "nixos"; }; inherit system; modules = [ ./common module ]; }; in { debug.isoDeriv = ( import "${inputs.nixpkgs}/nixos/release-small.nix" { nixpkgs = ({ revCount = 0; } // inputs.nixpkgs); } ); lib = { inherit mkPlain mkPkgs mkInputs mkNixosConfig ; }; nixosConfigurations = { triple-dezert = mkNixosConfig { module = ./triple-dezert; inp = [ "most-winningest" ]; }; compute-deck = mkNixosConfig { module = ./compute-deck; inp = [ "jovian" "home-manager" "vscode-server" "disko" "padtype" ]; unstable = true; }; liam = mkNixosConfig { module = ./liam; inp = [ "sops-nix" ]; }; lp0 = mkNixosConfig { module = ./lp0; }; shel-installer = mkNixosConfig { module = ./installer.nix; }; fw = mkNixosConfig { module = ./fw; inp = [ "nixos-hardware" "sops-nix" ]; }; legtop = mkNixosConfig { module = ./legtop; inp = [ "nixos-hardware" ]; }; mmm = mkNixosConfig { module = ./mmm; inp = [ "nixos-apple-silicon" ]; system = "aarch64-linux"; unstable = true; }; toptop = mkNixosConfig { module = ./toptop; system = "x86_64-linux"; }; }; nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration { modules = [ ./common ./nix-on-droid ]; extraSpecialArgs = { inputs = mkInputs { }; inherit (inputs) dns; vacuModuleType = "nix-on-droid"; }; pkgs = mkPkgs { system = arm; }; }; checks = nixpkgs.lib.genAttrs [ x86 ] ( system: let pkgs = mkPkgs system; plain = mkPlain pkgs; commonTestModule = { hostPkgs = pkgs; _module.args.inputs = { inherit (inputs) self; }; node.pkgs = pkgs; node.pkgsReadOnly = false; node.specialArgs.selfPackages = self.packages.${system}; node.specialArgs.vacuModuleType = "nixos"; }; mkTest = name: nixpkgs.lib.nixos.runTest { imports = [ commonTestModule ./tests/${name} { node.specialArgs.inputs = self.nixosConfigurations.${name}._module.specialArgs.inputs; } ]; }; checksFromConfig = plain.config.vacu.checks; in assert !(checksFromConfig ? liam) && !(checksFromConfig ? trip); checksFromConfig // { liam = mkTest "liam"; triple-dezert = mkTest "triple-dezert"; } ); qb = # qb is "quick build" let toplevelOf = name: self.nixosConfigurations.${name}.config.system.build.toplevel; deterministicCerts = import ./deterministic-certs.nix { nixpkgs = mkPkgs x86; }; renamedAarchPackages = lib.mapAttrs' ( name: value: lib.nameValuePair (name + "-aarch64") value ) self.packages.aarch64-linux; packages = self.packages.x86_64-linux // renamedAarchPackages; in rec { fw = toplevelOf "fw"; triple-dezert = toplevelOf "triple-dezert"; trip = triple-dezert; compute-deck = toplevelOf "compute-deck"; cd = compute-deck; liam = toplevelOf "liam"; lp0 = toplevelOf "lp0"; legtop = toplevelOf "legtop"; lt = legtop; mmm = toplevelOf "mmm"; shel-installer = toplevelOf "shel-installer"; toptop = toplevelOf "toptop"; tt = toptop; iso = self.nixosConfigurations.shel-installer.config.system.build.isoImage; check-triple-dezert = self.checks.x86_64-linux.triple-dezert.driver; check-trip = check-triple-dezert; check-liam = self.checks.x86_64-linux.liam.driver; liam-sieve = self.nixosConfigurations.liam.config.vacu.liam-sieve-script; nix-on-droid = self.nixOnDroidConfigurations.default.activationPackage; nod = nix-on-droid; nod-bootstrap-x86_64 = inputs.nix-on-droid.packages.x86_64-linux.bootstrapZip-x86_64; nod-bootstrap-aarch64 = inputs.nix-on-droid.packages.x86_64-linux.bootstrapZip-aarch64; dc-priv = deterministicCerts.privKeyFile "test"; dc-cert = deterministicCerts.selfSigned "test" { }; # sm64 = packages.sm64coopdx; ak = packages.authorizedKeys; my-sops = packages.wrappedSops; inherit (inputs.nixos-apple-silicon-unstable.packages.aarch64-linux) m1n1 uboot-asahi installer-bootstrap ; installer-bootstrap-cross = inputs.nixos-apple-silicon-unstable.packages.x86_64-linux.installer-bootstrap; } // packages; brokenBuilds = [ "sm64coopdx-aarch64" "installer-bootstrap" ]; all = let linksNoContext = removeAttrs self.qb self.brokenBuilds; links = builtins.mapAttrs ( name: val: builtins.addErrorContext "while evaluating link ${name}" val ) linksNoContext; in pkgs.runCommand "nix-stuff-all" { __structuredAttrs = true; inherit links; } '' mkdir $out cd $out eval "$(${pkgs.jq}/bin/jq '.links | to_entries | map("ln -s "+.value+" "+.key) | join("\n")' /build/.attrs.json -r)" ''; impureBuilds = [ "nix-on-droid" "nod" "nod-bootstrap-x86_64" "nod-bootstrap-aarch64" ]; allPure = self.all.overrideAttrs (prev: { links = removeAttrs prev.links self.impureBuilds; }); archiveSmall = let # We don't want iso/img derivations here because they de-dupe terribly. Any change anywhere requires generating a new iso/img file. isoContents = lib.concatStringsSep "\n" ( map ( c: "${c.source} => ${c.target}" ) self.nixosConfigurations.shel-installer.config.isoImage.contents ); isoContentsPkg = pkgs.writeText "iso-contents" isoContents; allButImgs = self.all.overrideAttrs (prev: { links = (removeAttrs prev.links [ "iso" ]) // { iso-contents = isoContentsPkg; }; }); in allButImgs; archive = let inherit (self) archiveSmall; in archiveSmall.overrideAttrs (prev: { links = prev.links // { build-deps = pkgs.closureInfo { rootPaths = [ archiveSmall.drvPath ]; }; }; }); } // (inputs.flake-utils.lib.eachDefaultSystem ( system: let mkNixvim = unstable: let nixvim-input = if unstable then inputs.nixvim-unstable else inputs.nixvim; in nixvim-input.legacyPackages.${system}.makeNixvimWithModule { module = { imports = [ ./nixvim ]; _module.args = { inherit pkgs-unstable; }; }; extraSpecialArgs = { inherit unstable inputs system; }; }; nixpkgs-args = { inherit system; config.allowUnfree = true; overlays = [ inputs.sm64baserom.overlays.default ]; }; pkgs-unstable = mkPkgs (nixpkgs-args // { useUnstable = true; }); pkgs-stable = mkPkgs (nixpkgs-args // { useUnstable = false; }); _plain = mkPlain pkgs-unstable; plain = _plain.config.vacu.withAsserts _plain; treefmtEval = inputs.treefmt-nix.lib.evalModule pkgs-unstable ./treefmt.nix; in { formatter = treefmtEval.config.build.wrapper; apps.sops = { type = "app"; program = lib.getExe self.packages.${system}.wrappedSops; }; vacuconfig = plain.config; legacyPackages = { unstable = pkgs-unstable; stable = pkgs-stable; }; packages = rec { authorizedKeys = pkgs-stable.writeText "authorizedKeys" ( lib.concatStringsSep "\n" ( lib.mapAttrsToList (k: v: "${v} ${k}") plain.config.vacu.ssh.authorizedKeys ) ); bandcamp-collection-downloader = pkgs-unstable.callPackage ./packages/bcd { }; bcd = bandcamp-collection-downloader; # dnix = inputs.determinate-nix.packages.${system}.nix; dns = import ./scripts/dns { inherit pkgs lib inputs; inherit (plain) config; }; generated = pkgs.linkFarm "generated" { nixpkgs = "${inputs.nixpkgs}"; "liam-test/hints.py" = pkgs.writeText "hints.py" ( import ./typesForTest.nix { name = "liam"; inherit (pkgs-stable) lib; inherit self; inherit (inputs) nixpkgs; } ); "dns/python-env" = builtins.dirOf (builtins.dirOf dns.interpreter); "mailtest/python-env" = builtins.dirOf ( builtins.dirOf self.checks.x86_64-linux.liam.nodes.checker.vacu.mailtest.smtp.interpreter ); }; haproxy-auth-request = pkgs.callPackage ./packages/haproxy-auth-request.nix { inherit haproxy-lua-http; }; haproxy-lua-http = pkgs.callPackage ./packages/haproxy-lua-http.nix { }; liam-sieve-script = self.nixosConfigurations.liam.config.vacu.liam-sieve-script; leanLatest = pkgs-unstable.callPackage ./packages/leanLatest.nix { }; nixvim = mkNixvim false; nixvim-unstable = mkNixvim true; nix-inspect = inputs.nix-inspect.packages.${system}.default; nix-search-cli = inputs.nix-search-cli.packages.${system}.default; openterface-qt = pkgs.callPackage ./packages/openterface-qt.nix { }; # rg-cubexx-v1-0-1 = pkgs.fetchurlWithWetransfer { # url = "https://we.tl/t-nwhCNkgXwG"; # name = "cxm_rgcubexx-v1-0-1-en32gb-2401018_2024-10-19_0631.zip"; # recursiveHash = true; # hash = "sha256-kQds0/BdlEA10LJozOvpQ65TemTx6CxjO8rANi4o5K0="; # }; sopsConfig = plain.config.vacu.sopsConfigFile; sourceTree = plain.config.vacu.sourceTree; transferwee = pkgs.callPackage ./packages/transferwee.nix { }; units = plain.config.vacu.units.finalPackage; update-git-keys = pkgs-stable.callPackage ./scripts/update-git-keys.nix { inherit (plain) config; }; vnopnCA = pkgs-stable.writeText "vnopnCA.cert" plain.config.vacu.vnopnCA; wrappedSops = plain.config.vacu.wrappedSops; z3 = pkgs-unstable.callPackage ./packages/z3 { }; # mycoopdx = pkgs-unstable.callPackage ./packages/sm64coopdx.nix { }; # zulip-server = pkgs.python312Packages.callPackage ./packages/zulip.nix { }; }; } )); }