shelvacu/nix-stuff
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
506ccbe35d401fd6a1d4ea6a564ce1d7a3bb5705
nix-stuff/flake.nix
Shelvacu 506ccbe35d stuff
2025-08-12 18:26:23 -07:00

523 lines
17 KiB
Nix
Raw Blame History

{
description = "Configs for shelvacu's nix things";
inputs = {
nixpkgs.url = "nixpkgs/nixos-25.05-small";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable-small";
disko = {
url = "git+https://git.uninsane.org/shelvacu/disko.git";
inputs.nixpkgs.follows = "nixpkgs";
};
disko-unstable = {
url = "git+https://git.uninsane.org/shelvacu/disko.git";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
dns = {
url = "github:nix-community/dns.nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
flake-compat.url = "github:edolstra/flake-compat";
flake-utils.url = "github:numtide/flake-utils";
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager-unstable = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
impermanence.url = "github:nix-community/impermanence";
jovian-unstable = {
# there is no stable jovian :cry:
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
most-winningest = {
url = "github:captain-jean-luc/most-winningest";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-apple-silicon-unstable = {
url = "github:tpwrules/nixos-apple-silicon";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nixvim = {
url = "github:nix-community/nixvim/nixos-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nixvim-unstable = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nix-on-droid = {
url = "github:nix-community/nix-on-droid";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
padtype-unstable = {
url = "git+https://git.uninsane.org/shelvacu/padtype.git";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
sm64baserom.url = "git+https://git.uninsane.org/shelvacu/sm64baserom.git";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
tf2-nix = {
url = "gitlab:shelvacu-forks/tf2-nix/with-my-patches";
inputs.nixpkgs.follows = "nixpkgs";
};
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
vacu-keys = {
url = "git+https://git.uninsane.org/shelvacu/keys.nix.git";
flake = false;
};
};
outputs =
{
self,
nixpkgs,
nix-on-droid,
...
}@allInputs:
let
x86 = "x86_64-linux";
arm = "aarch64-linux";
lib = import "${nixpkgs}/lib";
overlays = import ./overlays;
vacuModules = import ./modules;
vaculib = import ./vaculib { inherit lib; };
defaultSuffixedInputNames = [
"nixvim"
"nixpkgs"
];
defaultInputs = { inherit (allInputs) self vacu-keys; };
mkInputs =
{
unstable ? false,
inp ? [ ],
}:
let
suffix = if unstable then "-unstable" else "";
inputNames = inp ++ defaultSuffixedInputNames;
thisInputsA = vaculib.mapNamesToAttrs (name: allInputs.${name + suffix}) inputNames;
in
if inp == "all" then allInputs else thisInputsA // defaultInputs;
mkPkgs =
arg:
let
argAttrAll = if builtins.isString arg then { system = arg; } else arg;
unstable = argAttrAll.unstable or false;
whichpkgs = if unstable then allInputs.nixpkgs-unstable else allInputs.nixpkgs;
argAttr = lib.removeAttrs argAttrAll [ "unstable" ];
config = {
allowUnfree = true;
# the security warning might as well have said "its insecure maybe but there's nothing you can do about it"
# presumably needed by nheko
permittedInsecurePackages = [
"olm-3.2.16"
"fluffychat-linux-1.27.0"
];
} // (argAttr.config or { });
in
import whichpkgs (
argAttr // { inherit config; } // { overlays = (argAttr.overlays or [ ]) ++ overlays; }
);
mkCommon =
{
unstable ? false,
inp ? [ ],
system ? x86,
vacuModuleType,
}:
let
pkgsStable = mkPkgs { unstable = false; inherit system; };
pkgsUnstable = mkPkgs { unstable = true; inherit system; };
pkgs = if unstable then pkgsUnstable else pkgsStable;
inputs = mkInputs { inherit unstable inp; };
vaculib = import ./vaculib { inherit pkgs; };
in
{
inherit pkgs pkgsStable pkgsUnstable inputs vaculib;
specialArgs = {
inherit inputs vacuModules vacuModuleType vaculib pkgsStable pkgsUnstable;
inherit (allInputs) dns;
};
};
# mkPlainInner =
# args:
# lib.evalModules {
# modules = [
# ./common
# { vacu.systemKind = "server"; }
# ];
# specialArgs = {
# inherit pkgs;
# inherit lib;
# inherit inputs;
# inherit (inputs) dns;
# inherit vacuModules;
# vaculib = import ./vaculib { inherit pkgs; };
# vacuModuleType = "plain";
# };
# };
mkPlain =
{
unstable ? false,
system ? x86,
}@args:
let
common = mkCommon (args // {
vacuModuleType = "plain";
inp = "all";
});
inner = lib.evalModules {
modules = [
./common
{ vacu.systemKind = "server"; }
];
specialArgs = common.specialArgs // {
inherit (common) pkgs;
inherit (common.pkgs) lib;
};
};
in
inner.config.vacu.withAsserts inner;
pkgs = mkPkgs x86;
mkNixosConfig =
{
unstable ? false,
module,
system ? "x86_64-linux",
inp ? [ ],
}:
let
common = mkCommon { inherit unstable inp system; vacuModuleType = "nixos"; };
in
allInputs.nixpkgs.lib.nixosSystem {
inherit (common) specialArgs;
inherit system;
modules = [
{ nixpkgs.pkgs = common.pkgs; }
./common
module
];
};
in
{
debug.isoDeriv = (
import "${allInputs.nixpkgs}/nixos/release-small.nix" {
nixpkgs = ({ revCount = 0; } // allInputs.nixpkgs);
}
);
lib = {
inherit
mkPlain
mkPkgs
mkInputs
mkNixosConfig
;
};
nixosConfigurations = {
triple-dezert = mkNixosConfig {
module = ./triple-dezert;
inp = [
"most-winningest"
"sops-nix"
];
};
compute-deck = mkNixosConfig {
module = ./compute-deck;
inp = [
"jovian"
"home-manager"
"disko"
"padtype"
];
unstable = true;
};
liam = mkNixosConfig {
module = ./liam;
inp = [ "sops-nix" ];
};
lp0 = mkNixosConfig { module = ./lp0; };
shel-installer-iso = mkNixosConfig { module = ./installer/iso.nix; };
shel-installer-pxe = mkNixosConfig { module = ./installer/pxe.nix; };
fw = mkNixosConfig {
module = ./fw;
inp = [
"nixos-hardware"
"sops-nix"
"tf2-nix"
];
};
legtop = mkNixosConfig {
module = ./legtop;
inp = [ "nixos-hardware" ];
};
mmm = mkNixosConfig {
module = ./mmm;
inp = [ "nixos-apple-silicon" ];
system = "aarch64-linux";
unstable = true;
};
prophecy = mkNixosConfig {
module = ./prophecy;
system = "x86_64-linux";
inp = [
"impermanence"
"sops-nix"
"disko"
];
};
solis = mkNixosConfig {
module = ./solis;
system = "x86_64-linux";
inp = [
"disko"
"impermanence"
"sops-nix"
];
};
};
nixOnDroidConfigurations.default =
let
common = mkCommon { system = arm; vacuModuleType = "nix-on-droid"; };
in
nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
./common
./nix-on-droid
];
extraSpecialArgs = common.specialArgs;
inherit (common) pkgs;
};
checks = nixpkgs.lib.genAttrs [ x86 ] (
system:
let
common = mkCommon { inherit system; vacuModuleType = "nixos"; };
inherit (common) pkgs;
plain = mkPlain { inherit system; };
commonTestModule = {
hostPkgs = pkgs;
_module.args.inputs = { inherit (allInputs) self; };
node.pkgs = pkgs;
node.pkgsReadOnly = true;
node.specialArgs = (lib.removeAttrs common.specialArgs [ "inputs" ]) // { selfPackages = self.packages.${system}; };
# node.specialArgs = {
# inherit vacuModules;
# selfPackages = self.packages.${system};
# vaculib = import ./vaculib { inherit pkgs; };
# vacuModuleType = "nixos";
# };
};
mkTest =
name:
nixpkgs.lib.nixos.runTest {
imports = [
commonTestModule
./tests/${name}
{ node.specialArgs.inputs = self.nixosConfigurations.${name}._module.specialArgs.inputs; }
];
};
checksFromConfig = plain.config.vacu.checks;
in
assert !(checksFromConfig ? liam) && !(checksFromConfig ? trip);
checksFromConfig
// {
liam = mkTest "liam";
triple-dezert = mkTest "triple-dezert";
}
);
buildList =
let
toplevelOf = name: self.nixosConfigurations.${name}.config.system.build.toplevel;
deterministicCerts = import ./deterministic-certs.nix { nixpkgs = mkPkgs x86; };
renamedAarchPackages = lib.mapAttrs' (
name: value: lib.nameValuePair (name + "-aarch64") value
) self.packages.aarch64-linux;
packages = self.packages.x86_64-linux // renamedAarchPackages;
pxe-build = self.nixosConfigurations.shel-installer-pxe.config.system.build;
in
{
fw = toplevelOf "fw";
triple-dezert = toplevelOf "triple-dezert";
compute-deck = toplevelOf "compute-deck";
liam = toplevelOf "liam";
lp0 = toplevelOf "lp0";
legtop = toplevelOf "legtop";
mmm = toplevelOf "mmm";
shel-installer-iso = toplevelOf "shel-installer-iso";
shel-installer-pxe = toplevelOf "shel-installer-pxe";
prophecy = toplevelOf "prophecy";
iso = self.nixosConfigurations.shel-installer-iso.config.system.build.isoImage;
pxe-toplevel = toplevelOf "shel-installer-pxe";
pxe-kernel = pxe-build.kernel;
pxe-initrd = pxe-build.netbootRamdisk;
check-triple-dezert = self.checks.x86_64-linux.triple-dezert.driver;
check-liam = self.checks.x86_64-linux.liam.driver;
liam-sieve = self.nixosConfigurations.liam.config.vacu.liam-sieve-script;
nix-on-droid = self.nixOnDroidConfigurations.default.activationPackage;
nod-bootstrap-x86_64 = allInputs.nix-on-droid.packages.x86_64-linux.bootstrapZip-x86_64;
nod-bootstrap-aarch64 = allInputs.nix-on-droid.packages.x86_64-linux.bootstrapZip-aarch64;
dc-priv = deterministicCerts.privKeyFile "test";
dc-cert = deterministicCerts.selfSigned "test" { };
inherit (allInputs.nixos-apple-silicon-unstable.packages.aarch64-linux)
m1n1
uboot-asahi
installer-bootstrap
;
installer-bootstrap-cross =
allInputs.nixos-apple-silicon-unstable.packages.x86_64-linux.installer-bootstrap;
}
// packages;
qb = self.buildList // {
trip = self.buildList.triple-dezert;
cd = self.buildList.compute-deck;
lt = self.buildList.legtop;
prop = self.buildList.prophecy;
check-trip = self.buildList.check-triple-dezert;
nod = self.buildList.nix-on-droid;
ak = self.buildList.authorizedKeys;
my-sops = self.buildList.wrappedSops;
};
brokenBuilds = [
"sm64coopdx-aarch64"
"installer-bootstrap"
];
impureBuilds = [
"nix-on-droid"
"nod"
"nod-bootstrap-x86_64"
"nod-bootstrap-aarch64"
];
archival = import ./archive.nix { inherit self pkgs lib; };
}
// (allInputs.flake-utils.lib.eachDefaultSystem (
system:
let
# nixpkgs-args = {
# inherit system;
# config.allowUnfree = true;
# overlays = [ inputs.sm64baserom.overlays.default ];
# };
# pkgs-unstable = mkPkgs (nixpkgs-args // { useUnstable = true; });
# pkgs-stable = mkPkgs (nixpkgs-args // { useUnstable = false; });
# vaculib = import ./vaculib { pkgs = pkgs-stable; };
mkNixvim =
{ unstable, minimal }:
let
common = mkCommon { inherit unstable; vacuModuleType = "nixvim"; };
nixvim-input = if unstable then allInputs.nixvim-unstable else allInputs.nixvim;
in
nixvim-input.legacyPackages.${system}.makeNixvimWithModule {
module = {
imports = [ ./nixvim ];
};
extraSpecialArgs = common.specialArgs // { inherit minimal; };
};
common = mkCommon { unstable = true; vacuModuleType = "plain"; };
inherit (common) pkgs pkgsStable pkgsUnstable;
plain = mkPlain { unstable = true; };
treefmtEval = allInputs.treefmt-nix.lib.evalModule pkgsUnstable ./treefmt.nix;
formatter = treefmtEval.config.build.wrapper;
vacuPackagePaths = import ./packages;
vacuPackages = builtins.intersectAttrs vacuPackagePaths pkgsStable;
in
{
inherit formatter;
inherit (common) vaculib;
apps.sops = {
type = "app";
program = lib.getExe self.packages.${system}.wrappedSops;
};
vacuConfig = plain.config;
inherit vacuPackages;
legacyPackages = {
unstable = pkgsUnstable;
stable = pkgsStable;
nixpkgs-update = { ... }@args: import "${allInputs.nixpkgs}/maintainers/scripts/update.nix" ({ include-overlays = [ (import ./overlays/newPackages.nix) ]; } // args);
};
packages = rec {
archive = pkgsStable.callPackage ./scripts/archive { };
authorizedKeys = pkgsStable.writeText "authorizedKeys" (
lib.concatStringsSep "\n" (
lib.mapAttrsToList (k: v: "${v} ${k}") plain.config.vacu.ssh.authorizedKeys
)
);
dns = import ./scripts/dns {
inherit pkgs lib;
inputs = allInputs;
inherit (plain) config;
};
inherit formatter;
generated = pkgsStable.linkFarm "generated" {
nixpkgs = "${allInputs.nixpkgs}";
"liam-test/hints.py" = pkgs.writeText "hints.py" (
import ./typesForTest.nix {
name = "liam";
inherit (pkgsStable) lib;
inherit self;
inherit (allInputs) nixpkgs;
}
);
"dns/python-env" = builtins.dirOf (builtins.dirOf dns.interpreter);
"mailtest/python-env" = builtins.dirOf (
builtins.dirOf self.checks.x86_64-linux.liam.nodes.checker.vacu.mailtest.smtp.interpreter
);
};
host-pxe-installer = pkgs.callPackage ./host-pxe-installer.nix {
nixosInstaller = self.nixosConfigurations.shel-installer-pxe;
};
liam-sieve-script = self.nixosConfigurations.liam.config.vacu.liam-sieve-script;
nixvim = mkNixvim {
unstable = false;
minimal = false;
};
nixvim-unstable = mkNixvim {
unstable = true;
minimal = false;
};
nixvim-minimal = mkNixvim {
unstable = false;
minimal = true;
};
nixvim-unstable-minimal = mkNixvim {
unstable = true;
minimal = true;
};
# optionsDocNixOnDroid = (pkgs.nixosOptionsDoc {
# inherit (self.nixOnDroidConfigurations.default) options;
# }).optionsCommonMark;
openterface-qt-eudev = vacuPackages.openterface-qt.override { useSystemd = false; };
openterface-qt-systemd = vacuPackages.openterface-qt.override { useSystemd = true; };
sopsConfig = plain.config.vacu.sopsConfigFile;
sourceTree = plain.config.vacu.sourceTree;
units = plain.config.vacu.units.finalPackage;
vnopnCA = pkgsStable.writeText "vnopnCA.cert" plain.config.vacu.vnopnCA;
wrappedSops = plain.config.vacu.wrappedSops;
} // vacuPackages;
}
));
}
Reference in New Issue View Git Blame Copy Permalink