2026-04-07 02:34:03 +02:00
|
|
|
{
|
|
|
|
|
description = "Portable NixOS + Home Manager configuration with sops secrets and disko";
|
|
|
|
|
|
|
|
|
|
inputs = {
|
|
|
|
|
# Core
|
2026-04-07 02:49:12 +02:00
|
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
|
2026-04-07 02:34:03 +02:00
|
|
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
|
|
|
|
|
|
|
|
|
# Flakes
|
|
|
|
|
flake-utils.url = "github:numtide/flake-utils";
|
|
|
|
|
|
|
|
|
|
# Home Manager
|
|
|
|
|
home-manager = {
|
2026-04-07 02:49:12 +02:00
|
|
|
url = "github:nix-community/home-manager/release-25.11";
|
2026-04-07 02:34:03 +02:00
|
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Secrets management
|
|
|
|
|
sops-nix = {
|
|
|
|
|
url = "github:mic92/sops-nix";
|
|
|
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Disk partitioning
|
|
|
|
|
disko = {
|
|
|
|
|
url = "github:nix-community/disko";
|
|
|
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, home-manager, sops-nix, disko }:
|
|
|
|
|
let
|
2026-04-07 02:49:12 +02:00
|
|
|
# Helper to build per-host pkgs for a given system string
|
|
|
|
|
mkPkgs = system: import nixpkgs {
|
2026-04-07 02:34:03 +02:00
|
|
|
inherit system;
|
|
|
|
|
config.allowUnfree = true;
|
|
|
|
|
};
|
|
|
|
|
|
2026-04-07 02:49:12 +02:00
|
|
|
mkPkgsUnstable = system: import nixpkgs-unstable {
|
2026-04-07 02:34:03 +02:00
|
|
|
inherit system;
|
|
|
|
|
config.allowUnfree = true;
|
|
|
|
|
};
|
|
|
|
|
|
2026-04-07 02:49:12 +02:00
|
|
|
# Utility to overlay unstable packages (takes system as arg)
|
|
|
|
|
mkOverlayUnstable = system:
|
|
|
|
|
final: prev: { unstable = mkPkgsUnstable system; };
|
|
|
|
|
|
2026-04-07 03:05:24 +02:00
|
|
|
# Helper that builds a full NixOS configuration for a given host + arch.
|
|
|
|
|
# Set enableHomeManager = false for servers or minimal installs that
|
|
|
|
|
# don't need user-level dotfile/package management.
|
|
|
|
|
mkNixosSystem = { system, hostModule, enableHomeManager ? true }:
|
|
|
|
|
let
|
|
|
|
|
hmModules = if enableHomeManager then [
|
|
|
|
|
home-manager.nixosModules.home-manager
|
|
|
|
|
{
|
|
|
|
|
home-manager.useGlobalPkgs = true;
|
|
|
|
|
home-manager.useUserPackages = true;
|
|
|
|
|
home-manager.extraSpecialArgs = {
|
|
|
|
|
inherit sops-nix;
|
|
|
|
|
pkgs-unstable = mkPkgsUnstable system;
|
|
|
|
|
};
|
|
|
|
|
home-manager.users.youruser = import ./home/default.nix;
|
|
|
|
|
}
|
|
|
|
|
] else [];
|
|
|
|
|
in nixpkgs.lib.nixosSystem {
|
|
|
|
|
inherit system;
|
|
|
|
|
|
|
|
|
|
specialArgs = {
|
|
|
|
|
inherit sops-nix disko;
|
|
|
|
|
pkgs-unstable = mkPkgsUnstable system;
|
|
|
|
|
};
|
2026-04-07 02:49:12 +02:00
|
|
|
|
2026-04-07 03:05:24 +02:00
|
|
|
modules = [
|
|
|
|
|
(mkOverlayUnstable system)
|
|
|
|
|
sops-nix.nixosModules.sops
|
|
|
|
|
disko.nixosModules.disko
|
2026-04-07 02:49:12 +02:00
|
|
|
|
2026-04-07 03:05:24 +02:00
|
|
|
hostModule
|
|
|
|
|
./nixos/default.nix
|
|
|
|
|
] ++ hmModules;
|
|
|
|
|
};
|
2026-04-07 02:34:03 +02:00
|
|
|
|
2026-04-07 02:49:12 +02:00
|
|
|
# Default system for devShell and standalone home-manager
|
|
|
|
|
defaultSystem = "x86_64-linux";
|
|
|
|
|
pkgs = mkPkgs defaultSystem;
|
|
|
|
|
|
2026-04-07 02:34:03 +02:00
|
|
|
in {
|
|
|
|
|
|
|
|
|
|
# ============================================
|
|
|
|
|
# NixOS System Configurations
|
|
|
|
|
# ============================================
|
|
|
|
|
|
|
|
|
|
nixosConfigurations = {
|
|
|
|
|
|
2026-04-07 02:49:12 +02:00
|
|
|
# x86_64 laptop (most common)
|
|
|
|
|
laptop = mkNixosSystem {
|
|
|
|
|
system = "x86_64-linux";
|
|
|
|
|
hostModule = ./hosts/laptop/default.nix;
|
2026-04-07 02:34:03 +02:00
|
|
|
};
|
|
|
|
|
|
2026-04-07 03:05:24 +02:00
|
|
|
# x86_64 server (no home-manager — minimal system-only config)
|
2026-04-07 02:49:12 +02:00
|
|
|
server = mkNixosSystem {
|
|
|
|
|
system = "x86_64-linux";
|
|
|
|
|
hostModule = ./hosts/server/default.nix;
|
2026-04-07 03:05:24 +02:00
|
|
|
enableHomeManager = false;
|
2026-04-07 02:34:03 +02:00
|
|
|
};
|
2026-04-07 02:49:12 +02:00
|
|
|
|
|
|
|
|
# Example: ARM64 host (e.g. Raspberry Pi 4, Apple Silicon VM)
|
|
|
|
|
# laptop-arm = mkNixosSystem {
|
|
|
|
|
# system = "aarch64-linux";
|
|
|
|
|
# hostModule = ./hosts/laptop/default.nix;
|
|
|
|
|
# };
|
2026-04-07 02:34:03 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# ============================================
|
|
|
|
|
# Home Manager Standalone (Non-NixOS systems)
|
|
|
|
|
# ============================================
|
|
|
|
|
|
|
|
|
|
homeConfigurations = {
|
2026-04-07 02:49:12 +02:00
|
|
|
# x86_64 Linux
|
2026-04-07 03:05:24 +02:00
|
|
|
"eliaskohout@linux" = home-manager.lib.homeManagerConfiguration {
|
2026-04-07 02:49:12 +02:00
|
|
|
pkgs = mkPkgs "x86_64-linux";
|
2026-04-07 02:34:03 +02:00
|
|
|
extraSpecialArgs = {
|
2026-04-07 02:49:12 +02:00
|
|
|
pkgs-unstable = mkPkgsUnstable "x86_64-linux";
|
2026-04-07 02:34:03 +02:00
|
|
|
sops-nix = sops-nix;
|
|
|
|
|
};
|
|
|
|
|
modules = [
|
2026-04-07 02:49:12 +02:00
|
|
|
(mkOverlayUnstable "x86_64-linux")
|
2026-04-07 02:34:03 +02:00
|
|
|
./home/default.nix
|
|
|
|
|
];
|
|
|
|
|
};
|
2026-04-07 02:49:12 +02:00
|
|
|
|
2026-04-07 03:05:24 +02:00
|
|
|
# aarch64 Linux
|
|
|
|
|
"eliaskohout@linux-arm" = home-manager.lib.homeManagerConfiguration {
|
|
|
|
|
pkgs = mkPkgs "aarch64-linux";
|
|
|
|
|
extraSpecialArgs = {
|
|
|
|
|
pkgs-unstable = mkPkgsUnstable "aarch64-linux";
|
|
|
|
|
sops-nix = sops-nix;
|
|
|
|
|
};
|
|
|
|
|
modules = [
|
|
|
|
|
(mkOverlayUnstable "aarch64-linux")
|
|
|
|
|
./home/default.nix
|
|
|
|
|
];
|
|
|
|
|
};
|
2026-04-07 02:34:03 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# ============================================
|
|
|
|
|
# Development Shell
|
|
|
|
|
# ============================================
|
|
|
|
|
|
2026-04-07 02:49:12 +02:00
|
|
|
devShells.${defaultSystem}.default = pkgs.mkShell {
|
2026-04-07 02:34:03 +02:00
|
|
|
buildInputs = with pkgs; [
|
|
|
|
|
nix
|
|
|
|
|
nixpkgs-fmt
|
|
|
|
|
sops
|
|
|
|
|
age
|
|
|
|
|
disko
|
|
|
|
|
git
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
shellHook = ''
|
2026-04-07 02:49:12 +02:00
|
|
|
echo "NixOS Configuration Development Shell"
|
2026-04-07 02:34:03 +02:00
|
|
|
echo "Available commands:"
|
|
|
|
|
echo " - nix flake check # Check flake validity"
|
|
|
|
|
echo " - nix flake show # Show all outputs"
|
|
|
|
|
echo " - sudo nixos-rebuild switch --flake .#hostname"
|
|
|
|
|
echo " - home-manager switch --flake .#youruser@linux"
|
|
|
|
|
echo " - sops secrets/secrets.yaml # Edit encrypted secrets"
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# ============================================
|
|
|
|
|
# Installer Script
|
|
|
|
|
# ============================================
|
|
|
|
|
|
2026-04-07 02:49:12 +02:00
|
|
|
apps.${defaultSystem}.installer = {
|
2026-04-07 02:34:03 +02:00
|
|
|
type = "app";
|
|
|
|
|
program = toString (pkgs.writeShellScript "installer" ''
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
if [ -z "$1" ]; then
|
|
|
|
|
echo "Usage: nix run .#installer -- <hostname>"
|
|
|
|
|
echo "Example: nix run .#installer -- laptop"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
HOSTNAME=$1
|
|
|
|
|
|
|
|
|
|
echo "🚀 Bootstrapping NixOS: $HOSTNAME"
|
|
|
|
|
|
|
|
|
|
# Check if on NixOS
|
|
|
|
|
if [ -f /etc/os-release ]; then
|
|
|
|
|
. /etc/os-release
|
|
|
|
|
if [ "$ID" = "nixos" ]; then
|
|
|
|
|
echo "✓ Running on NixOS"
|
|
|
|
|
sudo nixos-rebuild switch --flake ".#$HOSTNAME"
|
|
|
|
|
echo "✓ NixOS system configured"
|
|
|
|
|
else
|
|
|
|
|
echo "⚠ Not on NixOS - installing home-manager only"
|
|
|
|
|
home-manager switch --flake ".#youruser@linux"
|
|
|
|
|
echo "✓ Home manager configured"
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
echo "⚠ Cannot determine OS"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
'');
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
}
|
