204 lines
5.5 KiB
Nix
204 lines
5.5 KiB
Nix
|
{
|
||
|
|
description = "Portable NixOS + Home Manager configuration with sops secrets and disko";
|
||
|
|
|
||
|
|
inputs = {
|
||
|
|
# Core
|
||
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
|
||
|
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||
|
|
|
||
|
|
# Flakes
|
||
|
|
flake-utils.url = "github:numtide/flake-utils";
|
||
|
|
|
||
|
|
# Home Manager
|
||
|
|
home-manager = {
|
||
|
|
url = "github:nix-community/home-manager/release-24.11";
|
||
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
||
|
|
};
|
||
|
|
|
||
|
|
# Secrets management
|
||
|
|
sops-nix = {
|
||
|
|
url = "github:mic92/sops-nix";
|
||
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
||
|
|
};
|
||
|
|
|
||
|
|
# Disk partitioning
|
||
|
|
disko = {
|
||
|
|
url = "github:nix-community/disko";
|
||
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, home-manager, sops-nix, disko }:
|
||
|
|
let
|
||
|
|
system = "x86_64-linux";
|
||
|
|
|
||
|
|
pkgs = import nixpkgs {
|
||
|
|
inherit system;
|
||
|
|
config.allowUnfree = true;
|
||
|
|
};
|
||
|
|
|
||
|
|
pkgs-unstable = import nixpkgs-unstable {
|
||
|
|
inherit system;
|
||
|
|
config.allowUnfree = true;
|
||
|
|
};
|
||
|
|
|
||
|
|
# Utility to overlay unstable packages
|
||
|
|
overlayUnstable = final: prev: {
|
||
|
|
unstable = pkgs-unstable;
|
||
|
|
};
|
||
|
|
|
||
|
|
in {
|
||
|
|
|
||
|
|
# ============================================
|
||
|
|
# NixOS System Configurations
|
||
|
|
# ============================================
|
||
|
|
|
||
|
|
nixosConfigurations = {
|
||
|
|
|
||
|
|
# Example: Laptop configuration
|
||
|
|
laptop = nixpkgs.lib.nixosSystem {
|
||
|
|
inherit system;
|
||
|
|
|
||
|
|
specialArgs = {
|
||
|
|
inherit sops-nix disko;
|
||
|
|
pkgs-unstable = pkgs-unstable;
|
||
|
|
};
|
||
|
|
|
||
|
|
modules = [
|
||
|
|
overlayUnstable
|
||
|
|
sops-nix.nixosModules.sops
|
||
|
|
disko.nixosModules.disko
|
||
|
|
|
||
|
|
# Machine-specific config
|
||
|
|
./hosts/laptop/default.nix
|
||
|
|
|
||
|
|
# Shared system modules
|
||
|
|
./nixos/default.nix
|
||
|
|
|
||
|
|
# Home Manager integration
|
||
|
|
home-manager.nixosModules.home-manager
|
||
|
|
{
|
||
|
|
home-manager.useGlobalPkgs = true;
|
||
|
|
home-manager.useUserPackages = true;
|
||
|
|
home-manager.extraSpecialArgs = {
|
||
|
|
inherit sops-nix pkgs-unstable;
|
||
|
|
};
|
||
|
|
home-manager.users.youruser = import ./home/default.nix;
|
||
|
|
}
|
||
|
|
];
|
||
|
|
};
|
||
|
|
|
||
|
|
# Example: Server configuration
|
||
|
|
server = nixpkgs.lib.nixosSystem {
|
||
|
|
inherit system;
|
||
|
|
|
||
|
|
specialArgs = {
|
||
|
|
inherit sops-nix disko;
|
||
|
|
pkgs-unstable = pkgs-unstable;
|
||
|
|
};
|
||
|
|
|
||
|
|
modules = [
|
||
|
|
overlayUnstable
|
||
|
|
sops-nix.nixosModules.sops
|
||
|
|
disko.nixosModules.disko
|
||
|
|
|
||
|
|
./hosts/server/default.nix
|
||
|
|
./nixos/default.nix
|
||
|
|
|
||
|
|
home-manager.nixosModules.home-manager
|
||
|
|
{
|
||
|
|
home-manager.useGlobalPkgs = true;
|
||
|
|
home-manager.useUserPackages = true;
|
||
|
|
home-manager.extraSpecialArgs = {
|
||
|
|
inherit sops-nix pkgs-unstable;
|
||
|
|
};
|
||
|
|
home-manager.users.youruser = import ./home/default.nix;
|
||
|
|
}
|
||
|
|
];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
# ============================================
|
||
|
|
# Home Manager Standalone (Non-NixOS systems)
|
||
|
|
# ============================================
|
||
|
|
|
||
|
|
homeConfigurations = {
|
||
|
|
"youruser@linux" = home-manager.lib.homeManagerConfiguration {
|
||
|
|
inherit pkgs;
|
||
|
|
extraSpecialArgs = {
|
||
|
|
pkgs-unstable = pkgs-unstable;
|
||
|
|
sops-nix = sops-nix;
|
||
|
|
};
|
||
|
|
modules = [
|
||
|
|
overlayUnstable
|
||
|
|
./home/default.nix
|
||
|
|
];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
# ============================================
|
||
|
|
# Development Shell
|
||
|
|
# ============================================
|
||
|
|
|
||
|
|
devShells.${system}.default = pkgs.mkShell {
|
||
|
|
buildInputs = with pkgs; [
|
||
|
|
nix
|
||
|
|
nixpkgs-fmt
|
||
|
|
sops
|
||
|
|
age
|
||
|
|
disko
|
||
|
|
git
|
||
|
|
];
|
||
|
|
|
||
|
|
shellHook = ''
|
||
|
|
echo "🔧 NixOS Configuration Development Shell"
|
||
|
|
echo "Available commands:"
|
||
|
|
echo " - nix flake check # Check flake validity"
|
||
|
|
echo " - nix flake show # Show all outputs"
|
||
|
|
echo " - sudo nixos-rebuild switch --flake .#hostname"
|
||
|
|
echo " - home-manager switch --flake .#youruser@linux"
|
||
|
|
echo " - sops secrets/secrets.yaml # Edit encrypted secrets"
|
||
|
|
'';
|
||
|
|
};
|
||
|
|
|
||
|
|
# ============================================
|
||
|
|
# Installer Script
|
||
|
|
# ============================================
|
||
|
|
|
||
|
|
apps.${system}.installer = {
|
||
|
|
type = "app";
|
||
|
|
program = toString (pkgs.writeShellScript "installer" ''
|
||
|
|
set -e
|
||
|
|
|
||
|
|
if [ -z "$1" ]; then
|
||
|
|
echo "Usage: nix run .#installer -- <hostname>"
|
||
|
|
echo "Example: nix run .#installer -- laptop"
|
||
|
|
exit 1
|
||
|
|
fi
|
||
|
|
|
||
|
|
HOSTNAME=$1
|
||
|
|
|
||
|
|
echo "🚀 Bootstrapping NixOS: $HOSTNAME"
|
||
|
|
|
||
|
|
# Check if on NixOS
|
||
|
|
if [ -f /etc/os-release ]; then
|
||
|
|
. /etc/os-release
|
||
|
|
if [ "$ID" = "nixos" ]; then
|
||
|
|
echo "✓ Running on NixOS"
|
||
|
|
sudo nixos-rebuild switch --flake ".#$HOSTNAME"
|
||
|
|
echo "✓ NixOS system configured"
|
||
|
|
else
|
||
|
|
echo "⚠ Not on NixOS - installing home-manager only"
|
||
|
|
home-manager switch --flake ".#youruser@linux"
|
||
|
|
echo "✓ Home manager configured"
|
||
|
|
fi
|
||
|
|
else
|
||
|
|
echo "⚠ Cannot determine OS"
|
||
|
|
exit 1
|
||
|
|
fi
|
||
|
|
'');
|
||
|
|
};
|
||
|
|
|
||
|
|
};
|
||
|
|
}
|