flake.nix

{
  description = "Portable NixOS + Home Manager configuration with sops secrets and disko";

  inputs = {
    # Core
    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";

    # Flakes
    flake-utils.url = "github:numtide/flake-utils";

    # Home Manager
    home-manager = {
      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    # Secrets management
    sops-nix = {
      url = "github:mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    # Disk partitioning
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, home-manager, sops-nix, disko }:
    let
      mkPkgs = system: import nixpkgs {
        inherit system;
        config.allowUnfree = true;
      };

      mkPkgsUnstable = system: import nixpkgs-unstable {
        inherit system;
        config.allowUnfree = true;
      };

      mkOverlayUnstable = system:
        final: prev: { unstable = mkPkgsUnstable system; };

      # Set enableHomeManager = false for servers or minimal installs that
      # don't need user-level dotfile/package management.
      mkNixosSystem = { system, hostModule, enableHomeManager ? true }:
        let
          pkgs-unstable = mkPkgsUnstable system;
          hmModules = if enableHomeManager then [
            home-manager.nixosModules.home-manager
            {
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.extraSpecialArgs = {
                inherit sops-nix pkgs-unstable;
              };
              home-manager.users.youruser = import ./home/default.nix;
            }
          ] else [];
        in nixpkgs.lib.nixosSystem {
          inherit system;

          specialArgs = {
            inherit sops-nix disko pkgs-unstable;
          };

          modules = [
            (mkOverlayUnstable system)
            sops-nix.nixosModules.sops
            disko.nixosModules.disko

            hostModule
            ./nixos/default.nix
          ] ++ hmModules;
        };

      mkHomeConfig = system: home-manager.lib.homeManagerConfiguration {
        pkgs = import nixpkgs {
          inherit system;
          config.allowUnfree = true;
          overlays = [ (mkOverlayUnstable system) ];
        };
        extraSpecialArgs = {
          pkgs-unstable = mkPkgsUnstable system;
          inherit sops-nix;
        };
        modules = [
          ./home/default.nix
        ];
      };

      defaultSystem = "x86_64-linux";
      pkgs = mkPkgs defaultSystem;

      mkDevShell = pkgs: pkgs.mkShell {
        buildInputs = with pkgs; [
          nix
          nixpkgs-fmt
          sops
          age
          git
        ];

        shellHook = ''
          echo "NixOS Configuration Development Shell"
          echo "Available commands:"
          echo "  - nix flake check              # Check flake validity"
          echo "  - nix flake show               # Show all outputs"
          echo "  - sudo nixos-rebuild switch --flake .#hostname"
          echo "  - home-manager switch --flake .#youruser@linux"
          echo "  - sops secrets/secrets.yaml    # Edit encrypted secrets"
        '';
      };

    in {

      # ============================================
      # NixOS System Configurations
      # ============================================

      nixosConfigurations = {

        # x86_64 laptop (most common)
        laptop = mkNixosSystem {
          system = "x86_64-linux";
          hostModule = ./hosts/laptop/default.nix;
        };

        # x86_64 server (no home-manager — minimal system-only config)
        server = mkNixosSystem {
          system = "x86_64-linux";
          hostModule = ./hosts/server/default.nix;
          enableHomeManager = false;
        };

        # ARM64 UTM Virtual Machine (Apple Silicon)
        macvm-nix = mkNixosSystem {
          system = "aarch64-linux";
          hostModule = ./hosts/macvm-nix/default.nix;
        };
      };

      # ============================================
      # Home Manager Standalone (Non-NixOS systems)
      # ============================================

      homeConfigurations = {
        "eliaskohout@linux"     = mkHomeConfig "x86_64-linux";
        "eliaskohout@linux-arm" = mkHomeConfig "aarch64-linux";
      };

      # ============================================
      # Development Shell
      # ============================================

      devShells = {
        x86_64-linux.default = mkDevShell (mkPkgs "x86_64-linux");
        aarch64-linux.default = mkDevShell (mkPkgs "aarch64-linux");
      };

      # ============================================
      # Installer Script
      # ============================================

      apps.${defaultSystem}.installer = {
        type = "app";
        program = toString (pkgs.writeShellScript "installer" ''
          set -e

          if [ -z "$1" ]; then
            echo "Usage: nix run .#installer -- <hostname>"
            echo "Example: nix run .#installer -- laptop"
            exit 1
          fi

          HOSTNAME=$1

          echo "🚀 Bootstrapping NixOS: $HOSTNAME"

          # Check if on NixOS
          if [ -f /etc/os-release ]; then
            . /etc/os-release
            if [ "$ID" = "nixos" ]; then
              echo "✓ Running on NixOS"
              sudo nixos-rebuild switch --flake ".#$HOSTNAME"
              echo "✓ NixOS system configured"
            else
              echo "⚠ Not on NixOS - installing home-manager only"
              home-manager switch --flake ".#youruser@linux"
              echo "✓ Home manager configured"
            fi
          else
            echo "⚠ Cannot determine OS"
            exit 1
          fi
        '');
      };

    };
}
init by ai 2026-04-07 02:34:03 +02:00			`{`
			`description = "Portable NixOS + Home Manager configuration with sops secrets and disko";`

			`inputs = {`
			`# Core`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";`
init by ai 2026-04-07 02:34:03 +02:00			`nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";`

			`# Flakes`
			`flake-utils.url = "github:numtide/flake-utils";`

			`# Home Manager`
			`home-manager = {`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`url = "github:nix-community/home-manager/release-25.11";`
init by ai 2026-04-07 02:34:03 +02:00			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`

			`# Secrets management`
			`sops-nix = {`
			`url = "github:mic92/sops-nix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`

			`# Disk partitioning`
			`disko = {`
			`url = "github:nix-community/disko";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
			`};`

			`outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, home-manager, sops-nix, disko }:`
			`let`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`mkPkgs = system: import nixpkgs {`
init by ai 2026-04-07 02:34:03 +02:00			`inherit system;`
			`config.allowUnfree = true;`
			`};`

Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`mkPkgsUnstable = system: import nixpkgs-unstable {`
init by ai 2026-04-07 02:34:03 +02:00			`inherit system;`
			`config.allowUnfree = true;`
			`};`

Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`mkOverlayUnstable = system:`
			`final: prev: { unstable = mkPkgsUnstable system; };`

Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`# Set enableHomeManager = false for servers or minimal installs that`
			`# don't need user-level dotfile/package management.`
			`mkNixosSystem = { system, hostModule, enableHomeManager ? true }:`
			`let`
Deduplicate home config and optimize mkPkgsUnstable calls 2026-04-07 03:08:12 +02:00			`pkgs-unstable = mkPkgsUnstable system;`
Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`hmModules = if enableHomeManager then [`
			`home-manager.nixosModules.home-manager`
			`{`
			`home-manager.useGlobalPkgs = true;`
			`home-manager.useUserPackages = true;`
			`home-manager.extraSpecialArgs = {`
Deduplicate home config and optimize mkPkgsUnstable calls 2026-04-07 03:08:12 +02:00			`inherit sops-nix pkgs-unstable;`
Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`};`
			`home-manager.users.youruser = import ./home/default.nix;`
			`}`
			`] else [];`
			`in nixpkgs.lib.nixosSystem {`
			`inherit system;`

			`specialArgs = {`
Deduplicate home config and optimize mkPkgsUnstable calls 2026-04-07 03:08:12 +02:00			`inherit sops-nix disko pkgs-unstable;`
Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`};`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00
Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`modules = [`
			`(mkOverlayUnstable system)`
			`sops-nix.nixosModules.sops`
			`disko.nixosModules.disko`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00
Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`hostModule`
			`./nixos/default.nix`
			`] ++ hmModules;`
			`};`
init by ai 2026-04-07 02:34:03 +02:00
Deduplicate home config and optimize mkPkgsUnstable calls 2026-04-07 03:08:12 +02:00			`mkHomeConfig = system: home-manager.lib.homeManagerConfiguration {`
Fix home-manager overlay application in flake.nix 2026-04-07 05:22:11 +02:00			`pkgs = import nixpkgs {`
			`inherit system;`
			`config.allowUnfree = true;`
			`overlays = [ (mkOverlayUnstable system) ];`
			`};`
Deduplicate home config and optimize mkPkgsUnstable calls 2026-04-07 03:08:12 +02:00			`extraSpecialArgs = {`
			`pkgs-unstable = mkPkgsUnstable system;`
			`inherit sops-nix;`
			`};`
			`modules = [`
			`./home/default.nix`
			`];`
			`};`

Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`defaultSystem = "x86_64-linux";`
			`pkgs = mkPkgs defaultSystem;`

Add devShells for both x86_64-linux and aarch64-linux 2026-04-07 06:32:01 +02:00			`mkDevShell = pkgs: pkgs.mkShell {`
			`buildInputs = with pkgs; [`
			`nix`
			`nixpkgs-fmt`
			`sops`
			`age`
			`git`
			`];`

			`shellHook = ''`
			`echo "NixOS Configuration Development Shell"`
			`echo "Available commands:"`
			`echo " - nix flake check # Check flake validity"`
			`echo " - nix flake show # Show all outputs"`
			`echo " - sudo nixos-rebuild switch --flake .#hostname"`
			`echo " - home-manager switch --flake .#youruser@linux"`
			`echo " - sops secrets/secrets.yaml # Edit encrypted secrets"`
			`'';`
			`};`

init by ai 2026-04-07 02:34:03 +02:00			`in {`

			`# ============================================`
			`# NixOS System Configurations`
			`# ============================================`

			`nixosConfigurations = {`

Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`# x86_64 laptop (most common)`
			`laptop = mkNixosSystem {`
			`system = "x86_64-linux";`
			`hostModule = ./hosts/laptop/default.nix;`
init by ai 2026-04-07 02:34:03 +02:00			`};`

Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`# x86_64 server (no home-manager — minimal system-only config)`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`server = mkNixosSystem {`
			`system = "x86_64-linux";`
			`hostModule = ./hosts/server/default.nix;`
Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`enableHomeManager = false;`
init by ai 2026-04-07 02:34:03 +02:00			`};`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00
Add utm-aarch64 host configuration 2026-04-07 06:41:39 +02:00			`# ARM64 UTM Virtual Machine (Apple Silicon)`
			`macvm-nix = mkNixosSystem {`
			`system = "aarch64-linux";`
			`hostModule = ./hosts/macvm-nix/default.nix;`
			`};`
init by ai 2026-04-07 02:34:03 +02:00			`};`

			`# ============================================`
			`# Home Manager Standalone (Non-NixOS systems)`
			`# ============================================`

			`homeConfigurations = {`
Deduplicate home config and optimize mkPkgsUnstable calls 2026-04-07 03:08:12 +02:00			`"eliaskohout@linux" = mkHomeConfig "x86_64-linux";`
			`"eliaskohout@linux-arm" = mkHomeConfig "aarch64-linux";`
init by ai 2026-04-07 02:34:03 +02:00			`};`

			`# ============================================`
			`# Development Shell`
			`# ============================================`

Add devShells for both x86_64-linux and aarch64-linux 2026-04-07 06:32:01 +02:00			`devShells = {`
			`x86_64-linux.default = mkDevShell (mkPkgs "x86_64-linux");`
			`aarch64-linux.default = mkDevShell (mkPkgs "aarch64-linux");`
init by ai 2026-04-07 02:34:03 +02:00			`};`

			`# ============================================`
			`# Installer Script`
			`# ============================================`

Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`apps.${defaultSystem}.installer = {`
init by ai 2026-04-07 02:34:03 +02:00			`type = "app";`
			`program = toString (pkgs.writeShellScript "installer" ''`
			`set -e`

			`if [ -z "$1" ]; then`
			`echo "Usage: nix run .#installer -- <hostname>"`
			`echo "Example: nix run .#installer -- laptop"`
			`exit 1`
			`fi`

			`HOSTNAME=$1`

			`echo "🚀 Bootstrapping NixOS: $HOSTNAME"`

			`# Check if on NixOS`
			`if [ -f /etc/os-release ]; then`
			`. /etc/os-release`
			`if [ "$ID" = "nixos" ]; then`
			`echo "✓ Running on NixOS"`
			`sudo nixos-rebuild switch --flake ".#$HOSTNAME"`
			`echo "✓ NixOS system configured"`
			`else`
			`echo "⚠ Not on NixOS - installing home-manager only"`
			`home-manager switch --flake ".#youruser@linux"`
			`echo "✓ Home manager configured"`
			`fi`
			`else`
			`echo "⚠ Cannot determine OS"`
			`exit 1`
			`fi`
			`'');`
			`};`

			`};`
			`}`