flake.nix

{
  description = "Portable NixOS + Home Manager configuration with sops secrets and disko";

  inputs = {
    # Core
    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";

    # Flakes
    flake-utils.url = "github:numtide/flake-utils";

    # Home Manager
    home-manager = {
      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    # Secrets management
    sops-nix = {
      url = "github:mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    # Disk partitioning
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, home-manager, sops-nix, disko }:
    let
      mkPkgs = system: import nixpkgs {
        inherit system;
        config.allowUnfree = true;
      };

      mkPkgsUnstable = system: import nixpkgs-unstable {
        inherit system;
        config.allowUnfree = true;
      };

      mkOverlayUnstable = system:
        final: prev: { unstable = mkPkgsUnstable system; };

      # Set enableHomeManager = false for servers or minimal installs that
      # don't need user-level dotfile/package management.
      mkNixosSystem = { system, hostModule, enableHomeManager ? true }:
        let
          pkgs-unstable = mkPkgsUnstable system;
        in nixpkgs.lib.nixosSystem {
          inherit system;

          specialArgs = {
            inherit sops-nix disko pkgs-unstable;
          };

          modules = [
            {
              nixpkgs.overlays = [ (mkOverlayUnstable system) ];
            }
            sops-nix.nixosModules.sops
            disko.nixosModules.disko

            hostModule
            ./nixos/default.nix
          ] ++ nixpkgs.lib.optionals enableHomeManager [
            home-manager.nixosModules.home-manager
            {
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
              home-manager.extraSpecialArgs = {
                inherit pkgs-unstable sops-nix;
              };
              home-manager.users.eliaskohout = import ./home/default.nix;
            }
          ];
        };

      mkHomeConfig = system: home-manager.lib.homeManagerConfiguration {
        pkgs = import nixpkgs {
          inherit system;
          config.allowUnfree = true;
          overlays = [ (mkOverlayUnstable system) ];
        };
        extraSpecialArgs = {
          pkgs-unstable = mkPkgsUnstable system;
          inherit sops-nix;
        };
        modules = [
          ./home/default.nix
        ];
      };

      defaultSystem = "x86_64-linux";
      pkgs = mkPkgs defaultSystem;

      mkDevShell = pkgs: pkgs.mkShell {
        buildInputs = with pkgs; [
          nix
          nixpkgs-fmt
          sops
          age
          git
        ];

        shellHook = ''
          echo "NixOS Configuration Development Shell"
          echo "Available commands:"
          echo "  - nix flake check              # Check flake validity"
          echo "  - nix flake show               # Show all outputs"
          echo "  - sudo nixos-rebuild switch --flake .#hostname"
          echo "  - home-manager switch --flake .#youruser@linux"
          echo "  - sops secrets/secrets.yaml    # Edit encrypted secrets"
        '';
      };

    in {

      # ============================================
      # NixOS System Configurations
      # ============================================

      nixosConfigurations = {

        # x86_64 laptop (most common)
        laptop = mkNixosSystem {
          system = "x86_64-linux";
          hostModule = ./hosts/laptop/default.nix;
        };

        # x86_64 server (no home-manager — minimal system-only config)
        server = mkNixosSystem {
          system = "x86_64-linux";
          hostModule = ./hosts/server/default.nix;
          enableHomeManager = false;
        };

        # ARM64 UTM Virtual Machine (Apple Silicon)
        macvm-nix = mkNixosSystem {
          system = "aarch64-linux";
          hostModule = ./hosts/macvm-nix/default.nix;
        };
      };

      # ============================================
      # Home Manager Standalone (Non-NixOS systems)
      # ============================================

      homeConfigurations = {
        "eliaskohout@linux"     = mkHomeConfig "x86_64-linux";
        "eliaskohout@linux-arm" = mkHomeConfig "aarch64-linux";
      };

      # ============================================
      # Development Shell
      # ============================================

      devShells = {
        x86_64-linux.default = mkDevShell (mkPkgs "x86_64-linux");
        aarch64-linux.default = mkDevShell (mkPkgs "aarch64-linux");
      };

      # ============================================
      # Installer Script
      # ============================================

      apps = let
        mkInstaller = system: {
          type = "app";
          program = toString ((mkPkgs system).writeShellScript "installer" ''
          set -e

          if [ -z "$1" ]; then
            echo "Usage: nix run .#installer -- <hostname>"
            echo "Example: nix run .#installer -- laptop"
            exit 1
          fi

          HOSTNAME=$1
          FLAKE_DIR=$(pwd)

          if [ ! -f /etc/os-release ]; then
            echo "Cannot determine OS"
            exit 1
          fi

          . /etc/os-release

          if [ "$ID" != "nixos" ]; then
            echo "Not on NixOS - installing home-manager only"
            ARCH=$(uname -m)
            case "$ARCH" in
              x86_64)  HM_TARGET="eliaskohout@linux" ;;
              aarch64) HM_TARGET="eliaskohout@linux-arm" ;;
              *)
                echo "Unsupported architecture: $ARCH"
                exit 1
                ;;
            esac
            echo "Detected architecture: $ARCH -> using config: $HM_TARGET"
            home-manager switch --flake "$FLAKE_DIR#$HM_TARGET"
            echo "Home manager configured"
            exit 0
          fi

          # Detect ISO/live environment: /nix/.rw-store is a tmpfs overlay
          if grep -q "tmpfs /nix/.rw-store" /proc/mounts 2>/dev/null; then
            echo "ISO environment detected - running full install for: $HOSTNAME"

            # Step 1: Expand tmpfs and set up zram swap BEFORE downloading anything
            echo "--- Step 1/4: Expanding tmpfs and enabling zram swap ---"
            sudo mount -o remount,size=4G /nix/.rw-store
            if sudo modprobe zram 2>/dev/null; then
              echo 2G | sudo tee /sys/block/zram0/disksize > /dev/null
              sudo mkswap /dev/zram0
              sudo swapon /dev/zram0
              echo "zram swap enabled"
            else
              echo "zram not available, continuing without it"
            fi

            # Step 2: Partition and format disk
            echo "--- Step 2/4: Running disko ---"
            sudo nix --extra-experimental-features "nix-command flakes" run \
              github:nix-community/disko/latest -- \
              --mode destroy,format,mount \
              --flake "$FLAKE_DIR#$HOSTNAME"

            # Step 3: Create swap file on installed root for nixos-install
            echo "--- Step 3/4: Creating 2GB swap file on target disk ---"
            sudo dd if=/dev/zero of=/mnt/swapfile bs=1M count=2048 status=progress
            sudo chmod 600 /mnt/swapfile
            sudo mkswap /mnt/swapfile
            sudo swapon /mnt/swapfile

            # Step 4: Install NixOS
            echo "--- Step 4/4: Running nixos-install ---"
            sudo nixos-install --flake "$FLAKE_DIR#$HOSTNAME"

            echo "Installation complete! Remove the ISO and reboot."
          else
            echo "Installed NixOS detected - switching configuration"
            sudo nixos-rebuild switch --flake "$FLAKE_DIR#$HOSTNAME"
            echo "NixOS system configured"
          fi
          '');
        };
      in {
        x86_64-linux.installer = mkInstaller "x86_64-linux";
        aarch64-linux.installer = mkInstaller "aarch64-linux";
      };

    };
}
init by ai 2026-04-07 02:34:03 +02:00			`{`
			`description = "Portable NixOS + Home Manager configuration with sops secrets and disko";`

			`inputs = {`
			`# Core`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";`
init by ai 2026-04-07 02:34:03 +02:00			`nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";`

			`# Flakes`
			`flake-utils.url = "github:numtide/flake-utils";`

			`# Home Manager`
			`home-manager = {`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`url = "github:nix-community/home-manager/release-25.11";`
init by ai 2026-04-07 02:34:03 +02:00			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`

			`# Secrets management`
			`sops-nix = {`
			`url = "github:mic92/sops-nix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`

			`# Disk partitioning`
			`disko = {`
			`url = "github:nix-community/disko";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
			`};`

			`outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, home-manager, sops-nix, disko }:`
			`let`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`mkPkgs = system: import nixpkgs {`
init by ai 2026-04-07 02:34:03 +02:00			`inherit system;`
			`config.allowUnfree = true;`
			`};`

Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`mkPkgsUnstable = system: import nixpkgs-unstable {`
init by ai 2026-04-07 02:34:03 +02:00			`inherit system;`
			`config.allowUnfree = true;`
			`};`

Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`mkOverlayUnstable = system:`
			`final: prev: { unstable = mkPkgsUnstable system; };`

Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`# Set enableHomeManager = false for servers or minimal installs that`
			`# don't need user-level dotfile/package management.`
			`mkNixosSystem = { system, hostModule, enableHomeManager ? true }:`
			`let`
Deduplicate home config and optimize mkPkgsUnstable calls 2026-04-07 03:08:12 +02:00			`pkgs-unstable = mkPkgsUnstable system;`
Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`in nixpkgs.lib.nixosSystem {`
			`inherit system;`

			`specialArgs = {`
Deduplicate home config and optimize mkPkgsUnstable calls 2026-04-07 03:08:12 +02:00			`inherit sops-nix disko pkgs-unstable;`
Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`};`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00
Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`modules = [`
Fix module system errors: wrap overlay in nixpkgs.overlays module and remove invalid programs.dash 2026-04-07 06:59:16 +02:00			`{`
			`nixpkgs.overlays = [ (mkOverlayUnstable system) ];`
			`}`
Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`sops-nix.nixosModules.sops`
			`disko.nixosModules.disko`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00
Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`hostModule`
			`./nixos/default.nix`
Integrate home-manager as NixOS module for automatic user configuration on install 2026-04-07 14:54:25 +02:00			`] ++ nixpkgs.lib.optionals enableHomeManager [`
			`home-manager.nixosModules.home-manager`
			`{`
			`home-manager.useGlobalPkgs = true;`
			`home-manager.useUserPackages = true;`
			`home-manager.extraSpecialArgs = {`
			`inherit pkgs-unstable sops-nix;`
			`};`
			`home-manager.users.eliaskohout = import ./home/default.nix;`
			`}`
			`];`
Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`};`
init by ai 2026-04-07 02:34:03 +02:00
Deduplicate home config and optimize mkPkgsUnstable calls 2026-04-07 03:08:12 +02:00			`mkHomeConfig = system: home-manager.lib.homeManagerConfiguration {`
Fix home-manager overlay application in flake.nix 2026-04-07 05:22:11 +02:00			`pkgs = import nixpkgs {`
			`inherit system;`
			`config.allowUnfree = true;`
			`overlays = [ (mkOverlayUnstable system) ];`
			`};`
Deduplicate home config and optimize mkPkgsUnstable calls 2026-04-07 03:08:12 +02:00			`extraSpecialArgs = {`
			`pkgs-unstable = mkPkgsUnstable system;`
			`inherit sops-nix;`
			`};`
			`modules = [`
			`./home/default.nix`
			`];`
			`};`

Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`defaultSystem = "x86_64-linux";`
			`pkgs = mkPkgs defaultSystem;`

Add devShells for both x86_64-linux and aarch64-linux 2026-04-07 06:32:01 +02:00			`mkDevShell = pkgs: pkgs.mkShell {`
			`buildInputs = with pkgs; [`
			`nix`
			`nixpkgs-fmt`
			`sops`
			`age`
			`git`
			`];`

			`shellHook = ''`
			`echo "NixOS Configuration Development Shell"`
			`echo "Available commands:"`
			`echo " - nix flake check # Check flake validity"`
			`echo " - nix flake show # Show all outputs"`
			`echo " - sudo nixos-rebuild switch --flake .#hostname"`
			`echo " - home-manager switch --flake .#youruser@linux"`
			`echo " - sops secrets/secrets.yaml # Edit encrypted secrets"`
			`'';`
			`};`

init by ai 2026-04-07 02:34:03 +02:00			`in {`

			`# ============================================`
			`# NixOS System Configurations`
			`# ============================================`

			`nixosConfigurations = {`

Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`# x86_64 laptop (most common)`
			`laptop = mkNixosSystem {`
			`system = "x86_64-linux";`
			`hostModule = ./hosts/laptop/default.nix;`
init by ai 2026-04-07 02:34:03 +02:00			`};`

Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`# x86_64 server (no home-manager — minimal system-only config)`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00			`server = mkNixosSystem {`
			`system = "x86_64-linux";`
			`hostModule = ./hosts/server/default.nix;`
Make home-manager optional per-host via enableHomeManager flag 2026-04-07 03:05:24 +02:00			`enableHomeManager = false;`
init by ai 2026-04-07 02:34:03 +02:00			`};`
Make system architecture per-host instead of global constant 2026-04-07 02:49:12 +02:00
Add utm-aarch64 host configuration 2026-04-07 06:41:39 +02:00			`# ARM64 UTM Virtual Machine (Apple Silicon)`
			`macvm-nix = mkNixosSystem {`
			`system = "aarch64-linux";`
			`hostModule = ./hosts/macvm-nix/default.nix;`
			`};`
init by ai 2026-04-07 02:34:03 +02:00			`};`

			`# ============================================`
			`# Home Manager Standalone (Non-NixOS systems)`
			`# ============================================`

			`homeConfigurations = {`
Deduplicate home config and optimize mkPkgsUnstable calls 2026-04-07 03:08:12 +02:00			`"eliaskohout@linux" = mkHomeConfig "x86_64-linux";`
			`"eliaskohout@linux-arm" = mkHomeConfig "aarch64-linux";`
init by ai 2026-04-07 02:34:03 +02:00			`};`

			`# ============================================`
			`# Development Shell`
			`# ============================================`

Add devShells for both x86_64-linux and aarch64-linux 2026-04-07 06:32:01 +02:00			`devShells = {`
			`x86_64-linux.default = mkDevShell (mkPkgs "x86_64-linux");`
			`aarch64-linux.default = mkDevShell (mkPkgs "aarch64-linux");`
init by ai 2026-04-07 02:34:03 +02:00			`};`

			`# ============================================`
			`# Installer Script`
			`# ============================================`

Add aarch64-linux installer app 2026-04-07 08:12:04 +02:00			`apps = let`
			`mkInstaller = system: {`
			`type = "app";`
			`program = toString ((mkPkgs system).writeShellScript "installer" ''`
init by ai 2026-04-07 02:34:03 +02:00			`set -e`

			`if [ -z "$1" ]; then`
			`echo "Usage: nix run .#installer -- <hostname>"`
			`echo "Example: nix run .#installer -- laptop"`
			`exit 1`
			`fi`

			`HOSTNAME=$1`
Handle initial install from ISO with disko, swap, and tmpfs expansion 2026-04-07 08:19:35 +02:00			`FLAKE_DIR=$(pwd)`
init by ai 2026-04-07 02:34:03 +02:00
Handle initial install from ISO with disko, swap, and tmpfs expansion 2026-04-07 08:19:35 +02:00			`if [ ! -f /etc/os-release ]; then`
			`echo "Cannot determine OS"`
init by ai 2026-04-07 02:34:03 +02:00			`exit 1`
			`fi`
Handle initial install from ISO with disko, swap, and tmpfs expansion 2026-04-07 08:19:35 +02:00
			`. /etc/os-release`

			`if [ "$ID" != "nixos" ]; then`
			`echo "Not on NixOS - installing home-manager only"`
Fix non-NixOS installer branch: auto-detect arch and use correct home config target 2026-04-07 14:58:00 +02:00			`ARCH=$(uname -m)`
			`case "$ARCH" in`
			`x86_64) HM_TARGET="eliaskohout@linux" ;;`
			`aarch64) HM_TARGET="eliaskohout@linux-arm" ;;`
			`*)`
			`echo "Unsupported architecture: $ARCH"`
			`exit 1`
			`;;`
			`esac`
			`echo "Detected architecture: $ARCH -> using config: $HM_TARGET"`
			`home-manager switch --flake "$FLAKE_DIR#$HM_TARGET"`
Handle initial install from ISO with disko, swap, and tmpfs expansion 2026-04-07 08:19:35 +02:00			`echo "Home manager configured"`
			`exit 0`
			`fi`

			`# Detect ISO/live environment: /nix/.rw-store is a tmpfs overlay`
			`if grep -q "tmpfs /nix/.rw-store" /proc/mounts 2>/dev/null; then`
			`echo "ISO environment detected - running full install for: $HOSTNAME"`

Expand tmpfs and enable zram swap before disko to fix out-of-space errors 2026-04-07 14:36:52 +02:00			`# Step 1: Expand tmpfs and set up zram swap BEFORE downloading anything`
			`echo "--- Step 1/4: Expanding tmpfs and enabling zram swap ---"`
			`sudo mount -o remount,size=4G /nix/.rw-store`
			`if sudo modprobe zram 2>/dev/null; then`
			`echo 2G \| sudo tee /sys/block/zram0/disksize > /dev/null`
			`sudo mkswap /dev/zram0`
			`sudo swapon /dev/zram0`
			`echo "zram swap enabled"`
			`else`
			`echo "zram not available, continuing without it"`
			`fi`

			`# Step 2: Partition and format disk`
			`echo "--- Step 2/4: Running disko ---"`
Handle initial install from ISO with disko, swap, and tmpfs expansion 2026-04-07 08:19:35 +02:00			`sudo nix --extra-experimental-features "nix-command flakes" run \`
			`github:nix-community/disko/latest -- \`
			`--mode destroy,format,mount \`
			`--flake "$FLAKE_DIR#$HOSTNAME"`

Expand tmpfs and enable zram swap before disko to fix out-of-space errors 2026-04-07 14:36:52 +02:00			`# Step 3: Create swap file on installed root for nixos-install`
			`echo "--- Step 3/4: Creating 2GB swap file on target disk ---"`
Handle initial install from ISO with disko, swap, and tmpfs expansion 2026-04-07 08:19:35 +02:00			`sudo dd if=/dev/zero of=/mnt/swapfile bs=1M count=2048 status=progress`
			`sudo chmod 600 /mnt/swapfile`
			`sudo mkswap /mnt/swapfile`
			`sudo swapon /mnt/swapfile`

			`# Step 4: Install NixOS`
			`echo "--- Step 4/4: Running nixos-install ---"`
			`sudo nixos-install --flake "$FLAKE_DIR#$HOSTNAME"`

			`echo "Installation complete! Remove the ISO and reboot."`
			`else`
			`echo "Installed NixOS detected - switching configuration"`
			`sudo nixos-rebuild switch --flake "$FLAKE_DIR#$HOSTNAME"`
			`echo "NixOS system configured"`
			`fi`
Add aarch64-linux installer app 2026-04-07 08:12:04 +02:00			`'');`
			`};`
			`in {`
			`x86_64-linux.installer = mkInstaller "x86_64-linux";`
			`aarch64-linux.installer = mkInstaller "aarch64-linux";`
init by ai 2026-04-07 02:34:03 +02:00			`};`

			`};`
			`}`