{ description = "Portable NixOS + Home Manager configuration with sops secrets and disko"; inputs = { # Core nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Flakes flake-utils.url = "github:numtide/flake-utils"; # Home Manager home-manager = { url = "github:nix-community/home-manager/release-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; # Secrets management sops-nix = { url = "github:mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; # Disk partitioning disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, home-manager, sops-nix, disko }: let mkPkgs = system: import nixpkgs { inherit system; config.allowUnfree = true; }; mkPkgsUnstable = system: import nixpkgs-unstable { inherit system; config.allowUnfree = true; }; mkOverlayUnstable = system: final: prev: { unstable = mkPkgsUnstable system; }; # Set enableHomeManager = false for servers or minimal installs that # don't need user-level dotfile/package management. mkNixosSystem = { system, hostModule, enableHomeManager ? true }: let pkgs-unstable = mkPkgsUnstable system; in nixpkgs.lib.nixosSystem { inherit system; specialArgs = { inherit sops-nix disko pkgs-unstable; }; modules = [ { nixpkgs.overlays = [ (mkOverlayUnstable system) ]; } sops-nix.nixosModules.sops disko.nixosModules.disko hostModule ./nixos/default.nix ] ++ nixpkgs.lib.optionals enableHomeManager [ home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.extraSpecialArgs = { inherit pkgs-unstable sops-nix; }; home-manager.users.eliaskohout = import ./home/default.nix; } ]; }; mkHomeConfig = system: home-manager.lib.homeManagerConfiguration { pkgs = import nixpkgs { inherit system; config.allowUnfree = true; overlays = [ (mkOverlayUnstable system) ]; }; extraSpecialArgs = { pkgs-unstable = mkPkgsUnstable system; inherit sops-nix; }; modules = [ ./home/default.nix ]; }; defaultSystem = "x86_64-linux"; pkgs = mkPkgs defaultSystem; mkDevShell = pkgs: pkgs.mkShell { buildInputs = with pkgs; [ nix nixpkgs-fmt sops age git ]; shellHook = '' echo "NixOS Configuration Development Shell" echo "Available commands:" echo " - nix flake check # Check flake validity" echo " - nix flake show # Show all outputs" echo " - sudo nixos-rebuild switch --flake .#hostname" echo " - home-manager switch --flake .#youruser@linux" echo " - sops secrets/secrets.yaml # Edit encrypted secrets" ''; }; in { # ============================================ # NixOS System Configurations # ============================================ nixosConfigurations = { # x86_64 laptop (most common) laptop = mkNixosSystem { system = "x86_64-linux"; hostModule = ./hosts/laptop/default.nix; }; # x86_64 server (no home-manager — minimal system-only config) server = mkNixosSystem { system = "x86_64-linux"; hostModule = ./hosts/server/default.nix; enableHomeManager = false; }; # ARM64 UTM Virtual Machine (Apple Silicon) macvm-nix = mkNixosSystem { system = "aarch64-linux"; hostModule = ./hosts/macvm-nix/default.nix; }; }; # ============================================ # Home Manager Standalone (Non-NixOS systems) # ============================================ homeConfigurations = { "eliaskohout@linux" = mkHomeConfig "x86_64-linux"; "eliaskohout@linux-arm" = mkHomeConfig "aarch64-linux"; }; # ============================================ # Development Shell # ============================================ devShells = { x86_64-linux.default = mkDevShell (mkPkgs "x86_64-linux"); aarch64-linux.default = mkDevShell (mkPkgs "aarch64-linux"); }; # ============================================ # Installer Script # ============================================ apps = let mkInstaller = system: { type = "app"; program = toString ((mkPkgs system).writeShellScript "installer" '' set -e if [ -z "$1" ]; then echo "Usage: nix run .#installer -- " echo "Example: nix run .#installer -- laptop" exit 1 fi HOSTNAME=$1 FLAKE_DIR=$(pwd) if [ ! -f /etc/os-release ]; then echo "Cannot determine OS" exit 1 fi . /etc/os-release if [ "$ID" != "nixos" ]; then echo "Not on NixOS - installing home-manager only" home-manager switch --flake "$FLAKE_DIR#youruser@linux" echo "Home manager configured" exit 0 fi # Detect ISO/live environment: /nix/.rw-store is a tmpfs overlay if grep -q "tmpfs /nix/.rw-store" /proc/mounts 2>/dev/null; then echo "ISO environment detected - running full install for: $HOSTNAME" # Step 1: Expand tmpfs and set up zram swap BEFORE downloading anything echo "--- Step 1/4: Expanding tmpfs and enabling zram swap ---" sudo mount -o remount,size=4G /nix/.rw-store if sudo modprobe zram 2>/dev/null; then echo 2G | sudo tee /sys/block/zram0/disksize > /dev/null sudo mkswap /dev/zram0 sudo swapon /dev/zram0 echo "zram swap enabled" else echo "zram not available, continuing without it" fi # Step 2: Partition and format disk echo "--- Step 2/4: Running disko ---" sudo nix --extra-experimental-features "nix-command flakes" run \ github:nix-community/disko/latest -- \ --mode destroy,format,mount \ --flake "$FLAKE_DIR#$HOSTNAME" # Step 3: Create swap file on installed root for nixos-install echo "--- Step 3/4: Creating 2GB swap file on target disk ---" sudo dd if=/dev/zero of=/mnt/swapfile bs=1M count=2048 status=progress sudo chmod 600 /mnt/swapfile sudo mkswap /mnt/swapfile sudo swapon /mnt/swapfile # Step 4: Install NixOS echo "--- Step 4/4: Running nixos-install ---" sudo nixos-install --flake "$FLAKE_DIR#$HOSTNAME" echo "Installation complete! Remove the ISO and reboot." else echo "Installed NixOS detected - switching configuration" sudo nixos-rebuild switch --flake "$FLAKE_DIR#$HOSTNAME" echo "NixOS system configured" fi ''); }; in { x86_64-linux.installer = mkInstaller "x86_64-linux"; aarch64-linux.installer = mkInstaller "aarch64-linux"; }; }; }