246 lines
7.6 KiB
Nix
246 lines
7.6 KiB
Nix
{
|
|
description = "Portable NixOS + Home Manager configuration with sops secrets and disko";
|
|
|
|
inputs = {
|
|
# Core
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
|
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
|
|
|
# Flakes
|
|
flake-utils.url = "github:numtide/flake-utils";
|
|
|
|
# Home Manager
|
|
home-manager = {
|
|
url = "github:nix-community/home-manager/release-25.11";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
# Secrets management
|
|
sops-nix = {
|
|
url = "github:mic92/sops-nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
# Disk partitioning
|
|
disko = {
|
|
url = "github:nix-community/disko";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, home-manager, sops-nix, disko }:
|
|
let
|
|
mkPkgs = system: import nixpkgs {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
|
|
mkPkgsUnstable = system: import nixpkgs-unstable {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
|
|
mkOverlayUnstable = system:
|
|
final: prev: { unstable = mkPkgsUnstable system; };
|
|
|
|
# Set enableHomeManager = false for servers or minimal installs that
|
|
# don't need user-level dotfile/package management.
|
|
mkNixosSystem = { system, hostModule, enableHomeManager ? true }:
|
|
let
|
|
pkgs-unstable = mkPkgsUnstable system;
|
|
in nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
|
|
specialArgs = {
|
|
inherit sops-nix disko pkgs-unstable;
|
|
};
|
|
|
|
modules = [
|
|
{
|
|
nixpkgs.overlays = [ (mkOverlayUnstable system) ];
|
|
}
|
|
sops-nix.nixosModules.sops
|
|
disko.nixosModules.disko
|
|
|
|
hostModule
|
|
./nixos/default.nix
|
|
] ++ nixpkgs.lib.optionals enableHomeManager [
|
|
home-manager.nixosModules.home-manager
|
|
{
|
|
home-manager.useGlobalPkgs = true;
|
|
home-manager.useUserPackages = true;
|
|
home-manager.extraSpecialArgs = {
|
|
inherit pkgs-unstable sops-nix;
|
|
};
|
|
home-manager.users.eliaskohout = import ./home/default.nix;
|
|
}
|
|
];
|
|
};
|
|
|
|
mkHomeConfig = system: home-manager.lib.homeManagerConfiguration {
|
|
pkgs = import nixpkgs {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
overlays = [ (mkOverlayUnstable system) ];
|
|
};
|
|
extraSpecialArgs = {
|
|
pkgs-unstable = mkPkgsUnstable system;
|
|
inherit sops-nix;
|
|
};
|
|
modules = [
|
|
./home/default.nix
|
|
];
|
|
};
|
|
|
|
defaultSystem = "x86_64-linux";
|
|
pkgs = mkPkgs defaultSystem;
|
|
|
|
mkDevShell = pkgs: pkgs.mkShell {
|
|
buildInputs = with pkgs; [
|
|
nix
|
|
nixpkgs-fmt
|
|
sops
|
|
age
|
|
git
|
|
];
|
|
|
|
shellHook = ''
|
|
echo "NixOS Configuration Development Shell"
|
|
echo "Available commands:"
|
|
echo " - nix flake check # Check flake validity"
|
|
echo " - nix flake show # Show all outputs"
|
|
echo " - sudo nixos-rebuild switch --flake .#hostname"
|
|
echo " - home-manager switch --flake .#youruser@linux"
|
|
echo " - sops secrets/secrets.yaml # Edit encrypted secrets"
|
|
'';
|
|
};
|
|
|
|
in {
|
|
|
|
# ============================================
|
|
# NixOS System Configurations
|
|
# ============================================
|
|
|
|
nixosConfigurations = {
|
|
|
|
# x86_64 laptop (most common)
|
|
laptop = mkNixosSystem {
|
|
system = "x86_64-linux";
|
|
hostModule = ./hosts/laptop/default.nix;
|
|
};
|
|
|
|
# x86_64 server (no home-manager — minimal system-only config)
|
|
server = mkNixosSystem {
|
|
system = "x86_64-linux";
|
|
hostModule = ./hosts/server/default.nix;
|
|
enableHomeManager = false;
|
|
};
|
|
|
|
# ARM64 UTM Virtual Machine (Apple Silicon)
|
|
macvm-nix = mkNixosSystem {
|
|
system = "aarch64-linux";
|
|
hostModule = ./hosts/macvm-nix/default.nix;
|
|
};
|
|
};
|
|
|
|
# ============================================
|
|
# Home Manager Standalone (Non-NixOS systems)
|
|
# ============================================
|
|
|
|
homeConfigurations = {
|
|
"eliaskohout@linux" = mkHomeConfig "x86_64-linux";
|
|
"eliaskohout@linux-arm" = mkHomeConfig "aarch64-linux";
|
|
};
|
|
|
|
# ============================================
|
|
# Development Shell
|
|
# ============================================
|
|
|
|
devShells = {
|
|
x86_64-linux.default = mkDevShell (mkPkgs "x86_64-linux");
|
|
aarch64-linux.default = mkDevShell (mkPkgs "aarch64-linux");
|
|
};
|
|
|
|
# ============================================
|
|
# Installer Script
|
|
# ============================================
|
|
|
|
apps = let
|
|
mkInstaller = system: {
|
|
type = "app";
|
|
program = toString ((mkPkgs system).writeShellScript "installer" ''
|
|
set -e
|
|
|
|
if [ -z "$1" ]; then
|
|
echo "Usage: nix run .#installer -- <hostname>"
|
|
echo "Example: nix run .#installer -- laptop"
|
|
exit 1
|
|
fi
|
|
|
|
HOSTNAME=$1
|
|
FLAKE_DIR=$(pwd)
|
|
|
|
if [ ! -f /etc/os-release ]; then
|
|
echo "Cannot determine OS"
|
|
exit 1
|
|
fi
|
|
|
|
. /etc/os-release
|
|
|
|
if [ "$ID" != "nixos" ]; then
|
|
echo "Not on NixOS - installing home-manager only"
|
|
home-manager switch --flake "$FLAKE_DIR#youruser@linux"
|
|
echo "Home manager configured"
|
|
exit 0
|
|
fi
|
|
|
|
# Detect ISO/live environment: /nix/.rw-store is a tmpfs overlay
|
|
if grep -q "tmpfs /nix/.rw-store" /proc/mounts 2>/dev/null; then
|
|
echo "ISO environment detected - running full install for: $HOSTNAME"
|
|
|
|
# Step 1: Expand tmpfs and set up zram swap BEFORE downloading anything
|
|
echo "--- Step 1/4: Expanding tmpfs and enabling zram swap ---"
|
|
sudo mount -o remount,size=4G /nix/.rw-store
|
|
if sudo modprobe zram 2>/dev/null; then
|
|
echo 2G | sudo tee /sys/block/zram0/disksize > /dev/null
|
|
sudo mkswap /dev/zram0
|
|
sudo swapon /dev/zram0
|
|
echo "zram swap enabled"
|
|
else
|
|
echo "zram not available, continuing without it"
|
|
fi
|
|
|
|
# Step 2: Partition and format disk
|
|
echo "--- Step 2/4: Running disko ---"
|
|
sudo nix --extra-experimental-features "nix-command flakes" run \
|
|
github:nix-community/disko/latest -- \
|
|
--mode destroy,format,mount \
|
|
--flake "$FLAKE_DIR#$HOSTNAME"
|
|
|
|
# Step 3: Create swap file on installed root for nixos-install
|
|
echo "--- Step 3/4: Creating 2GB swap file on target disk ---"
|
|
sudo dd if=/dev/zero of=/mnt/swapfile bs=1M count=2048 status=progress
|
|
sudo chmod 600 /mnt/swapfile
|
|
sudo mkswap /mnt/swapfile
|
|
sudo swapon /mnt/swapfile
|
|
|
|
# Step 4: Install NixOS
|
|
echo "--- Step 4/4: Running nixos-install ---"
|
|
sudo nixos-install --flake "$FLAKE_DIR#$HOSTNAME"
|
|
|
|
echo "Installation complete! Remove the ISO and reboot."
|
|
else
|
|
echo "Installed NixOS detected - switching configuration"
|
|
sudo nixos-rebuild switch --flake "$FLAKE_DIR#$HOSTNAME"
|
|
echo "NixOS system configured"
|
|
fi
|
|
'');
|
|
};
|
|
in {
|
|
x86_64-linux.installer = mkInstaller "x86_64-linux";
|
|
aarch64-linux.installer = mkInstaller "aarch64-linux";
|
|
};
|
|
|
|
};
|
|
}
|