From e7145bad37b48399334053996707609c8f31e766 Mon Sep 17 00:00:00 2001 From: Jordan Holt Date: Fri, 15 Aug 2025 19:42:45 +0100 Subject: [PATCH] flake.nix: use flake-parts --- flake.lock | 175 +++++++++++++++++++++++++++++++++-------------- flake.nix | 185 +++++++++++++++++++++----------------------------- nix/hosts.nix | 60 ++++++++++++++++ 3 files changed, 264 insertions(+), 156 deletions(-) create mode 100644 nix/hosts.nix diff --git a/flake.lock b/flake.lock index b635baa..34f3fce 100644 --- a/flake.lock +++ b/flake.lock @@ -3,8 +3,12 @@ "agenix": { "inputs": { "darwin": "darwin", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs", + "home-manager": [ + "nixpkgs" + ], + "nixpkgs": [ + "nixpkgs" + ], "systems": "systems" }, "locked": { @@ -95,7 +99,7 @@ "deploy-rs": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "utils": "utils" }, "locked": { @@ -212,7 +216,41 @@ "type": "github" } }, + "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -257,7 +295,7 @@ "nixos-mailserver", "flake-compat" ], - "gitignore": "gitignore_2", + "gitignore": "gitignore_3", "nixpkgs": [ "nixos-mailserver", "nixpkgs" @@ -277,6 +315,26 @@ "type": "github" } }, + "git-hooks-nix": { + "inputs": { + "flake-compat": "flake-compat_2", + "gitignore": "gitignore", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1754416808, + "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitea-github-theme": { "flake": false, "locked": { @@ -295,6 +353,27 @@ } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "git-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "hyprland", @@ -316,7 +395,7 @@ "type": "github" } }, - "gitignore_2": { + "gitignore_3": { "inputs": { "nixpkgs": [ "nixos-mailserver", @@ -338,7 +417,7 @@ "type": "github" } }, - "gitignore_3": { + "gitignore_4": { "inputs": { "nixpkgs": [ "pre-commit-hooks", @@ -360,27 +439,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -475,11 +533,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1755184403, - "narHash": "sha256-VI+ZPD/uIFjzYW8IcyvBgvwyDIvUe4/xh/kOHTbITX8=", + "lastModified": 1755277479, + "narHash": "sha256-LrXtv1RIEds93j+OiSEvYFVX4fcGk2vrEzva19oxvco=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "60d769a89908c29e19100059985db15a7b6bab6a", + "rev": "edc473e8b0c14e768445422080af9978d132bff6", "type": "github" }, "original": { @@ -767,7 +825,7 @@ "nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "git-hooks": "git-hooks", "nixpkgs": [ "nixpkgs" @@ -791,16 +849,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754028485, - "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", + "lastModified": 1743014863, + "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "59e69648d345d6e8fef86158c555730fa12af9de", + "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -821,13 +879,28 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1753579242, + "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { - "lastModified": 1755027561, - "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { @@ -838,11 +911,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1743014863, - "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", + "lastModified": 1754340878, + "narHash": "sha256-lgmUyVQL9tSnvvIvBp7x1euhkkCho7n3TMzgjdvgPoU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", + "rev": "cab778239e705082fe97bb4990e0d24c50924c04", "type": "github" }, "original": { @@ -870,11 +943,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1754937576, - "narHash": "sha256-3sWA5WJybUE16kIMZ3+uxcxKZY/JRR4DFBqLdSLBo7w=", + "lastModified": 1755078291, + "narHash": "sha256-Hu/gTDoi4uy6TAKISPHQusSMy8U6xUbLSDjKBYdhDIY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ddae11e58c0c345bf66efbddbf2192ed0e58f896", + "rev": "3385ca0cd7e14c1a1eb80401fe011705ff012323", "type": "github" }, "original": { @@ -885,7 +958,7 @@ }, "nixvim": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "nixpkgs": [ "nixpkgs" ], @@ -932,8 +1005,8 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_2", - "gitignore": "gitignore", + "flake-compat": "flake-compat_3", + "gitignore": "gitignore_2", "nixpkgs": [ "hyprland", "nixpkgs" @@ -955,8 +1028,8 @@ }, "pre-commit-hooks_2": { "inputs": { - "flake-compat": "flake-compat_4", - "gitignore": "gitignore_3", + "flake-compat": "flake-compat_5", + "gitignore": "gitignore_4", "nixpkgs": [ "nixpkgs" ] @@ -981,8 +1054,10 @@ "deploy-rs": "deploy-rs", "disko": "disko", "firefox-gnome-theme": "firefox-gnome-theme", + "flake-parts": "flake-parts", + "git-hooks-nix": "git-hooks-nix", "gitea-github-theme": "gitea-github-theme", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "hyprland": "hyprland", "hyprland-plugins": "hyprland-plugins", "impermanence": "impermanence", diff --git a/flake.nix b/flake.nix index b6c42a7..bfd8f49 100644 --- a/flake.nix +++ b/flake.nix @@ -2,54 +2,80 @@ description = "NixOS system configuration"; inputs = { - nixpkgs.url = "nixpkgs/nixos-25.05"; - nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; - # nixpkgs-master.url = "nixpkgs"; - agenix.url = "github:ryantm/agenix"; + agenix = { + url = "github:ryantm/agenix"; + inputs.home-manager.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + deploy-rs.url = "github:serokell/deploy-rs"; + disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; + home-manager = { url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + hyprland.url = "github:hyprwm/Hyprland"; + hyprland-plugins = { url = "github:hyprwm/hyprland-plugins"; inputs.hyprland.follows = "hyprland"; }; + firefox-gnome-theme = { url = "github:rafaelmardojai/firefox-gnome-theme"; flake = false; }; + + flake-parts.url = "github:hercules-ci/flake-parts"; + + git-hooks-nix.url = "github:cachix/git-hooks.nix"; + gitea-github-theme = { url = "git+ssh://git@git.vimium.com/jordan/gitea-github-theme.git?ref=main"; flake = false; }; + impermanence.url = "github:nix-community/impermanence"; + kvlibadwaita = { url = "github:GabePoel/KvLibadwaita"; flake = false; }; + nixos-hardware.url = "github:NixOS/nixos-hardware"; + nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixpkgs.url = "nixpkgs/nixos-25.05"; + + nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; + + # nixpkgs-master.url = "nixpkgs"; + nixvim = { url = "github:nix-community/nixvim/nixos-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + pre-commit-hooks = { url = "github:cachix/git-hooks.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + secrets = { url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git"; flake = false; }; + thunderbird-gnome-theme = { url = "github:rafaelmardojai/thunderbird-gnome-theme"; flake = false; @@ -57,114 +83,61 @@ }; outputs = - inputs@{ self, nixpkgs, ... }: - let - inherit (nixpkgs) lib; + inputs@{ + nixpkgs, + flake-parts, + ... + }: + flake-parts.lib.mkFlake { inherit inputs; } { + imports = [ + inputs.git-hooks-nix.flakeModule + ./nix/hosts.nix + ]; - domain = "mesh.vimium.net"; - forEachSystem = lib.genAttrs [ - "x86_64-linux" + flake = { + overlays = nixpkgs.lib.packagesFromDirectoryRecursive { + callPackage = path: overrides: import path; + directory = ./overlays; + }; + }; + + systems = [ "aarch64-linux" - ]; - mkDeployNode = hostName: { - hostname = "${hostName}.${domain}"; - - profiles.system = { - user = "root"; - path = - inputs.deploy-rs.lib.${ - self.nixosConfigurations.${hostName}.config.system.build.toplevel.system - }.activate.nixos - self.nixosConfigurations.${hostName}; - }; - }; - in - { - overlays = lib.packagesFromDirectoryRecursive { - callPackage = path: overrides: import path; - directory = ./overlays; - }; - - legacyPackages = forEachSystem ( - system: - lib.packagesFromDirectoryRecursive { - callPackage = nixpkgs.legacyPackages.${system}.callPackage; - directory = ./pkgs; - } - ); - - nixosConfigurations = lib.pipe ./hosts [ - builtins.readDir - (lib.filterAttrs (name: value: value == "directory")) - (lib.mapAttrs ( - name: value: - lib.nixosSystem { - specialArgs = { inherit inputs; }; - - modules = [ - { - networking = { - inherit domain; - hostName = name; - }; - } - ./hosts/${name} - ]; - } - )) + "x86_64-linux" ]; - checks = - builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib - // (forEachSystem (system: { - pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run { - src = ./.; - hooks = { - check-case-conflicts.enable = true; - check-executables-have-shebangs.enable = true; - check-merge-conflicts.enable = true; - deadnix = { - enable = true; - settings = { - noLambdaArg = true; - }; - }; - detect-private-keys.enable = true; - end-of-file-fixer.enable = true; - fix-byte-order-marker.enable = true; - mixed-line-endings.enable = true; - nixfmt-rfc-style.enable = true; - trim-trailing-whitespace.enable = true; - }; - excludes = [ "pkgs/libcamera-rpi/libcamera-rpi-ipa-priv-key.pem" ]; + perSystem = + { pkgs, ... }: + { + formatter = pkgs.nixfmt-rfc-style; + + legacyPackages = pkgs.lib.packagesFromDirectoryRecursive { + callPackage = pkgs.callPackage; + directory = ./pkgs; }; - })); - formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); - - devShells = forEachSystem (system: { - default = nixpkgs.legacyPackages.${system}.mkShell { - inherit (self.checks.${system}.pre-commit-check) shellHook; - buildInputs = [ - inputs.agenix.packages.${system}.agenix - inputs.deploy-rs.packages.${system}.deploy-rs - ] - ++ self.checks.${system}.pre-commit-check.enabledPackages; + pre-commit = { + settings = { + excludes = [ "pkgs/libcamera-rpi/libcamera-rpi-ipa-priv-key.pem" ]; + hooks = { + check-case-conflicts.enable = true; + check-executables-have-shebangs.enable = true; + check-merge-conflicts.enable = true; + deadnix = { + enable = true; + settings = { + noLambdaArg = true; + }; + }; + detect-private-keys.enable = true; + end-of-file-fixer.enable = true; + fix-byte-order-marker.enable = true; + mixed-line-endings.enable = true; + nixfmt-rfc-style.enable = true; + trim-trailing-whitespace.enable = true; + }; + }; + }; }; - }); - - deploy = { - magicRollback = true; - autoRollback = true; - sshUser = "root"; - nodes = lib.genAttrs [ - "artemis" - "mail" - "pi" - "skycam" - "vps1" - "vps2" - ] mkDeployNode; - }; }; } diff --git a/nix/hosts.nix b/nix/hosts.nix new file mode 100644 index 0000000..0afea68 --- /dev/null +++ b/nix/hosts.nix @@ -0,0 +1,60 @@ +{ + inputs, + ... +}: + +{ + flake = + { config, lib, ... }: + let + domain = "mesh.vimium.net"; + mkDeployNode = hostName: { + hostname = "${hostName}.${domain}"; + + profiles.system = { + user = "root"; + path = + inputs.deploy-rs.lib.${ + config.nixosConfigurations.${hostName}.config.system.build.toplevel.system + }.activate.nixos + config.nixosConfigurations.${hostName}; + }; + }; + in + { + nixosConfigurations = lib.pipe ../hosts [ + builtins.readDir + (lib.filterAttrs (name: value: value == "directory")) + (lib.mapAttrs ( + name: value: + inputs.nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + + modules = [ + { + networking = { + inherit domain; + hostName = name; + }; + } + ../hosts/${name} + ]; + } + )) + ]; + + deploy = { + magicRollback = true; + autoRollback = true; + sshUser = "root"; + nodes = lib.genAttrs [ + "artemis" + "mail" + "pi" + "skycam" + "vps1" + "vps2" + ] mkDeployNode; + }; + }; +}