Scope overlays and modules to specific host sets

2024-08-11 08:58:31 +01:00 · 2024-08-11 08:58:31 +01:00 · fdfacc0f97
commit fdfacc0f97
parent 6eed6303f2
30 changed files with 137 additions and 128 deletions
--- a/flake.nix
+++ b/flake.nix
@ -51,82 +51,45 @@
    };
  };

-  outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, agenix, deploy-rs, disko, home-manager, nixos-hardware, nixos-mailserver, ... }:
+  outputs = inputs @ { self, nixpkgs, ... }:
    let
      inherit (nixpkgs) lib;
+
+      forEverySystem = lib.getAttrs lib.systems.flakeExposed;
      forEachSystem = lib.genAttrs [
        "x86_64-linux"
        "aarch64-linux"
      ];
-      mkPkgsForSystem = system: inputs.nixpkgs;
-      customPkgs = forEachSystem (system:
-        lib.packagesFromDirectoryRecursive {
-          callPackage = nixpkgs.legacyPackages.${system}.callPackage;
-          directory = ./pkgs;
-        });
-      overlays = [
-        agenix.overlays.default
-        (import ./overlays/gnome.nix)
-        (import ./overlays/default.nix)
-        (
-          final: prev: {
-            unstable = import inputs.nixpkgs-unstable { system = final.system; };
-          }
-        )
-      ];
-      commonModules = [
-        agenix.nixosModules.age
-        disko.nixosModules.disko
-        nixos-mailserver.nixosModule
-        home-manager.nixosModule
-        ./modules
-      ];
-      mkNixosSystem = { system, name, extraModules ? [] }:
-        let
-          nixpkgs = mkPkgsForSystem system;
-          lib = (import nixpkgs { inherit overlays system; }).lib;
-        in
-        inputs.nixpkgs.lib.nixosSystem {
-          inherit lib system;
-          specialArgs = { modulesPath = toString (nixpkgs + "/nixos/modules"); inherit inputs; };
-          baseModules = import (nixpkgs + "/nixos/modules/module-list.nix");
-          modules = commonModules ++ [
-            ({ config, ... }:
-              {
-                nixpkgs.pkgs = import nixpkgs {
-                  inherit overlays system;
-                  config.allowUnfree = true;
-                  config.nvidia.acceptLicense = true;
-                };
-                networking.hostName = name;
-              })
-            ./hosts/${name}
-          ] ++ extraModules;
-        };
    in
    {
+      overlays = lib.packagesFromDirectoryRecursive {
+        callPackage = path: overrides: import path;
+        directory = ./overlays;
+      };
+
      legacyPackages = forEachSystem (system:
        lib.packagesFromDirectoryRecursive {
          callPackage = nixpkgs.legacyPackages.${system}.callPackage;
          directory = ./pkgs;
        });

-      nixosConfigurations = {
-        atlas = mkNixosSystem { system = "x86_64-linux"; name = "atlas"; };
-        eos = mkNixosSystem { system = "x86_64-linux"; name = "eos"; };
-        helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; };
-        hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; };
-        library = mkNixosSystem { system = "x86_64-linux"; name = "library"; };
-        mail = mkNixosSystem { system = "x86_64-linux"; name = "mail"; };
-        odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; };
-        pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; };
-        skycam = mkNixosSystem { system = "aarch64-linux"; name = "skycam"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; };
-        vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; };
-      };
+      nixosConfigurations = lib.pipe ./hosts [
+        builtins.readDir
+        (lib.filterAttrs (name: value: value == "directory"))
+        (lib.mapAttrs (name: value:
+          lib.nixosSystem {
+            specialArgs = { inherit self; };
+
+            modules = [
+              { networking.hostName = name; }
+              ./hosts/${name}
+            ];
+          }))
+      ];

      devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell {
        buildInputs = [
-          deploy-rs.packages.x86_64-linux.deploy-rs
+          inputs.deploy-rs.packages.x86_64-linux.deploy-rs
        ];
      };

@ -140,7 +103,7 @@

            profiles.system = {
              user = "root";
-              path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mail;
+              path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mail;
            };
          };
          vps1 = {
@ -148,7 +111,7 @@

            profiles.system = {
              user = "root";
-              path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.vps1;
+              path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.vps1;
            };
          };
          pi = {
@ -156,7 +119,7 @@

            profiles.system = {
              user = "root";
-              path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pi;
+              path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pi;
            };
          };
          skycam = {
@ -164,13 +127,13 @@

            profiles.system = {
              user = "root";
-              path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.skycam;
+              path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.skycam;
            };
          };
        };
      };

-      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
+      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
    };
 }

--- a/hosts/atlas/default.nix
+++ b/hosts/atlas/default.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, ... }:

 {
  imports = [
@ -6,6 +6,8 @@
    ../desktop.nix
  ];

+  nixpkgs.hostPlatform = "x86_64-linux";
+
  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
--- a/hosts/common.nix
+++ b/hosts/common.nix
@ -1,6 +1,22 @@
-{ config, pkgs, ... }:
+{ config, pkgs, self, ... }:

 {
+  imports = [
+    self.inputs.agenix.nixosModules.age
+    self.inputs.home-manager.nixosModule
+    ../modules
+  ];
+
+  nixpkgs.overlays = [
+    self.inputs.agenix.overlays.default
+    (import ../overlays/default.nix)
+    (
+      final: prev: {
+        unstable = import self.inputs.nixpkgs-unstable { system = final.system; };
+      }
+    )
+  ];
+
  time.timeZone = "Europe/London";

  i18n.defaultLocale = "en_GB.UTF-8";
--- a/hosts/desktop.nix
+++ b/hosts/desktop.nix
@ -1,10 +1,14 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:

 {
  imports = [
    ./common.nix
  ];

+  nixpkgs.overlays = [
+    (import ../overlays/gnome.nix)
+  ];
+
  services.printing.enable = true;
  services.openssh.startWhenNeeded = true;

--- a/hosts/eos/default.nix
+++ b/hosts/eos/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, ... }:

 {
  imports = [
@ -6,6 +6,8 @@
    ../desktop.nix
  ];

+  nixpkgs.hostPlatform = "x86_64-linux";
+
  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
--- a/hosts/helios/default.nix
+++ b/hosts/helios/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, ... }:

 {
  imports = [
@ -6,6 +6,8 @@
    ../desktop.nix
  ];

+  nixpkgs.hostPlatform = "x86_64-linux";
+
  boot = {
    loader.grub = {
      enable = true;
--- a/hosts/hypnos/default.nix
+++ b/hosts/hypnos/default.nix
@ -1,12 +1,21 @@
-{ config, lib, ... }:
+{ config, lib, self, ... }:

 {
  imports = [
+    self.inputs.disko.nixosModules.disko
    ./hardware-configuration.nix
    ./disko-config.nix
    ../desktop.nix
  ];

+  nixpkgs = {
+    hostPlatform = "x86_64-linux";
+    config = {
+      allowUnfree = true;
+      nvidia.acceptLicense = true;
+    };
+  };
+
  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
--- a/hosts/library/default.nix
+++ b/hosts/library/default.nix
@ -6,6 +6,8 @@
    ../server.nix
  ];

+  nixpkgs.hostPlatform = "x86_64-linux";
+
  boot = {
    loader.systemd-boot.enable = true;
    loader.efi.canTouchEfiVariables = true;
--- a/hosts/mail/default.nix
+++ b/hosts/mail/default.nix
@ -1,12 +1,15 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, lib, self, ... }:

 {
  imports = [
+    self.inputs.disko.nixosModules.disko
    ./hardware-configuration.nix
    ./disko-config.nix
    ../server.nix
  ];

+  nixpkgs.hostPlatform = "x86_64-linux";
+
  networking = {
    hostId = "08ac2f14";
    domain = "mesh.vimium.net";
--- a/hosts/odyssey/default.nix
+++ b/hosts/odyssey/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, ... }:

 {
  imports = [
@ -6,6 +6,14 @@
    ../desktop.nix
  ];

+  nixpkgs = {
+    hostPlatform = "x86_64-linux";
+    config = {
+      allowUnfree = true;
+      nvidia.acceptLicense = true;
+    };
+  };
+
  boot.loader = {
    systemd-boot = {
      enable = true;
--- a/hosts/pi/default.nix
+++ b/hosts/pi/default.nix
@ -1,12 +1,13 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, lib, pkgs, self, ... }:

 {
  imports = [
+    self.inputs.nixos-hardware.nixosModules.raspberry-pi-4
    ./hardware-configuration.nix
    ../server.nix
  ];

-  networking.hostId = "731d1660";
+  nixpkgs.hostPlatform = "aarch64-linux";

  hardware = {
    raspberry-pi."4" = {
@ -97,6 +98,8 @@
    ];
  };

+  networking.hostId = "731d1660";
+
  sound.enable = true;

  security.rtkit.enable = true;
@ -108,7 +111,7 @@
  };

  age.secrets."files/services/home-assistant/secrets.yaml" = {
-    file = "${inputs.secrets}/files/services/home-assistant/secrets.yaml.age";
+    file = "${self.inputs.secrets}/files/services/home-assistant/secrets.yaml.age";
    path = "${config.services.home-assistant.configDir}/secrets.yaml";
    owner = "hass";
    group = "hass";
@ -173,7 +176,7 @@
  };

  age.secrets."files/services/zigbee2mqtt/secret.yaml" = {
-    file = "${inputs.secrets}/files/services/zigbee2mqtt/secret.yaml.age";
+    file = "${self.inputs.secrets}/files/services/zigbee2mqtt/secret.yaml.age";
    path = "${config.services.zigbee2mqtt.dataDir}/secret.yaml";
    owner = "zigbee2mqtt";
    group = "zigbee2mqtt";
--- a/hosts/skycam/default.nix
+++ b/hosts/skycam/default.nix
@ -1,11 +1,14 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, self, ... }:

 {
  imports = [
+    self.inputs.nixos-hardware.nixosModules.raspberry-pi-4
    ./hardware-configuration.nix
    ../server.nix
  ];

+  nixpkgs.hostPlatform = "aarch64-linux";
+
  hardware = {
    raspberry-pi."4" = {
      apply-overlays-dtmerge.enable = true;
--- a/hosts/vps1/default.nix
+++ b/hosts/vps1/default.nix
@ -1,7 +1,4 @@
-{
-  lib,
-  ...
-}:
+{ lib, ... }:

 {
  imports = [
@ -9,6 +6,8 @@
    ../server.nix
  ];

+  nixpkgs.hostPlatform = "x86_64-linux";
+
  networking = {
    hostId = "08bf6db3";
    domain = "mesh.vimium.net";
--- a/modules/desktop/apps/thunderbird.nix
+++ b/modules/desktop/apps/thunderbird.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, lib, self, ... }:

 let cfg = config.modules.desktop.apps.thunderbird;
 in {
@ -10,7 +10,7 @@ in {
  };
  
  config = lib.mkIf cfg.enable {
-    home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = inputs.thunderbird-gnome-theme;
+    home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = self.inputs.thunderbird-gnome-theme;

    home.programs.thunderbird = {
      enable = true;
--- a/modules/desktop/browsers/brave.nix
+++ b/modules/desktop/browsers/brave.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, lib, pkgs, ... }:

 let cfg = config.modules.desktop.browsers.brave;
 in {
--- a/modules/desktop/browsers/firefox.nix
+++ b/modules/desktop/browsers/firefox.nix
@ -1,4 +1,4 @@
-{ config, lib, inputs, ... }:
+{ config, lib, self, ... }:

 let cfg = config.modules.desktop.browsers.firefox;
 in {
@ -10,7 +10,7 @@ in {
  };

  config = lib.mkIf cfg.enable {
-    home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = inputs.firefox-gnome-theme;
+    home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = self.inputs.firefox-gnome-theme;

    home.programs.firefox = {
      enable = true;
--- a/modules/desktop/gnome.nix
+++ b/modules/desktop/gnome.nix
@ -1,4 +1,4 @@
-{ config, inputs, lib, pkgs, ... }:
+{ config, lib, pkgs, self, ... }:

 let cfg = config.modules.desktop.gnome;
 in {
@ -207,7 +207,7 @@ in {
      "Kvantum/kvantum.kvconfig".text = lib.generators.toINI {} {
        General.theme = "KvLibadwaitaDark";
      };
-      "Kvantum/KvLibadwaita".source = "${inputs.kvlibadwaita}/src/KvLibadwaita";
+      "Kvantum/KvLibadwaita".source = "${self.inputs.kvlibadwaita}/src/KvLibadwaita";
    };

    user.packages = with pkgs; [
--- a/modules/networking/tailscale.nix
+++ b/modules/networking/tailscale.nix
@ -1,4 +1,4 @@
-{ config, inputs, lib, pkgs, ... }:
+{ config, lib, pkgs, self, ... }:

 let
  cfg = config.modules.networking.tailscale;
@ -18,7 +18,7 @@ in {

  config = lib.mkIf cfg.enable {
    age.secrets."passwords/services/tailscale/${hostname}-authkey" = {
-      file = "${inputs.secrets}/passwords/services/tailscale/${hostname}-authkey.age";
+      file = "${self.inputs.secrets}/passwords/services/tailscale/${hostname}-authkey.age";
    };

    environment.systemPackages = [ pkgs.tailscale ];
--- a/modules/networking/wireless.nix
+++ b/modules/networking/wireless.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, lib, pkgs, self, ... }:

 with lib;

@ -19,7 +19,7 @@ in {

  config = mkIf cfg.enable {
    age.secrets."passwords/networks" = {
-      file = "${inputs.secrets}/passwords/networks.age";
+      file = "${self.inputs.secrets}/passwords/networks.age";
    };

    networking = {
--- a/modules/options.nix
+++ b/modules/options.nix
@ -1,4 +1,4 @@
-{ config, options, lib, home-manager, inputs, ... }:
+{ config, options, lib, self, ... }:

 with lib;
 {
@ -29,7 +29,7 @@ with lib;
  };

  config = {
-    age.secrets."passwords/users/jordan".file = "${inputs.secrets}/passwords/users/jordan.age";
+    age.secrets."passwords/users/jordan".file = "${self.inputs.secrets}/passwords/users/jordan.age";
    user =
      let user = builtins.getEnv "USER";
          name = if elem user [ "" "root" ] then "jordan" else user;
@ -68,8 +68,8 @@ with lib;
      };

      sharedModules = [
-        inputs.nixvim.homeManagerModules.nixvim
-        inputs.plasma-manager.homeManagerModules.plasma-manager
+        self.inputs.nixvim.homeManagerModules.nixvim
+        self.inputs.plasma-manager.homeManagerModules.plasma-manager
      ];
    };

--- a/modules/services/borgmatic/default.nix
+++ b/modules/services/borgmatic/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, lib, self, ... }:

 let
  cfg = config.modules.services.borgmatic;
@ -27,7 +27,7 @@ in {

  config = lib.mkIf cfg.enable {
    age.secrets."passwords/services/borg/${hostname}-passphrase" = {
-      file = "${inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age";
+      file = "${self.inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age";
    };

    services.borgmatic = {
--- a/modules/services/coturn/default.nix
+++ b/modules/services/coturn/default.nix
@ -1,9 +1,4 @@
-{
-  config,
-  lib,
-  inputs,
-  ...
-}:
+{ config, lib, self, ... }:

 let
  cfg = config.modules.services.coturn;
@ -54,13 +49,13 @@ in {

    age.secrets = {
      "passwords/services/coturn/static-auth-secret" = {
-        file = "${inputs.secrets}/passwords/services/coturn/static-auth-secret.age";
+        file = "${self.inputs.secrets}/passwords/services/coturn/static-auth-secret.age";
        owner = "turnserver";
        group = "turnserver";
      };
    } // (if cfg.matrixIntegration then {
      "passwords/services/coturn/matrix-turn-config.yml" = {
-        file = "${inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age";
+        file = "${self.inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age";
        owner = "matrix-synapse";
        group = "matrix-synapse";
      };
--- a/modules/services/gitea-runner/default.nix
+++ b/modules/services/gitea-runner/default.nix
@ -1,4 +1,4 @@
-{ pkgs, config, lib, inputs, ... }:
+{ pkgs, config, lib, self, ... }:

 # Based on: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix

@ -176,7 +176,7 @@ in
    users.groups.nix-ci-user = { };

    age.secrets."files/services/gitea-runner/${hostname}-token" = {
-      file = "${inputs.secrets}/files/services/gitea-runner/${hostname}-token.age";
+      file = "${self.inputs.secrets}/files/services/gitea-runner/${hostname}-token.age";
      group = "podman";
    };

--- a/modules/services/gitea/default.nix
+++ b/modules/services/gitea/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, lib, pkgs, self, ... }:

 let
  cfg = config.modules.services.gitea;
@ -40,9 +40,9 @@ in {

    systemd.tmpfiles.rules = [
      "d '${config.services.gitea.customDir}/public/assets/css' 0750 ${config.services.gitea.user} ${config.services.gitea.group} - -"
-      "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github.css' - - - - ${inputs.gitea-github-theme}/theme-github.css"
-      "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-auto.css' - - - - ${inputs.gitea-github-theme}/theme-github-auto.css"
-      "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-dark.css' - - - - ${inputs.gitea-github-theme}/theme-github-dark.css"
+      "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github.css' - - - - ${self.inputs.gitea-github-theme}/theme-github.css"
+      "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-auto.css' - - - - ${self.inputs.gitea-github-theme}/theme-github-auto.css"
+      "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-dark.css' - - - - ${self.inputs.gitea-github-theme}/theme-github-dark.css"
    ];

    services.gitea = rec {
--- a/modules/services/headscale/default.nix
+++ b/modules/services/headscale/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, lib, pkgs, ... }:

 with lib;

--- a/modules/services/mail/default.nix
+++ b/modules/services/mail/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, self, ... }:

 let
  cfg = config.modules.services.mail;
@ -22,6 +22,10 @@ in {
    };
  };

+  imports = [
+    self.inputs.nixos-mailserver.nixosModule
+  ];
+
  config = lib.mkIf cfg.enable {
    services.roundcube = {
      enable = true;
--- a/modules/services/matrix/default.nix
+++ b/modules/services/matrix/default.nix
@ -1,10 +1,4 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  ...
-}:
+{ config, lib, pkgs, self, ... }:

 let
  cfg = config.modules.services.matrix;
@ -197,7 +191,7 @@ in {

    age.secrets = if cfg.slidingSync.enable then {
      "files/services/matrix/sliding-sync" = {
-        file = "${inputs.secrets}/files/services/matrix/sliding-sync.age";
+        file = "${self.inputs.secrets}/files/services/matrix/sliding-sync.age";
      };
    } else {};

--- a/modules/services/nginx/default.nix
+++ b/modules/services/nginx/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, lib, pkgs, ... }:

 with lib;

--- a/modules/services/photoprism/default.nix
+++ b/modules/services/photoprism/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, lib, pkgs, self, ... }:

 with lib;

@ -36,7 +36,7 @@ in {
    };

    age.secrets."passwords/services/photoprism/admin" = {
-      file = "${inputs.secrets}/passwords/services/photoprism/admin.age";
+      file = "${self.inputs.secrets}/passwords/services/photoprism/admin.age";
    };

    services.photoprism = {
--- a/overlays/gnome.nix
+++ b/overlays/gnome.nix
@ -1,8 +1,8 @@
-self: super:
+final: prev:
 {
-  gnome = super.gnome.overrideScope' (gself: gsuper: {
+  gnome = prev.gnome.overrideScope' (gself: gsuper: {
    mutter = gsuper.mutter.overrideAttrs (oldAttrs: {
-      src = super.fetchurl {
+      src = prev.fetchurl {
        url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-46/mutter-triple-buffering-v4-46.tar.gz";
        sha256 = "mmFABDsRMzYnLO3+Cf3CJ60XyUBl3y9NAUj+vs7nLqE=";
      };