Jalil David Salamé Messina
351e042a7c
Fix for OpenSSH vulnerability: ``` • Updated input 'home-manager': 'github:nix-community/home-manager/a1fddf0967c33754271761d91a3d921772b30d0e' (2024-06-16) → 'github:nix-community/home-manager/391ca6e950c2525b4f853cbe29922452c14eda82' (2024-07-01) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/a59f00f5ac65b19382617ba00f360f8bc07ed3ac' (2024-06-29) → 'github:NixOS/nixos-hardware/6e253f12b1009053eff5344be5e835f604bb64cd' (2024-07-02) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/89c49874fb15f4124bf71ca5f42a04f2ee5825fd' (2024-06-26) → 'github:NixOS/nixpkgs/d032c1a6dfad4eedec7e35e91986becc699d7d69' (2024-07-01) • Updated input 'nixvim': 'github:nix-community/nixvim/c062b976eff9f13597c7c23d77a6b3ac677b7fd5' (2024-06-29) → 'github:nix-community/nixvim/079c2c479b5707adf0b03f817be30945c92c15cf' (2024-07-01) • Updated input 'nixvim/flake-parts': 'github:hercules-ci/flake-parts/2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8' (2024-06-01) → 'github:hercules-ci/flake-parts/c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9' (2024-06-30) • Updated input 'nixvim/treefmt-nix': 'github:numtide/treefmt-nix/065a23edceff48f948816b795ea8cc6c0dee7cdf' (2024-06-24) → 'github:numtide/treefmt-nix/8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd' (2024-06-30) • Updated input 'unstable': 'github:NixOS/nixpkgs/b2852eb9365c6de48ffb0dc2c9562591f652242a' (2024-06-27) → 'github:NixOS/nixpkgs/2741b4b489b55df32afac57bc4bfd220e8bf617e' (2024-06-29) ```
262 lines
7.1 KiB
Nix
262 lines
7.1 KiB
Nix
# This flake was initially generated by fh, the CLI for FlakeHub (version 0.1.9)
|
|
{
|
|
# A helpful description of your flake
|
|
description = "My NixOS configuration";
|
|
# Flake inputs
|
|
inputs = {
|
|
nixpkgs.url = "nixpkgs/nixos-24.05";
|
|
unstable.url = "nixpkgs/nixos-unstable";
|
|
# Software
|
|
jpassmenu = {
|
|
url = "github:jalil-salame/jpassmenu";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
audiomenu = {
|
|
url = "github:jalil-salame/audiomenu";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
# Lix
|
|
lix-module = {
|
|
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0-rc1.tar.gz";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
flake-utils.follows = "flake-utils";
|
|
};
|
|
};
|
|
# Modules
|
|
home-manager = {
|
|
url = "github:nix-community/home-manager/release-24.05";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
nixos-hardware.url = "github:NixOS/nixos-hardware";
|
|
# FIXME: pin to 24.05 when avalialble
|
|
stylix = {
|
|
url = "github:danth/stylix/release-24.05";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
home-manager.follows = "home-manager";
|
|
};
|
|
};
|
|
nixvim = {
|
|
url = "github:nix-community/nixvim";
|
|
inputs = {
|
|
nixpkgs.follows = "unstable";
|
|
devshell.follows = "devshell";
|
|
nix-darwin.follows = ""; # disable MacOS stuff
|
|
home-manager.follows = "home-manager";
|
|
flake-compat.follows = "stylix/flake-compat";
|
|
};
|
|
};
|
|
# For deduplication
|
|
systems.url = "github:nix-systems/default";
|
|
flake-utils = {
|
|
url = "github:numtide/flake-utils";
|
|
inputs.systems.follows = "systems";
|
|
};
|
|
devshell = {
|
|
url = "github:numtide/devshell";
|
|
inputs = {
|
|
flake-utils.follows = "flake-utils";
|
|
nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
};
|
|
|
|
# Flake outputs that other flakes can use
|
|
outputs = {
|
|
self,
|
|
nixpkgs,
|
|
unstable,
|
|
stylix,
|
|
home-manager,
|
|
nixos-hardware,
|
|
jpassmenu,
|
|
audiomenu,
|
|
nixvim,
|
|
lix-module,
|
|
...
|
|
}: let
|
|
inherit (nixpkgs) lib;
|
|
# Helpers for producing system-specific outputs
|
|
supportedSystems = [
|
|
"x86_64-linux"
|
|
"aarch64-linux"
|
|
];
|
|
forEachSupportedSystem = f:
|
|
nixpkgs.lib.genAttrs supportedSystems (
|
|
system:
|
|
f {
|
|
inherit system;
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
|
}
|
|
);
|
|
overlays = builtins.attrValues self.overlays;
|
|
in {
|
|
checks = forEachSupportedSystem (
|
|
{
|
|
pkgs,
|
|
system,
|
|
}: let
|
|
src = builtins.path {
|
|
path = ./.;
|
|
name = "configuration.nix";
|
|
};
|
|
in {
|
|
nvim = nixvim.lib.${system}.check.mkTestDerivationFromNixvimModule {
|
|
pkgs = import nixpkgs {inherit system overlays;};
|
|
module = ./nvim/standalone.nix;
|
|
};
|
|
fmt = pkgs.callPackage ./fmt.nix {inherit src;};
|
|
lint = pkgs.callPackage ./lint.nix {inherit src;};
|
|
typos = pkgs.callPackage ./lint.nix {inherit src;};
|
|
}
|
|
);
|
|
|
|
packages = forEachSupportedSystem (
|
|
{
|
|
pkgs,
|
|
system,
|
|
}: {
|
|
inherit
|
|
(import ./docs {inherit pkgs lib;})
|
|
docs
|
|
nixos-markdown
|
|
nvim-markdown
|
|
home-markdown
|
|
;
|
|
# Nvim standalone module
|
|
nvim = nixvim.legacyPackages.${system}.makeNixvimWithModule {
|
|
pkgs = import nixpkgs {inherit system overlays;};
|
|
module = ./nvim/standalone.nix;
|
|
};
|
|
}
|
|
);
|
|
|
|
# Provide necessary overlays
|
|
overlays = {
|
|
nixvim = nixvim.overlays.default;
|
|
jpassmenu = jpassmenu.overlays.default;
|
|
audiomenu = audiomenu.overlays.default;
|
|
unstable = final: prev: let
|
|
unstablePkgs = unstable.legacyPackages.${prev.system};
|
|
in {
|
|
# Get unstable packages
|
|
unstable = unstablePkgs;
|
|
# Update vim plugins with the versions from unstable
|
|
vimPlugins = prev.vimPlugins // unstablePkgs.vimPlugins;
|
|
# Get specific packages from unstable
|
|
inherit
|
|
(unstablePkgs)
|
|
gitoxide
|
|
jujutsu
|
|
wezterm
|
|
neovim-unwrapped
|
|
;
|
|
};
|
|
};
|
|
|
|
# Nix files formatter (run `nix fmt`)
|
|
formatter = forEachSupportedSystem ({pkgs, ...}: pkgs.alejandra);
|
|
|
|
# Example vm configuration
|
|
nixosConfigurations.vm = let
|
|
system = "x86_64-linux";
|
|
config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) ["steam-original"];
|
|
pkgs = import nixpkgs {inherit system overlays config;};
|
|
in
|
|
lib.nixosSystem {
|
|
inherit system pkgs;
|
|
modules = [
|
|
self.nixosModules.vm # import vm module
|
|
{
|
|
time.timeZone = "Europe/Berlin";
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
users.users.jdoe = {
|
|
password = "example";
|
|
isNormalUser = true;
|
|
extraGroups = [
|
|
"wheel"
|
|
"video"
|
|
"networkmanager"
|
|
];
|
|
};
|
|
home-manager.users.jdoe = {
|
|
home = {
|
|
username = "jdoe";
|
|
homeDirectory = "/home/jdoe";
|
|
};
|
|
jhome = {
|
|
enable = true;
|
|
gui.enable = true;
|
|
dev.rust.enable = true;
|
|
};
|
|
};
|
|
nix.registry.nixpkgs.flake = nixpkgs;
|
|
jconfig = {
|
|
enable = true;
|
|
gui.enable = true;
|
|
};
|
|
}
|
|
];
|
|
};
|
|
|
|
nixosModules = let
|
|
nvim-config.imports = [
|
|
nixvim.homeManagerModules.nixvim
|
|
./nvim
|
|
];
|
|
homeManagerModuleSandalone = import ./home {inherit nvim-config stylix;};
|
|
homeManagerModuleNixOS = import ./home {inherit nvim-config;};
|
|
nixosModule = {
|
|
imports =
|
|
[
|
|
(import ./system {inherit stylix;})
|
|
home-manager.nixosModules.home-manager
|
|
]
|
|
++ nixpkgs.lib.optional (lix-module != null) lix-module.nixosModules.default;
|
|
home-manager = {
|
|
useGlobalPkgs = true;
|
|
useUserPackages = true;
|
|
sharedModules = [homeManagerModuleNixOS];
|
|
};
|
|
# Pin nixpkgs
|
|
nix.registry.nixpkgs.flake = nixpkgs;
|
|
};
|
|
|
|
machines = [
|
|
"capricorn"
|
|
"gemini"
|
|
"libra"
|
|
"vm"
|
|
];
|
|
mkMachine = hostname: {
|
|
imports = [
|
|
nixosModule
|
|
(import (./machines + "/${hostname}") {inherit nixos-hardware;})
|
|
];
|
|
home-manager.sharedModules = [{jhome.hostName = hostname;}];
|
|
};
|
|
machineModules = lib.genAttrs machines mkMachine;
|
|
in
|
|
{
|
|
default = nixosModule;
|
|
inherit nixosModule homeManagerModuleNixOS homeManagerModuleSandalone;
|
|
}
|
|
// machineModules;
|
|
|
|
devShells = forEachSupportedSystem (
|
|
{
|
|
pkgs,
|
|
system,
|
|
}: {
|
|
default = pkgs.mkShell {
|
|
buildInputs = [
|
|
pkgs.just
|
|
self.packages.${system}.nvim
|
|
];
|
|
QEMU_OPTS_WL = "--enable-kvm -smp 4 -device virtio-gpu-rutabaga,gfxstream-vulkan=on,cross-domain=on,hostmem=2G,wsi=headless";
|
|
};
|
|
}
|
|
);
|
|
};
|
|
}
|