andreijiroh.dev / nixops-config
NixOS + home-manager configs, mirrored from GitLab SaaS. gitlab.com/andreijiroh-dev/nixops-config
nix-flake nixos home-manager nixpkgs nix-flakes
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nixops-config / flake.nix
at 491d2abd3fd4e2964a879f58fdd2ac9f6ea7f957 712 lines 22 kB view raw
Andrei Jiroh Halili chore(agenix); dedupe imports and prep for system rebuilds later
391a6f33
1{ 2 description = "Andrei Jiroh's NixOS and home-manager configurations (AKA declarative dotfiles)"; 3 nixConfig = { 4 extra-trusted-public-keys = [ 5 # cache.nixos.org 6 "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 7 8 # cache.flakehub.com 9 "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM=" 10 "cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio=" 11 "cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU=" 12 "cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU=" 13 "cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8=" 14 "cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ=" 15 "cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o=" 16 "cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y=" 17 18 # nix-community 19 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 20 21 # devenv.sh 22 "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" 23 24 # my caches for nixos and nixpkgs related builds (including devenvs) 25 "ajhalili2006-nixos-builds.cachix.org-1:fA8HXvGR1i792D+CxL2iW/TQzUcyoW7zPUmC9Q4mQLg=" 26 27 # the main cache itself 28 "andreijiroh-dev.cachix.org-1:7Jd0STdBOLiNu5fiA+AKwcMqQD2PA1j9zLDGyDkuyBo=" 29 30 # recaptime.dev cache 31 "recaptime-dev.cachix.org-1:b0UBO1zONf6ceTIoR06AKhgid4ZOl5kxB/gOIdZ9J6g=" 32 33 # numtide 34 "niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g=" 35 ]; 36 37 # also list them all too 38 extra-trusted-substituters = [ 39 "https://cache.nixos.org" 40 "https://cache.flakehub.com" 41 "https://nix-community.cachix.org" 42 "https://devenv.cachix.org" 43 "https://andreijiroh-dev.cachix.org" 44 "https://ajhalili2006-nixos-builds.cachix.org" 45 "https://recaptime-dev.cachix.org" 46 "https://cache.numtide.com" 47 ]; 48 }; 49 50 # try to be in-sync with the nix-channels 51 inputs = { 52 # nixpkgs essientials 53 lib.url = "github:nix-community/nixpkgs.lib"; 54 nixpkgs.url = "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/*.tar.gz"; 55 flake-utils = { 56 url = "github:numtide/flake-utils"; 57 inputs = { 58 systems = { 59 follows = "systems"; 60 }; 61 }; 62 }; 63 nixos-generators = { 64 url = "github:nix-community/nixos-generators"; 65 inputs.nixpkgs.follows = "nixpkgs"; 66 }; 67 systems = { 68 url = "github:nix-systems/default"; 69 }; 70 71 # home-manager 72 home-manager = { 73 url = "https://flakehub.com/f/nix-community/home-manager/0"; 74 inputs.nixpkgs.follows = "nixpkgs"; 75 }; 76 77 # Determinate Nix 78 determinate = { 79 url = "https://flakehub.com/f/DeterminateSystems/determinate/0.1"; 80 #inputs.nixpkgs.follows = "nixpkgs"; 81 }; 82 83 # NixOS hardware stuff 84 nixos-hardware.url = "github:NixOS/nixos-hardware/master"; 85 86 # vscode-server setup 87 vscode-server = { 88 url = "github:nix-community/nixos-vscode-server"; 89 inputs = { 90 nixpkgs.follows = "nixpkgs"; 91 flake-utils.follows = "flake-utils"; 92 }; 93 }; 94 nix4vscode = { 95 url = "github:nix-community/nix4vscode"; 96 inputs.nixpkgs.follows = "nixpkgs"; 97 inputs.systems.follows = "systems"; 98 }; 99 100 # Firefox and friends 101 zen-browser = { 102 url = "github:0xc000022070/zen-browser-flake"; 103 inputs = { 104 nixpkgs.follows = "nixpkgs"; 105 home-manager.follows = "home-manager"; 106 }; 107 }; 108 firefox-addons = { 109 url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; 110 inputs.nixpkgs.follows = "nixpkgs"; 111 }; 112 113 # nix-ld 114 nix-ld = { 115 url = "github:Mic92/nix-ld"; 116 inputs.nixpkgs.follows = "nixpkgs"; 117 }; 118 119 # agenix and friends for SecretOps 120 agenix = { 121 url = "github:ryantm/agenix"; 122 inputs.nixpkgs.follows = "nixpkgs"; 123 inputs.systems.follows = "systems"; 124 }; 125 agenix-rekey = { 126 url = "github:oddlama/agenix-rekey"; 127 # Make sure to override the nixpkgs version to follow your flake, 128 # otherwise derivation paths can mismatch (when using storageMode = "derivation"), 129 # resulting in the rekeyed secrets not being found! 130 inputs.nixpkgs.follows = "nixpkgs"; 131 }; 132 133 chaotic = { 134 url = "https://flakehub.com/f/chaotic-cx/nyx/*.tar.gz"; 135 inputs = { 136 nixpkgs.follows = "nixpkgs"; 137 }; 138 }; 139 140 llm-agents = { 141 url = "github:numtide/llm-agents.nix"; 142 inputs.nixpkgs.follows = "nixpkgs"; 143 }; 144 }; 145 outputs = 146 inputs@{ 147 self, 148 nixpkgs, 149 home-manager, 150 nixos-hardware, 151 determinate, 152 vscode-server, 153 nix-ld, 154 flake-utils, 155 systems, 156 nixos-generators, 157 lib, 158 zen-browser, 159 nix4vscode, 160 firefox-addons, 161 agenix, 162 agenix-rekey, 163 chaotic, 164 llm-agents, 165 }: 166 let 167 dev-pkgs = import ./pkgs; 168 169 # Reusable overlay function for any system 170 overlayFor = system: final: prev: { 171 coolify-compose = prev.callPackage ./pkgs/coolify-compose.nix { }; 172 detect-vscode-for-git = prev.callPackage ./pkgs/detect-vscode-for-git.nix { }; 173 ssh-agent-loader = prev.callPackage ./pkgs/ssh-agent-loader.nix { }; 174 }; 175 in 176 flake-utils.lib.eachDefaultSystem ( 177 system: 178 let 179 pkgs = import nixpkgs { 180 inherit system; 181 overlays = [ 182 agenix-rekey.overlays.default 183 llm-agents.overlays.default 184 ]; 185 }; 186 in 187 { 188 # Packages for this system 189 packages = { 190 coolify-compose = pkgs.callPackage ./pkgs/coolify-compose.nix { }; 191 detect-vscode-for-git = pkgs.callPackage ./pkgs/detect-vscode-for-git.nix { }; 192 ssh-agent-loader = pkgs.callPackage ./pkgs/ssh-agent-loader.nix { }; 193 194 # Optionally make one the default to support `nix profile add .#` 195 default = pkgs.callPackage ./pkgs/coolify-compose.nix { }; 196 197 live-cd = 198 (nixpkgs.lib.nixosSystem { 199 inherit system; 200 modules = [ 201 nix-ld.nixosModules.nix-ld 202 determinate.nixosModules.default 203 home-manager.nixosModules.home-manager 204 vscode-server.nixosModules.default 205 chaotic.nixosModules.default 206 ./hosts/live-cd/kde-plasma.nix 207 ]; 208 specialArgs = { 209 inherit 210 self 211 nixpkgs 212 home-manager 213 nixos-hardware 214 determinate 215 vscode-server 216 nix-ld 217 flake-utils 218 systems 219 nixos-generators 220 zen-browser 221 nix4vscode 222 firefox-addons 223 agenix 224 agenix-rekey 225 chaotic 226 llm-agents 227 dev-pkgs 228 ; 229 }; 230 }).config.system.build.isoImage; 231 }; 232 233 devShells.default = pkgs.mkShell { 234 packages = with pkgs; [ 235 agenix-rekey 236 gitFull 237 nano 238 nixfmt-tree 239 nixfmt 240 nil 241 nixd 242 ]; 243 }; 244 245 # If you want app-style outputs, you can also define apps here: 246 # apps.default = { 247 # type = "app"; 248 # program = "${self.packages.${system}.coolify-compose}/bin/coolify-compose"; 249 # }; 250 251 # Keep nixosConfigurations and homeConfigurations outside of eachDefaultSystem 252 # or gate them by `system` if needed; shown below outside the lambda. 253 } 254 ) 255 // { 256 # Top-level overlays for downstream consumers 257 overlays = { 258 # System-aware default overlay that works regardless of the system 259 default = 260 final: prev: 261 let 262 sys = final.system or prev.stdenv.system or "x86_64-linux"; 263 in 264 (overlayFor sys) final prev; 265 266 # Per-system overlays for compatibility 267 x86_64-linux = overlayFor "x86_64-linux"; 268 aarch64-linux = overlayFor "aarch64-linux"; 269 x86_64-darwin = overlayFor "x86_64-darwin"; 270 aarch64-darwin = overlayFor "aarch64-darwin"; 271 }; 272 273 nixosConfigurations = { 274 recoverykit-amd64 = nixpkgs.lib.nixosSystem { 275 system = "x86_64-linux"; 276 modules = [ 277 # nix flake modules first 278 nix-ld.nixosModules.nix-ld 279 determinate.nixosModules.default 280 home-manager.nixosModules.home-manager 281 vscode-server.nixosModules.default 282 283 # and then the configs 284 ./shared/meta.nix 285 ./hosts/recoverykit/configuration.nix 286 "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" 287 ]; 288 289 specialArgs = { 290 inherit 291 self 292 nixpkgs 293 home-manager 294 nixos-hardware 295 determinate 296 vscode-server 297 nix-ld 298 flake-utils 299 systems 300 nixos-generators 301 zen-browser 302 nix4vscode 303 firefox-addons 304 agenix 305 agenix-rekey 306 chaotic 307 llm-agents 308 dev-pkgs 309 ; 310 }; 311 }; 312 313 portable-amd64-256gb = nixpkgs.lib.nixosSystem { 314 system = "x86_64-linux"; 315 modules = [ 316 # nix flake modules first 317 nix-ld.nixosModules.nix-ld 318 determinate.nixosModules.default 319 home-manager.nixosModules.home-manager 320 vscode-server.nixosModules.default 321 agenix.nixosModules.default 322 agenix-rekey.nixosModules.default 323 324 # and then the configs 325 ./shared/meta.nix 326 ./hosts/portable/amd64/configuration.nix 327 ]; 328 329 specialArgs = { 330 inherit 331 self 332 nixpkgs 333 home-manager 334 nixos-hardware 335 determinate 336 vscode-server 337 nix-ld 338 flake-utils 339 systems 340 nixos-generators 341 zen-browser 342 nix4vscode 343 firefox-addons 344 agenix 345 agenix-rekey 346 chaotic 347 llm-agents 348 dev-pkgs 349 ; 350 }; 351 }; 352 353 lairland = nixpkgs.lib.nixosSystem { 354 system = "x86_64-linux"; 355 modules = [ 356 # nix flake modules first 357 nix-ld.nixosModules.nix-ld 358 determinate.nixosModules.default 359 home-manager.nixosModules.home-manager 360 agenix.nixosModules.default 361 agenix-rekey.nixosModules.default 362 vscode-server.nixosModules.default 363 chaotic.nixosModules.default 364 365 # and then the configs 366 ./shared/meta.nix 367 ./hosts/lairland/configuration.nix 368 ]; 369 370 specialArgs = { 371 inherit 372 self 373 nixpkgs 374 home-manager 375 nixos-hardware 376 determinate 377 vscode-server 378 nix-ld 379 flake-utils 380 systems 381 nixos-generators 382 zen-browser 383 nix4vscode 384 firefox-addons 385 agenix 386 agenix-rekey 387 chaotic 388 llm-agents 389 dev-pkgs 390 ; 391 }; 392 }; 393 394 stellapent-cier = nixpkgs.lib.nixosSystem { 395 # for some reason, zen-browser needs to be imported before nixos-hardware 396 # otherwise, it fails to build with some missing dependencies 397 system = "x86_64-linux"; 398 modules = [ 399 nix-ld.nixosModules.nix-ld 400 determinate.nixosModules.default 401 home-manager.nixosModules.home-manager 402 agenix.nixosModules.default 403 agenix-rekey.nixosModules.default 404 vscode-server.nixosModules.default 405 chaotic.nixosModules.default 406 ./shared/meta.nix 407 ./hosts/stellapent-cier/configuration.nix 408 ]; 409 specialArgs = { 410 inherit 411 self 412 nixpkgs 413 home-manager 414 nixos-hardware 415 determinate 416 vscode-server 417 nix-ld 418 flake-utils 419 systems 420 nixos-generators 421 zen-browser 422 nix4vscode 423 firefox-addons 424 agenix 425 agenix-rekey 426 chaotic 427 llm-agents 428 dev-pkgs 429 ; 430 }; 431 }; 432 433 live-cd-minimal = nixpkgs.lib.nixosSystem { 434 system = "x86_64-linux"; 435 modules = [ 436 nix-ld.nixosModules.nix-ld 437 determinate.nixosModules.default 438 home-manager.nixosModules.home-manager 439 vscode-server.nixosModules.default 440 chaotic.nixosModules.default 441 ./hosts/live-cd/base.nix 442 ]; 443 specialArgs = { 444 inherit 445 self 446 nixpkgs 447 home-manager 448 nixos-hardware 449 determinate 450 vscode-server 451 nix-ld 452 flake-utils 453 systems 454 nixos-generators 455 zen-browser 456 nix4vscode 457 firefox-addons 458 agenix 459 agenix-rekey 460 chaotic 461 llm-agents 462 dev-pkgs 463 ; 464 }; 465 }; 466 467 live-cd-graphical = nixpkgs.lib.nixosSystem { 468 system = "x86_64-linux"; 469 modules = [ 470 nix-ld.nixosModules.nix-ld 471 determinate.nixosModules.default 472 home-manager.nixosModules.home-manager 473 vscode-server.nixosModules.default 474 chaotic.nixosModules.default 475 ./hosts/live-cd/kde-plasma.nix 476 ]; 477 specialArgs = { 478 inherit 479 self 480 nixpkgs 481 home-manager 482 nixos-hardware 483 determinate 484 vscode-server 485 nix-ld 486 flake-utils 487 systems 488 nixos-generators 489 zen-browser 490 nix4vscode 491 firefox-addons 492 agenix 493 agenix-rekey 494 chaotic 495 llm-agents 496 dev-pkgs 497 ; 498 }; 499 }; 500 }; 501 homeConfigurations = { 502 # Usage 503 # - From GitHub: 504 # nix run home-manager/master -- switch --flake github:andreijiroh-dev/nixops-config#stellapent-cier 505 # - Locally: 506 # nix run home-manager/master -- switch --flake .#stellapent-cier 507 stellapent-cier = home-manager.lib.homeManagerConfiguration { 508 inherit lib; 509 pkgs = nixpkgs.legacyPackages.x86_64-linux; 510 extraSpecialArgs = { 511 inherit 512 self 513 nixpkgs 514 home-manager 515 nixos-hardware 516 determinate 517 vscode-server 518 nix-ld 519 flake-utils 520 systems 521 nixos-generators 522 zen-browser 523 nix4vscode 524 firefox-addons 525 agenix 526 agenix-rekey 527 chaotic 528 llm-agents 529 dev-pkgs 530 ; 531 }; 532 modules = [ 533 { 534 nixpkgs = { 535 overlays = [ 536 self.overlays.default 537 nix4vscode.overlays.default 538 ]; 539 config = { 540 allowUnfree = true; 541 # https://github.com/nix-community/home-manager/issues/2942 542 allowUnfreePredicate = (_: true); 543 }; 544 }; 545 } 546 zen-browser.homeModules.beta 547 chaotic.homeManagerModules.default 548 ./shared/home-manager/main.nix 549 { 550 home = { 551 username = "gildedguy"; 552 homeDirectory = "/home/gildedguy"; 553 }; 554 } 555 ]; 556 }; 557 558 # Usage 559 # - From GitHub: 560 # nix run home-manager/master -- switch --flake github:andreijiroh-dev/nixops-config#plain 561 # - Locally: 562 # nix run home-manager/master -- switch --flake .#plain 563 plain = home-manager.lib.homeManagerConfiguration { 564 pkgs = nixpkgs.legacyPackages.x86_64-linux; 565 extraSpecialArgs = { 566 inherit 567 self 568 nixpkgs 569 home-manager 570 nixos-hardware 571 determinate 572 vscode-server 573 nix-ld 574 flake-utils 575 systems 576 nixos-generators 577 zen-browser 578 nix4vscode 579 firefox-addons 580 agenix 581 agenix-rekey 582 chaotic 583 llm-agents 584 dev-pkgs 585 ; 586 }; 587 modules = [ 588 { 589 nixpkgs = { 590 overlays = [ 591 self.overlays.default 592 nix4vscode.overlays.default 593 llm-agents.overlays.default 594 ]; 595 config = { 596 allowUnfree = true; 597 # https://github.com/nix-community/home-manager/issues/2942 598 allowUnfreePredicate = (_: true); 599 }; 600 }; 601 } 602 zen-browser.homeModules.beta 603 chaotic.homeManagerModules.default 604 ./shared/home-manager/nogui.nix 605 { 606 home.username = "ajhalili2006"; 607 home.homeDirectory = "/home/ajhalili2006"; 608 } 609 ]; 610 }; 611 612 # Usage 613 # - From GitHub: 614 # nix run home-manager/master -- switch --flake github:andreijiroh-dev/nixops-config#arm64-plain 615 # - Locally: 616 # nix run home-manager/master -- switch --flake .#arm64-plain 617 arm64-plain = home-manager.lib.homeManagerConfiguration { 618 pkgs = nixpkgs.legacyPackages.aarch64-linux; 619 extraSpecialArgs = { 620 inherit 621 self 622 nixpkgs 623 home-manager 624 nixos-hardware 625 determinate 626 vscode-server 627 nix-ld 628 flake-utils 629 systems 630 nixos-generators 631 zen-browser 632 nix4vscode 633 firefox-addons 634 agenix 635 agenix-rekey 636 chaotic 637 llm-agents 638 dev-pkgs 639 ; 640 }; 641 modules = [ 642 { 643 nixpkgs = { 644 overlays = [ 645 self.overlays.default 646 nix4vscode.overlays.default 647 llm-agents.overlays.default 648 ]; 649 config = { 650 allowUnfree = true; 651 # https://github.com/nix-community/home-manager/issues/2942 652 allowUnfreePredicate = (_: true); 653 }; 654 }; 655 } 656 zen-browser.homeModules.beta 657 chaotic.homeManagerModules.default 658 ./shared/home-manager/nogui.nix 659 { 660 home.username = "ajhalili2006"; 661 home.homeDirectory = "/home/ajhalili2006"; 662 } 663 ]; 664 }; 665 }; 666 667 # Expose the necessary information in your flake so agenix-rekey 668 # knows where it has to look for secrets and paths. 669 # 670 # Make sure that the pkgs passed here comes from the same nixpkgs version as 671 # the pkgs used on your hosts in `nixosConfigurations`/`darwinConfigurations`, otherwise the rekeyed 672 # derivations will not be found! 673 agenix-rekey = agenix-rekey.configure { 674 userFlake = self; 675 nixosConfigurations = self.nixosConfigurations; 676 darwinConfigurations = self.darwinConfigurations or { }; 677 # Example for colmena: 678 # nixosConfigurations = ((colmena.lib.makeHive self.colmena).introspect (x: x)).nodes; 679 }; 680 681 # This is for external users who want to reproduce my configs as needed 682 exportedConfigs = { 683 meta = ./shared/meta.nix; 684 base = { 685 sshKeys = ./shared/ssh-keys.nix; 686 hostsFile = ./shared/hosts-file.nix; 687 systemd = ./shared/systemd.nix; 688 networking = ./shared/networking.nix; 689 locale = ./shared/locale.nix; 690 gnupg = ./shared/gnupg.nix; 691 metaConfigs = ./shared/nix.nix; 692 shells = { 693 bash = ./shared/shells/bash.nix; 694 customPrompts = ./shared/shells/custom-prompts.nix; 695 }; 696 }; 697 desktop = { 698 kdePlasma = ./shared/desktop/kde-plasma.nix; 699 base = ./shared/desktop/base.nix; 700 flatpak = ./shared/desktop/flatpak.nix; 701 _1password = ./shared/desktop/1password.nix; 702 }; 703 server = { 704 devenv = ./shared/server/devenv.nix; 705 ssh = ./shared/server/ssh.nix; 706 firewall = ./shared/server/firewall.nix; 707 tailscale = ./shared/server/tailscale.nix; 708 cockpit = ./shared/server/cockpit.nix; 709 }; 710 }; 711 }; 712}