diff --git a/common/default.nix b/common/default.nix index 70b097b..8ead024 100644 --- a/common/default.nix +++ b/common/default.nix @@ -1,6 +1,5 @@ { lib, inputs, pkgs, ... }: { imports = [ - inputs.home-manager.nixosModules.home-manager ./users ./modules ]; diff --git a/flake.lock b/flake.lock index 27801f6..5041902 100644 --- a/flake.lock +++ b/flake.lock @@ -50,11 +50,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1702969472, - "narHash": "sha256-IJP9sC+/gLUdWhm6TsnWpw6A1zQWUfn53ym63KeLXvU=", + "lastModified": 1704159259, + "narHash": "sha256-OOEFibN9JQBepVeqxSNSBr6JUmdoZiH263ogms2jk0k=", "owner": "zhaofengli", "repo": "attic", - "rev": "bdafd64910bb2b861cf90fa15f1fc93318b6fbf6", + "rev": "e6bedf1869f382cfc51b69848d6e09d51585ead6", "type": "github" }, "original": { @@ -254,11 +254,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1704204809, - "narHash": "sha256-O76nB41RyfedpCfcO4GU5i2Ng7ZUMbZnF+Ceq0e8LIs=", + "lastModified": 1704207610, + "narHash": "sha256-goAc0arC/A0Pthz+bNsXzJcaqsNY7s5LcTp2WAtduCo=", "owner": "jdonszelmann", "repo": "essentials", - "rev": "8209683dc3c5edd747efccd187f512771d8f3a0c", + "rev": "229d7c8793968a319b6968c6fa06b20c393d1d12", "type": "github" }, "original": { @@ -495,6 +495,25 @@ "type": "github" } }, + "flake-utils-plus": { + "inputs": { + "flake-utils": "flake-utils_4" + }, + "locked": { + "lastModified": 1696281284, + "narHash": "sha256-xcmtTmoiiAOSk4abifbtqVZk0iwBcqJfg47iUbkwhcE=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "6cf1e312fb259693c4930d07ca3cbe1d07ef4a48", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "ref": "v1.4.0", + "repo": "flake-utils-plus", + "type": "github" + } + }, "flake-utils-pre-commit": { "locked": { "lastModified": 1644229661, @@ -511,8 +530,22 @@ } }, "flake-utils_10": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "id": "flake-utils", + "type": "indirect" + } + }, + "flake-utils_11": { "inputs": { - "systems": "systems_10" + "systems": "systems_11" }, "locked": { "lastModified": 1681202837, @@ -565,24 +598,6 @@ "inputs": { "systems": "systems_4" }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { - "inputs": { - "systems": "systems_5" - }, "locked": { "lastModified": 1694529238, "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", @@ -597,9 +612,9 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_5": { "inputs": { - "systems": "systems_6" + "systems": "systems_5" }, "locked": { "lastModified": 1701680307, @@ -615,6 +630,24 @@ "type": "github" } }, + "flake-utils_6": { + "inputs": { + "systems": "systems_6" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flake-utils_7": { "inputs": { "systems": "systems_7" @@ -637,6 +670,24 @@ "inputs": { "systems": "systems_8" }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_9": { + "inputs": { + "systems": "systems_9" + }, "locked": { "lastModified": 1685518550, "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", @@ -651,20 +702,6 @@ "type": "github" } }, - "flake-utils_9": { - "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", - "type": "github" - }, - "original": { - "id": "flake-utils", - "type": "indirect" - } - }, "flakeCompat": { "flake": false, "locked": { @@ -743,7 +780,7 @@ }, "gnome-autounlock-keyring": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "nixpkgs": "nixpkgs_6" }, "locked": { @@ -783,11 +820,11 @@ ] }, "locked": { - "lastModified": 1703838268, - "narHash": "sha256-SRg5nXcdPnrsQR2MTAp7en0NyJnQ2wB1ivmsgEbvN+o=", + "lastModified": 1704276313, + "narHash": "sha256-4eD4RaAKHLj0ztw5pQcNFs3hGpxrsYb0e9Qir+Ute+w=", "owner": "nix-community", "repo": "home-manager", - "rev": "2aff324cf65f5f98f89d878c056b779466b17db8", + "rev": "4d8f90205c6c90be2e81d94d0e5eedf71c1ba34e", "type": "github" }, "original": { @@ -801,7 +838,7 @@ "crane": "crane_2", "flake-compat": "flake-compat_5", "flake-parts": "flake-parts", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_6", "nixpkgs": [ "nixpkgs" ], @@ -809,11 +846,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1703712542, - "narHash": "sha256-317EoHaQ5OwRLEjwjQUY57FpLDl75kEBbrohH7zbfRQ=", + "lastModified": 1704230057, + "narHash": "sha256-YTkPHIM/RF1WtWqRAxlaE2lqvzEBa58SZzQZB2sx4PY=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "7229dd85f98341520b02fd46662f38d0af511d6d", + "rev": "81f7a56f0ee6bb454284feeeb192df56e39d98d1", "type": "github" }, "original": { @@ -880,16 +917,16 @@ }, "microvm": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_7", "nixpkgs": "nixpkgs_7", "spectrum": "spectrum" }, "locked": { - "lastModified": 1703769051, - "narHash": "sha256-izOj8XRoHUXkWHpxznOaYHpj30J8/f3ynr7H6oYcNho=", + "lastModified": 1704120350, + "narHash": "sha256-s5BOPAnVc4e/4WvGDeeF3VSLAWzBUB+YW6fJb3pFbRw=", "owner": "astro", "repo": "microvm.nix", - "rev": "c39a472523d3c99ddfa88df62223a21b19793490", + "rev": "d5553b1388f2947915c4cec6249b89474046573a", "type": "github" }, "original": { @@ -1014,11 +1051,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1703879120, - "narHash": "sha256-oMJ5xtDswlBWxs0DT/aYKEUIhjEpGZJ9GbIxOclYP8I=", + "lastModified": 1704266875, + "narHash": "sha256-luA5SGmeIRZlgLfSLUuR3eacS63q2bJ0Yywqak5lj3E=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "22ae59fec26591ef72ce4ccb5538c42c5f090fe3", + "rev": "8e34f33464d77bea2d5cf7dc1066647b1ad2b324", "type": "github" }, "original": { @@ -1332,11 +1369,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1703637592, - "narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cfc3698c31b1fb9cdcf10f36c9643460264d0ca8", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", "type": "github" }, "original": { @@ -1347,11 +1384,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1703013332, - "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "lastModified": 1703637592, + "narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "rev": "cfc3698c31b1fb9cdcf10f36c9643460264d0ca8", "type": "github" }, "original": { @@ -1363,11 +1400,11 @@ }, "nixpkgs_stable": { "locked": { - "lastModified": 1703351344, - "narHash": "sha256-9FEelzftkE9UaJ5nqxidaJJPEhe9TPhbypLHmc2Mysc=", + "lastModified": 1704018918, + "narHash": "sha256-erjg/HrpC9liEfm7oLqb8GXCqsxaFwIIPqCsknW5aFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7790e078f8979a9fcd543f9a47427eeaba38f268", + "rev": "2c9c58e98243930f8cb70387934daa4bc8b00373", "type": "github" }, "original": { @@ -1378,16 +1415,16 @@ }, "nixvim": { "inputs": { - "flake-utils": "flake-utils_7", + "flake-utils": "flake-utils_8", "nixpkgs": "nixpkgs_9", "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1703859882, - "narHash": "sha256-wRXgap0eEuswF9xXUKDiWBh0tKuJ9vtmlJZ4iAX3K/E=", + "lastModified": 1704263922, + "narHash": "sha256-/H3ZUsqTP+mh7G4fL8fYIP/WZfXH6ohVid8OfZ15RuQ=", "owner": "pta2002", "repo": "nixvim", - "rev": "1d8e7906c9606c956c6b40d8d088c8d2110dc0c0", + "rev": "78276e91bb4861564f2241c842cf1fce1a06e563", "type": "github" }, "original": { @@ -1398,11 +1435,11 @@ }, "nur": { "locked": { - "lastModified": 1703938048, - "narHash": "sha256-df8Lwe4k6QiyucOyZV0s6eoy6y7m2g4+/dOpEyYrZGU=", + "lastModified": 1704279261, + "narHash": "sha256-0A0MZ6mC/uQmX0qY0Rtwh4UsepkKktv+hwo/U53MBSw=", "owner": "nix-community", "repo": "NUR", - "rev": "ae6fb319f88d5a995cb8dc4502c2d81c5fc1e578", + "rev": "bf390c044dfeeb7471fc931f5953c723028ce0fe", "type": "github" }, "original": { @@ -1431,7 +1468,7 @@ "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat_7", - "flake-utils": "flake-utils_8", + "flake-utils": "flake-utils_9", "gitignore": "gitignore_2", "nixpkgs": [ "nixvim", @@ -1440,11 +1477,11 @@ "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { - "lastModified": 1702456155, - "narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=", + "lastModified": 1703426812, + "narHash": "sha256-aODSOH8Og8ne4JylPJn+hZ6lyv6K7vE5jFo4KAGIebM=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "007a45d064c1c32d04e1b8a0de5ef00984c419bc", + "rev": "7f35ec30d16b38fe0eed8005933f418d1a4693ee", "type": "github" }, "original": { @@ -1538,6 +1575,7 @@ "comma": "comma", "deploy": "deploy", "essentials": "essentials", + "flake-utils-plus": "flake-utils-plus", "gnome-autounlock-keyring": "gnome-autounlock-keyring", "home-manager": "home-manager", "lanzaboote": "lanzaboote", @@ -1676,6 +1714,21 @@ "type": "github" } }, + "systems_11": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1849,7 +1902,7 @@ }, "utils_4": { "inputs": { - "systems": "systems_9" + "systems": "systems_10" }, "locked": { "lastModified": 1694529238, @@ -1868,7 +1921,7 @@ "vault-secrets": { "inputs": { "flake-compat": "flake-compat_8", - "flake-utils": "flake-utils_9", + "flake-utils": "flake-utils_10", "nix": "nix", "nixpkgs": "nixpkgs_12", "utils": "utils_4" @@ -1889,7 +1942,7 @@ }, "vault-unseal": { "inputs": { - "flake-utils": "flake-utils_10", + "flake-utils": "flake-utils_11", "nixpkgs": "nixpkgs_13" }, "locked": { diff --git a/flake.nix b/flake.nix index 386a4e6..566d167 100644 --- a/flake.nix +++ b/flake.nix @@ -7,6 +7,9 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; nixpkgs_stable.url = "nixpkgs/nixos-23.05"; + + flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.4.0"; + nur.url = "github:nix-community/NUR"; colmena.url = "github:zhaofengli/colmena"; deploy.url = "github:serokell/deploy-rs"; @@ -50,45 +53,45 @@ essentials.url = "github:jdonszelmann/essentials"; }; - outputs = { self, nixpkgs, nixpkgs_stable, vault-secrets, colmena, nur, attic - , deploy, ... }@inputs: + outputs = { self, nixpkgs, nixpkgs_stable, flake-utils-plus, nur, attic + , deploy, home-manager, ... }@inputs: let - inherit (nixpkgs) lib; + # fast-repl = pkgs.writeShellScriptBin "fast-repl" '' + # source /etc/set-environment + # nix repl --file "${./.}/repl.nix" $@ + # ''; - system = "x86_64-linux"; + pkgs = self.pkgs.x86_64-linux.nixpkgs; + in flake-utils-plus.lib.mkFlake { + # `self` and `inputs` arguments are required + inherit self inputs; - pkgs = import nixpkgs { - inherit system; - config.allowUnfree = true; - overlays = [ (import ./nixos/pkgs) vault-secrets.overlay nur.overlay ]; + # Supported systems, used for packages, apps, devShell and multiple other definitions. Defaults to `flake-utils.lib.defaultSystems`. + supportedSystems = [ "x86_64-linux" ]; + + # Channels config + channelsConfig = { allowUnfree = true; }; + sharedOverlays = [ (import ./nixos/pkgs) nur.overlay ]; + + # host defaults + hostDefaults = { + system = "x86_64-linux"; + modules = [ + home-manager.nixosModules.home-manager + ./common + ]; + extraArgs = { inherit inputs; }; }; - pkgs_stable = import nixpkgs_stable { - inherit system; - config.allowUnfree = true; - }; - - # Script to apply local colmena deployments - apply-local = pkgs.writeShellScriptBin "apply-local" '' - "${ - colmena.packages.${system}.colmena - }"/bin/colmena apply-local --sudo $@ - ''; - - fast-repl = pkgs.writeShellScriptBin "fast-repl" '' - source /etc/set-environment - nix repl --file "${./.}/repl.nix" $@ - ''; - in { - nixosConfigurations."bastion.olympus" = lib.nixosSystem { - inherit system pkgs; - specialArgs = { inherit inputs; }; - modules = [ ./common ./common/generic-vm.nix ./hosts/olympus/bastion ]; + # hosts + + hosts."bastion.olympus" = { + modules = [ ./common/generic-vm.nix ./hosts/olympus/bastion ]; }; + # deploy-rs deploy = { user = "root"; - nodes."bastion.olympus" = { hostname = "olympus.0x76.dev"; fastConnection = true; @@ -102,29 +105,35 @@ }; }; + # Outputs + outputsBuilder = channels: { + devShell = channels.nixpkgs.mkShell { + name = "devShell"; + VAULT_ADDR = "http://vault.olympus:8200/"; + packages = with pkgs; [ + attic.packages.${pkgs.system}.attic + # apply-local + deploy.packages.${system}.deploy-rs + deadnix + statix + # nixfmt + # nixpkgs-fmt + nixUnstable + # nil + vault + yamllint + jq + # (vault-push-approle-envs self { }) + # (vault-push-approles self { }) + # fast-repl + fup-repl + ]; + }; + }; + + # Checks checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib; - - # Use by running `nix develop` - devShells.${system}.default = pkgs.mkShell { - VAULT_ADDR = "http://vault.olympus:8200/"; - packages = with pkgs; [ - attic.packages.${pkgs.system}.attic - apply-local - deploy.packages.${system}.deploy-rs - deadnix - statix - # nixfmt - # nixpkgs-fmt - nixUnstable - # nil - vault - yamllint - jq - # (vault-push-approle-envs self { }) - # (vault-push-approles self { }) - fast-repl - ]; - }; }; + }