From 236d96e292014b28d35ed0e7f2010c6cbd088c68 Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Mon, 8 Dec 2025 16:10:41 +0100 Subject: [PATCH] updat(flake): lots of comments for documentation --- flake.nix | 271 +++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 206 insertions(+), 65 deletions(-) diff --git a/flake.nix b/flake.nix index 45050f4..317633c 100644 --- a/flake.nix +++ b/flake.nix @@ -1,48 +1,90 @@ { + # ============================================================================== + # FLAKE DESCRIPTION + # ============================================================================== + # Main flake that defines bertof's system configurations description = "bertof's system configuration"; + # ============================================================================== + # INPUTS - EXTERNAL DEPENDENCIES + # ============================================================================== inputs = { + # Backward compatibility for non-flake systems flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; + + # Nixpkgs channels + # Stable channel (release 25.05) for production systems nixpkgs-s.url = "github:NixOS/nixpkgs/release-25.05"; + # Unstable channel for development and latest packages nixpkgs-u.url = "github:NixOS/nixpkgs/nixos-unstable"; + # Default to unstable for most packages nixpkgs.follows = "nixpkgs-u"; + + # Home Manager for user-level configuration + # Stable version aligned with stable nixpkgs home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs-s"; }; - home-manager-u = { url = "github:nix-community/home-manager"; inputs = { nixpkgs.follows = "nixpkgs-u"; }; }; - # agenix.url = "github:ryantm/agenix"; + # Unstable version aligned with unstable nixpkgs + home-manager-u = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs-u"; }; + + # Secret management - using ragenix as alternative to agenix + # agenix.url = "github:ryantm/agenix"; # Original agenix (commented out) ragenix = { url = "github:yaxitech/ragenix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # Desktop environment theming and rice configuration nix-rice = { url = "github:bertof/nix-rice/modules"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # Generate NixOS system images (ISO, VM, etc.) nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # Hardware-specific configurations for various devices nixos-hardware.url = "github:NixOS/nixos-hardware"; + # Package index for discovering nixpkgs packages nix-index-database.url = "github:nix-community/nix-index-database"; nix-index-database.inputs.nixpkgs.follows = "nixpkgs-u"; + # Support for multiple system architectures systems.url = "github:nix-systems/default"; + + # Flake parts for modular flake structure flake-parts.url = "github:hercules-ci/flake-parts"; + + # Git pre-commit hooks for code quality git-hooks = { url = "github:cachix/git-hooks.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # TODO: Additional tools to evaluate # agenix-shell.url = "github:aciceri/agenix-shell"; # TODO # agenix-rekey.url = "github:oddlama/agenix-rekey"; # TODO # emanote.url = "github:srid/emanote"; }; + # ============================================================================== + # OUTPUTS - MAIN FLAKE DEFINITION + # ============================================================================== outputs = { self, ... }@inputs: + # Common Nix configuration for all systems let nix-config = { - allowUnfree = true; - extraOptions = "experimental-features = nix-command flakes"; - permittedInsecurePackages = [ ]; + allowUnfree = true; # Allow proprietary packages + extraOptions = "experimental-features = nix-command flakes"; # Enable experimental features + permittedInsecurePackages = [ ]; # No insecure packages allowed }; in + # Use flake-parts for modular structure inputs.flake-parts.lib.mkFlake { inherit inputs; } { + # Support all systems defined in inputs.systems systems = import inputs.systems; imports = [ inputs.git-hooks.flakeModule ]; + + # Per-system configuration (applies to each system independently) perSystem = { config, pkgs, system, ... }: { + # Import nixpkgs with custom configuration _module.args.pkgs = import inputs.nixpkgs { inherit system; config = nix-config; @@ -52,20 +94,25 @@ ]; }; + # Pre-commit hooks configuration pre-commit.settings.hooks = { - deadnix.enable = true; - nixpkgs-fmt.enable = true; - statix.enable = true; + deadnix.enable = true; # Remove dead code from Nix expressions + nixpkgs-fmt.enable = true; # Format Nix code + statix.enable = true; # Lint Nix code for best practices }; + # Default development shell devShells.default = pkgs.mkShellNoCC { - inputsFrom = [ config.pre-commit.devShell ]; - LOCAL_KEY = "/etc/nix/key"; + inputsFrom = [ config.pre-commit.devShell ]; # Include pre-commit tools + LOCAL_KEY = "/etc/nix/key"; # Local signing key path }; + # Code formatter formatter = pkgs.nixpkgs-fmt; + # Package definitions packages = { + # Export custom packages inherit (pkgs) goose-cli @@ -75,31 +122,39 @@ wl-update-background ; - # Installer ISO + # ==================================================================== + # SYSTEM IMAGES FOR DEPLOYMENT + # ==================================================================== + + # Installer ISO for bootstrapping new systems install-iso = inputs.nixos-generators.nixosGenerate { inherit system; modules = [ self.nixosModules.installerModules ]; format = "install-iso"; }; - # RAW base image + + # RAW base image for container/virtualization platforms raw-base-image = inputs.nixos-generators.nixosGenerate { inherit system; modules = [ self.nixosModules.installerModules ]; format = "raw-efi"; }; - # VMDK base image + + # VMDK base image for VMware platforms vmdk-base-image = inputs.nixos-generators.nixosGenerate { system = "x86_64-linux"; modules = [ self.nixosModules.installerModules ]; format = "vmware"; }; - # Aarch64 base image + + # Aarch64 base image for ARM64 systems (e.g., Raspberry Pi) aarch64-base-image = inputs.nixos-generators.nixosGenerate { system = "aarch64-linux"; modules = [ self.nixosModules.installerModules ]; format = "sd-aarch64"; }; - # Installer DigitalOcean + + # DigitalOcean custom image do-image = inputs.nixos-generators.nixosGenerate { inherit system; modules = [ self.nixosModules.installerModules ]; @@ -108,10 +163,17 @@ }; }; + # ======================================================================== + # FLAKE OUTPUTS - SHARED RESOURCES + # ======================================================================== flake = { + # ==================================================================== + # OVERLAYS - CUSTOM PACKAGE OVERRIDES + # ==================================================================== overlays = { default = inputs.self.overlays.packages; + # Custom packages defined in this repository packages = self: _super: { keyboard-switch = self.callPackage ./pkgs/keyboard-switch { }; wl-clipedit = self.callPackage ./pkgs/wl-clipedit { }; @@ -119,10 +181,17 @@ wl-update-background = self.callPackage ./pkgs/wl-update-background { }; }; + # Overrides for existing packages overrides = _self: super: { - google-chrome = super.google-chrome.override { commandLineArgs = [ "--password-store=gnome" "--force-dark-mode" ]; }; - brave = super.brave.override { commandLineArgs = "--ozone-platform=wayland --enable-features=UseOzonePlatform,WebRTCPipeWireCapturer"; }; + # Browser configurations with specific flags + google-chrome = super.google-chrome.override { + commandLineArgs = [ "--password-store=gnome" "--force-dark-mode" ]; + }; + brave = super.brave.override { + commandLineArgs = "--ozone-platform=wayland --enable-features=UseOzonePlatform,WebRTCPipeWireCapturer"; + }; + # Custom Home Assistant component (SmartIR) with patched codes smartir-zha = super.home-assistant-custom-components.smartir.overrideAttrs (_attr: rec { version = "04ac27e"; src = super.fetchFromGitHub { @@ -148,16 +217,24 @@ ''; }); - # can be removed when https://github.com/NixOS/nixpkgs/pull/389711 is merged + # libfprint override for compatibility (can be removed when PR merged) + # Reference: https://github.com/NixOS/nixpkgs/pull/389711 libfprint = super.libfprint.overrideAttrs (oldAttrs: { buildInputs = oldAttrs.buildInputs ++ [ super.nss ]; }); }; }; + # ==================================================================== + # NIXOS MODULES - REUSABLE CONFIGURATION MODULES + # ==================================================================== nixosModules = { + # Basic Nix configuration applied to all systems basic = { - nixpkgs = { config = nix-config; overlays = [ inputs.self.overlays.packages inputs.self.overlays.overrides ]; }; + nixpkgs = { + config = nix-config; + overlays = [ inputs.self.overlays.packages inputs.self.overlays.overrides ]; + }; nix = { inherit (nix-config) extraOptions; registry = { @@ -167,74 +244,82 @@ }; }; + # Common modules applied to most systems commonModules = { imports = [ # Nix configuration self.nixosModules.basic - # Nix rice + # Nix rice (theming configuration) inputs.nix-rice.modules.default ./nixos/rice.nix - # (R)Agenix configuration + # Secret management with ragenix inputs.ragenix.nixosModules.default - # inputs.agenix.nixosModules.default + # inputs.agenix.nixosModules.default # Alternative (commented out) - # Users - # { services.userborn.enable = true; } + # User configurations + # { services.userborn.enable = true; } # User creation service (commented out) self.nixosModules.bertof - # Some basic defaults + # Basic system defaults ./nixos/basics ]; }; + # Home Manager configuration module homeManagerModules = { home-manager = { - useGlobalPkgs = true; - useUserPackages = true; + useGlobalPkgs = true; # Use system packages globally + useUserPackages = true; # Install packages to user profile extraSpecialArgs = { - stable = inputs.nixpkgs-s; - unstable = inputs.nixpkgs-u; + stable = inputs.nixpkgs-s; # Pass stable channel to home-manager + unstable = inputs.nixpkgs-u; # Pass unstable channel to home-manager }; }; }; + # Main modules for desktop setups mainModules = { imports = [ - inputs.nix-index-database.nixosModules.nix-index - ./nixos/pro_audio.nix - ./nixos/kdeconnect.nix - ./nixos/opentabletdriver.nix + inputs.nix-index-database.nixosModules.nix-index # Package index database + ./nixos/pro_audio.nix # Professional audio configuration + ./nixos/kdeconnect.nix # KDE connectivity + ./nixos/opentabletdriver.nix # Tablet driver - self.nixosModules.bertof-rclone + self.nixosModules.bertof-rclone # Rclone cloud storage for bertof - ./nixos/hyprland.nix + ./nixos/hyprland.nix # Hyprland window manager ]; - home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; - services.earlyoom.enable = true; + home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; # User-specific Hyprland config + services.earlyoom.enable = true; # Out of memory killer }; + # Installer modules for system bootstrapping installerModules = { imports = [ self.nixosModules.commonModules - # Home manager + # Home manager for installer inputs.home-manager-u.nixosModules.default self.nixosModules.homeManagerModules - ./nixos/installer.nix + ./nixos/installer.nix # Installer-specific configuration ]; }; + # User configuration: bertof bertof = { imports = [ ./nixos/users/bertof.nix ]; }; + # bertof with rclone cloud storage bertof-rclone = { imports = [ self.nixosModules.bertof ]; age.secrets.rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; home-manager.users.bertof.imports = [ ./hm/rclone-mount-bertof.nix ]; }; + # User configuration: tiziano tiziano = { imports = [ ./nixos/users/tiziano.nix ]; }; + # tiziano with rclone cloud storage tiziano-rclone = { imports = [ self.nixosModules.tiziano ]; age.secrets.rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; @@ -242,27 +327,39 @@ }; }; + # ==================================================================== + # NIXOS CONFIGURATIONS - SYSTEM DEFINITIONS + # ==================================================================== nixosConfigurations = { + # ================================================================== + # THOR - AMD Desktop System + # ================================================================== thor = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ + # Hardware-specific configurations inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-pc-ssd + # Home manager inputs.home-manager-u.nixosModules.default self.nixosModules.homeManagerModules + # Base and main modules self.nixosModules.commonModules self.nixosModules.mainModules + # Hardware and system-specific configuration ./instances/thor/hardware-configuration.nix ./instances/thor/configuration.nix - ./nixos/steam.nix - ./nixos/ollama.nix - ./nixos/ollama-ui.nix - ./nixos/garage.nix + # Additional services + ./nixos/steam.nix # Steam gaming platform + ./nixos/ollama.nix # AI/LLM service + ./nixos/ollama-ui.nix # Web UI for Ollama + ./nixos/garage.nix # Object storage service + # User-specific home manager configuration { home-manager.users.bertof.imports = [ inputs.nix-index-database.homeModules.nix-index @@ -272,27 +369,36 @@ ]; }; + # ================================================================== + # SIF - Intel Desktop System + # ================================================================== sif = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ + # Intel-specific hardware configurations inputs.nixos-hardware.nixosModules.common-cpu-intel-cpu-only inputs.nixos-hardware.nixosModules.common-gpu-intel-comet-lake inputs.nixos-hardware.nixosModules.common-pc-ssd + # Home manager inputs.home-manager-u.nixosModules.default self.nixosModules.homeManagerModules + # Base and main modules self.nixosModules.commonModules self.nixosModules.mainModules + # Hardware and system-specific configuration ./instances/sif/hardware-configuration.nix ./instances/sif/configuration.nix - ./nixos/steam.nix - ./nixos/ollama.nix - ./nixos/ollama-ui.nix - ./nixos/garage.nix + # Additional services + ./nixos/steam.nix # Steam gaming platform + ./nixos/ollama.nix # AI/LLM service + ./nixos/ollama-ui.nix # Web UI for Ollama + ./nixos/garage.nix # Object storage service + # User-specific home manager configuration { home-manager.users.bertof.imports = [ inputs.nix-index-database.homeModules.nix-index @@ -302,26 +408,35 @@ ]; }; + # ================================================================== + # ODIN - Intel Laptop/Server Hybrid + # ================================================================== odin = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ + # Intel laptop hardware configurations inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd + # Home manager inputs.home-manager-u.nixosModules.default self.nixosModules.homeManagerModules + # Base modules (server-focused) self.nixosModules.commonModules - ./nixos/server + ./nixos/server # Server configurations + # Hardware and system-specific configuration ./instances/odin/hardware-configuration.nix ./instances/odin/configuration.nix - ./nixos/ip_forwarding.nix - ./nixos/steam.nix - ./nixos/garage.nix + # Network and service configuration + ./nixos/ip_forwarding.nix # IP forwarding for routing + ./nixos/steam.nix # Steam gaming + ./nixos/garage.nix # Object storage + # Cloud storage for both users self.nixosModules.bertof-rclone self.nixosModules.tiziano-rclone { @@ -331,34 +446,44 @@ ]; }; + # ================================================================== + # HEIMDALL - AMD Server + # ================================================================== heimdall = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ + # AMD server hardware configurations inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-gpu-amd inputs.nixos-hardware.nixosModules.common-pc-ssd + # Home manager inputs.home-manager-u.nixosModules.default self.nixosModules.homeManagerModules + # Base modules (server-focused) self.nixosModules.commonModules - ./nixos/server + ./nixos/server # Server configurations + # Hardware and system-specific configuration ./instances/heimdall/hardware-configuration.nix ./instances/heimdall/configuration.nix - ./nixos/ip_forwarding.nix - ./nixos/torrentbox.nix - ./nixos/nextcloud.nix - ./nixos/immich.nix - ./nixos/forgejo.nix - ./nixos/garage.nix - ./nixos/ollama.nix + # Network and service configuration + ./nixos/ip_forwarding.nix # IP forwarding for routing + ./nixos/torrentbox.nix # Torrent/download service + ./nixos/nextcloud.nix # Cloud storage/file sync + ./nixos/immich.nix # Photo management service + ./nixos/forgejo.nix # Git hosting (Forgejo/Gitea fork) + ./nixos/garage.nix # Object storage service + ./nixos/ollama.nix # AI/LLM service + # Cloud storage and secrets self.nixosModules.bertof-rclone self.nixosModules.tiziano { home-manager.users.bertof = import ./instances/heimdall/hm.nix; + # GitLab Runner secrets for CI/CD age.secrets = { heimdall-gitlab-runner-nix.file = ./secrets/heimdall-gitlab-runner-nix.age; heimdall-gitlab-runner-docker-images.file = ./secrets/heimdall-gitlab-runner-docker-images.age; @@ -368,6 +493,10 @@ ]; }; + # ================================================================== + # FREYA - ARM64 System (Commented out) + # Raspberry Pi 4-based system (currently not used) + # ================================================================== # freya = inputs.nixpkgs.lib.nixosSystem { # system = "aarch64-linux"; # modules = [ @@ -386,26 +515,35 @@ # ]; # }; + # ================================================================== + # BALDUR - Intel Server + # ================================================================== baldur = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ + # Intel server hardware configurations inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-ssd + # Home manager inputs.home-manager-u.nixosModules.default self.nixosModules.homeManagerModules + # Base modules (server-focused) self.nixosModules.commonModules - ./nixos/server + ./nixos/server # Server configurations + # Hardware and system-specific configuration ./instances/baldur/hardware-configuration.nix ./instances/baldur/configuration.nix - ./nixos/ip_forwarding.nix - ./nixos/garage.nix - ./nixos/vaultwarden.nix - ./nixos/uptime-kuma.nix + # Network and service configuration + ./nixos/ip_forwarding.nix # IP forwarding for routing + ./nixos/garage.nix # Object storage service + ./nixos/vaultwarden.nix # Password manager (Bitwarden compatible) + ./nixos/uptime-kuma.nix # Uptime monitoring + # User configurations self.nixosModules.bertof self.nixosModules.tiziano { @@ -415,6 +553,10 @@ ]; }; + # ================================================================== + # LOKI - Intel System (Commented out) + # Additional system currently not configured + # ================================================================== # loki = inputs.nixpkgs.lib.nixosSystem { # system = "x86_64-linux"; # modules = [ @@ -437,4 +579,3 @@ }; }; } -