updat(flake): lots of comments for documentation

2025-12-08 16:10:41 +01:00 · 2025-12-08 16:10:41 +01:00 · 236d96e292
commit 236d96e292
parent d30a470294
1 changed files with 206 additions and 65 deletions
--- a/flake.nix
+++ b/flake.nix
@ -1,48 +1,90 @@
 {
  # ==============================================================================
  # FLAKE DESCRIPTION
  # ==============================================================================
  # Main flake that defines bertof's system configurations
  description = "bertof's system configuration";
  # ==============================================================================
  # INPUTS - EXTERNAL DEPENDENCIES
  # ==============================================================================
  inputs = {
    # Backward compatibility for non-flake systems
    flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
    # Nixpkgs channels
    # Stable channel (release 25.05) for production systems
    nixpkgs-s.url = "github:NixOS/nixpkgs/release-25.05";
    # Unstable channel for development and latest packages
    nixpkgs-u.url = "github:NixOS/nixpkgs/nixos-unstable";
    # Default to unstable for most packages
    nixpkgs.follows = "nixpkgs-u";
    # Home Manager for user-level configuration
    # Stable version aligned with stable nixpkgs
    home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs-s"; };
-    home-manager-u = { url = "github:nix-community/home-manager"; inputs = { nixpkgs.follows = "nixpkgs-u"; }; };
+    # Unstable version aligned with unstable nixpkgs
-    # agenix.url = "github:ryantm/agenix";
+    home-manager-u = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs-u"; };
    # Secret management - using ragenix as alternative to agenix
    # agenix.url = "github:ryantm/agenix";  # Original agenix (commented out)
    ragenix = { url = "github:yaxitech/ragenix"; inputs.nixpkgs.follows = "nixpkgs"; };
    # Desktop environment theming and rice configuration
    nix-rice = {
      url = "github:bertof/nix-rice/modules";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Generate NixOS system images (ISO, VM, etc.)
    nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; };
    # Hardware-specific configurations for various devices
    nixos-hardware.url = "github:NixOS/nixos-hardware";
    # Package index for discovering nixpkgs packages
    nix-index-database.url = "github:nix-community/nix-index-database";
    nix-index-database.inputs.nixpkgs.follows = "nixpkgs-u";
    # Support for multiple system architectures
    systems.url = "github:nix-systems/default";
    # Flake parts for modular flake structure
    flake-parts.url = "github:hercules-ci/flake-parts";
    # Git pre-commit hooks for code quality
    git-hooks = {
      url = "github:cachix/git-hooks.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # TODO: Additional tools to evaluate
    # agenix-shell.url = "github:aciceri/agenix-shell"; # TODO
    # agenix-rekey.url = "github:oddlama/agenix-rekey"; # TODO
    # emanote.url = "github:srid/emanote";
  };
  # ==============================================================================
  # OUTPUTS - MAIN FLAKE DEFINITION
  # ==============================================================================
  outputs = { self, ... }@inputs:
    # Common Nix configuration for all systems
    let
      nix-config = {
-        allowUnfree = true;
+        allowUnfree = true; # Allow proprietary packages
-        extraOptions = "experimental-features = nix-command flakes";
+        extraOptions = "experimental-features = nix-command flakes"; # Enable experimental features
-        permittedInsecurePackages = [ ];
+        permittedInsecurePackages = [ ]; # No insecure packages allowed
      };
    in
    # Use flake-parts for modular structure
    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
      # Support all systems defined in inputs.systems
      systems = import inputs.systems;
      imports = [ inputs.git-hooks.flakeModule ];
      # Per-system configuration (applies to each system independently)
      perSystem = { config, pkgs, system, ... }: {
        # Import nixpkgs with custom configuration
        _module.args.pkgs = import inputs.nixpkgs {
          inherit system;
          config = nix-config;
@ -52,20 +94,25 @@
          ];
        };
        # Pre-commit hooks configuration
        pre-commit.settings.hooks = {
-          deadnix.enable = true;
+          deadnix.enable = true; # Remove dead code from Nix expressions
-          nixpkgs-fmt.enable = true;
+          nixpkgs-fmt.enable = true; # Format Nix code
-          statix.enable = true;
+          statix.enable = true; # Lint Nix code for best practices
        };
        # Default development shell
        devShells.default = pkgs.mkShellNoCC {
-          inputsFrom = [ config.pre-commit.devShell ];
+          inputsFrom = [ config.pre-commit.devShell ]; # Include pre-commit tools
-          LOCAL_KEY = "/etc/nix/key";
+          LOCAL_KEY = "/etc/nix/key"; # Local signing key path
        };
        # Code formatter
        formatter = pkgs.nixpkgs-fmt;
        # Package definitions
        packages = {
          # Export custom packages
          inherit
            (pkgs)
            goose-cli
@ -75,31 +122,39 @@
            wl-update-background
            ;
-          # Installer ISO
+          # ====================================================================
          # SYSTEM IMAGES FOR DEPLOYMENT
          # ====================================================================
          # Installer ISO for bootstrapping new systems
          install-iso = inputs.nixos-generators.nixosGenerate {
            inherit system;
            modules = [ self.nixosModules.installerModules ];
            format = "install-iso";
          };
-          # RAW base image
+
          # RAW base image for container/virtualization platforms
          raw-base-image = inputs.nixos-generators.nixosGenerate {
            inherit system;
            modules = [ self.nixosModules.installerModules ];
            format = "raw-efi";
          };
-          # VMDK base image
+
          # VMDK base image for VMware platforms
          vmdk-base-image = inputs.nixos-generators.nixosGenerate {
            system = "x86_64-linux";
            modules = [ self.nixosModules.installerModules ];
            format = "vmware";
          };
-          # Aarch64 base image
+
          # Aarch64 base image for ARM64 systems (e.g., Raspberry Pi)
          aarch64-base-image = inputs.nixos-generators.nixosGenerate {
            system = "aarch64-linux";
            modules = [ self.nixosModules.installerModules ];
            format = "sd-aarch64";
          };
-          # Installer DigitalOcean
+
          # DigitalOcean custom image
          do-image = inputs.nixos-generators.nixosGenerate {
            inherit system;
            modules = [ self.nixosModules.installerModules ];
@ -108,10 +163,17 @@
        };
      };
      # ========================================================================
      # FLAKE OUTPUTS - SHARED RESOURCES
      # ========================================================================
      flake = {
        # ====================================================================
        # OVERLAYS - CUSTOM PACKAGE OVERRIDES
        # ====================================================================
        overlays = {
          default = inputs.self.overlays.packages;
          # Custom packages defined in this repository
          packages = self: _super: {
            keyboard-switch = self.callPackage ./pkgs/keyboard-switch { };
            wl-clipedit = self.callPackage ./pkgs/wl-clipedit { };
@ -119,10 +181,17 @@
            wl-update-background = self.callPackage ./pkgs/wl-update-background { };
          };
          # Overrides for existing packages
          overrides = _self: super: {
-            google-chrome = super.google-chrome.override { commandLineArgs = [ "--password-store=gnome" "--force-dark-mode" ]; };
+            # Browser configurations with specific flags
-            brave = super.brave.override { commandLineArgs = "--ozone-platform=wayland --enable-features=UseOzonePlatform,WebRTCPipeWireCapturer"; };
+            google-chrome = super.google-chrome.override {
              commandLineArgs = [ "--password-store=gnome" "--force-dark-mode" ];
            };
            brave = super.brave.override {
              commandLineArgs = "--ozone-platform=wayland --enable-features=UseOzonePlatform,WebRTCPipeWireCapturer";
            };
            # Custom Home Assistant component (SmartIR) with patched codes
            smartir-zha = super.home-assistant-custom-components.smartir.overrideAttrs (_attr: rec {
              version = "04ac27e";
              src = super.fetchFromGitHub {
@ -148,16 +217,24 @@
              '';
            });
-            # can be removed when https://github.com/NixOS/nixpkgs/pull/389711 is merged
+            # libfprint override for compatibility (can be removed when PR merged)
            # Reference: https://github.com/NixOS/nixpkgs/pull/389711
            libfprint = super.libfprint.overrideAttrs (oldAttrs: {
              buildInputs = oldAttrs.buildInputs ++ [ super.nss ];
            });
          };
        };
        # ====================================================================
        # NIXOS MODULES - REUSABLE CONFIGURATION MODULES
        # ====================================================================
        nixosModules = {
          # Basic Nix configuration applied to all systems
          basic = {
-            nixpkgs = { config = nix-config; overlays = [ inputs.self.overlays.packages inputs.self.overlays.overrides ]; };
+            nixpkgs = {
              config = nix-config;
              overlays = [ inputs.self.overlays.packages inputs.self.overlays.overrides ];
            };
            nix = {
              inherit (nix-config) extraOptions;
              registry = {
@ -167,74 +244,82 @@
            };
          };
          # Common modules applied to most systems
          commonModules = {
            imports = [
              # Nix configuration
              self.nixosModules.basic
-              # Nix rice
+              # Nix rice (theming configuration)
              inputs.nix-rice.modules.default
              ./nixos/rice.nix
-              # (R)Agenix configuration
+              # Secret management with ragenix
              inputs.ragenix.nixosModules.default
-              # inputs.agenix.nixosModules.default
+              # inputs.agenix.nixosModules.default  # Alternative (commented out)
-              # Users
+              # User configurations
-              # { services.userborn.enable = true; }
+              # { services.userborn.enable = true; }  # User creation service (commented out)
              self.nixosModules.bertof
-              # Some basic defaults
+              # Basic system defaults
              ./nixos/basics
            ];
          };
          # Home Manager configuration module
          homeManagerModules = {
            home-manager = {
-              useGlobalPkgs = true;
+              useGlobalPkgs = true; # Use system packages globally
-              useUserPackages = true;
+              useUserPackages = true; # Install packages to user profile
              extraSpecialArgs = {
-                stable = inputs.nixpkgs-s;
+                stable = inputs.nixpkgs-s; # Pass stable channel to home-manager
-                unstable = inputs.nixpkgs-u;
+                unstable = inputs.nixpkgs-u; # Pass unstable channel to home-manager
              };
            };
          };
          # Main modules for desktop setups
          mainModules = {
            imports = [
-              inputs.nix-index-database.nixosModules.nix-index
+              inputs.nix-index-database.nixosModules.nix-index # Package index database
-              ./nixos/pro_audio.nix
+              ./nixos/pro_audio.nix # Professional audio configuration
-              ./nixos/kdeconnect.nix
+              ./nixos/kdeconnect.nix # KDE connectivity
-              ./nixos/opentabletdriver.nix
+              ./nixos/opentabletdriver.nix # Tablet driver
-              self.nixosModules.bertof-rclone
+              self.nixosModules.bertof-rclone # Rclone cloud storage for bertof
-              ./nixos/hyprland.nix
+              ./nixos/hyprland.nix # Hyprland window manager
            ];
-            home-manager.users.bertof.imports = [ ./hm/hyprland.nix ];
+            home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; # User-specific Hyprland config
-            services.earlyoom.enable = true;
+            services.earlyoom.enable = true; # Out of memory killer
          };
          # Installer modules for system bootstrapping
          installerModules = {
            imports = [
              self.nixosModules.commonModules
-              # Home manager
+              # Home manager for installer
              inputs.home-manager-u.nixosModules.default
              self.nixosModules.homeManagerModules
-              ./nixos/installer.nix
+              ./nixos/installer.nix # Installer-specific configuration
            ];
          };
          # User configuration: bertof
          bertof = { imports = [ ./nixos/users/bertof.nix ]; };
          # bertof with rclone cloud storage
          bertof-rclone = {
            imports = [ self.nixosModules.bertof ];
            age.secrets.rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; };
            home-manager.users.bertof.imports = [ ./hm/rclone-mount-bertof.nix ];
          };
          # User configuration: tiziano
          tiziano = { imports = [ ./nixos/users/tiziano.nix ]; };
          # tiziano with rclone cloud storage
          tiziano-rclone = {
            imports = [ self.nixosModules.tiziano ];
            age.secrets.rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; };
@ -242,27 +327,39 @@
          };
        };
        # ====================================================================
        # NIXOS CONFIGURATIONS - SYSTEM DEFINITIONS
        # ====================================================================
        nixosConfigurations = {
          # ==================================================================
          # THOR - AMD Desktop System
          # ==================================================================
          thor = inputs.nixpkgs-u.lib.nixosSystem {
            system = "x86_64-linux";
            modules = [
              # Hardware-specific configurations
              inputs.nixos-hardware.nixosModules.common-cpu-amd
              inputs.nixos-hardware.nixosModules.common-pc-ssd
              # Home manager
              inputs.home-manager-u.nixosModules.default
              self.nixosModules.homeManagerModules
              # Base and main modules
              self.nixosModules.commonModules
              self.nixosModules.mainModules
              # Hardware and system-specific configuration
              ./instances/thor/hardware-configuration.nix
              ./instances/thor/configuration.nix
-              ./nixos/steam.nix
+              # Additional services
-              ./nixos/ollama.nix
+              ./nixos/steam.nix # Steam gaming platform
-              ./nixos/ollama-ui.nix
+              ./nixos/ollama.nix # AI/LLM service
-              ./nixos/garage.nix
+              ./nixos/ollama-ui.nix # Web UI for Ollama
              ./nixos/garage.nix # Object storage service
              # User-specific home manager configuration
              {
                home-manager.users.bertof.imports = [
                  inputs.nix-index-database.homeModules.nix-index
@ -272,27 +369,36 @@
            ];
          };
          # ==================================================================
          # SIF - Intel Desktop System
          # ==================================================================
          sif = inputs.nixpkgs-u.lib.nixosSystem {
            system = "x86_64-linux";
            modules = [
              # Intel-specific hardware configurations
              inputs.nixos-hardware.nixosModules.common-cpu-intel-cpu-only
              inputs.nixos-hardware.nixosModules.common-gpu-intel-comet-lake
              inputs.nixos-hardware.nixosModules.common-pc-ssd
              # Home manager
              inputs.home-manager-u.nixosModules.default
              self.nixosModules.homeManagerModules
              # Base and main modules
              self.nixosModules.commonModules
              self.nixosModules.mainModules
              # Hardware and system-specific configuration
              ./instances/sif/hardware-configuration.nix
              ./instances/sif/configuration.nix
-              ./nixos/steam.nix
+              # Additional services
-              ./nixos/ollama.nix
+              ./nixos/steam.nix # Steam gaming platform
-              ./nixos/ollama-ui.nix
+              ./nixos/ollama.nix # AI/LLM service
-              ./nixos/garage.nix
+              ./nixos/ollama-ui.nix # Web UI for Ollama
              ./nixos/garage.nix # Object storage service
              # User-specific home manager configuration
              {
                home-manager.users.bertof.imports = [
                  inputs.nix-index-database.homeModules.nix-index
@ -302,26 +408,35 @@
            ];
          };
          # ==================================================================
          # ODIN - Intel Laptop/Server Hybrid
          # ==================================================================
          odin = inputs.nixpkgs-u.lib.nixosSystem {
            system = "x86_64-linux";
            modules = [
              # Intel laptop hardware configurations
              inputs.nixos-hardware.nixosModules.common-cpu-intel
              inputs.nixos-hardware.nixosModules.common-pc-laptop
              inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
              # Home manager
              inputs.home-manager-u.nixosModules.default
              self.nixosModules.homeManagerModules
              # Base modules (server-focused)
              self.nixosModules.commonModules
-              ./nixos/server
+              ./nixos/server # Server configurations
              # Hardware and system-specific configuration
              ./instances/odin/hardware-configuration.nix
              ./instances/odin/configuration.nix
-              ./nixos/ip_forwarding.nix
+              # Network and service configuration
-              ./nixos/steam.nix
+              ./nixos/ip_forwarding.nix # IP forwarding for routing
-              ./nixos/garage.nix
+              ./nixos/steam.nix # Steam gaming
              ./nixos/garage.nix # Object storage
              # Cloud storage for both users
              self.nixosModules.bertof-rclone
              self.nixosModules.tiziano-rclone
              {
@ -331,34 +446,44 @@
            ];
          };
          # ==================================================================
          # HEIMDALL - AMD Server
          # ==================================================================
          heimdall = inputs.nixpkgs-u.lib.nixosSystem {
            system = "x86_64-linux";
            modules = [
              # AMD server hardware configurations
              inputs.nixos-hardware.nixosModules.common-cpu-amd
              inputs.nixos-hardware.nixosModules.common-gpu-amd
              inputs.nixos-hardware.nixosModules.common-pc-ssd
              # Home manager
              inputs.home-manager-u.nixosModules.default
              self.nixosModules.homeManagerModules
              # Base modules (server-focused)
              self.nixosModules.commonModules
-              ./nixos/server
+              ./nixos/server # Server configurations
              # Hardware and system-specific configuration
              ./instances/heimdall/hardware-configuration.nix
              ./instances/heimdall/configuration.nix
-              ./nixos/ip_forwarding.nix
+              # Network and service configuration
-              ./nixos/torrentbox.nix
+              ./nixos/ip_forwarding.nix # IP forwarding for routing
-              ./nixos/nextcloud.nix
+              ./nixos/torrentbox.nix # Torrent/download service
-              ./nixos/immich.nix
+              ./nixos/nextcloud.nix # Cloud storage/file sync
-              ./nixos/forgejo.nix
+              ./nixos/immich.nix # Photo management service
-              ./nixos/garage.nix
+              ./nixos/forgejo.nix # Git hosting (Forgejo/Gitea fork)
-              ./nixos/ollama.nix
+              ./nixos/garage.nix # Object storage service
              ./nixos/ollama.nix # AI/LLM service
              # Cloud storage and secrets
              self.nixosModules.bertof-rclone
              self.nixosModules.tiziano
              {
                home-manager.users.bertof = import ./instances/heimdall/hm.nix;
                # GitLab Runner secrets for CI/CD
                age.secrets = {
                  heimdall-gitlab-runner-nix.file = ./secrets/heimdall-gitlab-runner-nix.age;
                  heimdall-gitlab-runner-docker-images.file = ./secrets/heimdall-gitlab-runner-docker-images.age;
@ -368,6 +493,10 @@
            ];
          };
          # ==================================================================
          # FREYA - ARM64 System (Commented out)
          # Raspberry Pi 4-based system (currently not used)
          # ==================================================================
          # freya = inputs.nixpkgs.lib.nixosSystem {
          #   system = "aarch64-linux";
          #   modules = [
@ -386,26 +515,35 @@
          #   ];
          # };
          # ==================================================================
          # BALDUR - Intel Server
          # ==================================================================
          baldur = inputs.nixpkgs-u.lib.nixosSystem {
            system = "x86_64-linux";
            modules = [
              # Intel server hardware configurations
              inputs.nixos-hardware.nixosModules.common-cpu-intel
              inputs.nixos-hardware.nixosModules.common-pc-ssd
              # Home manager
              inputs.home-manager-u.nixosModules.default
              self.nixosModules.homeManagerModules
              # Base modules (server-focused)
              self.nixosModules.commonModules
-              ./nixos/server
+              ./nixos/server # Server configurations
              # Hardware and system-specific configuration
              ./instances/baldur/hardware-configuration.nix
              ./instances/baldur/configuration.nix
-              ./nixos/ip_forwarding.nix
+              # Network and service configuration
-              ./nixos/garage.nix
+              ./nixos/ip_forwarding.nix # IP forwarding for routing
-              ./nixos/vaultwarden.nix
+              ./nixos/garage.nix # Object storage service
-              ./nixos/uptime-kuma.nix
+              ./nixos/vaultwarden.nix # Password manager (Bitwarden compatible)
              ./nixos/uptime-kuma.nix # Uptime monitoring
              # User configurations
              self.nixosModules.bertof
              self.nixosModules.tiziano
              {
@ -415,6 +553,10 @@
            ];
          };
          # ==================================================================
          # LOKI - Intel System (Commented out)
          # Additional system currently not configured
          # ==================================================================
          # loki = inputs.nixpkgs.lib.nixosSystem {
          #   system = "x86_64-linux";
          #   modules = [
@ -437,4 +579,3 @@
      };
    };
 }