{ description = "bertof's system configuration"; inputs = { flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; nixpkgs-s.url = "github:NixOS/nixpkgs/release-25.05"; nixpkgs-u.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.follows = "nixpkgs-u"; home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs-s"; }; home-manager-u = { url = "github:nix-community/home-manager"; inputs = { nixpkgs.follows = "nixpkgs-u"; }; }; # agenix.url = "github:ryantm/agenix"; ragenix = { url = "github:yaxitech/ragenix"; inputs.nixpkgs.follows = "nixpkgs"; }; deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; }; nix-rice = { url = "github:bertof/nix-rice/modules"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = "github:NixOS/nixos-hardware"; systems.url = "github:nix-systems/default"; flake-parts.url = "github:hercules-ci/flake-parts"; git-hooks = { url = "github:cachix/git-hooks.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; # agenix-shell.url = "github:aciceri/agenix-shell"; # TODO # agenix-rekey.url = "github:oddlama/agenix-rekey"; # TODO # emanote.url = "github:srid/emanote"; }; outputs = { self, ... }@inputs: let nix-config = { allowUnfree = true; extraOptions = "experimental-features = nix-command flakes"; permittedInsecurePackages = [ # "electron-27.3.11" # LogSeq # "aspnetcore-runtime-6.0.36" # Sonarr # "aspnetcore-runtime-wrapped-6.0.36" # Sonarr # "dotnet-sdk-6.0.428" # Sonarr # "dotnet-sdk-wrapped-6.0.428" # Sonarr ]; }; # cute-api = builtins.getFlake "gitlab:bertof/cute-api/0.2.1-3"; mainModules = [ ./nixos/pro_audio.nix ./nixos/kdeconnect.nix ./nixos/steam.nix ./nixos/opentabletdriver.nix ./nixos/hyprland.nix { home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; } ]; installerModules = [ self.nixosModules.commonModules ./nixos/installer.nix ]; in inputs.flake-parts.lib.mkFlake { inherit inputs; } { systems = import inputs.systems; imports = [ inputs.git-hooks.flakeModule ]; perSystem = { config, pkgs, system, ... }: { _module.args.pkgs = import inputs.nixpkgs { inherit system; config = nix-config; overlays = [ # inputs.nix-rice.overlays.default inputs.self.overlays.packages ]; }; pre-commit.settings.hooks = { deadnix.enable = true; nixpkgs-fmt.enable = true; statix.enable = true; }; devShells.default = pkgs.mkShellNoCC { buildInputs = [ pkgs.deploy-rs ]; shellHook = '' ${config.pre-commit.installationScript} LOCAL_KEY = "/etc/nix/key"; ''; }; formatter = pkgs.nixpkgs-fmt; packages = { inherit (pkgs) keyboard-switch wl-clipedit wl-lockscreen wl-update-background ; # inherit (cute-api.packages.${system}) cute-api; # Installer ISO install-iso = inputs.nixos-generators.nixosGenerate { inherit system; modules = installerModules; format = "install-iso"; }; # RAW base image raw-base-image = inputs.nixos-generators.nixosGenerate { inherit system; modules = installerModules; format = "raw-efi"; }; # VMDK base image vmdk-base-image = inputs.nixos-generators.nixosGenerate { system = "x86_64-linux"; modules = installerModules; format = "vmware"; }; # Aarch64 base image aarch64-base-image = inputs.nixos-generators.nixosGenerate { system = "aarch64-linux"; modules = installerModules; format = "sd-aarch64"; }; # Installer DigitalOcean do-image = inputs.nixos-generators.nixosGenerate { inherit system; modules = installerModules; format = "do"; }; }; }; flake = { overlays = { default = inputs.self.overlays.packages; packages = self: _super: { keyboard-switch = self.callPackage ./pkgs/keyboard-switch { }; wl-clipedit = self.callPackage ./pkgs/wl-clipedit { }; wl-lockscreen = self.callPackage ./pkgs/wl-lockscreen { }; wl-update-background = self.callPackage ./pkgs/wl-update-background { }; }; overrides = _self: super: { google-chrome = super.google-chrome.override { commandLineArgs = [ "--password-store=gnome" "--force-dark-mode" ]; }; brave = super.brave.override { commandLineArgs = "--ozone-platform=wayland --enable-features=UseOzonePlatform,WebRTCPipeWireCapturer"; }; smartir-zha = super.home-assistant-custom-components.smartir.overrideAttrs (_attr: rec { version = "04ac27e"; src = super.fetchFromGitHub { owner = "bertof"; repo = "SmartIR"; rev = "6f8cac1"; hash = "sha256-5Ulb3z46bfIzztHTMNg/Vc26ru9K40242AsW37TLE18="; }; code = super.fetchurl { url = "https://gist.githubusercontent.com/bertof/d2a4af6243300b9ba05638af9a29fa6d/raw/6dbb21db986db15f69bb3040585419a270693289/50.json"; sha256 = "sha256-9564yMudzY8Z9RzvLqJxuV4k6PLBVJdph71BOz6OXRc="; }; patcher = super.fetchurl { url = "https://gist.githubusercontent.com/svyatogor/7839d00303998a9fa37eb48494dd680f/raw/66cba20e653f84aab0b9a31ea5b9ca497d038d8a/broadlink_to_tuya.py"; sha256 = "0m5fbfvsq8sxm0ghs8al8b6z4vfycqkr90qb10w9c4ryag2flnsh"; }; postPatch = '' ${super.python312}/bin/python3 ${patcher} codes/climate/1946.json > codes/climate/50.json # sed 's/Broadlink/MQTT/' codes/climate/1946.json > codes/climate/50.json # cp ${code} codes/climate/50.json ''; }); # can be removed when https://github.com/NixOS/nixpkgs/pull/389711 is merged libfprint = super.libfprint.overrideAttrs (oldAttrs: { buildInputs = oldAttrs.buildInputs ++ [ super.nss ]; }); }; }; nixosModules = { basic = { nixpkgs = { config = nix-config; overlays = [ # packages inputs.self.overlays.packages inputs.self.overlays.overrides ]; }; nix = { inherit (nix-config) extraOptions; registry = { stable = { from = { id = "stable"; type = "indirect"; }; flake = inputs.nixpkgs; }; unstable = { from = { id = "unstable"; type = "indirect"; }; flake = inputs.nixpkgs-u; }; }; }; }; # Home manager configuration homeManagerUModules = { imports = [ inputs.home-manager-u.nixosModules.default ]; home-manager = { useGlobalPkgs = true; useUserPackages = true; extraSpecialArgs = { stable = inputs.nixpkgs; unstable = inputs.nixpkgs-u; }; }; }; commonModules = { imports = [ # Nix configuration self.nixosModules.basic # Nix rice inputs.nix-rice.modules.default ./nixos/rice.nix # # S3 cache read # ./nixos/s3_cache_read.nix # Agenix configuration inputs.ragenix.nixosModules.default # inputs.agenix.nixosModules.default # { services.userborn.enable = true; } ./nixos/users/bertof.nix # Some basic defaults ./nixos/basics ]; }; }; nixosConfigurations = { thor = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ self.nixosModules.commonModules ] ++ mainModules ++ [ ./instances/thor/hardware-configuration.nix inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-pc-ssd ./instances/thor/configuration.nix # # S3 cache write # ./nixos/s3_cache_write.nix # ./nixos/plasma6.nix # ./nixos/cuda_support.nix # ./nixos/ollama.nix # ./nixos/minio_local.nix ./nixos/hyprland.nix { home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; } ./nixos/musa.nix self.nixosModules.homeManagerUModules { age.secrets = { rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; }; home-manager.users.bertof = import ./instances/thor/hm.nix; } ]; }; sif = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ self.nixosModules.commonModules ] ++ mainModules ++ [ ./instances/sif/hardware-configuration.nix inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-ssd ./instances/sif/configuration.nix # S3 cache write # ./nixos/s3_cache_write.nix # { age.secrets.s3_sif = { file = ./secrets/s3_sif.age; owner = "bertof"; }; } # ./nixos/plasma6.nix # ./nixos/ollama.nix # ./nixos/minio_local.nix # ./nixos/musa.nix self.nixosModules.homeManagerUModules { age.secrets = { rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; }; home-manager.users.bertof = import ./instances/sif/hm.nix; } ]; }; odin = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ self.nixosModules.commonModules ] ++ [ inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd ./instances/odin/hardware-configuration.nix ./instances/odin/configuration.nix ./nixos/users/tiziano.nix ./nixos/server ./nixos/ip_forwarding.nix # ./nixos/plasma6.nix ./nixos/steam.nix self.nixosModules.homeManagerUModules { home-manager.users.bertof = import ./instances/odin/hm.nix; home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix; age.secrets = { rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; }; } ]; }; heimdall = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ self.nixosModules.commonModules ] ++ [ inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-gpu-amd inputs.nixos-hardware.nixosModules.common-pc-ssd ./nixos/server ./instances/heimdall/hardware-configuration.nix ./instances/heimdall/configuration.nix ./nixos/users/tiziano.nix ./nixos/ip_forwarding.nix ./nixos/torrentbox.nix ./nixos/minio_server.nix ./nixos/nextcloud.nix ./nixos/immich.nix ./nixos/forgejo.nix # cute-api.nixosModules.default # { services.cute-api = { enable = true; host = "0.0.0.0"; }; } # ./nixos/garage.nix # ./nixos/ntfy.nix # S3 cache read # ./nixos/s3_cache_read.nix self.nixosModules.homeManagerUModules { age.secrets = { rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; heimdall-gitlab-runner-nix.file = ./secrets/heimdall-gitlab-runner-nix.age; heimdall-gitlab-runner-docker-images.file = ./secrets/heimdall-gitlab-runner-docker-images.age; heimdall-gitlab-runner-default.file = ./secrets/heimdall-gitlab-runner-default.age; }; home-manager.users.bertof = import ./instances/heimdall/hm.nix; } ]; }; freya = inputs.nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ self.nixosModules.commonModules ] ++ [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ({ lib, ... }: { boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; }) ./nixos/server ./instances/freya/hardware-configuration.nix ./instances/freya/configuration.nix ./nixos/users/tiziano.nix ./nixos/torrentbox.nix ./nixos/minio_server.nix # ./nixos/nextcloud.nix ./nixos/ntfy.nix # S3 cache read # ./nixos/s3_cache_read.nix self.nixosModules.homeManagerUModules { home-manager.users.bertof = import ./instances/freya/hm.nix; age.secrets = { rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; }; } ]; }; baldur = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ self.nixosModules.commonModules ] ++ [ ./nixos/server ./instances/baldur/hardware-configuration.nix ./instances/baldur/configuration.nix # ./nixos/digitalocean.nix ./nixos/users/tiziano.nix # ./nixos/users/tiziano.nix # S3 cache read # ./nixos/s3_cache_read.nix self.nixosModules.homeManagerUModules { home-manager.users.bertof = import ./instances/baldur/hm.nix; home-manager.users.tiziano = import ./instances/baldur/hm_tiziano.nix; age.secrets = { rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; }; } ]; }; loki = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ self.nixosModules.commonModules ] ++ [ ./nixos/server inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-ssd ./instances/loki/hardware-configuration.nix ./instances/loki/configuration.nix ./nixos/users/tiziano.nix # S3 cache read # ./nixos/s3_cache_read.nix self.nixosModules.homeManagerUModules { home-manager.users.bertof = import ./instances/odin/hm.nix; home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix; age.secrets = { rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; }; } ]; }; }; # # Deploy-rs checks # checks = builtins.mapAttrs (_system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib; # Map nodes to Deploy-rs deployments deploy.nodes = { baldur = { hostname = "baldur.bertof.net"; profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.baldur; }; }; freya = { hostname = "freya.tsn"; profiles.system = { user = "root"; path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.freya; }; }; heimdall = { hostname = "heimdall.tsn"; profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.heimdall; }; }; loki = { hostname = "loki.tsn"; profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.loki; }; }; odin = { hostname = "odin.tsn"; profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.odin; }; }; thor = { hostname = "thor.tsn"; profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.thor; }; }; }; }; }; }