NixOS/flake.nix

100 lines
2.8 KiB
Nix
Raw Normal View History

{
description = "Price Hiller's flake for managing system configurations";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
impermanence = {
url = "github:nix-community/impermanence";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
2023-10-27 01:46:14 -05:00
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
blog = {
type = "gitlab";
owner = "blog";
repo = "blog";
host = "gitlab.orion-technologies.io";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs @ { self, nixpkgs, impermanence, agenix, disko, flake-utils, blog, ... }:
let
lib = import ./lib // nixpkgs.lib;
pkgs = nixpkgs.legacyPackages."x86_64-linux";
defaults = {
config = {
environment.etc.machine-id.source = "/nix/persist/ephemeral/etc/machine-id";
environment.persistence.save = {
hideMounts = true;
persistentStoragePath = "/nix/persist/save";
};
environment.persistence.ephemeral = {
persistentStoragePath = "/nix/persist/ephemeral";
hideMounts = true;
directories = [
"/var/lib"
"/var/log"
"/etc/nixos"
{ directory = "/persist"; user = "root"; group = "root"; mode = "0700"; }
];
};
};
};
in
{
nixosConfigurations.luna =
let
hostname = "luna";
in
nixpkgs.lib.nixosSystem
{
system = "x86_64-linux";
specialArgs = {
inherit self;
inherit flake-utils;
inherit inputs;
inherit hostname;
inherit lib;
inherit blog;
secrets = "${self}/secrets/${hostname}";
disk = "nvme0n1";
fqdn = "orion-technologies.io";
};
modules = [
{
_module.args = { };
}
defaults
impermanence.nixosModules.impermanence
agenix.nixosModules.default
disko.nixosModules.disko
./hosts/${hostname}
];
};
} // flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs {
inherit system;
overlays = [ agenix.overlays.default ];
};
in
{
devShells.default =
pkgs.mkShell
{
packages = with pkgs; [ age age-plugin-yubikey pkgs.agenix ];
shellHook = ''
export RULES="$PWD/secrets/secrets.nix"
'';
};
});
}