funky NIX_PATH

2 files changed, 121 insertions, 0 deletions

diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix
new file mode 100644
index 00000000..1368b54f
--- /dev/null
+++ b/system-profiles/core/default.nix
@@ -0,0 +1,115 @@
+{ flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }:
+let
+  profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles;
+  userProfileSet = customUtils.types.attrNameSet (lib.zipAttrs (lib.attrValues flake.nixosModules.userProfiles));
+  hasSops = config.sops.secrets != {};
+in {
+  imports = with flakeInputs;
+    [ sops-nix.nixosModules.sops
+      home-manager.nixosModules.home-manager
+    ];
+
+  options = {
+    # See mkSystemProfile in ../flake.nix
+    system.profiles = lib.mkOption {
+      type = profileSet;
+      default = [];
+      description = ''
+        Set (list without duplicates) of ‘systemProfiles’ enabled for this host
+      '';
+    };
+
+    users.users = lib.mkOption {
+      type = lib.types.attrsOf (lib.types.submodule {
+        options.profiles = lib.mkOption {
+          type = userProfileSet;
+          default = [];
+          description = ''
+            Set (list without duplicates) of ‘userProfiles’ enabled for this user
+          '';
+        };
+      });
+    };
+  };
+
+  config = {
+    networking.hostName = hostName;
+    system.configurationRevision = lib.mkIf (flake ? rev) flake.rev;
+
+    nixpkgs.pkgs = flake.legacyPackages.${config.nixpkgs.system}.override {
+      inherit (config.nixpkgs) config;
+      localSystem = config.nixpkgs.system;
+    };
+
+    nix = {
+      package = pkgs.nixUnstable;
+      settings = {
+        sandbox = true;
+        allowed-users = [ "*" ];
+        trusted-users = [ "root" "@wheel" ];
+
+        flake-registry = "${flakeInputs.flake-registry}/flake-registry.json";
+      };
+      extraOptions = ''
+        experimental-features = nix-command flakes
+      '';
+      nixPath = [
+        "nixpkgs=${./nixpkgs.nix}"
+      ];
+      registry =
+        let override = { self = "nixos"; };
+        in lib.mapAttrs' (inpName: inpFlake: lib.nameValuePair
+          (override.${inpName} or inpName)
+          { flake = inpFlake; } ) flakeInputs;
+    };
+
+    systemd.tmpfiles.rules = [
+      "L+ /run/nixpkgs - - - - ${flakeInputs.nixpkgs.outPath}"
+      "L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" ''
+        with builtins;
+
+        attrValues (import
+          (
+            let lock = fromJSON (readFile ${flake + "/flake.lock"}); in
+            fetchTarball {
+              url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz";
+              sha256 = lock.nodes.flake-compat.locked.narHash;
+            }
+          )
+          { src = ${flake}; }
+        ).defaultNix.overlays
+      ''}"
+    ];
+
+    users.mutableUsers = false;
+
+    # documentation.nixos.includeAllModules = true; # incompatible with home-manager (build fails)
+
+    home-manager = {
+      useGlobalPkgs = true; # Otherwise home-manager would only work impurely
+      useUserPackages = false;
+    };
+
+    sops = lib.mkIf hasSops {
+      age = {
+        keyFile = "/var/lib/sops-nix/key.txt";
+        generateKey = false;
+        sshKeyPaths = [];
+      };
+      gnupg = {
+        home = null;
+        sshKeyPaths = [];
+      };
+    };
+
+    environment.systemPackages = [ pkgs.git ] ++ lib.optional hasSops pkgs.gnupg;
+
+    system.activationScripts.symlink-flake = ''
+      if test -L /etc/nixos; then
+        ln -nsf ${flake} /etc/nixos
+      elif test -d /etc/nixos && rmdir --ignore-fail-on-non-empty /etc/nixos; then
+        ln -s ${flake} /etc/nixos
+      fi
+    '';
+  };
+}
diff --git a/system-profiles/core/nixpkgs.nix b/system-profiles/core/nixpkgs.nix
new file mode 100644
index 00000000..43bdae4d
--- /dev/null
+++ b/system-profiles/core/nixpkgs.nix
@@ -0,0 +1,6 @@
+args@{
+  overlays ? import /run/nixpkgs-overlays.nix,
+  ...
+}:
+
+import /run/nixpkgs (args // { inherit overlays; })