diff options
Diffstat (limited to 'system-profiles/core.nix')
-rw-r--r-- | system-profiles/core.nix | 116 |
1 files changed, 0 insertions, 116 deletions
diff --git a/system-profiles/core.nix b/system-profiles/core.nix deleted file mode 100644 index f6d5a21e..00000000 --- a/system-profiles/core.nix +++ /dev/null | |||
@@ -1,116 +0,0 @@ | |||
1 | { flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }: | ||
2 | let | ||
3 | profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles; | ||
4 | userProfileSet = customUtils.types.attrNameSet (lib.zipAttrs (lib.attrValues flake.nixosModules.userProfiles)); | ||
5 | hasSops = config.sops.secrets != {}; | ||
6 | in { | ||
7 | imports = with flakeInputs; | ||
8 | [ sops-nix.nixosModules.sops | ||
9 | home-manager.nixosModules.home-manager | ||
10 | ]; | ||
11 | |||
12 | options = { | ||
13 | # See mkSystemProfile in ../flake.nix | ||
14 | system.profiles = lib.mkOption { | ||
15 | type = profileSet; | ||
16 | default = []; | ||
17 | description = '' | ||
18 | Set (list without duplicates) of ‘systemProfiles’ enabled for this host | ||
19 | ''; | ||
20 | }; | ||
21 | |||
22 | users.users = lib.mkOption { | ||
23 | type = lib.types.attrsOf (lib.types.submodule { | ||
24 | options.profiles = lib.mkOption { | ||
25 | type = userProfileSet; | ||
26 | default = []; | ||
27 | description = '' | ||
28 | Set (list without duplicates) of ‘userProfiles’ enabled for this user | ||
29 | ''; | ||
30 | }; | ||
31 | }); | ||
32 | }; | ||
33 | }; | ||
34 | |||
35 | config = { | ||
36 | networking.hostName = hostName; | ||
37 | system.configurationRevision = lib.mkIf (flake ? rev) flake.rev; | ||
38 | |||
39 | nixpkgs.pkgs = flake.legacyPackages.${config.nixpkgs.system}.override { | ||
40 | inherit (config.nixpkgs) config; | ||
41 | localSystem = config.nixpkgs.system; | ||
42 | }; | ||
43 | |||
44 | nix = { | ||
45 | package = pkgs.nixUnstable; | ||
46 | settings = { | ||
47 | sandbox = true; | ||
48 | allowed-users = [ "*" ]; | ||
49 | trusted-users = [ "root" "@wheel" ]; | ||
50 | |||
51 | flake-registry = "${flakeInputs.flake-registry}/flake-registry.json"; | ||
52 | }; | ||
53 | extraOptions = '' | ||
54 | experimental-features = nix-command flakes | ||
55 | ''; | ||
56 | nixPath = [ | ||
57 | "nixpkgs=/run/nixpkgs" | ||
58 | # "nixpkgs-overlays=/run/nixpkgs-overlays.nix" | ||
59 | ]; | ||
60 | registry = | ||
61 | let override = { self = "nixos"; }; | ||
62 | in lib.mapAttrs' (inpName: inpFlake: lib.nameValuePair | ||
63 | (override.${inpName} or inpName) | ||
64 | { flake = inpFlake; } ) flakeInputs; | ||
65 | }; | ||
66 | |||
67 | systemd.tmpfiles.rules = [ | ||
68 | "L+ /run/nixpkgs - - - - ${flakeInputs.nixpkgs.outPath}" | ||
69 | "L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" '' | ||
70 | with builtins; | ||
71 | |||
72 | attrValues (import | ||
73 | ( | ||
74 | let lock = fromJSON (readFile ${flake + "/flake.lock"}); in | ||
75 | fetchTarball { | ||
76 | url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz"; | ||
77 | sha256 = lock.nodes.flake-compat.locked.narHash; | ||
78 | } | ||
79 | ) | ||
80 | { src = ${flake}; } | ||
81 | ).defaultNix.overlays | ||
82 | ''}" | ||
83 | ]; | ||
84 | |||
85 | users.mutableUsers = false; | ||
86 | |||
87 | # documentation.nixos.includeAllModules = true; # incompatible with home-manager (build fails) | ||
88 | |||
89 | home-manager = { | ||
90 | useGlobalPkgs = true; # Otherwise home-manager would only work impurely | ||
91 | useUserPackages = false; | ||
92 | }; | ||
93 | |||
94 | sops = lib.mkIf hasSops { | ||
95 | age = { | ||
96 | keyFile = "/var/lib/sops-nix/key.txt"; | ||
97 | generateKey = false; | ||
98 | sshKeyPaths = []; | ||
99 | }; | ||
100 | gnupg = { | ||
101 | home = null; | ||
102 | sshKeyPaths = []; | ||
103 | }; | ||
104 | }; | ||
105 | |||
106 | environment.systemPackages = [ pkgs.git ] ++ lib.optional hasSops pkgs.gnupg; | ||
107 | |||
108 | system.activationScripts.symlink-flake = '' | ||
109 | if test -L /etc/nixos; then | ||
110 | ln -nsf ${flake} /etc/nixos | ||
111 | elif test -d /etc/nixos && rmdir --ignore-fail-on-non-empty /etc/nixos; then | ||
112 | ln -s ${flake} /etc/nixos | ||
113 | fi | ||
114 | ''; | ||
115 | }; | ||
116 | } | ||