summaryrefslogtreecommitdiff
path: root/system-profiles/core.nix
diff options
context:
space:
mode:
Diffstat (limited to 'system-profiles/core.nix')
-rw-r--r--system-profiles/core.nix116
1 files changed, 0 insertions, 116 deletions
diff --git a/system-profiles/core.nix b/system-profiles/core.nix
deleted file mode 100644
index f6d5a21e..00000000
--- a/system-profiles/core.nix
+++ /dev/null
@@ -1,116 +0,0 @@
1{ flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }:
2let
3 profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles;
4 userProfileSet = customUtils.types.attrNameSet (lib.zipAttrs (lib.attrValues flake.nixosModules.userProfiles));
5 hasSops = config.sops.secrets != {};
6in {
7 imports = with flakeInputs;
8 [ sops-nix.nixosModules.sops
9 home-manager.nixosModules.home-manager
10 ];
11
12 options = {
13 # See mkSystemProfile in ../flake.nix
14 system.profiles = lib.mkOption {
15 type = profileSet;
16 default = [];
17 description = ''
18 Set (list without duplicates) of ‘systemProfiles’ enabled for this host
19 '';
20 };
21
22 users.users = lib.mkOption {
23 type = lib.types.attrsOf (lib.types.submodule {
24 options.profiles = lib.mkOption {
25 type = userProfileSet;
26 default = [];
27 description = ''
28 Set (list without duplicates) of ‘userProfiles’ enabled for this user
29 '';
30 };
31 });
32 };
33 };
34
35 config = {
36 networking.hostName = hostName;
37 system.configurationRevision = lib.mkIf (flake ? rev) flake.rev;
38
39 nixpkgs.pkgs = flake.legacyPackages.${config.nixpkgs.system}.override {
40 inherit (config.nixpkgs) config;
41 localSystem = config.nixpkgs.system;
42 };
43
44 nix = {
45 package = pkgs.nixUnstable;
46 settings = {
47 sandbox = true;
48 allowed-users = [ "*" ];
49 trusted-users = [ "root" "@wheel" ];
50
51 flake-registry = "${flakeInputs.flake-registry}/flake-registry.json";
52 };
53 extraOptions = ''
54 experimental-features = nix-command flakes
55 '';
56 nixPath = [
57 "nixpkgs=/run/nixpkgs"
58 # "nixpkgs-overlays=/run/nixpkgs-overlays.nix"
59 ];
60 registry =
61 let override = { self = "nixos"; };
62 in lib.mapAttrs' (inpName: inpFlake: lib.nameValuePair
63 (override.${inpName} or inpName)
64 { flake = inpFlake; } ) flakeInputs;
65 };
66
67 systemd.tmpfiles.rules = [
68 "L+ /run/nixpkgs - - - - ${flakeInputs.nixpkgs.outPath}"
69 "L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" ''
70 with builtins;
71
72 attrValues (import
73 (
74 let lock = fromJSON (readFile ${flake + "/flake.lock"}); in
75 fetchTarball {
76 url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz";
77 sha256 = lock.nodes.flake-compat.locked.narHash;
78 }
79 )
80 { src = ${flake}; }
81 ).defaultNix.overlays
82 ''}"
83 ];
84
85 users.mutableUsers = false;
86
87 # documentation.nixos.includeAllModules = true; # incompatible with home-manager (build fails)
88
89 home-manager = {
90 useGlobalPkgs = true; # Otherwise home-manager would only work impurely
91 useUserPackages = false;
92 };
93
94 sops = lib.mkIf hasSops {
95 age = {
96 keyFile = "/var/lib/sops-nix/key.txt";
97 generateKey = false;
98 sshKeyPaths = [];
99 };
100 gnupg = {
101 home = null;
102 sshKeyPaths = [];
103 };
104 };
105
106 environment.systemPackages = [ pkgs.git ] ++ lib.optional hasSops pkgs.gnupg;
107
108 system.activationScripts.symlink-flake = ''
109 if test -L /etc/nixos; then
110 ln -nsf ${flake} /etc/nixos
111 elif test -d /etc/nixos && rmdir --ignore-fail-on-non-empty /etc/nixos; then
112 ln -s ${flake} /etc/nixos
113 fi
114 '';
115 };
116}