summaryrefslogtreecommitdiff
path: root/system-profiles/core/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'system-profiles/core/default.nix')
-rw-r--r--system-profiles/core/default.nix115
1 files changed, 115 insertions, 0 deletions
diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix
new file mode 100644
index 00000000..1368b54f
--- /dev/null
+++ b/system-profiles/core/default.nix
@@ -0,0 +1,115 @@
1{ flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }:
2let
3 profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles;
4 userProfileSet = customUtils.types.attrNameSet (lib.zipAttrs (lib.attrValues flake.nixosModules.userProfiles));
5 hasSops = config.sops.secrets != {};
6in {
7 imports = with flakeInputs;
8 [ sops-nix.nixosModules.sops
9 home-manager.nixosModules.home-manager
10 ];
11
12 options = {
13 # See mkSystemProfile in ../flake.nix
14 system.profiles = lib.mkOption {
15 type = profileSet;
16 default = [];
17 description = ''
18 Set (list without duplicates) of ‘systemProfiles’ enabled for this host
19 '';
20 };
21
22 users.users = lib.mkOption {
23 type = lib.types.attrsOf (lib.types.submodule {
24 options.profiles = lib.mkOption {
25 type = userProfileSet;
26 default = [];
27 description = ''
28 Set (list without duplicates) of ‘userProfiles’ enabled for this user
29 '';
30 };
31 });
32 };
33 };
34
35 config = {
36 networking.hostName = hostName;
37 system.configurationRevision = lib.mkIf (flake ? rev) flake.rev;
38
39 nixpkgs.pkgs = flake.legacyPackages.${config.nixpkgs.system}.override {
40 inherit (config.nixpkgs) config;
41 localSystem = config.nixpkgs.system;
42 };
43
44 nix = {
45 package = pkgs.nixUnstable;
46 settings = {
47 sandbox = true;
48 allowed-users = [ "*" ];
49 trusted-users = [ "root" "@wheel" ];
50
51 flake-registry = "${flakeInputs.flake-registry}/flake-registry.json";
52 };
53 extraOptions = ''
54 experimental-features = nix-command flakes
55 '';
56 nixPath = [
57 "nixpkgs=${./nixpkgs.nix}"
58 ];
59 registry =
60 let override = { self = "nixos"; };
61 in lib.mapAttrs' (inpName: inpFlake: lib.nameValuePair
62 (override.${inpName} or inpName)
63 { flake = inpFlake; } ) flakeInputs;
64 };
65
66 systemd.tmpfiles.rules = [
67 "L+ /run/nixpkgs - - - - ${flakeInputs.nixpkgs.outPath}"
68 "L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" ''
69 with builtins;
70
71 attrValues (import
72 (
73 let lock = fromJSON (readFile ${flake + "/flake.lock"}); in
74 fetchTarball {
75 url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz";
76 sha256 = lock.nodes.flake-compat.locked.narHash;
77 }
78 )
79 { src = ${flake}; }
80 ).defaultNix.overlays
81 ''}"
82 ];
83
84 users.mutableUsers = false;
85
86 # documentation.nixos.includeAllModules = true; # incompatible with home-manager (build fails)
87
88 home-manager = {
89 useGlobalPkgs = true; # Otherwise home-manager would only work impurely
90 useUserPackages = false;
91 };
92
93 sops = lib.mkIf hasSops {
94 age = {
95 keyFile = "/var/lib/sops-nix/key.txt";
96 generateKey = false;
97 sshKeyPaths = [];
98 };
99 gnupg = {
100 home = null;
101 sshKeyPaths = [];
102 };
103 };
104
105 environment.systemPackages = [ pkgs.git ] ++ lib.optional hasSops pkgs.gnupg;
106
107 system.activationScripts.symlink-flake = ''
108 if test -L /etc/nixos; then
109 ln -nsf ${flake} /etc/nixos
110 elif test -d /etc/nixos && rmdir --ignore-fail-on-non-empty /etc/nixos; then
111 ln -s ${flake} /etc/nixos
112 fi
113 '';
114 };
115}