1 files changed, 96 insertions, 79 deletions
diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix
index 6aee221f..c2c821b7 100644
--- a/system-profiles/core/default.nix
+++ b/system-profiles/core/default.nix
@@ -74,7 +74,7 @@ in {
              };
          in foldr (def: mergeConfig def.value) {};
      };
-      description = mdDoc ''
+      description = ''
        The configuration of the Nix Packages collection.  (For
        details, see the Nixpkgs documentation.)  It allows you to set
        package configuration options.
@@ -91,96 +91,113 @@ in {
    };
  };
-  config = {
+  config = foldr recursiveUpdate {} ([
-    networking.hostName = hostName;
+    {
-    system.configurationRevision = mkIf (flake ? rev) flake.rev;
+      networking.hostName = hostName;
+      system.configurationRevision = mkIf (flake ? rev) flake.rev;
-    nixpkgs.pkgs = import (flakeInputs.${config.nixpkgs.flakeInput}.outPath + "/pkgs/top-level") {
+      nixpkgs.pkgs = import (flakeInputs.${config.nixpkgs.flakeInput}.outPath + "/pkgs/top-level") {
-      overlays = attrValues flake.overlays;
+        overlays = attrValues flake.overlays;
-      config = config.nixpkgs.externalConfig;
+        config = config.nixpkgs.externalConfig;
-      localSystem = config.nixpkgs.system;
+        localSystem = config.nixpkgs.system;
-    };
+      };
-    nix = {
+      nix = {
-      package = if builtins.hasAttr "latest" pkgs.nixVersions then pkgs.nixVersions.latest else pkgs.nixUnstable;
+        package = if builtins.hasAttr "latest" pkgs.nixVersions then pkgs.nixVersions.latest else pkgs.nixUnstable;
-      settings = {
+        settings = {
-        sandbox = true;
+          sandbox = true;
-        allowed-users = [ "*" ];
+          allowed-users = [ "*" ];
-        trusted-users = [ "root" "@wheel" ];
+          trusted-users = [ "root" "@wheel" ];
-        experimental-features = ["nix-command" "flakes" "auto-allocate-uids" "cgroups"];
+          experimental-features = ["nix-command" "flakes" "auto-allocate-uids" "cgroups"];
-        auto-allocate-uids = true;
+          auto-allocate-uids = true;
-        use-cgroups = true;
+          use-cgroups = true;
-        use-xdg-base-directories = true;
+          use-xdg-base-directories = true;
-        flake-registry = "${flakeInputs.flake-registry}/flake-registry.json";
+          flake-registry = "${flakeInputs.flake-registry}/flake-registry.json";
+        };
+        nixPath = [
+          "nixpkgs=${pkgs.runCommand "nixpkgs" {} ''
+            mkdir $out
+            ln -s ${./nixpkgs.nix} $out/default.nix
+            ln -s /run/nixpkgs/lib $out/lib
+          ''}"
+        ];
+        registry =
+          let override = { self = "nixos"; };
+          in mapAttrs' (inpName: inpFlake: nameValuePair
+            (override.${inpName} or inpName)
+            { flake = inpFlake; } ) flakeInputs;
      };
-      nixPath = [
-        "nixpkgs=${pkgs.runCommand "nixpkgs" {} ''
+      systemd.tmpfiles.rules = [
-          mkdir $out
+        "L+ /run/nixpkgs - - - - ${flakeInputs.nixpkgs.outPath}"
-          ln -s ${./nixpkgs.nix} $out/default.nix
+        "L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" ''
-          ln -s /run/nixpkgs/lib $out/lib
+          with builtins;
+          attrValues (import
+            (
+              let lock = fromJSON (readFile ${flake + "/flake.lock"}); in
+              fetchTarball {
+                url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz";
+                sha256 = lock.nodes.flake-compat.locked.narHash;
+              }
+            )
+            { src = ${flake}; }
+          ).defaultNix.overlays
        ''}"
+        "L+ /etc/nixos - - - - ${flake}"
      ];
-      registry =
-        let override = { self = "nixos"; };
-        in mapAttrs' (inpName: inpFlake: nameValuePair
-          (override.${inpName} or inpName)
-          { flake = inpFlake; } ) flakeInputs;
-    };
-    systemd.tmpfiles.rules = [
-      "L+ /run/nixpkgs - - - - ${flakeInputs.nixpkgs.outPath}"
-      "L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" ''
-        with builtins;
-        attrValues (import
-          (
-            let lock = fromJSON (readFile ${flake + "/flake.lock"}); in
-            fetchTarball {
-              url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz";
-              sha256 = lock.nodes.flake-compat.locked.narHash;
-            }
-          )
-          { src = ${flake}; }
-        ).defaultNix.overlays
-      ''}"
-    ];
-    users.mutableUsers = false;
-    # documentation.nixos.includeAllModules = true; # incompatible with home-manager (build fails)
+      users.mutableUsers = false;
-    home-manager = {
+      documentation.nixos = {
-      useGlobalPkgs = true; # Otherwise home-manager would only work impurely
+        includeAllModules = true;
-      useUserPackages = false;
+        options.warningsAreErrors = false;
-      backupFileExtension = "bak";
+      };
-    };
-    sops = mkIf hasSops {
+      home-manager = {
-      age = {
+        useGlobalPkgs = true; # Otherwise home-manager would only work impurely
-        keyFile = "/var/lib/sops-nix/key.txt";
+        useUserPackages = false;
-        generateKey = false;
+        backupFileExtension = "bak";
-        sshKeyPaths = [];
      };
-      gnupg = {
-        home = null;
+      sops = mkIf hasSops {
-        sshKeyPaths = [];
+        age = {
+          keyFile = "/var/lib/sops-nix/key.txt";
+          generateKey = false;
+          sshKeyPaths = [];
+        };
+        gnupg = {
+          home = null;
+          sshKeyPaths = [];
+        };
      };
-    };
-    programs.git = {
+      programs.git = {
-      enable = true;
+        enable = true;
-      lfs.enable = true;
+        lfs.enable = true;
+      };
+      environment.systemPackages = with pkgs; [ git-annex scutiger ];
+    }
+  ] ++ (optional (options ? system.switch.enableNg) {
+    system.switch = lib.mkDefault {
+      enable = false;
+      enableNg = true;
    };
-    environment.systemPackages = with pkgs; [ git-annex scutiger ];
+  })
+  ++ (optional (options ? system.etc) {
-    system.activationScripts.symlink-flake = ''
+    boot.initrd.systemd.enable = lib.mkDefault true;
-      if test -L /etc/nixos; then
+    system.etc.overlay.enable = lib.mkDefault true;
-        ln -nsf ${flake} /etc/nixos
+    systemd.sysusers.enable = lib.mkDefault true;
-      elif test -d /etc/nixos && rmdir --ignore-fail-on-non-empty /etc/nixos; then
-        ln -s ${flake} /etc/nixos
+    # Random perl remnants
-      fi
+    system.disableInstallerTools = lib.mkDefault true;
-    '';
+    programs.less.lessopen = lib.mkDefault null;
-  };
+    programs.command-not-found.enable = lib.mkDefault false;
+    boot.enableContainers = lib.mkDefault false;
+    boot.loader.grub.enable = lib.mkDefault false;
+    environment.defaultPackages = lib.mkDefault [ ];
+    documentation.info.enable = lib.mkDefault false;
+  }));
 }

diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix index 6aee221f..c2c821b7 100644 --- a/system-profiles/core/default.nix +++ b/system-profiles/core/default.nix
@@ -74,7 +74,7 @@ in {
74	};	74	};
75	in foldr (def: mergeConfig def.value) {};	75	in foldr (def: mergeConfig def.value) {};
76	};	76	};
77	description = mdDoc ''	77	description = ''
78	The configuration of the Nix Packages collection. (For	78	The configuration of the Nix Packages collection. (For
79	details, see the Nixpkgs documentation.) It allows you to set	79	details, see the Nixpkgs documentation.) It allows you to set
80	package configuration options.	80	package configuration options.
@@ -91,96 +91,113 @@ in {
91	};	91	};
92	};	92	};
93		93
94	config = {	94	config = foldr recursiveUpdate {} ([
95	networking.hostName = hostName;	95	{
96	system.configurationRevision = mkIf (flake ? rev) flake.rev;	96	networking.hostName = hostName;
		97	system.configurationRevision = mkIf (flake ? rev) flake.rev;
97		98
98	nixpkgs.pkgs = import (flakeInputs.${config.nixpkgs.flakeInput}.outPath + "/pkgs/top-level") {	99	nixpkgs.pkgs = import (flakeInputs.${config.nixpkgs.flakeInput}.outPath + "/pkgs/top-level") {
99	overlays = attrValues flake.overlays;	100	overlays = attrValues flake.overlays;
100	config = config.nixpkgs.externalConfig;	101	config = config.nixpkgs.externalConfig;
101	localSystem = config.nixpkgs.system;	102	localSystem = config.nixpkgs.system;
102	};	103	};
103		104
104	nix = {	105	nix = {
105	package = if builtins.hasAttr "latest" pkgs.nixVersions then pkgs.nixVersions.latest else pkgs.nixUnstable;	106	package = if builtins.hasAttr "latest" pkgs.nixVersions then pkgs.nixVersions.latest else pkgs.nixUnstable;
106	settings = {	107	settings = {
107	sandbox = true;	108	sandbox = true;
108	allowed-users = [ "*" ];	109	allowed-users = [ "*" ];
109	trusted-users = [ "root" "@wheel" ];	110	trusted-users = [ "root" "@wheel" ];
110		111
111	experimental-features = ["nix-command" "flakes" "auto-allocate-uids" "cgroups"];	112	experimental-features = ["nix-command" "flakes" "auto-allocate-uids" "cgroups"];
112	auto-allocate-uids = true;	113	auto-allocate-uids = true;
113	use-cgroups = true;	114	use-cgroups = true;
114	use-xdg-base-directories = true;	115	use-xdg-base-directories = true;
115		116
116	flake-registry = "${flakeInputs.flake-registry}/flake-registry.json";	117	flake-registry = "${flakeInputs.flake-registry}/flake-registry.json";
		118	};
		119	nixPath = [
		120	"nixpkgs=${pkgs.runCommand "nixpkgs" {} ''
		121	mkdir $out
		122	ln -s ${./nixpkgs.nix} $out/default.nix
		123	ln -s /run/nixpkgs/lib $out/lib
		124	''}"
		125	];
		126	registry =
		127	let override = { self = "nixos"; };
		128	in mapAttrs' (inpName: inpFlake: nameValuePair
		129	(override.${inpName} or inpName)
		130	{ flake = inpFlake; } ) flakeInputs;
117	};	131	};
118	nixPath = [	132
119	"nixpkgs=${pkgs.runCommand "nixpkgs" {} ''	133	systemd.tmpfiles.rules = [
120	mkdir $out	134	"L+ /run/nixpkgs - - - - ${flakeInputs.nixpkgs.outPath}"
121	ln -s ${./nixpkgs.nix} $out/default.nix	135	"L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" ''
122	ln -s /run/nixpkgs/lib $out/lib	136	with builtins;
		137
		138	attrValues (import
		139	(
		140	let lock = fromJSON (readFile ${flake + "/flake.lock"}); in
		141	fetchTarball {
		142	url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz";
		143	sha256 = lock.nodes.flake-compat.locked.narHash;
		144	}
		145	)
		146	{ src = ${flake}; }
		147	).defaultNix.overlays
123	''}"	148	''}"
		149	"L+ /etc/nixos - - - - ${flake}"
124	];	150	];
125	registry =
126	let override = { self = "nixos"; };
127	in mapAttrs' (inpName: inpFlake: nameValuePair
128	(override.${inpName} or inpName)
129	{ flake = inpFlake; } ) flakeInputs;
130	};
131
132	systemd.tmpfiles.rules = [
133	"L+ /run/nixpkgs - - - - ${flakeInputs.nixpkgs.outPath}"
134	"L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" ''
135	with builtins;
136
137	attrValues (import
138	(
139	let lock = fromJSON (readFile ${flake + "/flake.lock"}); in
140	fetchTarball {
141	url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz";
142	sha256 = lock.nodes.flake-compat.locked.narHash;
143	}
144	)
145	{ src = ${flake}; }
146	).defaultNix.overlays
147	''}"
148	];
149
150	users.mutableUsers = false;
151		151
152	# documentation.nixos.includeAllModules = true; # incompatible with home-manager (build fails)	152	users.mutableUsers = false;
153		153
154	home-manager = {	154	documentation.nixos = {
155	useGlobalPkgs = true; # Otherwise home-manager would only work impurely	155	includeAllModules = true;
156	useUserPackages = false;	156	options.warningsAreErrors = false;
157	backupFileExtension = "bak";	157	};
158	};
159		158
160	sops = mkIf hasSops {	159	home-manager = {
161	age = {	160	useGlobalPkgs = true; # Otherwise home-manager would only work impurely
162	keyFile = "/var/lib/sops-nix/key.txt";	161	useUserPackages = false;
163	generateKey = false;	162	backupFileExtension = "bak";
164	sshKeyPaths = [];
165	};	163	};
166	gnupg = {	164
167	home = null;	165	sops = mkIf hasSops {
168	sshKeyPaths = [];	166	age = {
		167	keyFile = "/var/lib/sops-nix/key.txt";
		168	generateKey = false;
		169	sshKeyPaths = [];
		170	};
		171	gnupg = {
		172	home = null;
		173	sshKeyPaths = [];
		174	};
169	};	175	};
170	};
171		176
172	programs.git = {	177	programs.git = {
173	enable = true;	178	enable = true;
174	lfs.enable = true;	179	lfs.enable = true;
		180	};
		181	environment.systemPackages = with pkgs; [ git-annex scutiger ];
		182	}
		183	] ++ (optional (options ? system.switch.enableNg) {
		184	system.switch = lib.mkDefault {
		185	enable = false;
		186	enableNg = true;
175	};	187	};
176	environment.systemPackages = with pkgs; [ git-annex scutiger ];	188	})
177		189	++ (optional (options ? system.etc) {
178	system.activationScripts.symlink-flake = ''	190	boot.initrd.systemd.enable = lib.mkDefault true;
179	if test -L /etc/nixos; then	191	system.etc.overlay.enable = lib.mkDefault true;
180	ln -nsf ${flake} /etc/nixos	192	systemd.sysusers.enable = lib.mkDefault true;
181	elif test -d /etc/nixos && rmdir --ignore-fail-on-non-empty /etc/nixos; then	193
182	ln -s ${flake} /etc/nixos	194	# Random perl remnants
183	fi	195	system.disableInstallerTools = lib.mkDefault true;
184	'';	196	programs.less.lessopen = lib.mkDefault null;
185	};	197	programs.command-not-found.enable = lib.mkDefault false;
		198	boot.enableContainers = lib.mkDefault false;
		199	boot.loader.grub.enable = lib.mkDefault false;
		200	environment.defaultPackages = lib.mkDefault [ ];
		201	documentation.info.enable = lib.mkDefault false;
		202	}));
186	}	203	}