From 47f8d03ecb9efe39045630a1ebdcbc1c5a8f424e Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 21 Mar 2023 15:46:26 +0100 Subject: funky NIX_PATH --- system-profiles/core/default.nix | 115 +++++++++++++++++++++++++++++++++++++++ system-profiles/core/nixpkgs.nix | 6 ++ 2 files changed, 121 insertions(+) create mode 100644 system-profiles/core/default.nix create mode 100644 system-profiles/core/nixpkgs.nix (limited to 'system-profiles/core') diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix new file mode 100644 index 00000000..1368b54f --- /dev/null +++ b/system-profiles/core/default.nix @@ -0,0 +1,115 @@ +{ flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }: +let + profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles; + userProfileSet = customUtils.types.attrNameSet (lib.zipAttrs (lib.attrValues flake.nixosModules.userProfiles)); + hasSops = config.sops.secrets != {}; +in { + imports = with flakeInputs; + [ sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + ]; + + options = { + # See mkSystemProfile in ../flake.nix + system.profiles = lib.mkOption { + type = profileSet; + default = []; + description = '' + Set (list without duplicates) of ‘systemProfiles’ enabled for this host + ''; + }; + + users.users = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { + options.profiles = lib.mkOption { + type = userProfileSet; + default = []; + description = '' + Set (list without duplicates) of ‘userProfiles’ enabled for this user + ''; + }; + }); + }; + }; + + config = { + networking.hostName = hostName; + system.configurationRevision = lib.mkIf (flake ? rev) flake.rev; + + nixpkgs.pkgs = flake.legacyPackages.${config.nixpkgs.system}.override { + inherit (config.nixpkgs) config; + localSystem = config.nixpkgs.system; + }; + + nix = { + package = pkgs.nixUnstable; + settings = { + sandbox = true; + allowed-users = [ "*" ]; + trusted-users = [ "root" "@wheel" ]; + + flake-registry = "${flakeInputs.flake-registry}/flake-registry.json"; + }; + extraOptions = '' + experimental-features = nix-command flakes + ''; + nixPath = [ + "nixpkgs=${./nixpkgs.nix}" + ]; + registry = + let override = { self = "nixos"; }; + in lib.mapAttrs' (inpName: inpFlake: lib.nameValuePair + (override.${inpName} or inpName) + { flake = inpFlake; } ) flakeInputs; + }; + + systemd.tmpfiles.rules = [ + "L+ /run/nixpkgs - - - - ${flakeInputs.nixpkgs.outPath}" + "L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" '' + with builtins; + + attrValues (import + ( + let lock = fromJSON (readFile ${flake + "/flake.lock"}); in + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + { src = ${flake}; } + ).defaultNix.overlays + ''}" + ]; + + users.mutableUsers = false; + + # documentation.nixos.includeAllModules = true; # incompatible with home-manager (build fails) + + home-manager = { + useGlobalPkgs = true; # Otherwise home-manager would only work impurely + useUserPackages = false; + }; + + sops = lib.mkIf hasSops { + age = { + keyFile = "/var/lib/sops-nix/key.txt"; + generateKey = false; + sshKeyPaths = []; + }; + gnupg = { + home = null; + sshKeyPaths = []; + }; + }; + + environment.systemPackages = [ pkgs.git ] ++ lib.optional hasSops pkgs.gnupg; + + system.activationScripts.symlink-flake = '' + if test -L /etc/nixos; then + ln -nsf ${flake} /etc/nixos + elif test -d /etc/nixos && rmdir --ignore-fail-on-non-empty /etc/nixos; then + ln -s ${flake} /etc/nixos + fi + ''; + }; +} diff --git a/system-profiles/core/nixpkgs.nix b/system-profiles/core/nixpkgs.nix new file mode 100644 index 00000000..43bdae4d --- /dev/null +++ b/system-profiles/core/nixpkgs.nix @@ -0,0 +1,6 @@ +args@{ + overlays ? import /run/nixpkgs-overlays.nix, + ... +}: + +import /run/nixpkgs (args // { inherit overlays; }) -- cgit v1.2.3