{ flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }: let profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles; userProfileSet = customUtils.types.attrNameSet (lib.zipAttrs (lib.attrValues flake.nixosModules.userProfiles)); hasSops = config.sops.secrets != {}; in { imports = with flakeInputs; [ sops-nix.nixosModules.sops home-manager.nixosModules.home-manager ]; options = { # See mkSystemProfile in ../flake.nix system.profiles = lib.mkOption { type = profileSet; default = []; description = '' Set (list without duplicates) of ‘systemProfiles’ enabled for this host ''; }; users.users = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule { options.profiles = lib.mkOption { type = userProfileSet; default = []; description = '' Set (list without duplicates) of ‘userProfiles’ enabled for this user ''; }; }); }; }; config = { networking.hostName = hostName; system.configurationRevision = lib.mkIf (flake ? rev) flake.rev; nixpkgs.pkgs = flake.legacyPackages.${config.nixpkgs.system}.override { inherit (config.nixpkgs) config; localSystem = config.nixpkgs.system; }; nix = { package = pkgs.nixUnstable; settings = { sandbox = true; allowed-users = [ "*" ]; trusted-users = [ "root" "@wheel" ]; experimental-features = ["nix-command" "flakes" "auto-allocate-uids" "cgroups"]; auto-allocate-uids = true; use-cgroups = true; use-xdg-base-directories = true; flake-registry = "${flakeInputs.flake-registry}/flake-registry.json"; }; nixPath = [ "nixpkgs=${pkgs.runCommand "nixpkgs" {} '' mkdir $out ln -s ${./nixpkgs.nix} $out/default.nix ln -s /run/nixpkgs/lib $out/lib ''}" ]; registry = let override = { self = "nixos"; }; in lib.mapAttrs' (inpName: inpFlake: lib.nameValuePair (override.${inpName} or inpName) { flake = inpFlake; } ) flakeInputs; }; systemd.tmpfiles.rules = [ "L+ /run/nixpkgs - - - - ${flakeInputs.nixpkgs.outPath}" "L+ /run/nixpkgs-overlays.nix - - - - ${pkgs.writeText "overlays.nix" '' with builtins; attrValues (import ( let lock = fromJSON (readFile ${flake + "/flake.lock"}); in fetchTarball { url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz"; sha256 = lock.nodes.flake-compat.locked.narHash; } ) { src = ${flake}; } ).defaultNix.overlays ''}" ]; users.mutableUsers = false; # documentation.nixos.includeAllModules = true; # incompatible with home-manager (build fails) home-manager = { useGlobalPkgs = true; # Otherwise home-manager would only work impurely useUserPackages = false; backupFileExtension = "bak"; }; sops = lib.mkIf hasSops { age = { keyFile = "/var/lib/sops-nix/key.txt"; generateKey = false; sshKeyPaths = []; }; gnupg = { home = null; sshKeyPaths = []; }; }; programs.git = { enable = true; lfs.enable = true; }; system.activationScripts.symlink-flake = '' if test -L /etc/nixos; then ln -nsf ${flake} /etc/nixos elif test -d /etc/nixos && rmdir --ignore-fail-on-non-empty /etc/nixos; then ln -s ${flake} /etc/nixos fi ''; }; }