blob: 158757d1357d2722a7d8f94304069b18b4285611 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
{ flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }:
let
profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles;
userProfileSet = customUtils.types.attrNameSet (lib.zipAttrs (lib.attrValues flake.nixosModules.userProfiles));
hasSops = config.sops.secrets != {};
in {
imports = with flakeInputs;
[ sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
];
options = {
# See mkSystemProfile in ../flake.nix
system.profiles = lib.mkOption {
type = profileSet;
default = [];
description = ''
Set (list without duplicates) of ‘systemProfiles’ enabled for this host
'';
};
users.users = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
options.profiles = lib.mkOption {
type = userProfileSet;
default = [];
description = ''
Set (list without duplicates) of ‘userProfiles’ enabled for this user
'';
};
});
};
};
config = {
networking.hostName = hostName;
system.configurationRevision = lib.mkIf (flake ? rev) flake.rev;
nixpkgs.pkgs = import flake.legacyPackages.${config.nixpkgs.system}.path {
inherit (config.nixpkgs) system config;
overlays = lib.attrValues flake.overlays;
};
nix = {
package = pkgs.nixUnstable;
useSandbox = true;
allowedUsers = [ "*" ];
trustedUsers = [ "root" "@wheel" ];
extraOptions = ''
experimental-features = nix-command flakes ca-references
'';
nixPath = [
"nixpkgs=${flakeInputs.nixpkgs.legacyPackages.${config.nixpkgs.system}.path}"
"nixpkgs-overlays=${flake.overlays-path.${config.nixpkgs.system}}"
];
registry = {
nixpkgs.flake = flakeInputs.nixpkgs;
home-manager.flake = flakeInputs.home-manager;
sops-nix.flake = flakeInputs.sops-nix;
nixos.flake = flake;
};
};
users.mutableUsers = false;
# documentation.nixos.includeAllModules = true; # incompatible with home-manager (build fails)
home-manager = {
useGlobalPkgs = true; # Otherwise home-manager would only work impurely
useUserPackages = true;
};
sops = lib.mkIf hasSops {
gnupgHome = "/root/.gnupg";
sshKeyPaths = [];
};
environment.systemPackages = [ pkgs.git ] ++ lib.optional hasSops pkgs.gnupg;
};
}
|