{
description = "Starter Configuration with secrets for MacOS and NixOS";
inputs = {
nixpkgs = {
url = "github:nixos/nixpkgs/nixos-unstable";
};
home-manager = {
url = "github:nix-community/home-manager";
};
nixd = {
url = "github:nix-community/nixd";
};
darwin = {
url = "github:LnL7/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-homebrew = {
url = "github:zhaofengli-wip/nix-homebrew";
};
homebrew-bundle = {
url = "github:homebrew/homebrew-bundle";
flake = false;
};
homebrew-core = {
url = "github:homebrew/homebrew-core";
flake = false;
};
homebrew-cask = {
url = "github:homebrew/homebrew-cask";
flake = false;
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
secrets = {
url = "git@git.kolkman.org:olaf/nix-config-secrets.git";
flake = false;
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
darwin,
nix-homebrew,
homebrew-bundle,
homebrew-core,
homebrew-cask,
home-manager,
nixpkgs,
disko,
secrets,
nixd,
sops-nix,
}@inputs:
let
user = "olaf";
linuxSystems = [
"x86_64-linux"
"aarch64-linux"
];
darwinSystems = [
"aarch64-darwin"
"x86_64-darwin"
];
forAllSystems = f: nixpkgs.lib.genAttrs (linuxSystems ++ darwinSystems) f;
devShell =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
default =
with pkgs;
mkShell {
nativeBuildInputs = with pkgs; [
bashInteractive
git
];
shellHook = with pkgs; ''
export EDITOR=vim
'';
buildInputs = with pkgs; [
rnix-lsp
];
};
};
mkApp = scriptName: system: {
type = "app";
program = "${
(nixpkgs.legacyPackages.${system}.writeScriptBin scriptName ''
#!/usr/bin/env bash
PATH=${nixpkgs.legacyPackages.${system}.git}/bin:$PATH
echo "Running ${scriptName} for ${system}"
sudo chmod +x ${self}/apps/${system}/${scriptName}
exec ${self}/apps/${system}/${scriptName}
'')
}/bin/${scriptName}";
};
mkLinuxApps = system: {
"apply" = mkApp "apply" system;
"build-switch" = mkApp "build-switch" system;
"copy-keys" = mkApp "copy-keys" system;
"create-keys" = mkApp "create-keys" system;
"check-keys" = mkApp "check-keys" system;
"install" = mkApp "install" system;
"install-with-secrets" = mkApp "install-with-secrets" system;
};
mkDarwinApps = system: {
"apply" = mkApp "apply" system;
"build" = mkApp "build" system;
"build-switch" = mkApp "build-switch" system;
"copy-keys" = mkApp "copy-keys" system;
"create-keys" = mkApp "create-keys" system;
"check-keys" = mkApp "check-keys" system;
"rollback" = mkApp "rollback" system;
};
in
{
devShells = forAllSystems devShell;
apps =
nixpkgs.lib.genAttrs linuxSystems mkLinuxApps
// nixpkgs.lib.genAttrs darwinSystems mkDarwinApps;
darwinConfigurations = nixpkgs.lib.genAttrs darwinSystems (
system:
darwin.lib.darwinSystem {
inherit system;
specialArgs = inputs;
modules = [
# sops-nix.nixosModules.sops
home-manager.darwinModules.home-manager
nix-homebrew.darwinModules.nix-homebrew
{
nix-homebrew = {
inherit user;
enable = true;
taps = {
"homebrew/homebrew-core" = homebrew-core;
"homebrew/homebrew-cask" = homebrew-cask;
"homebrew/homebrew-bundle" = homebrew-bundle;
};
mutableTaps = false;
autoMigrate = true;
};
}
./hosts/darwin
];
}
);
nixosConfigurations = nixpkgs.lib.genAttrs linuxSystems (
system:
nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = inputs;
modules = [
sops-nix.nixosModules.sops
disko.nixosModules.disko
home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.${user} = import ./modules/nixos/home-manager.nix;
};
}
./hosts/nixos
];
}
);
};
}