full restructure of flake.nix

- split flake into "submodules" - make "submodules" independent of system
1 year ago · e9255c43d0
parent 08e73d0dec
commit e9255c43d0
5 changed files with 123 additions and 75 deletions
--- a/flake.nix
+++ b/flake.nix
@ -57,16 +57,14 @@
          outputs # evaluated outputs
          ;
      };
-      # constants
-      system = "x86_64-linux";
-      # package repositories
-      pkgs = import inputs.nixpkgs { inherit system; };
-      pkgs_unstable = import inputs.nixpkgs_unstable { inherit system; };
+      importFlakeMod = path: import path flakeArg;
+      importFlakeModWithSystem = path: lib.forAllSystems (importFlakeMod path);
    in
    {

-      # shortcut to fully configured secrix
-      apps.x86_64-linux.secrix = inputs.secrix.secrix self;
+      apps = importFlakeModWithSystem ./nix/apps;
+
+      devShells = importFlakeModWithSystem ./nix/devShells;

      homeManagerModules = {
        # combination of all my custom modules
@ -74,7 +72,7 @@
        default.imports = [ ./nix/hmModules ];
      };

-      lib = import ./nix/lib flakeArg;
+      lib = importFlakeMod ./nix/lib;

      nixosConfigurations =
        let
@ -178,12 +176,7 @@

        # this one also includes required dependencies from flake inputs
        withDepends =
-          {
-            config,
-            lib,
-            pkgs,
-            ...
-          }:
+          { config, pkgs, ... }:
          {
            imports = [
              inputs.disko.nixosModules.disko
@ -196,7 +189,9 @@
              nixpkgs.overlays = [
                # TODO until 24.11
                (lib.mkIf (!lib.versionAtLeast lib.version "24.11") (
-                  final: prev: { inherit (pkgs_unstable) nixfmt-rfc-style wcurl; }
+                  final: prev: {
+                    inherit ((lib.systemSpecificVars pkgs.system).pkgs_unstable) nixfmt-rfc-style wcurl;
+                  }
                ))
              ];
            };
@ -204,68 +199,9 @@

      };

-      packages."${system}".secrix-wrapper = pkgs.writeShellApplication {
-        name = "secr";
-        text = ''
-          secrix() {
-            set -x
-            exec ${outputs.apps.${system}.secrix.program} "$@"
-          }
-
-          help() {
-            echo "Usages:"
-            echo "  $0 [create|rekey|edit|encrypt] <system> [<args> …] <file>"
-            echo "  $0 decrypt [<args> …] <file>"
-          }
-
-          main() {
-            if [[ $# -lt 1 ]]; then
-              help
-              exit 0
-            fi
-            cmd="$1"
-            shift 1
-            case "$cmd" in
-              help|-h|--help)
-                help
-                ;;
-              create)
-                secrix "$cmd" --all-users --system "$@"
-                ;;
-              rekey|edit)
-                secrix "$cmd" --identity "$SECRIX_ID" --all-users --system "$@"
-                ;;
-              encrypt)
-                secrix "$cmd" --all-users --system "$@"
-                ;;
-              decrypt)
-                secrix "$cmd" --identity "$SECRIX_ID" "$@"
-                ;;
-            esac
-          }

-          main "$@"
-        '';
-      };

-      devShells."${system}".default =
-        let
-          pkgs = pkgs_unstable;
-        in
-        pkgs.mkShell {
-          packages = with pkgs; [
-            curl
-            rsync
-            opentofu
-            terranix
-            # tooling for services
-            outputs.packages.${system}.secrix-wrapper
-            wireguard-tools
-          ];
-          shellHook = ''
-            export SECRIX_ID=~/".ssh/id_ed25519"
-          '';
-        };
+      packages = importFlakeModWithSystem ./nix/packages;

    };
 }
--- a/nix/apps/default.nix
+++ b/nix/apps/default.nix
@ -0,0 +1,17 @@
+{
+  inputs,
+  lib,
+  self,
+  ...
+}@flakeArg:
+{ system, ... }@sysArg:
+{
+
+  # shortcut to fully configured secrix
+  secrix =
+    assert lib.assertMsg (system == "x86_64-linux") ''
+      secrix is currently only compatible with x86_64-linux
+    '';
+    inputs.secrix.secrix self;
+
+}
--- a/nix/devShells/default.nix
+++ b/nix/devShells/default.nix
@ -0,0 +1,27 @@
+{ outputs, ... }@flakeArg:
+{ pkgs_unstable, system, ... }@sysArg:
+let
+  pkgs = pkgs_unstable;
+in
+{
+  default = pkgs.mkShell {
+    packages =
+      (with pkgs; [
+        curl
+        mkpasswd
+        rsync
+        opentofu
+        terranix
+        # tooling for services
+        wireguard-tools
+      ])
+      ++ [
+        # flake stuff
+        outputs.packages.${system}.secrix-wrapper
+      ];
+    # TODO magic
+    shellHook = ''
+      export SECRIX_ID=~/".ssh/id_ed25519"
+    '';
+  };
+}
--- a/nix/lib/default.nix
+++ b/nix/lib/default.nix
@ -6,4 +6,15 @@ in
 nixpkgs.lib
 // {

+  supportedSystems = builtins.attrNames inputs.nixpkgs.legacyPackages;
+
+  systemSpecificVars = system: {
+    pkgs = import inputs.nixpkgs { inherit system; };
+    pkgs_unstable = import inputs.nixpkgs_unstable { inherit system; };
+    inherit system;
+  };
+
+  forAllSystems =
+    gen: inputs.nixpkgs.lib.genAttrs lib.supportedSystems (system: gen (lib.systemSpecificVars system));
+
 }
--- a/nix/packages/default.nix
+++ b/nix/packages/default.nix
@ -0,0 +1,57 @@
+{ lib, outputs, ... }@flakeArg:
+{ pkgs, system, ... }@sysArg:
+let
+  inherit (lib) assertMsg;
+in
+{
+
+  secrix-wrapper =
+    assert assertMsg (system == "x86_64-linux") "secrix is currently only compatible with x86_64-linux";
+    let
+      secrixExe = outputs.apps.${system}.secrix.program;
+    in
+    pkgs.writeShellApplication {
+      name = "secr";
+      text = ''
+        secrix() {
+          set -x
+          exec ${secrixExe} "$@"
+        }
+
+        help() {
+          echo "Usages:"
+          echo "  $0 [create|rekey|edit|encrypt] <system> [<args> …] <file>"
+          echo "  $0 decrypt [<args> …] <file>"
+        }
+
+        main() {
+          if [[ $# -lt 1 ]]; then
+            help
+            exit 0
+          fi
+          cmd="$1"
+          shift 1
+          case "$cmd" in
+            help|-h|--help)
+              help
+              ;;
+            create)
+              secrix "$cmd" --all-users --system "$@"
+              ;;
+            rekey|edit)
+              secrix "$cmd" --identity "$SECRIX_ID" --all-users --system "$@"
+              ;;
+            encrypt)
+              secrix "$cmd" --all-users --system "$@"
+              ;;
+            decrypt)
+              secrix "$cmd" --identity "$SECRIX_ID" "$@"
+              ;;
+          esac
+        }
+
+        main "$@"
+      '';
+    };
+
+}