diff --git a/flake.nix b/flake.nix index 253ec4b..483d48c 100644 --- a/flake.nix +++ b/flake.nix @@ -57,16 +57,14 @@ outputs # evaluated outputs ; }; - # constants - system = "x86_64-linux"; - # package repositories - pkgs = import inputs.nixpkgs { inherit system; }; - pkgs_unstable = import inputs.nixpkgs_unstable { inherit system; }; + importFlakeMod = path: import path flakeArg; + importFlakeModWithSystem = path: lib.forAllSystems (importFlakeMod path); in { - # shortcut to fully configured secrix - apps.x86_64-linux.secrix = inputs.secrix.secrix self; + apps = importFlakeModWithSystem ./nix/apps; + + devShells = importFlakeModWithSystem ./nix/devShells; homeManagerModules = { # combination of all my custom modules @@ -74,7 +72,7 @@ default.imports = [ ./nix/hmModules ]; }; - lib = import ./nix/lib flakeArg; + lib = importFlakeMod ./nix/lib; nixosConfigurations = let @@ -178,12 +176,7 @@ # this one also includes required dependencies from flake inputs withDepends = - { - config, - lib, - pkgs, - ... - }: + { config, pkgs, ... }: { imports = [ inputs.disko.nixosModules.disko @@ -196,7 +189,9 @@ nixpkgs.overlays = [ # TODO until 24.11 (lib.mkIf (!lib.versionAtLeast lib.version "24.11") ( - final: prev: { inherit (pkgs_unstable) nixfmt-rfc-style wcurl; } + final: prev: { + inherit ((lib.systemSpecificVars pkgs.system).pkgs_unstable) nixfmt-rfc-style wcurl; + } )) ]; }; @@ -204,68 +199,9 @@ }; - packages."${system}".secrix-wrapper = pkgs.writeShellApplication { - name = "secr"; - text = '' - secrix() { - set -x - exec ${outputs.apps.${system}.secrix.program} "$@" - } - - help() { - echo "Usages:" - echo " $0 [create|rekey|edit|encrypt] [ …] " - echo " $0 decrypt [ …] " - } - - main() { - if [[ $# -lt 1 ]]; then - help - exit 0 - fi - cmd="$1" - shift 1 - case "$cmd" in - help|-h|--help) - help - ;; - create) - secrix "$cmd" --all-users --system "$@" - ;; - rekey|edit) - secrix "$cmd" --identity "$SECRIX_ID" --all-users --system "$@" - ;; - encrypt) - secrix "$cmd" --all-users --system "$@" - ;; - decrypt) - secrix "$cmd" --identity "$SECRIX_ID" "$@" - ;; - esac - } - main "$@" - ''; - }; - devShells."${system}".default = - let - pkgs = pkgs_unstable; - in - pkgs.mkShell { - packages = with pkgs; [ - curl - rsync - opentofu - terranix - # tooling for services - outputs.packages.${system}.secrix-wrapper - wireguard-tools - ]; - shellHook = '' - export SECRIX_ID=~/".ssh/id_ed25519" - ''; - }; + packages = importFlakeModWithSystem ./nix/packages; }; } diff --git a/nix/apps/default.nix b/nix/apps/default.nix new file mode 100644 index 0000000..cb338ea --- /dev/null +++ b/nix/apps/default.nix @@ -0,0 +1,17 @@ +{ + inputs, + lib, + self, + ... +}@flakeArg: +{ system, ... }@sysArg: +{ + + # shortcut to fully configured secrix + secrix = + assert lib.assertMsg (system == "x86_64-linux") '' + secrix is currently only compatible with x86_64-linux + ''; + inputs.secrix.secrix self; + +} diff --git a/nix/devShells/default.nix b/nix/devShells/default.nix new file mode 100644 index 0000000..85ca56f --- /dev/null +++ b/nix/devShells/default.nix @@ -0,0 +1,27 @@ +{ outputs, ... }@flakeArg: +{ pkgs_unstable, system, ... }@sysArg: +let + pkgs = pkgs_unstable; +in +{ + default = pkgs.mkShell { + packages = + (with pkgs; [ + curl + mkpasswd + rsync + opentofu + terranix + # tooling for services + wireguard-tools + ]) + ++ [ + # flake stuff + outputs.packages.${system}.secrix-wrapper + ]; + # TODO magic + shellHook = '' + export SECRIX_ID=~/".ssh/id_ed25519" + ''; + }; +} diff --git a/nix/lib/default.nix b/nix/lib/default.nix index 27b5b76..939f1ed 100644 --- a/nix/lib/default.nix +++ b/nix/lib/default.nix @@ -6,4 +6,15 @@ in nixpkgs.lib // { + supportedSystems = builtins.attrNames inputs.nixpkgs.legacyPackages; + + systemSpecificVars = system: { + pkgs = import inputs.nixpkgs { inherit system; }; + pkgs_unstable = import inputs.nixpkgs_unstable { inherit system; }; + inherit system; + }; + + forAllSystems = + gen: inputs.nixpkgs.lib.genAttrs lib.supportedSystems (system: gen (lib.systemSpecificVars system)); + } diff --git a/nix/packages/default.nix b/nix/packages/default.nix new file mode 100644 index 0000000..8879a1d --- /dev/null +++ b/nix/packages/default.nix @@ -0,0 +1,57 @@ +{ lib, outputs, ... }@flakeArg: +{ pkgs, system, ... }@sysArg: +let + inherit (lib) assertMsg; +in +{ + + secrix-wrapper = + assert assertMsg (system == "x86_64-linux") "secrix is currently only compatible with x86_64-linux"; + let + secrixExe = outputs.apps.${system}.secrix.program; + in + pkgs.writeShellApplication { + name = "secr"; + text = '' + secrix() { + set -x + exec ${secrixExe} "$@" + } + + help() { + echo "Usages:" + echo " $0 [create|rekey|edit|encrypt] [ …] " + echo " $0 decrypt [ …] " + } + + main() { + if [[ $# -lt 1 ]]; then + help + exit 0 + fi + cmd="$1" + shift 1 + case "$cmd" in + help|-h|--help) + help + ;; + create) + secrix "$cmd" --all-users --system "$@" + ;; + rekey|edit) + secrix "$cmd" --identity "$SECRIX_ID" --all-users --system "$@" + ;; + encrypt) + secrix "$cmd" --all-users --system "$@" + ;; + decrypt) + secrix "$cmd" --identity "$SECRIX_ID" "$@" + ;; + esac + } + + main "$@" + ''; + }; + +}