full restructure of flake.nix

- split flake into "submodules"
- make "submodules" independent of system
main
Felix Stupp 2 months ago
parent 08e73d0dec
commit e9255c43d0
Signed by: zocker
GPG Key ID: 93E1BD26F6B02FB7

@ -57,16 +57,14 @@
outputs # evaluated outputs outputs # evaluated outputs
; ;
}; };
# constants importFlakeMod = path: import path flakeArg;
system = "x86_64-linux"; importFlakeModWithSystem = path: lib.forAllSystems (importFlakeMod path);
# package repositories
pkgs = import inputs.nixpkgs { inherit system; };
pkgs_unstable = import inputs.nixpkgs_unstable { inherit system; };
in in
{ {
# shortcut to fully configured secrix apps = importFlakeModWithSystem ./nix/apps;
apps.x86_64-linux.secrix = inputs.secrix.secrix self;
devShells = importFlakeModWithSystem ./nix/devShells;
homeManagerModules = { homeManagerModules = {
# combination of all my custom modules # combination of all my custom modules
@ -74,7 +72,7 @@
default.imports = [ ./nix/hmModules ]; default.imports = [ ./nix/hmModules ];
}; };
lib = import ./nix/lib flakeArg; lib = importFlakeMod ./nix/lib;
nixosConfigurations = nixosConfigurations =
let let
@ -178,12 +176,7 @@
# this one also includes required dependencies from flake inputs # this one also includes required dependencies from flake inputs
withDepends = withDepends =
{ { config, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
imports = [ imports = [
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
@ -196,7 +189,9 @@
nixpkgs.overlays = [ nixpkgs.overlays = [
# TODO until 24.11 # TODO until 24.11
(lib.mkIf (!lib.versionAtLeast lib.version "24.11") ( (lib.mkIf (!lib.versionAtLeast lib.version "24.11") (
final: prev: { inherit (pkgs_unstable) nixfmt-rfc-style wcurl; } final: prev: {
inherit ((lib.systemSpecificVars pkgs.system).pkgs_unstable) nixfmt-rfc-style wcurl;
}
)) ))
]; ];
}; };
@ -204,68 +199,9 @@
}; };
packages."${system}".secrix-wrapper = pkgs.writeShellApplication {
name = "secr";
text = ''
secrix() {
set -x
exec ${outputs.apps.${system}.secrix.program} "$@"
}
help() {
echo "Usages:"
echo " $0 [create|rekey|edit|encrypt] <system> [<args> ] <file>"
echo " $0 decrypt [<args> ] <file>"
}
main() {
if [[ $# -lt 1 ]]; then
help
exit 0
fi
cmd="$1"
shift 1
case "$cmd" in
help|-h|--help)
help
;;
create)
secrix "$cmd" --all-users --system "$@"
;;
rekey|edit)
secrix "$cmd" --identity "$SECRIX_ID" --all-users --system "$@"
;;
encrypt)
secrix "$cmd" --all-users --system "$@"
;;
decrypt)
secrix "$cmd" --identity "$SECRIX_ID" "$@"
;;
esac
}
main "$@"
'';
};
devShells."${system}".default = packages = importFlakeModWithSystem ./nix/packages;
let
pkgs = pkgs_unstable;
in
pkgs.mkShell {
packages = with pkgs; [
curl
rsync
opentofu
terranix
# tooling for services
outputs.packages.${system}.secrix-wrapper
wireguard-tools
];
shellHook = ''
export SECRIX_ID=~/".ssh/id_ed25519"
'';
};
}; };
} }

@ -0,0 +1,17 @@
{
inputs,
lib,
self,
...
}@flakeArg:
{ system, ... }@sysArg:
{
# shortcut to fully configured secrix
secrix =
assert lib.assertMsg (system == "x86_64-linux") ''
secrix is currently only compatible with x86_64-linux
'';
inputs.secrix.secrix self;
}

@ -0,0 +1,27 @@
{ outputs, ... }@flakeArg:
{ pkgs_unstable, system, ... }@sysArg:
let
pkgs = pkgs_unstable;
in
{
default = pkgs.mkShell {
packages =
(with pkgs; [
curl
mkpasswd
rsync
opentofu
terranix
# tooling for services
wireguard-tools
])
++ [
# flake stuff
outputs.packages.${system}.secrix-wrapper
];
# TODO magic
shellHook = ''
export SECRIX_ID=~/".ssh/id_ed25519"
'';
};
}

@ -6,4 +6,15 @@ in
nixpkgs.lib nixpkgs.lib
// { // {
supportedSystems = builtins.attrNames inputs.nixpkgs.legacyPackages;
systemSpecificVars = system: {
pkgs = import inputs.nixpkgs { inherit system; };
pkgs_unstable = import inputs.nixpkgs_unstable { inherit system; };
inherit system;
};
forAllSystems =
gen: inputs.nixpkgs.lib.genAttrs lib.supportedSystems (system: gen (lib.systemSpecificVars system));
} }

@ -0,0 +1,57 @@
{ lib, outputs, ... }@flakeArg:
{ pkgs, system, ... }@sysArg:
let
inherit (lib) assertMsg;
in
{
secrix-wrapper =
assert assertMsg (system == "x86_64-linux") "secrix is currently only compatible with x86_64-linux";
let
secrixExe = outputs.apps.${system}.secrix.program;
in
pkgs.writeShellApplication {
name = "secr";
text = ''
secrix() {
set -x
exec ${secrixExe} "$@"
}
help() {
echo "Usages:"
echo " $0 [create|rekey|edit|encrypt] <system> [<args> ] <file>"
echo " $0 decrypt [<args> ] <file>"
}
main() {
if [[ $# -lt 1 ]]; then
help
exit 0
fi
cmd="$1"
shift 1
case "$cmd" in
help|-h|--help)
help
;;
create)
secrix "$cmd" --all-users --system "$@"
;;
rekey|edit)
secrix "$cmd" --identity "$SECRIX_ID" --all-users --system "$@"
;;
encrypt)
secrix "$cmd" --all-users --system "$@"
;;
decrypt)
secrix "$cmd" --identity "$SECRIX_ID" "$@"
;;
esac
}
main "$@"
'';
};
}
Loading…
Cancel
Save