From a05e0614c1bb75f77717a943dc4ac75a0cca4652 Mon Sep 17 00:00:00 2001 From: Preston Pan Date: Sun, 1 Mar 2026 23:51:02 -0800 Subject: add everything; add CI --- nix/flake.nix | 217 +++++++++++++++++++++++++++++++++------------------------- 1 file changed, 124 insertions(+), 93 deletions(-) (limited to 'nix/flake.nix') diff --git a/nix/flake.nix b/nix/flake.nix index 86ce7ac..4ad9dd8 100644 --- a/nix/flake.nix +++ b/nix/flake.nix @@ -18,18 +18,18 @@ }; home-manager = { - url = "github:nix-community/home-manager/release-25.05"; - inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/home-manager/release-25.05"; + inputs.nixpkgs.follows = "nixpkgs"; }; disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; }; lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.1"; - inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/lanzaboote/v0.4.1"; + inputs.nixpkgs.follows = "nixpkgs"; }; nixos-dns = { @@ -48,22 +48,23 @@ }; }; - outputs = { - self, - nixpkgs, - home-manager, - nur, - disko, - lanzaboote, - sops-nix, - nix-topology, - nixos-dns, - deep-research, - impermanence, - nixpak, - ... - } - @attrs: + outputs = + { self + , nixpkgs + , home-manager + , nur + , disko + , lanzaboote + , sops-nix + , nix-topology + , nixos-dns + , deep-research + , impermanence + , nixpak + , git-hooks + , ... + } + @attrs: let vars = import ./flakevars.nix; system = "x86_64-linux"; @@ -89,38 +90,41 @@ value = nixpkgs.lib.nixosSystem { system = hostSystem; specialArgs = attrs; - modules = if (hostname == "installer") then [ - (./. + "/systems/${hostname}/default.nix") - { networking.hostName = "${hostname}"; } - nix-topology.nixosModules.default - ] else (if isRpi then [ - (./. + "/systems/${hostname}/default.nix") - disko.nixosModules.disko - home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops - lanzaboote.nixosModules.lanzaboote - ] else ([ - { - environment.systemPackages = with nixpkgs.lib; [ - deep-research.packages."${system}".deep-research - ]; - } - impermanence.nixosModules.impermanence - nix-topology.nixosModules.default - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops - nixos-dns.nixosModules.dns - { - nixpkgs.overlays = [ nur.overlays.default ]; - home-manager.extraSpecialArgs = attrs // { - systemHostName = "${hostname}"; - }; - networking.hostName = "${hostname}"; - } - (./. + "/systems/${hostname}/default.nix") - ])); + modules = + if (hostname == "installer") then [ + (./. + "/systems/${hostname}/default.nix") + { networking.hostName = "${hostname}"; } + nix-topology.nixosModules.default + ] else + (if isRpi then [ + (./. + "/systems/${hostname}/default.nix") + disko.nixosModules.disko + home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops + lanzaboote.nixosModules.lanzaboote + ] else + ([ + { + environment.systemPackages = with nixpkgs.lib; [ + deep-research.packages."${system}".deep-research + ]; + } + impermanence.nixosModules.impermanence + nix-topology.nixosModules.default + lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko + home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops + nixos-dns.nixosModules.dns + { + nixpkgs.overlays = [ nur.overlays.default ]; + home-manager.extraSpecialArgs = attrs // { + systemHostName = "${hostname}"; + }; + networking.hostName = "${hostname}"; + } + (./. + "/systems/${hostname}/default.nix") + ])); }; }); @@ -128,54 +132,81 @@ name = "${hostname}"; value = self.nixosConfigurations."${hostname}".config.monorepo.vars.diskoSpec; }); - in - { - nixosConfigurations = builtins.listToAttrs (mkConfigs vars.hostnames); - - evalDisko = builtins.listToAttrs (mkDiskoFiles (builtins.filter (x: x != "installer") vars.hostnames)); - topology."${system}" = import nix-topology { - pkgs = import nixpkgs { - inherit system; - overlays = [ nix-topology.overlays.default ]; + pre-commit-check = git-hooks.lib.${system}.run { + src = ./.; + hooks = { + # 1. Formatting + nixpkgs-fmt.enable = false; + + # 2. Linting + statix.enable = true; + deadnix.enable = true; + + # 3. Custom VM Boot Check (The "Integration" part) + # This runs the build-vm derivation to ensure it compiles + vm-build-check = { + enable = true; + name = "vps-vm-build"; + description = "Ensure VPS configuration is buildable as a VM"; + entry = "nix build .#nixosConfigurations.vps.config.system.build.vm --no-link"; + pass_filenames = false; }; - modules = [ - ./topology/default.nix - { nixosConfigurations = self.nixosConfigurations; } - ]; }; + }; + in + { + checks."${system}" = { + inherit pre-commit-check; + }; + + nixosConfigurations = builtins.listToAttrs (mkConfigs vars.hostnames); - devShell."${system}" = with pkgs; mkShell { - buildInputs = [ - fira-code - python3 - poetry - statix - deadnix - ]; + evalDisko = builtins.listToAttrs (mkDiskoFiles (builtins.filter (x: x != "installer") vars.hostnames)); + + topology."${system}" = import nix-topology { + pkgs = import nixpkgs { + inherit system; + overlays = [ nix-topology.overlays.default ]; }; + modules = [ + ./topology/default.nix + { nixosConfigurations = self.nixosConfigurations; } + ]; + }; + + devShell."${system}" = with pkgs; mkShell { + inherit (pre-commit-check) shellHook; + buildInputs = [ + fira-code + python3 + poetry + statix + deadnix + ]; + }; + + packages."${system}" = { + zoneFiles = generate.zoneFiles dnsConfig; + octodns = generate.octodnsConfig { + inherit dnsConfig; - packages."${system}" = { - zoneFiles = generate.zoneFiles dnsConfig; - octodns = generate.octodnsConfig { - inherit dnsConfig; - - config = { - providers = { - cloudflare = { - class = "octodns_cloudflare.CloudflareProvider"; - token = "env/CLOUDFLARE_TOKEN"; - }; - config = { - check_origin = false; - }; + config = { + providers = { + cloudflare = { + class = "octodns_cloudflare.CloudflareProvider"; + token = "env/CLOUDFLARE_TOKEN"; + }; + config = { + check_origin = false; }; - }; - zones = { - "${vars.remoteHost}." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ]; - "${vars.orgHost}." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ]; }; }; + zones = { + "${vars.remoteHost}." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ]; + "${vars.orgHost}." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ]; + }; }; }; + }; } -- cgit v1.3