134 lines
4.0 KiB
Nix
134 lines
4.0 KiB
Nix
{
|
|
description = "Nixos config flake test";
|
|
|
|
inputs = {
|
|
# nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
|
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
|
|
# Snowfallorg's Flake utility
|
|
snowfall-lib = {
|
|
url = "github:snowfallorg/lib";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
game-of-life.url = "github:local-interloper/game-of-life";
|
|
nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic";
|
|
# Add sops-nix for secrets management
|
|
sops-nix = {
|
|
url = "github:mic92/sops-nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
zen-browser.url = "github:0xc000022070/zen-browser-flake";
|
|
home-manager = {
|
|
url = "github:nix-community/home-manager";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
trilium-next-pr.url = "github:FliegendeWurst/nixpkgs/trilium-next";
|
|
lanzaboote = {
|
|
url = "github:nix-community/lanzaboote/v0.4.2";
|
|
|
|
# Optional but recommended to limit the size of your system closure.
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
kwin-effects-forceblur = {
|
|
url = "github:taj-ny/kwin-effects-forceblur";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
outputs = inputs:
|
|
let
|
|
lib = inputs.snowfall-lib.mkLib {
|
|
inherit inputs;
|
|
src = ./.;
|
|
|
|
channels-config = {
|
|
allowUnfree = true;
|
|
allowUnfreePredicate = _: true;
|
|
permittedInsecurePackages = [ "openssl-1.1.1w" ];
|
|
};
|
|
|
|
# Configure Snowfall Lib, all of these settings are optional.
|
|
snowfall = {
|
|
# Tell Snowfall Lib to look in the `./nix/` directory for your
|
|
# Nix files.
|
|
root = ./.;
|
|
|
|
# Choose a namespace to use for your flake's packages, library,
|
|
# and overlays.
|
|
namespace = "my-namespace";
|
|
|
|
# Add flake metadata that can be processed by tools like Snowfall Frost.
|
|
meta = {
|
|
# A slug to use in documentation when displaying things like file paths.
|
|
name = "nixos-config-hionv";
|
|
|
|
# A title to show for your flake, typically the name.
|
|
title = "Hion's Personal NixOS Config";
|
|
};
|
|
};
|
|
};
|
|
in
|
|
lib.mkFlake {
|
|
inherit inputs;
|
|
src = ./.;
|
|
|
|
nixos = with inputs; [
|
|
# disko.nixosModules.disko
|
|
# impermanence.nixosModules.impermanence
|
|
home-manager.nixosModules.home-manager
|
|
{
|
|
home-manager = {
|
|
useGlobalPkgs = true;
|
|
useUserPackages = true;
|
|
};
|
|
}
|
|
# nix-ld.nixosModules.nix-ld
|
|
# sops-nix.nixosModules.sops
|
|
# stylix.nixosModules.stylix
|
|
];
|
|
|
|
systems.modules.nixos = with inputs; [
|
|
# my-input.nixosModules.my-module
|
|
lanzaboote.nixosModules.lanzaboote ({ pkgs, lib, ... }: {
|
|
environment.systemPackages = [
|
|
# For debugging and troubleshooting Secure Boot.
|
|
pkgs.sbctl
|
|
];
|
|
|
|
|
|
boot.loader.systemd-boot.configurationLimit = 4;
|
|
# Lanzaboote currently replaces the systemd-boot module.
|
|
# This setting is usually set to true in configuration.nix
|
|
# generated at installation time. So we force it to false
|
|
# for now.
|
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
|
|
|
boot.lanzaboote = {
|
|
enable = true;
|
|
pkiBundle = "/var/lib/sbctl";
|
|
};
|
|
})
|
|
];
|
|
|
|
# The attribute set specified here will be passed directly to NixPkgs when
|
|
# instantiating the package set.
|
|
channels-config = {
|
|
# Allow unfree packages.
|
|
allowUnfree = true;
|
|
|
|
# # Allow certain insecure packages
|
|
# permittedInsecurePackages = [
|
|
# "firefox-100.0.0"
|
|
# ];
|
|
|
|
# # Additional configuration for specific packages.
|
|
# config = {
|
|
# # For example, enable smartcard support in Firefox.
|
|
# firefox.smartcardSupport = true;
|
|
# };
|
|
|
|
|
|
};
|
|
};
|
|
}
|