Flakify home-manager

channels.nix

@@ -1,12 +0,0 @@
-let
-  nixos-stable = {
-    nixpkgs-channel = "nixos-stable";
-    home-manager-channel = "home-manager-stable";
-  };
-in rec {
-  hera = nixos-stable;
-  apollo = nixos-stable;
-  zeus = nixos-stable;
-  fluffy = nixos-stable;
-  chor-cloud = hera;
-}

flake.lock

@@ -136,6 +136,30 @@
         "type": "github"
       }
     },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixos-unstable"
+        ],
+        "utils": [
+          "pre-commit-hooks-nix",
+          "flake-utils"
+        ]
+      },
+      "locked": {
+        "lastModified": 1674440933,
+        "narHash": "sha256-CASRcD/rK3fn5vUCti3jzry7zi0GsqRsBohNq9wPgLs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "65c47ced082e3353113614f77b1bc18822dc731f",
+        "type": "github"
+      },
+      "original": {
+        "id": "home-manager",
+        "ref": "release-22.11",
+        "type": "indirect"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1674550793,
@@ -152,34 +176,32 @@
     },
     "nixos-stable": {
       "locked": {
-        "lastModified": 1675154384,
-        "narHash": "sha256-gUXzyTS3WsO3g2Rz0qOYR2a26whkyL2UfTr1oPH9mm8=",
-        "owner": "nixos",
+        "lastModified": 1675237434,
+        "narHash": "sha256-YoFR0vyEa1HXufLNIFgOGhIFMRnY6aZ0IepZF5cYemo=",
+        "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0218941ea68b4c625533bead7bbb94ccce52dceb",
+        "rev": "285b3ff0660640575186a4086e1f8dc0df2874b5",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
+        "id": "nixpkgs",
         "ref": "nixos-22.11",
-        "repo": "nixpkgs",
-        "type": "github"
+        "type": "indirect"
       }
     },
     "nixos-unstable": {
       "locked": {
         "lastModified": 1675183161,
         "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=",
-        "owner": "nixos",
+        "owner": "NixOS",
         "repo": "nixpkgs",
         "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
+        "id": "nixpkgs",
         "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
+        "type": "indirect"
       }
     },
     "pre-commit-hooks-nix": {
@@ -212,6 +234,7 @@
       "inputs": {
         "flake-parts": "flake-parts",
         "hexa-nur-packages": "hexa-nur-packages",
+        "home-manager": "home-manager",
         "nixos-hardware": "nixos-hardware",
         "nixos-stable": "nixos-stable",
         "nixos-unstable": "nixos-unstable",

flake.nix

@@ -9,10 +9,17 @@
       url = "git+ssh://git@hera.m-0.eu/config-secrets";
       inputs.nixpkgs.follows = "nixos-unstable";
     };
-    nixos-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixos-stable.url = "github:nixos/nixpkgs/nixos-22.11";
+    nixos-unstable.url = "nixpkgs/nixos-unstable";
+    nixos-stable.url = "nixpkgs/nixos-22.11";
     nixpkgs.follows = "nixos-unstable";
     flake-parts.inputs.nixpkgs-lib.follows = "nixos-unstable";
+    home-manager = {
+      url = "home-manager/release-22.11";
+      inputs = {
+        utils.follows = "pre-commit-hooks-nix/flake-utils";
+        nixpkgs.follows = "nixos-unstable";
+      };
+    };
     hexa-nur-packages = {
       url = "github:mweinelt/nur-packages";
       inputs.nixpkgs.follows = "nixos-unstable";
@@ -26,19 +33,15 @@
     };
   };
 
-  outputs = inputs @ {nixos-hardware, ...}: let
-    unstable = inputs.nixos-unstable.legacyPackages.x86_64-linux;
-    inherit (import ./packages {pkgs = unstable;}) haskellPackagesOverlay selectHaskellPackages;
-  in
+  outputs = inputs @ {nixos-hardware, ...}:
     inputs.flake-parts.lib.mkFlake {inherit inputs;} {
       imports = [
         inputs.pre-commit-hooks-nix.flakeModule
+        ./nixos/configurations.nix
+        ./home-manager/modes.nix
+        ./packages
       ];
       systems = ["x86_64-linux"];
-      flake = {
-        nixosConfigurations = import ./nixos/configurations.nix inputs;
-        overlays.haskellPackages = haskellPackagesOverlay;
-      };
       perSystem = {
         self',
         inputs',
@@ -46,31 +49,19 @@
         config,
         lib,
         ...
-      }: let
-        hpkgs = pkgs.haskellPackages.override {
-          overrides = inputs.self.overlays.haskellPackages;
-        };
-      in {
+      }: {
         devShells = {
           default = pkgs.mkShell {
             shellHook = config.pre-commit.installationScript;
           };
-          haskell = hpkgs.shellFor {
-            packages = hpkgs: (builtins.attrValues (selectHaskellPackages hpkgs));
-            shellHook = config.pre-commit.installationScript;
-            buildInputs = [
-              hpkgs.haskell-language-server
-              pkgs.cabal-install
-            ];
-          };
         };
         checks = {
           system-checks = pkgs.runCommand "system-checks" {} ''
-            ${lib.concatMapStringsSep "\n" (x: "# ${x.config.system.build.toplevel}") (builtins.attrValues inputs.self.nixosConfigurations)}
-            echo success > $out
+            mkdir -p $out
+            ${lib.concatMapStringsSep "\n" (x: x) (lib.mapAttrsToList (name: x: "ln -s ${x.config.system.build.toplevel} $out/${name}-system") inputs.self.nixosConfigurations)}
+            ${lib.concatMapStringsSep "\n" (x: x) (lib.mapAttrsToList (name: x: "ln -s ${x} $out/${name}-home") inputs.self.homeModes)}
           '';
         };
-        packages = selectHaskellPackages hpkgs;
 
         pre-commit = {
           check.enable = true;

home-manager/machines.nix

@@ -35,7 +35,6 @@ let
   makeConfig = hostName: imports: _: {
     imports = imports ++ [./roles/default.nix];
     m-0.hostName = hostName;
-    nixpkgs.overlays = [(_: _: (import ../channels.nix)."${hostName}")];
   };
   makeAutostart = name: {config, ...}: {
     config.xdg.configFile."autostart/${name}.desktop".source = "${config.home.path}/share/applications/${name}.desktop";

home-manager/modes.nix

@@ -0,0 +1,36 @@
+{
+  withSystem,
+  lib,
+  inputs,
+  ...
+}: {
+  flake = withSystem "x86_64-linux" ({inputs', ...}: let
+    pkgs = inputs'.nixos-stable.legacyPackages;
+    flattenAttrs = attrs:
+      lib.listToAttrs (lib.flatten (lib.mapAttrsToList
+        (
+          outer_key:
+            lib.mapAttrsToList
+            (inner_key: value: {
+              name = "${outer_key}-${inner_key}";
+              inherit value;
+            })
+        )
+        attrs));
+    machines = import ./machines.nix;
+    buildHomeManager = config: (inputs.home-manager.lib.homeManagerConfiguration {
+      inherit pkgs;
+      modules = [
+        config
+        inputs.self.nixosModules.insertOverlays
+      ];
+    });
+    buildModesForHost = host: modes:
+      pkgs.runCommandLocal "${host}-modes" {} ''
+        mkdir $out
+        ${lib.concatStringsSep "\n" (lib.mapAttrsToList (mode: config: "ln -s ${(buildHomeManager config).activationPackage} $out/${mode}") modes)}'';
+  in {
+    homeConfigurations = lib.mapAttrs (_: buildHomeManager) (flattenAttrs machines);
+    homeModes = lib.mapAttrs buildModesForHost machines;
+  });
+}

home-manager/roles/default.nix

@@ -13,7 +13,6 @@
     ./helix.nix
     ./nvd.nix
   ];
-  nixpkgs.overlays = import ../../overlays {inherit lib;};
 
   news.display = "silent";
 

home-manager/roles/kassandra.nix

@@ -24,10 +24,5 @@
     ln -s ${standalone}/source.dhall $out/config.dhall
   '';
 in {
-  xdg.configFile =
-    if pkgs.withSecrets
-    then {
-      kassandra.source = dhallResult.out;
-    }
-    else {};
+  xdg.configFile.kassandra.source = dhallResult.out;
 }

home-manager/roles/mail-sort.nix

@@ -117,7 +117,7 @@ in {
     postExec = "${sortMail}/bin/sort-mail-archive";
     preExec = toString mail2task;
   };
-  accounts.email.accounts = lib.mkIf pkgs.withSecrets {
+  accounts.email.accounts = {
     hera.imapnotify = {
       onNotifyPost = toString mail2task;
       boxes = ["Move/todo"];

home-manager/roles/mail.nix

@@ -64,7 +64,7 @@ in {
     msmtp.enable = true;
     mbsync.enable = true;
     notmuch = {
-      enable = pkgs.withSecrets;
+      enable = true;
       hooks.postInsert = ''
         ${pkgs.notmuch}/bin/notmuch tag +deleted -- "folder:/Trash/ (not tag:deleted)"
         ${pkgs.notmuch}/bin/notmuch tag -deleted -- "(not folder:/Trash/) tag:deleted"

home-manager/roles/mode-switching.nix

@@ -40,15 +40,9 @@ in {
         name = "update-modes";
         bins = [activateMode pkgs.git pkgs.nix-output-monitor];
       } ''
-        params = ["${configPath}/home-manager/target.nix", "-A", "${hostName}"]
-
         main = do
           say "Building ~/.modes for ${hostName}"
-          nixPath <- myNixPath "${configPath}"
-          setEnv "WITH_SECRETS" "false"
-          nom_build nixPath (params ++ remoteBuildParams ++ ["--no-out-link"])
-          setEnv "WITH_SECRETS" "true"
-          nom_build nixPath (params ++ ["-o", "${modeDir}"])
+          nom ["build", "/home/maralorn/git/config#homeModes.${hostName}", "-o", "${modeDir}"]
           activate_mode
       '';
     quickUpdateMode =
@@ -61,10 +55,10 @@ in {
         getMode = decodeUtf8 <$> (cat "${modeFile}" |> captureTrim)
 
         main = do
-          nixPath <- myNixPath "${configPath}"
           mode <- getMode
           say [i|Quick switching to mode #{mode} ...|]
-          ignoreFailure (home_manager (nixPath <> ["switch", "-A", [i|${hostName}-#{mode}|]])) &!> StdOut |> nom
+          path :: Text <- decodeUtf8 <$> (nix ["build", "--print-out-paths", [i|/home/maralorn/git/config\#homeConfigurations.${hostName}-#{mode}.activationPackage|]] |> captureTrim)
+          exe ([i|#{path}/activate|] :: String)
           update_modes
       '';
     selectMode =

home-manager/roles/taskwarrior.nix

@@ -1,6 +1,7 @@
 {
   pkgs,
   config,
+  flake-inputs,
   ...
 }: let
   fix-tasks = pkgs.writeShellScriptBin "fix-tasks" ''
@@ -75,10 +76,10 @@ in {
     dataLocation = "${config.home.homeDirectory}/.task";
     config = {
       taskd = {
-        certificate = pkgs.privatePath "taskwarrior/public.cert";
+        certificate = "${flake-inputs.secrets}/taskwarrior/public.cert";
         credentials = pkgs.privateValue "" "taskwarrior/credentials";
-        ca = pkgs.privatePath "taskwarrior/ca.cert";
-        key = pkgs.privatePath "taskwarrior/private.key";
+        ca = "${flake-inputs.secrets}/taskwarrior/ca.cert";
+        key = "${flake-inputs.secrets}/taskwarrior/private.key";
         server = "hera.m-0.eu:53589";
       };
     };

home.nix

@@ -1,14 +0,0 @@
-let
-  inherit (import (import ./nix/sources.nix).nixos-unstable {}) lib;
-  modes = import home-manager/machines.nix;
-in
-  lib.listToAttrs (lib.flatten (lib.mapAttrsToList
-    (
-      host:
-        lib.mapAttrsToList
-        (mode: config: {
-          name = "${host}-${mode}";
-          value = config;
-        })
-    )
-    modes))

nixos/configurations.nix

@@ -1,36 +1,74 @@
-flake-inputs: let
-  inherit (flake-inputs.nixos-stable) lib;
-  networkingModule = name: "${flake-inputs.nixos-unstable}/nixos/modules/services/networking/${name}.nix";
-  modules = [
-    # nftables using module not available in 22.11.
-    (networkingModule "firewall-iptables")
-    (networkingModule "firewall-nftables")
-    (networkingModule "firewall")
-    (networkingModule "nat-iptables")
-    (networkingModule "nat-nftables")
-    (networkingModule "nat")
-    (networkingModule "nftables")
-    (_: {
-      disabledModules = [
-        "services/networking/firewall.nix"
-        "services/networking/nftables.nix"
-        "services/networking/nat.nix"
-        "services/networking/redsocks.nix"
-        "services/networking/miniupnpd.nix"
-        "services/audio/roon-server.nix"
-        "services/audio/roon-bridge.nix"
-      ];
-    })
-  ];
-  makeSystem = name:
-    lib.nixosSystem {
-      modules =
+{
+  withSystem,
+  lib,
+  inputs,
+  ...
+}: {
+  flake = withSystem "x86_64-linux" ({
+    inputs',
+    system,
+    ...
+  }: let
+    networkingModule = name: "${inputs.nixos-unstable}/nixos/modules/services/networking/${name}.nix";
+    modules = [
+      # nftables using module not available in 22.11.
+      (networkingModule "firewall-iptables")
+      (networkingModule "firewall-nftables")
+      (networkingModule "firewall")
+      (networkingModule "nat-iptables")
+      (networkingModule "nat-nftables")
+      (networkingModule "nat")
+      (networkingModule "nftables")
+      (_: {
+        disabledModules = [
+          "services/networking/firewall.nix"
+          "services/networking/nftables.nix"
+          "services/networking/nat.nix"
+          "services/networking/redsocks.nix"
+          "services/networking/miniupnpd.nix"
+          "services/audio/roon-server.nix"
+          "services/audio/roon-bridge.nix"
+        ];
+      })
+    ];
+    makeSystem = name:
+      inputs'.nixos-stable.legacyPackages.nixos {
+        imports =
+          [
+            (import (./. + "/machines/${name}/configuration.nix") inputs)
+            inputs.secrets.nixosModules.secrets
+            inputs.self.nixosModules.insertOverlays
+          ]
+          ++ modules;
+      };
+  in {
+    nixosModules.insertOverlays = _: {
+      _module.args = {
+        flake-inputs = inputs // {inherit modules;};
+        flake-inputs' = inputs';
+      };
+      nixpkgs.overlays =
         [
-          (import (./. + "/machines/${name}/configuration.nix") flake-inputs)
-          flake-inputs.secrets.nixosModules.secrets
-          (_: {config._module.args.flake-inputs = flake-inputs // {inherit modules;};})
+          (_: _:
+            {
+              unstable = inputs'.nixos-unstable.legacyPackages;
+              unfree = import inputs.nixos-stable {
+                inherit system;
+                config = {
+                  allowUnfree = true;
+                  android_sdk.accept_license = true;
+                };
+              };
+              unstableUnfree = import inputs.nixos-unstable {
+                config.allowUnfree = true;
+                inherit system;
+              };
+            }
+            // inputs.secrets.private)
+          inputs.self.overlays.addMyHaskellPackages
         ]
-        ++ modules;
+        ++ import ../overlays {inherit lib;};
     };
-in
-  lib.genAttrs ["zeus" "apollo" "hera" "fluffy"] makeSystem
+    nixosConfigurations = lib.genAttrs ["zeus" "apollo" "hera" "fluffy"] makeSystem;
+  });
+}

nixos/machines/hera/cloud.nix

@@ -78,7 +78,7 @@
     privateNetwork = true;
     hostBridge = "bridge";
     config = {pkgs, ...}: {
-      imports = [(args @ {pkgs, ...}: import ../../roles (args // {inherit flake-inputs;}))] ++ flake-inputs.modules;
+      imports = [flake-inputs.self.nixosModules.insertOverlays] ++ flake-inputs.modules;
 
       networking = {
         interfaces.eth0 = {

nixos/roles/default.nix

@@ -2,7 +2,6 @@
   pkgs,
   config,
   lib,
-  flake-inputs,
   ...
 }: {
   imports = [
@@ -15,19 +14,6 @@
     supportedLocales = ["en_DK.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" "en_US.UTF-8/UTF-8"];
   };
 
-  # For nixos-rebuild
-  nixpkgs.overlays =
-    [
-      (_: _:
-        {
-          unstable = flake-inputs.nixos-unstable.legacyPackages.x86_64-linux;
-          nixpkgs-channel = "nixos-stable";
-          home-manager-channel = "home-manager-stable";
-        }
-        // flake-inputs.secrets.private)
-    ]
-    ++ import ../../overlays {inherit lib;};
-
   time.timeZone = "Europe/Berlin";
 
   networking = {
@@ -65,6 +51,7 @@
     systemPackages = builtins.attrValues {
       inherit
         (pkgs)
+        git
         gnumake
         mkpasswd
         file
@@ -121,16 +108,6 @@
         ;
       inherit (pkgs.python3Packages) qrcode;
     };
-    etc =
-      lib.mapAttrs'
-      (name: value: lib.nameValuePair "nix-path/${name}" {source = value;})
-      (lib.filterAttrs (name: value: name != "__functor") pkgs.sources)
-      // {
-        "nix-path/nixos".source = pkgs.sources."${pkgs.nixpkgs-channel}";
-        "nix-path/nixpkgs".source = pkgs.sources."${pkgs.nixpkgs-channel}";
-        "nix-path/home-manager".source =
-          pkgs.sources."${pkgs.home-manager-channel}";
-      };
     variables =
       lib.genAttrs ["CURL_CA_BUNDLE" "GIT_SSL_CAINFO" "SSL_CERT_FILE"]
       (_: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt");
@@ -138,18 +115,12 @@
 
   nix = {
     settings = {
-      substituters = lib.mkAfter (
-        pkgs.privateValue [] "binary-caches"
-        # ++ (
-        #   if config.networking.hostName != "hera" then [ "ssh-ng://nix-ssh@hera.m-0.eu?trusted=true&priority=100" ] else [ ]
-        # )
-      );
+      substituters = lib.mkAfter (pkgs.privateValue [] "binary-caches");
       trusted-public-keys = [
         "nixbuild.net/maralorn-1:cpqv21sJgRL+ROaKY1Gr0k7AKolAKaP3S3iemGxK/30="
       ];
       trusted-users = ["maralorn" "laminar"];
     };
-    nixPath = ["/etc/nix-path"];
     buildMachines = pkgs.privateValue [] "remote-builders";
     extraOptions = ''
       experimental-features = nix-command flakes

overlays/20-unfree.nix

@@ -1,12 +1,4 @@
-self: super: let
-  unfree = import self.sources."${self.nixpkgs-channel}" {
-    config = {
-      allowUnfree = true;
-      android_sdk.accept_license = true;
-    };
-  };
-  unstableUnfree = import self.sources.nixos-unstable {config.allowUnfree = true;};
-in {
-  inherit (unfree) discord zoom-us minecraft teamviewer steam androidsdk_9_0;
-  inherit (unstableUnfree) minecraft-server;
+self: super: {
+  inherit (super.unfree) discord zoom-us minecraft teamviewer steam androidsdk_9_0;
+  inherit (super.unstableUnfree) minecraft-server;
 }

overlays/packages.nix

@@ -1,6 +0,0 @@
-_: prev: let
-  inherit (import ../packages {pkgs = prev;}) haskellPackagesOverlay selectHaskellPackages;
-in
-  selectHaskellPackages (prev.unstable.haskellPackages.override {
-    overrides = haskellPackagesOverlay;
-  })

overlays/writeHaskellScript.nix

@@ -108,9 +108,6 @@ in {
          tag name str = ["-I", [i|#{name :: Text}=#{str :: Text}|]] :: [String]
          getNivAssign (name, repo) = tag name <$> getNivPath path repo
 
-      myNixPath :: Text -> IO [String]
-      myNixPath = aNixPath "${pkgs.home-manager-channel}" "${pkgs.nixpkgs-channel}"
-
       buildSystemParams :: [String]
       buildSystemParams = ["<nixpkgs/nixos>", "-A", "system"]
 

packages/default.nix

@@ -1,5 +1,9 @@
-{pkgs}: let
-  inherit (pkgs) lib;
+{
+  lib,
+  inputs,
+  ...
+}: let
+  pkgs = inputs.nixos-unstable.legacyPackages.x86_64-linux;
   inherit (pkgs.haskell.lib.compose) unmarkBroken doJailbreak dontCheck appendPatch;
   includePatterns = [
     ".hs"
@@ -58,6 +62,24 @@
       source = ./nixpkgs-bot;
     };
   };
+  hpkgs = pkgs.haskellPackages.override {
+    overrides = haskellPackagesOverlay;
+  };
+  packages = selectHaskellPackages hpkgs;
 in {
-  inherit selectHaskellPackages haskellPackagesOverlay;
+  flake.overlays = {
+    inherit haskellPackagesOverlay;
+    addMyHaskellPackages = _: _: packages;
+  };
+  perSystem = {config, ...}: {
+    inherit packages;
+    devShells.haskell = hpkgs.shellFor {
+      packages = hpkgs: (builtins.attrValues (selectHaskellPackages hpkgs));
+      shellHook = config.pre-commit.installationScript;
+      buildInputs = [
+        hpkgs.haskell-language-server
+        hpkgs.cabal-install
+      ];
+    };
+  };
 }