-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathflake.nix
148 lines (141 loc) · 4.36 KB
/
flake.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
{
inputs = {
devshell = {
url = "github:numtide/devshell";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-parts = {
url = "github:hercules-ci/flake-parts";
inputs.nixpkgs-lib.follows = "nixpkgs";
};
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
inputs:
let
allApps = [
"edit"
"generate"
"rekey"
];
in
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
inputs.devshell.flakeModule
inputs.flake-parts.flakeModules.easyOverlay
inputs.flake-parts.flakeModules.flakeModules
inputs.pre-commit-hooks.flakeModule
inputs.treefmt-nix.flakeModule
];
systems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
flake =
{
config,
lib,
...
}:
{
flakeModule = ./flake-module.nix;
nixosModules = {
agenix-rekey = import ./modules/agenix-rekey.nix inputs.nixpkgs;
agenixRekey = config.nixosModules.agenix-rekey; # backward compat
default = config.nixosModules.agenix-rekey;
};
homeManagerModules = {
inherit (config.nixosModules) agenix-rekey;
default = config.homeManagerModules.agenix-rekey;
};
configure =
{
# The path of the user's flake. Needed to run a sandbox-relaxed
# app that saves the rekeyed outputs.
userFlake,
# Configurations where agenix-rekey will search for attributes
nixosConfigurations ? { },
homeConfigurations ? { },
collectHomeManagerConfigurations ? true,
# Legacy alias for nixosConfigurations see https://github.com/oddlama/agenix-rekey/pull/51
nodes ? { },
# The package sets to use. pkgs.${system} must yield an initialized nixpkgs package set
pkgs ? pkgs,
# A function that returns the age package given a package set. Use
# this to override which tools is used for encrypting / decrypting.
# Defaults to rage (pkgs.rage). We only guarantee compatibility for
# pkgs.age and pkgs.rage.
agePackage ? (p: p.rage),
# The systems to generate apps for
systems ? [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
],
}:
lib.genAttrs systems (
system:
let
pkgs' = import inputs.nixpkgs {
inherit system;
};
in
lib.genAttrs allApps (
app:
import ./apps/${app}.nix {
nodes = import ./nix/select-nodes.nix {
inherit
nodes
nixosConfigurations
homeConfigurations
collectHomeManagerConfigurations
;
inherit (pkgs') lib;
};
inherit userFlake agePackage;
pkgs = pkgs';
}
)
);
};
perSystem =
{
config,
pkgs,
...
}:
{
devshells.default = {
packages = [
config.treefmt.build.wrapper
];
devshell.startup.pre-commit.text = config.pre-commit.installationScript;
};
pre-commit.settings.hooks.treefmt.enable = true;
treefmt = {
projectRootFile = "flake.nix";
programs = {
deadnix.enable = true;
statix.enable = true;
nixfmt.enable = true;
rustfmt.enable = true;
};
};
packages.default = pkgs.callPackage ./nix/package.nix {
inherit allApps;
};
overlayAttrs.agenix-rekey = config.packages.default;
};
};
}