Eli Ribble
40517face6
This currently has the architecture hard-coded. That's bad, but nix is hard, and there's probably a much better way to integrate this into the system when I can be bothered to do it.
43 lines
1.1 KiB
Nix
43 lines
1.1 KiB
Nix
{ authentik-nix, configFiles, configuration, disko, home-manager, nixpkgs, nixvim, sops-nix, system, timecard-bot, ... }:
|
|
let
|
|
allowed-unfree-packages = [
|
|
"corefonts"
|
|
"mongodb"
|
|
];
|
|
in nixpkgs.lib.nixosSystem {
|
|
modules = [
|
|
authentik-nix.nixosModules.default
|
|
disko.nixosModules.disko
|
|
home-manager.nixosModules.home-manager
|
|
{
|
|
home-manager.extraSpecialArgs = { inherit configFiles; };
|
|
home-manager.sharedModules = [
|
|
nixvim.homeManagerModules.nixvim
|
|
./modules/home/nixvim.nix
|
|
];
|
|
home-manager.useGlobalPkgs = true;
|
|
home-manager.useUserPackages = true;
|
|
}
|
|
configuration
|
|
./modules
|
|
sops-nix.nixosModules.sops {
|
|
sops = {
|
|
age.generateKey = true;
|
|
age.keyFile = "/var/libs/sops-nix/key.txt";
|
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
defaultSopsFile = ./secrets/secrets.yaml;
|
|
};
|
|
}
|
|
./users
|
|
];
|
|
pkgs = import nixpkgs {
|
|
config = {
|
|
allowUnfreePredicate = pkg: builtins.elem (nixpkgs.lib.getName pkg) allowed-unfree-packages;
|
|
};
|
|
system = "${system}";
|
|
};
|
|
specialArgs = {
|
|
inherit configFiles timecard-bot;
|
|
};
|
|
system = "${system}";
|
|
}
|