path: root/flake.nix


                                                
{
  description = "personal NixOS configurations";

  inputs = {
    nixpkgs.url = "https://channels.nixos.org/nixos-25.11/nixexprs.tar.xz";

    home-manager = {
      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    darwin = {
      url = "github:lnl7/nix-darwin/nix-darwin-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    nixos-hardware = {
      url = "github:NixOS/nixos-hardware/master";
    };

    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    treefmt-nix = {
      url = "github:numtide/treefmt-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    pre-commit-hooks = {
      url = "github:cachix/git-hooks.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    emacs-overlay = {
      url = "github:nix-community/emacs-overlay";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    nur = {
      url = "github:nix-community/NUR";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    mac-app-util.url = "github:hraban/mac-app-util";

    my-go-tools.url = "git+https://code.fcuny.net/x";
  };

  outputs =
    inputs@{
      self,
      nixpkgs,
      darwin,
      home-manager,
      disko,
      agenix,
      treefmt-nix,
      pre-commit-hooks,
      emacs-overlay,
      nur,
      my-go-tools,
      ...
    }:
    let
      supportedSystems = [
        "aarch64-darwin"
        "x86_64-linux"
      ];

      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;

      pkgsFor =
        system:
        import nixpkgs {
          inherit system;
          config.allowUnfree = true;
          overlays = [
            self.overlays.default
            agenix.overlays.default
            emacs-overlay.overlay
            nur.overlays.default
            my-go-tools.overlays.default
          ];
        };

      nixSettings = {
        nix.registry.nixpkgs = {
          flake = nixpkgs;
        };
      };

      baseAdminUser = {
        name = "fcuny";
        userinfo = {
          email = "franck@fcuny.net";
          fullName = "Franck Cuny";
          sshPublicKeys = {
            onepassword = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4Puffs";
            yubikey-personal-nano = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGX4+CuUjiX6Doi4n6RqmznzFUyRrxKhEFvuIxROzXDKAAAABHNzaDo=";
            yubikey-personal-keychain = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo=";
            yubikey-personal-backup = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINLBHE4O9RrTgTa+m0kcWL2Mhpi3C57MpTpip7riTophAAAABHNzaDo=";
            yubikey-work-nano = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBVuEgqp/pmfskha3gIaYIfP0JEgKG/vVV3Bswb63wr2AAAABHNzaDo=";
            yubikey-work-backup = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGjs8WvWBuiL6hujqSaXLxBIs5unjBex22Whdrj/radmAAAABHNzaDo=";
          };
        };
      };

      nixosAdminUser = baseAdminUser // {
        uid = 1000;
      };

      darwinAdminUser = baseAdminUser // {
        uid = 501;
      };

      defaultModules = [
        nixSettings
        agenix.nixosModules.age
        disko.nixosModules.disko
        home-manager.nixosModules.home-manager
        ./modules/default.nix
      ];

      # Default modules for Darwin hosts
      darwinDefaultModules = [
        nixSettings
        agenix.darwinModules.age
        home-manager.darwinModules.home-manager
        inputs.mac-app-util.darwinModules.default
        ./modules/default-darwin.nix
      ];

      machines = {
        nixos = {
          rivendell = {
            system = "x86_64-linux";
            config = ./machines/rivendell.nix;
          };
          bree = {
            system = "x86_64-linux";
            config = ./machines/bree.nix;
          };
          argonath = {
            system = "x86_64-linux";
            config = ./machines/argonath.nix;
          };
          iso = {
            system = "x86_64-linux";
            config = ./machines/iso.nix;
          };
        };
        darwin = {
          mba-m2 = {
            system = "aarch64-darwin";
            config = ./machines/mba-personal.nix;
          };
          HQ-KWNY2VH41P = {
            system = "aarch64-darwin";
            config = ./machines/mbp-work.nix;
            adminUser = {
              uid = 502;
              userinfo = {
                email = "fcuny@roblox.com";
              };
            };
          };
        };
      };

      nixosConfigurations = nixpkgs.lib.mapAttrs (
        name: machine:
        let
          pkgs = pkgsFor machine.system;
          machineAdminUser = nixpkgs.lib.recursiveUpdate nixosAdminUser (machine.adminUser or { });
        in
        nixpkgs.lib.nixosSystem {
          inherit (machine) system;
          specialArgs = {
            hostName = name;
            adminUser = machineAdminUser;
            inherit self inputs;
            hostConfigurations = nixpkgs.lib.mapAttrs (_: conf: conf.config) nixosConfigurations;
          };
          modules = [
            { adminUser = machineAdminUser; }
            {
              system.configurationRevision = self.rev or self.dirtyRev or null;
              system.nixos.versionSuffix = nixpkgs.lib.mkForce "git.${builtins.substring 0 11 nixpkgs.rev}";
              nixpkgs.pkgs = pkgs;
              environment.systemPackages = [ pkgs.git ];
            }
          ]
          ++ defaultModules
          ++ [
            machine.config
            my-go-tools.nixosModules.default
          ];
        }
      ) machines.nixos;

      darwinConfigurations = nixpkgs.lib.mapAttrs (
        name: machine:
        let
          pkgs = pkgsFor machine.system;
          machineAdminUser = nixpkgs.lib.recursiveUpdate darwinAdminUser (machine.adminUser or { });
        in
        darwin.lib.darwinSystem {
          inherit (machine) system;
          specialArgs = {
            hostName = name;
            adminUser = machineAdminUser;
            inherit self inputs;
          };
          modules = [
            { adminUser = machineAdminUser; }
            {
              nixpkgs.pkgs = pkgs;
              nixpkgs.hostPlatform = machine.system;
              system.stateVersion = 5;
              environment.systemPackages = [ pkgs.git ];
            }
          ]
          ++ darwinDefaultModules
          ++ [ machine.config ];
        }
      ) machines.darwin;
    in
    {
      inherit nixosConfigurations darwinConfigurations;

      overlays.default = _final: prev: {
        sapi = prev.callPackage ./pkgs/sapi { };
        hashi = prev.callPackage ./pkgs/hashi { };
      };

      formatter = forAllSystems (
        system:
        let
          pkgs = pkgsFor system;
        in
        (treefmt-nix.lib.evalModule pkgs ./treefmt.nix).config.build.wrapper
      );

      checks = forAllSystems (
        system:
        let
          pkgs = pkgsFor system;
        in
        {
          formatting = (treefmt-nix.lib.evalModule pkgs ./treefmt.nix).config.build.check self;
        }
      );

      devShells = forAllSystems (
        system:
        let
          pkgs = pkgsFor system;

          pre-commit-check = pre-commit-hooks.lib.${system}.run {
            src = ./.;
            hooks = {
              check-merge-conflicts.enable = true;
              detect-private-keys.enable = true;
              end-of-file-fixer.enable = true;
              mixed-line-endings.enable = true;
              shellcheck = {
                enable = true;
                excludes = [ "\\.envrc$" ];
              };
              flake-checker.enable = true;
              trim-trailing-whitespace.enable = true;
              treefmt = {
                enable = true;
                package = (treefmt-nix.lib.evalModule pkgs ./treefmt.nix).config.build.wrapper;
              };
            };
          };
        in
        {
          default = pkgs.mkShellNoCC {
            inherit (pre-commit-check) shellHook;
            buildInputs = pre-commit-check.enabledPackages;
            packages = with pkgs; [
              _1password-cli
              agenix.packages.${system}.default
              git
              just
              nixos-rebuild
            ];
          };
        }
      );
    };
}
{
  description = "personal NixOS configurations";

  inputs = {
    nixpkgs.url = "https://channels.nixos.org/nixos-25.11/nixexprs.tar.xz";

    home-manager = {
      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    darwin = {
      url = "github:lnl7/nix-darwin/nix-darwin-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    nixos-hardware = {
      url = "github:NixOS/nixos-hardware/master";
    };

    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    treefmt-nix = {
      url = "github:numtide/treefmt-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    pre-commit-hooks = {
      url = "github:cachix/git-hooks.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    emacs-overlay = {
      url = "github:nix-community/emacs-overlay";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    nur = {
      url = "github:nix-community/NUR";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    mac-app-util.url = "github:hraban/mac-app-util";

    my-go-tools.url = "git+https://code.fcuny.net/x";
  };

  outputs =
    inputs@{
      self,
      nixpkgs,
      darwin,
      home-manager,
      disko,
      agenix,
      treefmt-nix,
      pre-commit-hooks,
      emacs-overlay,
      nur,
      my-go-tools,
      ...
    }:
    let
      supportedSystems = [
        "aarch64-darwin"
        "x86_64-linux"
      ];

      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;

      pkgsFor =
        system:
        import nixpkgs {
          inherit system;
          config.allowUnfree = true;
          overlays = [
            self.overlays.default
            agenix.overlays.default
            emacs-overlay.overlay
            nur.overlays.default
            my-go-tools.overlays.default
          ];
        };

      nixSettings = {
        nix.registry.nixpkgs = {
          flake = nixpkgs;
        };
      };

      baseAdminUser = {
        name = "fcuny";
        userinfo = {
          email = "franck@fcuny.net";
          fullName = "Franck Cuny";
          sshPublicKeys = {
            onepassword = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4Puffs";
            yubikey-personal-nano = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGX4+CuUjiX6Doi4n6RqmznzFUyRrxKhEFvuIxROzXDKAAAABHNzaDo=";
            yubikey-personal-keychain = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo=";
            yubikey-personal-backup = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINLBHE4O9RrTgTa+m0kcWL2Mhpi3C57MpTpip7riTophAAAABHNzaDo=";
            yubikey-work-nano = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBVuEgqp/pmfskha3gIaYIfP0JEgKG/vVV3Bswb63wr2AAAABHNzaDo=";
            yubikey-work-backup = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGjs8WvWBuiL6hujqSaXLxBIs5unjBex22Whdrj/radmAAAABHNzaDo=";
          };
        };
      };

      nixosAdminUser = baseAdminUser // {
        uid = 1000;
      };

      darwinAdminUser = baseAdminUser // {
        uid = 501;
      };

      defaultModules = [
        nixSettings
        agenix.nixosModules.age
        disko.nixosModules.disko
        home-manager.nixosModules.home-manager
        ./modules/default.nix
      ];

      # Default modules for Darwin hosts
      darwinDefaultModules = [
        nixSettings
        agenix.darwinModules.age
        home-manager.darwinModules.home-manager
        inputs.mac-app-util.darwinModules.default
        ./modules/default-darwin.nix
      ];

      machines = {
        nixos = {
          rivendell = {
            system = "x86_64-linux";
            config = ./machines/rivendell.nix;
          };
          bree = {
            system = "x86_64-linux";
            config = ./machines/bree.nix;
          };
          argonath = {
            system = "x86_64-linux";
            config = ./machines/argonath.nix;
          };
          iso = {
            system = "x86_64-linux";
            config = ./machines/iso.nix;
          };
        };
        darwin = {
          mba-m2 = {
            system = "aarch64-darwin";
            config = ./machines/mba-personal.nix;
          };
          HQ-KWNY2VH41P = {
            system = "aarch64-darwin";
            config = ./machines/mbp-work.nix;
            adminUser = {
              uid = 502;
              userinfo = {
                email = "fcuny@roblox.com";
              };
            };
          };
        };
      };

      nixosConfigurations = nixpkgs.lib.mapAttrs (
        name: machine:
        let
          pkgs = pkgsFor machine.system;
          machineAdminUser = nixpkgs.lib.recursiveUpdate nixosAdminUser (machine.adminUser or { });
        in
        nixpkgs.lib.nixosSystem {
          inherit (machine) system;
          specialArgs = {
            hostName = name;
            adminUser = machineAdminUser;
            inherit self inputs;
            hostConfigurations = nixpkgs.lib.mapAttrs (_: conf: conf.config) nixosConfigurations;
          };
          modules = [
            { adminUser = machineAdminUser; }
            {
              system.configurationRevision = self.rev or self.dirtyRev or null;
              system.nixos.versionSuffix = nixpkgs.lib.mkForce "git.${builtins.substring 0 11 nixpkgs.rev}";
              nixpkgs.pkgs = pkgs;
              environment.systemPackages = [ pkgs.git ];
            }
          ]
          ++ defaultModules
          ++ [
            machine.config
            my-go-tools.nixosModules.default
          ];
        }
      ) machines.nixos;

      darwinConfigurations = nixpkgs.lib.mapAttrs (
        name: machine:
        let
          pkgs = pkgsFor machine.system;
          machineAdminUser = nixpkgs.lib.recursiveUpdate darwinAdminUser (machine.adminUser or { });
        in
        darwin.lib.darwinSystem {
          inherit (machine) system;
          specialArgs = {
            hostName = name;
            adminUser = machineAdminUser;
            inherit self inputs;
          };
          modules = [
            { adminUser = machineAdminUser; }
            {
              nixpkgs.pkgs = pkgs;
              nixpkgs.hostPlatform = machine.system;
              system.stateVersion = 5;
              environment.systemPackages = [ pkgs.git ];
            }
          ]
          ++ darwinDefaultModules
          ++ [ machine.config ];
        }
      ) machines.darwin;
    in
    {
      inherit nixosConfigurations darwinConfigurations;

      overlays.default = _final: prev: {
        sapi = prev.callPackage ./pkgs/sapi { };
        hashi = prev.callPackage ./pkgs/hashi { };
      };

      formatter = forAllSystems (
        system:
        let
          pkgs = pkgsFor system;
        in
        (treefmt-nix.lib.evalModule pkgs ./treefmt.nix).config.build.wrapper
      );

      checks = forAllSystems (
        system:
        let
          pkgs = pkgsFor system;
        in
        {
          formatting = (treefmt-nix.lib.evalModule pkgs ./treefmt.nix).config.build.check self;
        }
      );

      devShells = forAllSystems (
        system:
        let
          pkgs = pkgsFor system;

          pre-commit-check = pre-commit-hooks.lib.${system}.run {
            src = ./.;
            hooks = {
              check-merge-conflicts.enable = true;
              detect-private-keys.enable = true;
              end-of-file-fixer.enable = true;
              mixed-line-endings.enable = true;
              shellcheck = {
                enable = true;
                excludes = [ "\\.envrc$" ];
              };
              flake-checker.enable = true;
              trim-trailing-whitespace.enable = true;
              treefmt = {
                enable = true;
                package = (treefmt-nix.lib.evalModule pkgs ./treefmt.nix).config.build.wrapper;
              };
            };
          };
        in
        {
          default = pkgs.mkShellNoCC {
            inherit (pre-commit-check) shellHook;
            buildInputs = pre-commit-check.enabledPackages;
            packages = with pkgs; [
              _1password-cli
              agenix.packages.${system}.default
              git
              just
              nixos-rebuild
            ];
          };
        }
      );
    };
}