path: root/flake.nix

{
  description = "personal NixOS configurations";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";

    nixpkgsUnstable.url = "github:nixos/nixpkgs/nixos-unstable";

    home-manager = {
      url = "github:nix-community/home-manager/release-24.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    darwin = {
      url = "github:lnl7/nix-darwin/nix-darwin-24.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    treefmt-nix = {
      url = "github:numtide/treefmt-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    pre-commit-hooks = {
      url = "github:cachix/git-hooks.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    emacs-overlay = {
      url = "github:nix-community/emacs-overlay";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  # Output config, or config for NixOS system
  outputs =
    {
      self,
      nixpkgs,
      nixpkgsUnstable,
      darwin,
      treefmt-nix,
      pre-commit-hooks,
      emacs-overlay,
      agenix,
      ...
    }@inputs:
    let
      supportedSystems = [
        "aarch64-darwin"
        "x86_64-linux"
      ];

      # Function to generate attributes for each system
      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;

      # Function to get pkgs for a specific system
      getPkgs =
        system:
        import nixpkgs {
          inherit system;
          config.allowUnfree = true;
          overlays = overlays;
        };

      getPkgsUnstable =
        system:
        import nixpkgsUnstable {
          inherit system;
        };

      # Define overlays here
      overlays = [
        emacs-overlay.overlay
        (final: _prev: {
          # Load all packages from the pkgs directory
          customPackages = builtins.mapAttrs (
            name: _:
            final.callPackage (./pkgs + "/${name}") {
              pkgsUnstable = getPkgsUnstable final.system;
            }
          ) (builtins.readDir ./pkgs);
        })
      ];

      mkSystem = import ./nix/lib/mkSystem.nix {
        inherit
          self
          nixpkgs
          inputs
          overlays
          ;
      };

      # Create a treefmt-nix evaluation for a system
      mkTreefmtEval =
        system:
        let
          pkgs = getPkgs system;
        in
        treefmt-nix.lib.evalModule pkgs {
          projectRootFile = "flake.nix";
          programs = {
            nixfmt.enable = true;
            deadnix.enable = true;
          };
        };

      # Create pre-commit hooks for a system and source
      mkPreCommitHooks =
        system: src:
        let
          treefmtEval = mkTreefmtEval system;
        in
        inputs.pre-commit-hooks.lib.${system}.run {
          inherit src;
          hooks = {
            check-merge-conflicts.enable = true;
            deadnix.enable = true;
            detect-private-keys.enable = true;
            end-of-file-fixer.enable = true;
            mixed-line-endings.enable = true;
            shellcheck.enable = true;
            flake-checker.enable = true;
            treefmt = {
              enable = true;
              entry = "${treefmtEval.config.build.wrapper}/bin/treefmt --ci";
            };
            trim-trailing-whitespace.enable = true;
          };
        };
    in
    {
      # nix fmt
      formatter = forAllSystems (
        system:
        let
          treefmtEval = mkTreefmtEval system;
        in
        treefmtEval.config.build.wrapper
      );

      # nix flake check
      checks = forAllSystems (system: {
        pre-commit-check = mkPreCommitHooks system ./.;
      });

      # my personal MacBook Air
      darwinConfigurations.mba-m2 = mkSystem "mba-m2" {
        system = "aarch64-darwin";
        user = "fcuny";
        darwin = true;
      };

      # work laptop
      darwinConfigurations.HQ-KWNY2VH41P = mkSystem "hq-kwny2vh41p" {
        system = "aarch64-darwin";
        user = "fcuny";
        darwin = true;
      };

      # Dev shells for each system
      devShells = forAllSystems (
        system:
        let
          pkgs = getPkgs system;
          pre-commit-check = mkPreCommitHooks system ./.;

          # Scripts that are specific to darwin
          darwinScripts =
            if nixpkgs.lib.hasSuffix "darwin" system then
              [
                (pkgs.writeScriptBin "nbuild" ''
                  set -e
                  echo "> Running darwin-rebuild build..."
                  ${inputs.darwin.packages.${system}.darwin-rebuild}/bin/darwin-rebuild build --flake .
                  echo "> darwin-rebuild build was successful ✅"
                  echo "> macOS config was successfully applied 🚀"
                '')
                (pkgs.writeScriptBin "nswitch" ''
                  set -e
                  echo "> Running darwin-rebuild switch..."
                  ${inputs.darwin.packages.${system}.darwin-rebuild}/bin/darwin-rebuild switch --flake .
                  echo "> darwin-rebuild build was successful ✅"
                  echo "> macOS config was successfully applied 🚀"
                '')
                (pkgs.writeScriptBin "sync-agenix-key" ''
                  set -e
                  echo "> Copying agenix SSH key from 1password ..."
                  mkdir -p ~/.ssh
                  ${pkgs._1password-cli}/bin/op --account my.1password.com read "op://Private/agenix/private key?ssh-format=openssh" > ~/.ssh/agenix
                  ${pkgs._1password-cli}/bin/op --account my.1password.com read "op://Private/agenix/public key" > ~/.ssh/agenix.pub
                  echo "> agenix SSH key copied successfully 🔐"
                '')
              ]
            else
              [ ];

          # Scripts that are specific to linux
          linuxScripts =
            if nixpkgs.lib.hasSuffix "linux" system then
              [
                (pkgs.writeScriptBin "nbuild" ''
                  set -e
                  echo "> Running nixos-rebuild build..."
                  sudo nixos-rebuild build --flake .
                  echo "> nixos-rebuild build was successful ✅"
                '')
                (pkgs.writeScriptBin "nswitch" ''
                  set -e
                  echo "> Running nixos-rebuild switch..."
                  sudo nixos-rebuild switch --flake .
                  echo "> nixos-rebuild switch was successful ✅"
                  echo "> NixOS config was successfully applied 🚀"
                '')
              ]
            else
              [ ];

          commonScripts = [
            (pkgs.writeScriptBin "update-deps" "nix flake update --commit-lock-file")
          ];

          systemSpecificScripts = darwinScripts ++ linuxScripts;
        in
        {
          default = pkgs.mkShellNoCC {
            inherit (pre-commit-check) shellHook; # This is the key line
            packages =
              with pkgs;
              [
                git
                inputs.agenix.packages."${system}".default
              ]
              ++ commonScripts
              ++ systemSpecificScripts;
          };
        }
      );
    };
}