selfprivacy-nixos-config/flake.nix

133 lines
5.1 KiB
Nix
Raw Normal View History

2023-07-15 12:52:46 +00:00
{
description = "SelfPrivacy NixOS configuration flake";
2023-07-15 12:52:46 +00:00
inputs = {
nixpkgs.url = github:nixos/nixpkgs;
selfprivacy-api.url =
git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git;
# make selfprivacy-api use the same shared nixpkgs
selfprivacy-api.inputs.nixpkgs.follows = "nixpkgs";
2023-07-15 12:52:46 +00:00
};
outputs = { self, nixpkgs, selfprivacy-api }: {
nixosConfigurations-fun =
{ hardware-configuration
, deployment
, userdata
, top-level-flake
, sp-modules
}:
{
default = nixpkgs.lib.nixosSystem {
modules = [
hardware-configuration
deployment
./configuration.nix
selfprivacy-api.nixosModules.default
2024-12-18 12:40:15 +00:00
({ pkgs, lib, ... }: {
environment.etc = (lib.attrsets.mapAttrs'
(name: sp-module: {
name = "sp-modules/${name}";
value.text = import ./lib/meta.nix { inherit pkgs sp-module; };
})
sp-modules) // {
suggested-sp-modules.text = builtins.toJSON (builtins.attrNames (builtins.readDir ./sp-modules));
};
})
(
let
deepFilter = ref: attrset:
builtins.foldl'
(acc: key:
if builtins.hasAttr key ref then
let
value = attrset.${key};
refValue = ref.${key};
in
acc // {
${key} =
if builtins.isAttrs value && builtins.isAttrs refValue then
deepFilter refValue value
else
value;
}
else
acc
)
{ }
(builtins.attrNames attrset);
in
{ options, ... }: {
# pass userdata (parsed from JSON) options to selfprivacy module
selfprivacy = deepFilter options.selfprivacy userdata;
# embed top-level flake source folder into the build
environment.etc."selfprivacy/nixos-config-source".source =
top-level-flake;
# for running "nix search nixpkgs", "nix shell nixpkgs#PKG... etc
nix.registry.nixpkgs.flake = nixpkgs;
# embed commit sha1 for `nixos-version --configuration-revision`
system.configurationRevision = self.rev
or "@${self.lastModifiedDate}"; # for development
# TODO assertion to forbid dirty builds caused by top-level-flake
# reset contents of /etc/nixos to match running NixOS generation
system.activationScripts.selfprivacy-nixos-config-source = ''
rm -rf /etc/nixos/{*,.[!.]*}
cp -r --no-preserve=all ${top-level-flake}/ -T /etc/nixos/
'';
}
)
]
++
# add SP modules, but constrain available config attributes for each
# (TODO revise evaluation performance of the code below)
nixpkgs.lib.attrsets.mapAttrsToList
(name: sp-module: args@{ config, pkgs, ... }:
let
lib = nixpkgs.lib;
configPathsNeeded = sp-module.configPathsNeeded or
(abort "allowed config paths not set for module \"${name}\"");
constrainConfigArgs = args'@{ pkgs, ... }: args' // {
config =
# TODO use lib.attrsets.mergeAttrsList from nixpkgs 23.05
(builtins.foldl' lib.attrsets.recursiveUpdate { }
(map
(p: lib.attrsets.setAttrByPath p
(lib.attrsets.getAttrFromPath p config))
configPathsNeeded
)
);
};
constrainImportsArgsRecursive = lib.attrsets.mapAttrsRecursive
(p: v:
# TODO traverse only imports and imports of imports, etc
# without traversing all attributes
if lib.lists.last p == "imports"
then
map
(m:
(args'@{ pkgs, ... }: constrainImportsArgsRecursive
(if builtins.isPath m
then import m (constrainConfigArgs args')
else
if builtins.isFunction m
then m (constrainConfigArgs args')
else m))
)
v
else v);
in
constrainImportsArgsRecursive
(sp-module.nixosModules.default (constrainConfigArgs args))
)
sp-modules;
2023-07-15 12:52:46 +00:00
};
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
};
2023-07-15 12:52:46 +00:00
}