-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathflake.nix
More file actions
228 lines (189 loc) · 8.59 KB
/
flake.nix
File metadata and controls
228 lines (189 loc) · 8.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
{
description = "Dendritic Nix Flake with flake-parts";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
flake-parts.url = "github:hercules-ci/flake-parts";
nix-darwin = {
url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs-darwin";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
determinate-nix.url = "github:DeterminateSystems/determinate";
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
};
system-manager = {
url = "github:numtide/system-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix.url = "github:danth/stylix";
spicetify-nix = {
url = "github:Gerg-L/spicetify-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
apple-silicon = {
url = "github:tpwrules/nixos-apple-silicon";
inputs.nixpkgs.follows = "nixpkgs";
};
microvm = {
url = "github:microvm-nix/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs@{ flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } {
systems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
imports = [
# In a fully dendritic pattern, we can import our top-level configuration modules.
# However, for NixOS, Darwin, and Home Manager, we will define them in `flake` output
# or use flake-parts modules if we're setting up the entire config matrix.
./modules
];
perSystem = { config, self', inputs', pkgs, system, ... }: {
# Formatter for `nix fmt`
formatter = pkgs.nixfmt;
# Development shell available via `nix develop`
devShells.default = pkgs.mkShell {
name = "dotfiles-devshell";
buildInputs = with pkgs; [
git
nixfmt
sops
age
] ++ [
inputs'.nixvim.packages.default
];
};
apps.install = {
type = "app";
program = let
installScript = pkgs.writeShellApplication {
name = "install-system";
runtimeInputs = [
pkgs.git
pkgs.nh
pkgs.nix
];
text = ''
set -e
TARGET_DIR="$HOME/.dotfiles"
REPO_URL="git@github.com:aspauldingcode/.dotfiles.git"
if [ ! -d "$TARGET_DIR" ]; then
echo "Cloning $REPO_URL to $TARGET_DIR..."
git clone "$REPO_URL" "$TARGET_DIR"
fi
cd "$TARGET_DIR"
# Ensure Applications directory exists and is writable by the current user
if [ -d "$HOME/Applications" ]; then
sudo chown "$USER" "$HOME/Applications"
sudo chmod 755 "$HOME/Applications"
else
mkdir -p "$HOME/Applications"
fi
if [[ "$OSTYPE" == "darwin"* ]]; then
# 1. Prime the native Touch ID support FIRST
# This allows subsequent sudo commands to use biometric auth immediately
if [ ! -f /etc/pam.d/sudo_local ]; then
echo "Priming native Touch ID support (requires password one last time)..."
if [ -f /etc/pam.d/sudo_local.template ]; then
sudo cp /etc/pam.d/sudo_local.template /etc/pam.d/sudo_local
sudo sed -i "" "s/#auth sufficient pam_tid.so/auth sufficient pam_tid.so/" /etc/pam.d/sudo_local
else
echo "auth sufficient pam_tid.so" | sudo tee /etc/pam.d/sudo_local > /dev/null
fi
fi
# 0. Clean up deprecated settings from Determinate Nix config to silence warnings
if grep -qE "^eval-cores|^lazy-trees" /etc/nix/nix.conf > /dev/null 2>&1; then
echo "Cleaning up deprecated settings in /etc/nix/nix.conf..."
sudo sed -i "" "s/^eval-cores/# eval-cores/" /etc/nix/nix.conf
sudo sed -i "" "s/^lazy-trees/# lazy-trees/" /etc/nix/nix.conf
fi
# 2. Determinate Nix Maintenance (Now TouchID-enabled)
if command -v determinate-nixd > /dev/null; then
echo "Verifying Determinate Nix status..."
# Capture status exactly once, silently
STATUS_OUT=$(determinate-nixd status 2>&1 || true)
# 1. Upgrade if needed (Priority)
if echo "$STATUS_OUT" | grep -qi "determinate-nixd upgrade"; then
echo "Determinate Nix update available. Upgrading via Touch ID..."
sudo determinate-nixd upgrade
fi
# 2. Auth check if needed
if echo "$STATUS_OUT" | grep -qiE "invalid-token|Anonymous|expired|logged out|unauthorized"; then
echo "Action Required: FlakeHub authentication is missing or has expired."
determinate-nixd login
fi
echo "Determinate Nix environment verified."
fi
# 3. Final system switch
echo "Authenticating via native macOS Touch ID..."
if [ -f /etc/pam.d/sudo_local ] && [ ! -L /etc/pam.d/sudo_local ]; then
sudo mv /etc/pam.d/sudo_local /etc/pam.d/sudo_local.before-nix-darwin
fi
nh darwin switch -H mba "$TARGET_DIR"
# 4. Mac App Store sync (runs AFTER nh so output is visible)
if command -v mas-sync > /dev/null 2>&1; then
mas-sync
fi
else
# For non-Darwin targets
nh os switch "$TARGET_DIR"
fi
echo "Installation complete!"
# Check if native-linux-builder access has been granted
if command -v determinate-nixd > /dev/null; then
if determinate-nixd version | grep -q "native-linux-builder"; then
echo -e "\n\033[1;32m\033[1mGOOD NEWS:\033[0m\033[32m You have access to the native-linux-builder!\033[0m"
echo "You can now uncomment 'inputs.self.modules.darwin.microvm' in 'modules/flake-module.nix' to enable Linux guest support."
fi
fi
echo -e "\nAll tasks finished. Press Enter if your prompt is missing."
exit 0
'';
};
in "${installScript}/bin/install-system";
};
apps.uninstall = {
type = "app";
program = let
uninstallScript = pkgs.writeShellApplication {
name = "uninstall-system";
runtimeInputs = [ pkgs.dialog pkgs.nix pkgs.nh pkgs.sudo ];
text = ''
set -e
if ! dialog --title "Uninstall Dendritic Nix" \
--yesno "This will uninstall nix-darwin and reset the profile. Are you sure?" 10 60; then
clear
exit 0
fi
clear
echo "Starting uninstallation..."
if command -v darwin-uninstaller &> /dev/null; then
sudo darwin-uninstaller
else
sudo nix --extra-experimental-features "nix-command flakes" run nix-darwin#darwin-uninstaller
fi
sudo nix-env --profile /nix/var/nix/profiles/system --delete-generations old || true
sudo rm -rf /nix/var/nix/profiles/system* || true
sudo nix-collect-garbage -d
echo "Uninstallation complete!"
'';
};
in "${uninstallScript}/bin/uninstall-system";
};
};
flake = {
# NixOS, Darwin, and Home Manager configurations will be built dynamically
# or defined in the flake-module.
};
};
}