{ description = "NixOS configuration"; inputs = { # Pinned stable channel; the single source of truth for every host. nixpkgs.url = "github:nixos/nixpkgs/nixos-26.05"; # Bleeding-edge channel, used only to pull individual packages via overlay. nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Home-manager release matched to the stable nixpkgs; `follows` keeps a single nixpkgs eval. home-manager.url = "github:nix-community/home-manager/release-26.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; # WSL module for the EDaaS host; flake input avoids the impure NIX_PATH lookup. nixos-wsl.url = "github:nix-community/NixOS-WSL"; nixos-wsl.inputs.nixpkgs.follows = "nixpkgs"; # Apple Silicon (Asahi) support for the MacBook host. nixos-apple-silicon.url = "github:nix-community/nixos-apple-silicon"; nixos-apple-silicon.inputs.nixpkgs.follows = "nixpkgs"; # nix-darwin: manage macOS hosts from this same flake. nix-darwin.url = "github:nix-darwin/nix-darwin/nix-darwin-26.05"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; # nix-homebrew: declaratively own and install the Homebrew prefix on macOS. nix-homebrew.url = "github:zhaofengli/nix-homebrew"; # Provides mkFlake: the systems/perSystem scaffolding used below. flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; # Declarative Firefox add-ons (e.g. the Catppuccin theme); see lyrathorpe/user.nix. firefox-addons = { url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; inputs.nixpkgs.follows = "nixpkgs"; }; # Prebuilt nix-index database so "command not found -> which package # provides it" works immediately (no manual `nix-index` run). See shell.nix. nix-index-database = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; # treefmt-nix: one multi-language formatter driving `nix fmt` and the # formatting flake check (nixfmt + shfmt + prettier). treefmt-nix = { url = "github:numtide/treefmt-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; # git-hooks.nix: declarative pre-commit hooks (nixfmt/deadnix/statix), # installed into the repo via the devShell. git-hooks = { url = "github:cachix/git-hooks.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = inputs@{ flake-parts, nixpkgs, nixpkgs-unstable, home-manager, nixos-wsl, nixos-apple-silicon, nix-darwin, nix-homebrew, ... }: flake-parts.lib.mkFlake { inherit inputs; } ( { lib, ... }: let # claude-code tracks nixpkgs-unstable regardless of the pinned nixpkgs. overlays = [ (_final: prev: { inherit (import nixpkgs-unstable { inherit (prev.stdenv.hostPlatform) system; config.allowUnfree = true; }) claude-code ; }) ]; # Unfree packages permitted to be built (replaces blanket allowUnfree). unfreePackages = [ "claude-code" "lens" "lens-desktop" ]; # nixpkgs + nix-daemon settings shared by NixOS and Darwin hosts. commonModule = { nixpkgs.overlays = overlays; nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) unfreePackages; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Make `nix shell nixpkgs#...` and use the pinned nixpkgs. nix.registry.nixpkgs.flake = nixpkgs; nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; }; # Shared scaffolding for every NixOS host: common user, settings, home-manager. baseModules = [ ./lyrathorpe/user.nix ./system/modules/common-nixos.nix commonModule home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; # Back up pre-existing dotfiles (e.g. .zshrc) instead of aborting # activation when home-manager would overwrite them. home-manager.backupFileExtension = "backup"; } ]; # mkHost :: { system, username, fullName, modules, homeModules } -> nixosSystem # Builds one machine by appending its host-specific modules to the shared # baseModules. The user identity (username/fullName) is threaded through # specialArgs so user.nix and the home modules stay host-agnostic, and the # home-manager profile is keyed by the host's username. mkHost = { system, username, fullName, modules, homeModules, # Host form factor. Laptops inherit the default; a desktop host sets # `portable = false` to drop mobile components (battery block, # brightness keys) from the home-manager Sway config. portable ? true, }: nixpkgs.lib.nixosSystem { inherit system; specialArgs = { inherit inputs username fullName portable ; }; modules = baseModules ++ modules ++ [ { home-manager.extraSpecialArgs = { inherit inputs username fullName portable ; }; home-manager.users.${username}.imports = homeModules; } ]; }; # Shared scaffolding for every Darwin (macOS) host. darwinBaseModules = [ commonModule nix-homebrew.darwinModules.nix-homebrew home-manager.darwinModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; # Back up pre-existing dotfiles (e.g. .zshrc) instead of aborting # activation when home-manager would overwrite them. home-manager.backupFileExtension = "backup"; } ]; # mkDarwinHost :: { system, username, fullName, modules, homeModules } -> darwinSystem # Darwin counterpart of mkHost. macOS already owns the login user, so we # only attach the platform and home-manager; no NixOS user module here. mkDarwinHost = { system, username, fullName, modules, homeModules, }: nix-darwin.lib.darwinSystem { specialArgs = { inherit inputs username fullName; }; modules = darwinBaseModules ++ modules ++ [ { nixpkgs.hostPlatform = system; # macOS owns the account; point home-manager at its home dir. users.users.${username}.home = "/Users/${username}"; home-manager.extraSpecialArgs = { inherit inputs username fullName; }; home-manager.users.${username}.imports = homeModules; } ]; }; # Host table — declarative registry of every machine. To add a host: # give it a name, its `system`, the owning user, and the module lists. # mapAttrs below turns each entry into a nixosConfiguration of the same name. hosts = { lyrathorpe-mbp = { system = "aarch64-linux"; username = "lyrathorpe"; fullName = "Lyra Thorpe"; modules = [ ./system/machine/MBP-Asahi/configuration.nix ./system/modules/laptop.nix nixos-apple-silicon.nixosModules.default ./lyrathorpe/swaywm.nix ]; homeModules = [ ./lyrathorpe/home ./lyrathorpe/home/desktop.nix ]; }; lyrathorpe-t400 = { system = "x86_64-linux"; username = "lyrathorpe"; fullName = "Lyra Thorpe"; modules = [ ./system/machine/T400/configuration.nix ./system/modules/laptop.nix ./lyrathorpe/swaywm.nix ]; homeModules = [ ./lyrathorpe/home ./lyrathorpe/home/desktop.nix ]; }; lyrathorpe-macpro31 = { system = "x86_64-linux"; username = "lyrathorpe"; fullName = "Lyra Thorpe"; portable = false; modules = [ ./system/machine/MacPro31/configuration.nix ./system/modules/desktop.nix ./lyrathorpe/swaywm.nix ]; homeModules = [ ./lyrathorpe/home ./lyrathorpe/home/desktop.nix ]; }; emmathorpe-edaas = { system = "x86_64-linux"; username = "emmathorpe"; fullName = "Emma Thorpe"; modules = [ ./system/machine/EDaaS/configuration.nix nixos-wsl.nixosModules.default ./lyrathorpe/swaywm.nix ]; homeModules = [ ./lyrathorpe/home ./lyrathorpe/home/work.nix ]; }; }; # Darwin host table — macOS machines built via mkDarwinHost. The shared # ./lyrathorpe/home modules (shell, git, editor) are reused; the Linux-only # desktop/sway modules are intentionally left out. darwinHosts = { lyrathorpe-mac = { system = "aarch64-darwin"; username = "lyrathorpe"; fullName = "Lyra Thorpe"; modules = [ ./system/machine/Darwin/configuration.nix ]; homeModules = [ ./lyrathorpe/home ]; }; }; in { # flake-parts modules: treefmt-nix wires `nix fmt` + a formatting check; # git-hooks.nix wires the pre-commit check + devShell installation script. imports = [ inputs.treefmt-nix.flakeModule inputs.git-hooks.flakeModule ]; systems = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin" ]; # perSystem is evaluated once per entry in `systems`; `pkgs` is the # nixpkgs instance for that system. Outputs here become per-system # attrsets automatically (e.g. devShells..default). perSystem = { config, pkgs, ... }: { # treefmt drives `nix fmt` and the formatting check below. nixfmt # stays the .nix formatter (the tree is already nixfmt-formatted); # shfmt covers shell and prettier covers markdown/yaml/json. treefmt = { projectRootFile = "flake.nix"; programs.nixfmt.enable = true; programs.shfmt.enable = true; programs.prettier.enable = true; # Generated hardware-configuration.nix files are not hand-edited. settings.global.excludes = [ "*/hardware-configuration.nix" # generated by nixos-generate-config "flake.lock" # generated by `nix flake lock` ]; }; # Pre-commit hooks: format + lint gate run on commit. The same hooks # are exposed as a flake check (pre-commit.check.enable defaults true). pre-commit.settings = { # Generated by nixos-generate-config; don't lint/reformat (treefmt # excludes them too). excludes = [ "hardware-configuration\\.nix$" ]; hooks = { nixfmt-rfc-style.enable = true; deadnix = { enable = true; # Unused module args ({config,lib,pkgs,...}) are normal; only # flag genuinely dead bindings. settings.noLambdaPatternNames = true; }; statix.enable = true; # reads statix.toml (repeated_keys/empty_pattern disabled) }; }; # treefmt-nix exposes its own `checks.treefmt`; alias it to # `formatting` so the existing CI gate (.#checks.*.formatting) keeps # working without churn. checks.formatting = config.treefmt.build.check inputs.self; # deadnix / statix lints as standalone flake checks so `nix flake # check` flags dead code and antipatterns independently of pre-commit. checks.deadnix = pkgs.runCommandLocal "check-deadnix" { nativeBuildInputs = [ pkgs.deadnix ]; } '' deadnix --fail --no-lambda-pattern-names ${./.} && touch $out ''; checks.statix = pkgs.runCommandLocal "check-statix" { nativeBuildInputs = [ pkgs.statix ]; } '' statix check -c ${./.} ${./.} && touch $out ''; # `nix develop` shell with the tooling needed to hack on this flake. # shellHook installs the git pre-commit hooks into the working tree. devShells.default = pkgs.mkShellNoCC { packages = with pkgs; [ nixfmt nil git deadnix statix treefmt ]; shellHook = config.pre-commit.installationScript; }; }; # Realise the host tables: each entry becomes a {nixos,darwin}Configuration. flake.nixosConfigurations = lib.mapAttrs (_name: mkHost) hosts; flake.darwinConfigurations = lib.mapAttrs (_name: mkDarwinHost) darwinHosts; } ); }