feat: refactor flake.nix

2026-04-24 17:58:30 +02:00 · 2023-12-20 00:48:30 +08:00
parent 809a68fa27
commit 29511fa574
28 changed files with 416 additions and 422 deletions
--- a/constants.nix
+++ b/constants.nix
@@ -0,0 +1,15 @@
 rec {
  # user information
  username = "ryan";
  userfullname = "Ryan Yin";
  useremail = "xiaoyin_c@qq.com";
  # linux systems
  x64_system = "x86_64-linux";
  riscv64_system = "riscv64-linux";
  aarch64_system = "aarch64-linux";
  # darwin systems
  x64_darwin = "x86_64-darwin";
  aarch64_darwin = "aarch64-darwin";
  allSystems = [x64_system riscv64_system aarch64_system x64_darwin aarch64_darwin];
 }
--- a/flake.nix
+++ b/flake.nix
@@ -16,284 +16,73 @@
  outputs = inputs @ {
    self,
    nixpkgs,
    nixpkgs-unstable,
    nixpkgs-darwin,
    pre-commit-hooks,
    nix-darwin,
    home-manager,
    nixos-generators,
    nixos-licheepi4a,
    nixos-rk3588,
    ...
  }: let
-    username = "ryan";
+    constants = import ./constants.nix;
    userfullname = "Ryan Yin";
    useremail = "xiaoyin_c@qq.com";
-    x64_system = "x86_64-linux";
+    # FYI: `lib.genAttrs [ "foo" "bar" ] (name: "x_" + name)` => `{ foo = "x_foo"; bar = "x_bar"; }`
-    x64_darwin = "x86_64-darwin";
+    forEachSystem = func: (nixpkgs.lib.genAttrs constants.allSystems func);
    riscv64_system = "riscv64-linux";
    aarch64_system = "aarch64-linux";
    allSystems = [x64_system x64_darwin riscv64_system aarch64_system];
-    nixosSystem = import ./lib/nixosSystem.nix;
+    allSystemConfigurations = import ./systems {inherit self inputs constants;};
-    macosSystem = import ./lib/macosSystem.nix;
+  in
-    colmenaSystem = import ./lib/colmenaSystem.nix;
+    allSystemConfigurations
-
+    // {
-    # 星野 アイ, Hoshino Ai
+      # format the nix code in this flake
-    idol_ai_modules_i3 = {
+      # alejandra is a nix formatter with a beautiful output
-      nixos-modules = [
+      formatter = forEachSystem (
-        ./hosts/idols/ai
+        system: nixpkgs.legacyPackages.${system}.alejandra
        ./modules/nixos/i3.nix
      ];
      home-module = import ./home/linux/desktop-i3.nix;
    };
    idol_ai_modules_hyprland = {
      nixos-modules = [
        ./hosts/idols/ai
        ./modules/nixos/hyprland.nix
      ];
      home-module = import ./home/linux/desktop-hyprland.nix;
    };
    # 星野 愛久愛海, Hoshino Akuamarin
    idol_aquamarine_modules = {
      nixos-modules = [
        ./hosts/idols/aquamarine
      ];
      home-module = import ./home/linux/server.nix;
    };
    idol_aquamarine_tags = ["dist-build" "aqua"];
    # 星野 瑠美衣, Hoshino Rubii
    idol_ruby_modules = {
      nixos-modules = [
        ./hosts/idols/ruby
      ];
      home-module = import ./home/linux/server.nix;
    };
    idol_ruby_tags = ["dist-build" "ruby"];
    # 有馬 かな, Arima Kana
    idol_kana_modules = {
      nixos-modules = [
        ./hosts/idols/kana
      ];
      home-module = import ./home/linux/server.nix;
    };
    idol_kana_tags = ["dist-build" "kana"];
    # 森友 望未, Moritomo Nozomi
    rolling_nozomi_modules = {
      nixos-modules = [
        ./hosts/rolling_girls/nozomi
      ];
      # home-module = import ./home/linux/server-riscv64.nix;
    };
    rolling_nozomi_tags = ["riscv" "nozomi"];
    # 小坂 結季奈, Kosaka Yukina
    rolling_yukina_modules = {
      nixos-modules = [
        ./hosts/rolling_girls/yukina
      ];
      # home-module = import ./home/linux/server-riscv64.nix;
    };
    rolling_yukina_tags = ["riscv" "yukina"];
    # 大木 鈴, Ōki Suzu
    _12kingdoms_suzu_modules = {
      nixos-modules = [
        ./hosts/12kingdoms/suzu
      ];
      # home-module = import ./home/linux/server.nix;
    };
    _12kingdoms_suzu_tags = ["aarch" "suzu"];
    x64_specialArgs =
      {
        inherit username userfullname useremail;
        # use unstable branch for some packages to get the latest updates
        pkgs-unstable = import nixpkgs-unstable {
          system = x64_system; # refer the `system` parameter form outer scope recursively
          # To use chrome, we need to allow the installation of non-free software
          config.allowUnfree = true;
        };
      }
      // inputs;
  in {
    nixosConfigurations = let
      base_args = {
        inherit home-manager nixos-generators;
        inherit nixpkgs; # or nixpkgs-unstable
        system = x64_system;
        specialArgs = x64_specialArgs;
      };
    in {
      # ai with i3 window manager
      ai_i3 = nixosSystem (idol_ai_modules_i3 // base_args);
      # ai with hyprland compositor
      ai_hyprland = nixosSystem (idol_ai_modules_hyprland // base_args);
      # three virtual machines without desktop environment.
      aquamarine = nixosSystem (idol_aquamarine_modules // base_args);
      ruby = nixosSystem (idol_ruby_modules // base_args);
      kana = nixosSystem (idol_kana_modules // base_args);
    };
    # colmena - remote deployment via SSH
    colmena = let
      # x86_64 related
      x64_base_args = {
        inherit home-manager;
        inherit nixpkgs; # or nixpkgs-unstable
        specialArgs = x64_specialArgs;
      };
      # riscv64 related
      # using the same nixpkgs as nixos-licheepi4a to utilize the cross-compilation cache.
      lpi4a_pkgs = import nixos-licheepi4a.inputs.nixpkgs {system = x64_system;};
      lpi4a_specialArgs =
        {
          inherit username userfullname useremail;
          pkgsKernel = nixos-licheepi4a.packages.${x64_system}.pkgsKernelCross;
        }
        // inputs;
      lpi4a_base_args = {
        inherit home-manager;
        inherit (nixos-licheepi4a.inputs) nixpkgs; # or nixpkgs-unstable
        specialArgs = lpi4a_specialArgs;
        targetUser = "root";
      };
      # aarch64 related
      # using the same nixpkgs as nixos-rk3588 to utilize the cross-compilation cache.
      rk3588_pkgs = import nixos-rk3588.inputs.nixpkgs {system = x64_system;};
      rk3588_specialArgs =
        {
          inherit username userfullname useremail;
        }
        // nixos-rk3588.inputs;
      rk3588_base_args = {
        inherit home-manager;
        inherit (nixos-rk3588.inputs) nixpkgs; # or nixpkgs-unstable
        specialArgs = rk3588_specialArgs;
        targetUser = "root";
      };
    in {
      meta = {
        nixpkgs = import nixpkgs {system = x64_system;};
        specialArgs = x64_specialArgs;
        nodeSpecialArgs = {
          # riscv64 SBCs
          nozomi = lpi4a_specialArgs;
          yukina = lpi4a_specialArgs;
          # aarch64 SBCs
          suzu = rk3588_specialArgs;
        };
        nodeNixpkgs = {
          nozomi = lpi4a_pkgs;
          yukina = lpi4a_pkgs;
          # aarch64 SBCs
          suzu = rk3588_pkgs;
        };
      };
      # proxmox virtual machines(x86_64)
      aquamarine = colmenaSystem (idol_aquamarine_modules // x64_base_args // {host_tags = idol_aquamarine_tags;});
      ruby = colmenaSystem (idol_ruby_modules // x64_base_args // {host_tags = idol_ruby_tags;});
      kana = colmenaSystem (idol_kana_modules // x64_base_args // {host_tags = idol_kana_tags;});
      # riscv64 SBCs
      nozomi = colmenaSystem (rolling_nozomi_modules // lpi4a_base_args // {host_tags = rolling_nozomi_tags;});
      yukina = colmenaSystem (rolling_yukina_modules // lpi4a_base_args // {host_tags = rolling_yukina_tags;});
      # aarch64 SBCs
      suzu = colmenaSystem (_12kingdoms_suzu_modules // rk3588_base_args // {host_tags = _12kingdoms_suzu_tags;});
    };
    # take system images for idols
    # https://github.com/nix-community/nixos-generators
    packages."${x64_system}" =
      # genAttrs returns an attribute set with the given keys and values(host => image).
      nixpkgs.lib.genAttrs [
        "ai_i3"
        "ai_hyprland"
      ]
      (
        # generate iso image for hosts with desktop environment
        host:
          self.nixosConfigurations.${host}.config.formats.iso
      )
      // nixpkgs.lib.genAttrs [
        "aquamarine"
        "ruby"
        "kana"
      ]
      (
        # generate proxmox image for virtual machines without desktop environment
        host:
          self.nixosConfigurations.${host}.config.formats.proxmox
      );
-    # macOS's configuration, for work.
+      # pre-commit hooks for nix code
-    darwinConfigurations = let
+      checks = forEachSystem (
-      system = x64_darwin;
+        system: {
-      specialArgs =
+          pre-commit-check = pre-commit-hooks.lib.${system}.run {
-        {
+            src = ./.;
-          inherit username userfullname useremail;
+            hooks = {
-          # use unstable branch for some packages to get the latest updates
+              alejandra.enable = true; # formatter
-          pkgs-unstable = import nixpkgs-unstable {
+              # deadnix.enable = true; # detect unused variable bindings in `*.nix`
-            inherit system; # refer the `system` parameter form outer scope recursively
+              statix.enable = true; # lints and suggestions for Nix code(auto suggestions)
-            # To use chrome, we need to allow the installation of non-free software
+              prettier = {
-            config.allowUnfree = true;
+                enable = true;
                excludes = [".js" ".md" ".ts"];
              };
            };
          };
        }
-        // inputs;
+      );
-      base_args = {
+      devShells = forEachSystem (
-        inherit nix-darwin home-manager system specialArgs;
+        system: {
-        nixpkgs = nixpkgs-darwin;
+          default = nixpkgs.legacyPackages.${system}.mkShell {
-      };
+            name = "dots";
-    in {
+            shellHook = ''
-      harmonica = macosSystem (base_args
+              ${self.checks.${system}.pre-commit-check.shellHook}
-        // {
+            '';
-          darwin-modules = [
+          };
-            ./hosts/harmonica
+        }
-          ];
+      );
          home-module = import ./home/darwin;
        });
    };
-    # format the nix code in this flake
+  # the nixConfig here only affects the flake itself, not the system configuration!
-    # alejandra is a nix formatter with a beautiful output
+  # for more information, see:
-    formatter = nixpkgs.lib.genAttrs allSystems (
+  #     https://nixos-and-flakes.thiscute.world/nixos-with-flakes/add-custom-cache-servers
-      system:
+  nixConfig = {
-        nixpkgs.legacyPackages.${system}.alejandra
+    # substituers will be appended to the default substituters when fetching packages
-    );
+    extra-substituters = [
-
+      "https://nix-community.cachix.org"
-    # pre-commit hooks for nix code
+      # my own cache server
-    checks = nixpkgs.lib.genAttrs allSystems (
+      "https://ryan4yin.cachix.org"
-      system: {
+      "https://anyrun.cachix.org"
-        pre-commit-check = pre-commit-hooks.lib.${system}.run {
+      "https://hyprland.cachix.org"
-          src = ./.;
+      # "https://nixpkgs-wayland.cachix.org"
-          hooks = {
+    ];
-            alejandra.enable = true; # formatter
+    extra-trusted-public-keys = [
-            # deadnix.enable = true; # detect unused variable bindings in `*.nix`
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-            statix.enable = true; # lints and suggestions for Nix code(auto suggestions)
+      "ryan4yin.cachix.org-1:Gbk27ZU5AYpGS9i3ssoLlwdvMIh0NxG0w8it/cv9kbU="
-          };
+      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
-        };
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-      }
+      # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
-    );
+    ];
    devShells = nixpkgs.lib.genAttrs allSystems (
      system: {
        default = nixpkgs.legacyPackages.${system}.mkShell {
          inherit (self.checks.${system}.pre-commit-check) shellHook;
        };
      }
    );
  };
  # This is the standard format for flake.nix. `inputs` are the dependencies of the flake,
@@ -444,26 +233,4 @@
      flake = false;
    };
  };
  # the nixConfig here only affects the flake itself, not the system configuration!
  # for more information, see:
  #     https://nixos-and-flakes.thiscute.world/nixos-with-flakes/add-custom-cache-servers
  nixConfig = {
    # substituers will be appended to the default substituters when fetching packages
    extra-substituters = [
      "https://nix-community.cachix.org"
      # my own cache server
      "https://ryan4yin.cachix.org"
      "https://anyrun.cachix.org"
      "https://hyprland.cachix.org"
      # "https://nixpkgs-wayland.cachix.org"
    ];
    extra-trusted-public-keys = [
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      "ryan4yin.cachix.org-1:Gbk27ZU5AYpGS9i3ssoLlwdvMIh0NxG0w8it/cv9kbU="
      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
      # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
    ];
  };
 }
--- a/home/base/server/core.nix
+++ b/home/base/server/core.nix
@@ -61,7 +61,7 @@
    # useful in bash/zsh prompt, not in nushell.
    eza = {
      enable = true;
-      enableAliases = false;  # do not enable aliases in nushell!
+      enableAliases = false; # do not enable aliases in nushell!
      git = true;
      icons = true;
    };
--- a/hosts/12kingdoms/suzu/default.nix
+++ b/hosts/12kingdoms/suzu/default.nix
@@ -11,16 +11,9 @@
 #############################################################
 {
  imports = [
    {
      nixpkgs.crossSystem = {
        config = "aarch64-unknown-linux-gnu";
      };
    }
    # import the rk3588 module, which contains the configuration for bootloader/kernel/firmware
    (nixos-rk3588 + "/modules/boards/orangepi5.nix")
    ../../../modules/nixos/server-riscv64.nix
  ];
  users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;
--- a/hosts/harmonica/default.nix
+++ b/hosts/harmonica/default.nix
@@ -7,14 +7,6 @@
 let
  hostname = "harmonica";
 in {
  imports = [
    ../../modules/darwin
    ../../secrets/darwin.nix
  ];
  nixpkgs.overlays = import ../../overlays args;
  networking.hostName = hostname;
  networking.computerName = hostname;
  system.defaults.smb.NetBIOSName = hostname;
--- a/hosts/idols/ai/cifs-mount.nix
+++ b/hosts/idols/ai/cifs-mount.nix
@@ -1,6 +1,5 @@
 {
  config,
  pkgs,
  username,
  ...
 }: {
--- a/hosts/idols/ai/default.nix
+++ b/hosts/idols/ai/default.nix
@@ -1,4 +1,3 @@
 {lanzaboote, ...} @ args:
 #############################################################
 #
 #  Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
@@ -12,12 +11,8 @@
    ./impermanence.nix
    ./secureboot.nix
    ../../../secrets/nixos.nix
  ];
  nixpkgs.overlays = import ../../../overlays args;
  networking = {
    hostName = "ai";
    wireless.enable = false; # Enables wireless support via wpa_supplicant.
--- a/hosts/idols/aquamarine/default.nix
+++ b/hosts/idols/aquamarine/default.nix
@@ -1,18 +1,9 @@
 args:
 #############################################################
 #
 #  Aquamarine - A NixOS VM running on Proxmox
 #
 #############################################################
 {
  imports = [
    ../../../modules/nixos/proxmox-hardware-configuration.nix
    ../../../modules/nixos/server.nix
  ];
  nixpkgs.overlays = import ../../../overlays args;
  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
  # supported fil systems, so we can mount any removable disks with these filesystems
--- a/hosts/idols/kana/default.nix
+++ b/hosts/idols/kana/default.nix
@@ -1,18 +1,9 @@
 args:
 #############################################################
 #
 #  Kana - a NixOS VM running on Proxmox
 #
 #############################################################
 {
  imports = [
    ../../../modules/nixos/proxmox-hardware-configuration.nix
    ../../../modules/nixos/server.nix
  ];
  nixpkgs.overlays = import ../../../overlays args;
  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
  # supported fil systems, so we can mount any removable disks with these filesystems
--- a/hosts/idols/ruby/default.nix
+++ b/hosts/idols/ruby/default.nix
@@ -1,18 +1,9 @@
 args:
 #############################################################
 #
 #  Ruby - a NixOS VM running on Proxmox
 #
 #############################################################
 {
  imports = [
    ../../../modules/nixos/proxmox-hardware-configuration.nix
    ../../../modules/nixos/server.nix
  ];
  nixpkgs.overlays = import ../../../overlays args;
  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
  # supported fil systems, so we can mount any removable disks with these filesystems
--- a/hosts/rolling_girls/chiaya/default.nix
+++ b/hosts/rolling_girls/chiaya/default.nix
@@ -1,9 +1,7 @@
 {
  config,
  username,
  # nixos-jh7110,
  ...
-} @ args:
+}:
 #############################################################
 #
 #  Chiaya - NixOS Configuration for Milk-V Mars
@@ -13,20 +11,8 @@
 #############################################################
 {
  imports = [
    {
      # cross-compilation this flake.
      nixpkgs.crossSystem = {
        system = "riscv64-linux";
      };
    }
    # TODO
    ../../../modules/nixos/server-riscv64.nix
  ];
  users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;
  # Set static IP address / gateway / DNS servers.
  networking = {
    hostName = "chiaya"; # Define your hostname.
@@ -64,5 +50,5 @@
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "23.05"; # Did you read the comment?
 }
--- a/hosts/rolling_girls/nozomi/default.nix
+++ b/hosts/rolling_girls/nozomi/default.nix
@@ -1,9 +1,4 @@
-{
+{nixos-licheepi4a, ...}:
  config,
  username,
  nixos-licheepi4a,
  ...
 } @ args:
 #############################################################
 #
 #  Nozomi - NixOS configuration for Lichee Pi 4A
@@ -11,23 +6,12 @@
 #############################################################
 {
  imports = [
    {
      # cross-compilation this flake.
      nixpkgs.crossSystem = {
        system = "riscv64-linux";
      };
    }
    # import the licheepi4a module, which contains the configuration for bootloader/kernel/firmware
    (nixos-licheepi4a + "/modules/licheepi4a.nix")
    # import the sd-image module, which contains the fileSystems & kernel parameters for booting from sd card.
    (nixos-licheepi4a + "/modules/sd-image/sd-image-lp4a.nix")
    ../../../modules/nixos/server-riscv64.nix
  ];
  users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;
  # Set static IP address / gateway / DNS servers.
  networking = {
    hostName = "nozomi"; # Define your hostname.
@@ -97,5 +81,5 @@
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "23.05"; # Did you read the comment?
 }
--- a/hosts/rolling_girls/yukina/default.nix
+++ b/hosts/rolling_girls/yukina/default.nix
@@ -1,9 +1,4 @@
-{
+{nixos-licheepi4a, ...}:
  config,
  username,
  nixos-licheepi4a,
  ...
 } @ args:
 #############################################################
 #
 #  Yukina - NixOS configuration for Lichee Pi 4A
@@ -11,23 +6,12 @@
 #############################################################
 {
  imports = [
    {
      # cross-compilation this flake.
      nixpkgs.crossSystem = {
        system = "riscv64-linux";
      };
    }
    # import the licheepi4a module, which contains the configuration for bootloader/kernel/firmware
    (nixos-licheepi4a + "/modules/licheepi4a.nix")
    # import the sd-image module, which contains the fileSystems & kernel parameters for booting from sd card.
    (nixos-licheepi4a + "/modules/sd-image/sd-image-lp4a.nix")
    ../../../modules/nixos/server-riscv64.nix
  ];
  users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;
  # Set static IP address / gateway / DNS servers.
  networking = {
    hostName = "yukina"; # Define your hostname.
@@ -97,5 +81,5 @@
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "23.05"; # Did you read the comment?
 }
--- a/lib/colmenaSystem.nix
+++ b/lib/colmenaSystem.nix
@@ -10,10 +10,7 @@
 }: let
  inherit (specialArgs) username;
 in
-  {
+  {name, ...}: {
    name,
    ...
  }: {
    deployment = {
      inherit targetUser;
      targetHost = name; # hostName or IP address
@@ -27,6 +24,8 @@ in
          # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
          nix.registry.nixpkgs.flake = nixpkgs;
          nix.channel.enable = false; # disable nix-channel, we use flakes instead.
          nixpkgs.overlays = import ../overlays specialArgs;
        }
      ]
      ++ (
--- a/lib/macosSystem.nix
+++ b/lib/macosSystem.nix
@@ -23,6 +23,8 @@ in
          # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
          # discard all the default paths, and only use the one from this flake.
          nix.nixPath = lib.mkForce ["/etc/nix/inputs"];
          nixpkgs.overlays = import ../overlays specialArgs;
        })
        home-manager.darwinModules.home-manager
--- a/lib/nixosSystem.nix
+++ b/lib/nixosSystem.nix
@@ -18,6 +18,8 @@ in
          # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
          nix.registry.nixpkgs.flake = nixpkgs;
          nix.channel.enable = false; # disable nix-channel, we use flakes instead.
          nixpkgs.overlays = import ../overlays specialArgs;
        }
        nixos-generators.nixosModules.all-formats
--- a/modules/darwin/nix-core.nix
+++ b/modules/darwin/nix-core.nix
@@ -1,7 +1,4 @@
-{
+{pkgs, ...}: {
  pkgs,
  ...
 }: {
  ###################################################################################
  #
  #  Core configuration for nix-darwin
--- a/modules/nixos/base/misc.nix
+++ b/modules/nixos/base/misc.nix
@@ -2,7 +2,8 @@
  lib,
  pkgs,
  ...
-}: {
+}:
 {
  ###################################################################################
  #
  #  NixOS's core configuration suitable for all my machines
--- a/modules/nixos/base/networking.nix
+++ b/modules/nixos/base/networking.nix
@@ -14,4 +14,6 @@
    };
    openFirewall = true;
  };
 }
--- a/modules/nixos/base/user-group.nix
+++ b/modules/nixos/base/user-group.nix
@@ -1,4 +1,4 @@
-{username, ...}: {
+{username, config, ...}: {
  # Don't allow mutation of users outside the config.
  users.mutableUsers = false;
@@ -37,10 +37,10 @@
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7PTkP3ixXTZlrJNSHnXgkmHNT+QslFi9wNYXOpVwGB ryan@harmonica"
    ];
  };
-  users.users.root.initialHashedPassword = "$7$CU..../....X6uvZYnFD.i1CqqFFNl4./$4vgqzIPyw5XBr0aCDFbY/UIRRJr7h5SMGoQ/ZvX3FP2";
+  users.users.root = {
-
+    initialHashedPassword = "$7$CU..../....X6uvZYnFD.i1CqqFFNl4./$4vgqzIPyw5XBr0aCDFbY/UIRRJr7h5SMGoQ/ZvX3FP2";
-  # fix for `sudo xxx` in kitty/wezterm and other modern terminal emulators
+    openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;
-  security.sudo.keepTerminfo = true;
+  };
  # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
  security.sudo.extraRules = [
--- a/modules/nixos/desktop/misc.nix
+++ b/modules/nixos/desktop/misc.nix
@@ -12,6 +12,9 @@
  # set user's default shell system-wide
  users.defaultUserShell = pkgs.nushell;
  # fix for `sudo xxx` in kitty/wezterm and other modern terminal emulators
  security.sudo.keepTerminfo = true;
  environment.variables = {
    # fix https://github.com/NixOS/nixpkgs/issues/238025
    TZ = "${config.time.timeZone}";
--- a/modules/nixos/server-riscv64.nix
+++ b/modules/nixos/server-riscv64.nix
@@ -3,20 +3,13 @@
  #      Base NixOS Configuration
  # =========================================================================
-  # Set your time zone.
+  imports = [
-  time.timeZone = "Asia/Shanghai";
+    ./base/i18n.nix
    ./base/misc.nix
    ./base/user-group.nix
-  # Select internationalisation properties.
+    ../base.nix
-  i18n.defaultLocale = "en_US.UTF-8";
+  ];
  nix.settings = {
    # Manual optimise storage: nix-store --optimise
    # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
    auto-optimise-store = true;
    builders-use-substitutes = true;
    # enable flakes globally
    experimental-features = ["nix-command" "flakes"];
  };
  # List packages installed in system profile. To search, run:
  # $ nix search wget
@@ -51,9 +44,6 @@
    docker-compose
  ];
  # replace default editor with neovim
  environment.variables.EDITOR = "nvim";
  virtualisation.docker = {
    enable = true;
    # start dockerd on boot.
--- a/secrets/nixos.nix
+++ b/secrets/nixos.nix
@@ -58,11 +58,11 @@
    # So we need to make then readable by the user
    "agenix/alias-for-work.nushell" = {
      source = config.age.secrets."alias-for-work.nushell".path;
-      mode = "0644";  # both the original file and the symlink should be readable and executable by the user
+      mode = "0644"; # both the original file and the symlink should be readable and executable by the user
    };
    "agenix/alias-for-work.bash" = {
      source = config.age.secrets."alias-for-work.bash".path;
-      mode = "0644";  # both the original file and the symlink should be readable and executable by the user
+      mode = "0644"; # both the original file and the symlink should be readable and executable by the user
    };
  };
 }
--- a/systems/colmena.nix
+++ b/systems/colmena.nix
@@ -0,0 +1,102 @@
 args:
 with args; let
  lib = nixpkgs.lib;
  colmenaSystem = import ../lib/colmenaSystem.nix;
  # x86_64 related
  x64_base_args = {
    inherit home-manager;
    inherit nixpkgs; # or nixpkgs-unstable
    specialArgs = x64_system_specialArgs;
  };
  # riscv64 related
  # using the same nixpkgs as nixos-licheepi4a to utilize the cross-compilation cache.
  lpi4a_pkgs = import nixos-licheepi4a.inputs.nixpkgs {system = x64_system;};
  lpi4a_specialArgs =
    {
      inherit username userfullname useremail;
      pkgsKernel = nixos-licheepi4a.packages.${x64_system}.pkgsKernelCross;
    }
    // args;
  lpi4a_base_args = {
    inherit home-manager;
    inherit (nixos-licheepi4a.inputs) nixpkgs; # or nixpkgs-unstable
    specialArgs = lpi4a_specialArgs;
    targetUser = "root";
  };
  # aarch64 related
  # using the same nixpkgs as nixos-rk3588 to utilize the cross-compilation cache.
  rk3588_pkgs = import nixos-rk3588.inputs.nixpkgs {system = x64_system;};
  rk3588_specialArgs =
    {
      inherit username userfullname useremail;
    }
    // nixos-rk3588.inputs;
  rk3588_base_args = {
    inherit home-manager;
    inherit (nixos-rk3588.inputs) nixpkgs; # or nixpkgs-unstable
    specialArgs = rk3588_specialArgs;
    targetUser = "root";
  };
 in {
  # colmena - remote deployment via SSH
  colmena = {
    meta = {
      nixpkgs = import nixpkgs {system = x64_system;};
      specialArgs = x64_system_specialArgs;
      nodeSpecialArgs = {
        # riscv64 SBCs
        nozomi = lpi4a_specialArgs;
        yukina = lpi4a_specialArgs;
        # aarch64 SBCs
        suzu = rk3588_specialArgs;
      };
      nodeNixpkgs = {
        nozomi = lpi4a_pkgs;
        yukina = lpi4a_pkgs;
        # aarch64 SBCs
        suzu = rk3588_pkgs;
      };
    };
    # proxmox virtual machines(x86_64)
    aquamarine = colmenaSystem (lib.attrsets.mergeAttrsList [
      x64_base_args
      idol_aquamarine_modules
      {host_tags = idol_aquamarine_tags;}
    ]);
    ruby = colmenaSystem (lib.attrsets.mergeAttrsList [
      x64_base_args
      idol_ruby_modules
      {host_tags = idol_ruby_tags;}
    ]);
    kana = colmenaSystem (lib.attrsets.mergeAttrsList [
      x64_base_args
      idol_kana_modules
      {host_tags = idol_kana_tags;}
    ]);
    # riscv64 SBCs
    nozomi = colmenaSystem (lib.attrsets.mergeAttrsList [
      lpi4a_base_args
      rolling_nozomi_modules
      {host_tags = rolling_nozomi_tags;}
    ]);
    yukina = colmenaSystem (lib.attrsets.mergeAttrsList [
      lpi4a_base_args
      rolling_yukina_modules
      {host_tags = rolling_yukina_tags;}
    ]);
    # aarch64 SBCs
    suzu = colmenaSystem (lib.attrsets.mergeAttrsList [
      rk3588_base_args
      _12kingdoms_suzu_modules
      {host_tags = _12kingdoms_suzu_tags;}
    ]);
  };
 }
--- a/systems/darwin.nix
+++ b/systems/darwin.nix
@@ -0,0 +1,17 @@
 args:
 with args; let
  macosSystem = import ../lib/macosSystem.nix;
  system = x64_darwin;
  base_args = {
    inherit nix-darwin home-manager system;
    specialArgs = x64_darwin_specialArgs;
    nixpkgs = nixpkgs-darwin;
  };
 in {
  # macOS's configuration, for work.
  darwinConfigurations = {
    harmonica =
      macosSystem (base_args
        // darwin_harmonica_modules);
  };
 }
--- a/systems/default.nix
+++ b/systems/default.nix
@@ -0,0 +1,42 @@
 {
  self,
  inputs,
  constants,
 }: let
  lib = inputs.nixpkgs.lib;
  vars = import ./vars.nix;
  specialArgsForSystem = system:
    {
      inherit (constants) username userfullname useremail;
      # use unstable branch for some packages to get the latest updates
      pkgs-unstable = import inputs.nixpkgs-unstable {
        inherit system; # refer the `system` parameter form outer scope recursively
        # To use chrome, we need to allow the installation of non-free software
        config.allowUnfree = true;
      };
    }
    // inputs;
  allSystemSpecialArgs = with constants; {
    x64_system_specialArgs = specialArgsForSystem x64_system;
    aarch64_system_specialArgs = specialArgsForSystem aarch64_system;
    riscv64_system_specialArgs = specialArgsForSystem riscv64_system;
    x64_darwin_specialArgs = specialArgsForSystem x64_darwin;
    aarch64_darwin_specialArgs = specialArgsForSystem aarch64_darwin;
  };
  args = lib.attrsets.mergeAttrsList [
    inputs
    constants
    vars
    allSystemSpecialArgs
    {inherit self;}
  ];
 in
  lib.attrsets.mergeAttrsList [
    (import ./nixos.nix args)
    (import ./darwin.nix args)
    (import ./colmena.nix args)
  ]
--- a/systems/nixos.nix
+++ b/systems/nixos.nix
@@ -0,0 +1,47 @@
 args:
 with args; let
  nixosSystem = import ../lib/nixosSystem.nix;
  base_args = {
    inherit home-manager nixos-generators;
    inherit nixpkgs; # or nixpkgs-unstable
    system = x64_system;
    specialArgs = x64_system_specialArgs;
  };
 in {
  nixosConfigurations = {
    # ai with i3 window manager
    ai_i3 = nixosSystem (idol_ai_modules_i3 // base_args);
    # ai with hyprland compositor
    ai_hyprland = nixosSystem (idol_ai_modules_hyprland // base_args);
    # three virtual machines without desktop environment.
    aquamarine = nixosSystem (idol_aquamarine_modules // base_args);
    ruby = nixosSystem (idol_ruby_modules // base_args);
    kana = nixosSystem (idol_kana_modules // base_args);
  };
  # take system images for idols
  # https://github.com/nix-community/nixos-generators
  packages."${x64_system}" =
    # genAttrs returns an attribute set with the given keys and values(host => image).
    nixpkgs.lib.genAttrs [
      "ai_i3"
      "ai_hyprland"
    ]
    (
      # generate iso image for hosts with desktop environment
      host:
        self.nixosConfigurations.${host}.config.formats.iso
    )
    // nixpkgs.lib.genAttrs [
      "aquamarine"
      "ruby"
      "kana"
    ]
    (
      # generate proxmox image for virtual machines without desktop environment
      host:
        self.nixosConfigurations.${host}.config.formats.proxmox
    );
 }
--- a/systems/vars.nix
+++ b/systems/vars.nix
@@ -0,0 +1,102 @@
 {
  # 星野 アイ, Hoshino Ai
  idol_ai_modules_i3 = {
    nixos-modules = [
      ../hosts/idols/ai
      ../secrets/nixos.nix
      ../modules/nixos/i3.nix
    ];
    home-module = import ../home/linux/desktop-i3.nix;
  };
  idol_ai_modules_hyprland = {
    nixos-modules = [
      ../hosts/idols/ai
      ../secrets/nixos.nix
      ../modules/nixos/hyprland.nix
    ];
    home-module = import ../home/linux/desktop-hyprland.nix;
  };
  # 星野 愛久愛海, Hoshino Akuamarin
  idol_aquamarine_modules = {
    nixos-modules = [
      ../hosts/idols/aquamarine
      ../modules/nixos/server.nix
      ../modules/nixos/proxmox-hardware-configuration.nix
    ];
    home-module = import ../home/linux/server.nix;
  };
  idol_aquamarine_tags = ["dist-build" "aqua"];
  # 星野 瑠美衣, Hoshino Rubii
  idol_ruby_modules = {
    nixos-modules = [
      ../hosts/idols/ruby
      ../modules/nixos/server.nix
      ../modules/nixos/proxmox-hardware-configuration.nix
    ];
    home-module = import ../home/linux/server.nix;
  };
  idol_ruby_tags = ["dist-build" "ruby"];
  # 有馬 かな, Arima Kana
  idol_kana_modules = {
    nixos-modules = [
      ../hosts/idols/kana
      ../modules/nixos/server.nix
      ../modules/nixos/proxmox-hardware-configuration.nix
    ];
    home-module = import ../home/linux/server.nix;
  };
  idol_kana_tags = ["dist-build" "kana"];
  # 森友 望未, Moritomo Nozomi
  rolling_nozomi_modules = {
    nixos-modules = [
      ../hosts/rolling_girls/nozomi
      ../modules/nixos/server-riscv64.nix
      # cross-compilation this flake.
      {nixpkgs.crossSystem.system = "riscv64-linux";}
    ];
    # home-module = import ../home/linux/server-riscv64.nix;
  };
  rolling_nozomi_tags = ["riscv" "nozomi"];
  # 小坂 結季奈, Kosaka Yukina
  rolling_yukina_modules = {
    nixos-modules = [
      ../hosts/rolling_girls/yukina
      ../modules/nixos/server-riscv64.nix
      # cross-compilation this flake.
      {nixpkgs.crossSystem.system = "riscv64-linux";}
    ];
    # home-module = import ../home/linux/server-riscv64.nix;
  };
  rolling_yukina_tags = ["riscv" "yukina"];
  # 大木 鈴, Ōki Suzu
  _12kingdoms_suzu_modules = {
    nixos-modules = [
      ../hosts/12kingdoms/suzu
      ../modules/nixos/server-riscv64.nix
      # cross-compilation this flake.
      {nixpkgs.crossSystem.config = "aarch64-unknown-linux-gnu";}
    ];
    # home-module = import ../home/linux/server.nix;
  };
  _12kingdoms_suzu_tags = ["aarch" "suzu"];
  # darwin systems
  darwin_harmonica_modules = {
    darwin-modules = [
      ../hosts/harmonica
      ../modules/darwin
      ../secrets/darwin.nix
    ];
    home-module = import ../home/darwin;
  };
 }