mirror of
https://github.com/ryan4yin/nix-config.git
synced 2026-01-11 20:40:24 +01:00
df9ca7aefa
* feat: hardening nixos desktops * refactor: move hardening to the root folder * feat: add nixpaks into nixpkgs via overlays * feat: nixpak - add netease music * docs: hardening * fix: nvidia * fix: disable apparmor & hardening profile to avoid neovim being killed * fix: firefox cursor & fonts
146 lines
5.1 KiB
Nix
146 lines
5.1 KiB
Nix
{
|
|
description = "Ryan Yin's nix configuration for both NixOS & macOS";
|
|
|
|
##################################################################################################################
|
|
#
|
|
# Want to know Nix in details? Looking for a beginner-friendly tutorial?
|
|
# Check out https://github.com/ryan4yin/nixos-and-flakes-book !
|
|
#
|
|
##################################################################################################################
|
|
|
|
outputs = inputs: import ./outputs inputs;
|
|
|
|
# the nixConfig here only affects the flake itself, not the system configuration!
|
|
# for more information, see:
|
|
# https://nixos-and-flakes.thiscute.world/nix-store/add-binary-cache-servers
|
|
nixConfig = {
|
|
# substituers will be appended to the default substituters when fetching packages
|
|
extra-substituters = [
|
|
"https://anyrun.cachix.org"
|
|
"https://nix-gaming.cachix.org"
|
|
# "https://nixpkgs-wayland.cachix.org"
|
|
];
|
|
extra-trusted-public-keys = [
|
|
"anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
|
|
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
|
|
# "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
|
|
];
|
|
};
|
|
|
|
# This is the standard format for flake.nix. `inputs` are the dependencies of the flake,
|
|
# Each item in `inputs` will be passed as a parameter to the `outputs` function after being pulled and built.
|
|
inputs = {
|
|
# There are many ways to reference flake inputs. The most widely used is github:owner/name/reference,
|
|
# which represents the GitHub repository URL + branch/commit-id/tag.
|
|
|
|
# Official NixOS package source, using nixos's unstable branch by default
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
|
|
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
|
|
|
|
# for macos
|
|
nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-24.05-darwin";
|
|
nix-darwin = {
|
|
url = "github:lnl7/nix-darwin";
|
|
inputs.nixpkgs.follows = "nixpkgs-darwin";
|
|
};
|
|
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
|
|
|
# home-manager, used for managing user configuration
|
|
home-manager = {
|
|
url = "github:nix-community/home-manager/master";
|
|
# url = "github:nix-community/home-manager/release-24.05";
|
|
|
|
# The `follows` keyword in inputs is used for inheritance.
|
|
# Here, `inputs.nixpkgs` of home-manager is kept consistent with the `inputs.nixpkgs` of the current flake,
|
|
# to avoid problems caused by different versions of nixpkgs dependencies.
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
lanzaboote = {
|
|
url = "github:nix-community/lanzaboote/v0.4.1";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
impermanence.url = "github:nix-community/impermanence";
|
|
|
|
# community wayland nixpkgs
|
|
# nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
|
|
# anyrun - a wayland launcher
|
|
anyrun = {
|
|
url = "github:Kirottu/anyrun";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
# generate iso/qcow2/docker/... image from nixos configuration
|
|
nixos-generators = {
|
|
url = "github:nix-community/nixos-generators";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
# secrets management
|
|
agenix = {
|
|
# lock with git commit at 0.15.0
|
|
# url = "github:ryantm/agenix/564595d0ad4be7277e07fa63b5a991b3c645655d";
|
|
# replaced with a type-safe reimplementation to get a better error message and less bugs.
|
|
url = "github:ryan4yin/ragenix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
nix-gaming.url = "github:fufexan/nix-gaming";
|
|
|
|
disko = {
|
|
url = "github:nix-community/disko/v1.6.1";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
# add git hooks to format nix code before commit
|
|
pre-commit-hooks = {
|
|
url = "github:cachix/pre-commit-hooks.nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
nuenv.url = "github:DeterminateSystems/nuenv";
|
|
|
|
haumea = {
|
|
url = "github:nix-community/haumea/v0.2.2";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
nixpak = {
|
|
url = "github:nixpak/nixpak";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
######################## Some non-flake repositories #########################################
|
|
|
|
# doom-emacs is a configuration framework for GNU Emacs.
|
|
doomemacs = {
|
|
url = "github:doomemacs/doomemacs";
|
|
flake = false;
|
|
};
|
|
|
|
polybar-themes = {
|
|
url = "github:adi1090x/polybar-themes";
|
|
flake = false;
|
|
};
|
|
|
|
######################## My own repositories #########################################
|
|
|
|
# my private secrets, it's a private repository, you need to replace it with your own.
|
|
# use ssh protocol to authenticate via ssh-agent/ssh-key, and shallow clone to save time
|
|
mysecrets = {
|
|
url = "git+ssh://git@github.com/ryan4yin/nix-secrets.git?shallow=1";
|
|
flake = false;
|
|
};
|
|
|
|
# my wallpapers
|
|
wallpapers = {
|
|
url = "github:ryan4yin/wallpapers";
|
|
flake = false;
|
|
};
|
|
|
|
nur-ryan4yin.url = "github:ryan4yin/nur-packages";
|
|
nur-ataraxiasjel.url = "github:AtaraxiaSjel/nur";
|
|
};
|
|
}
|