-repl-flakes, fix:homeConfiguration module

flake.lock

@@ -21,6 +21,27 @@
         "type": "github"
       }
     },
+    "colmena": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs_2",
+        "stable": "stable"
+      },
+      "locked": {
+        "lastModified": 1728263678,
+        "narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=",
+        "owner": "zhaofengli",
+        "repo": "colmena",
+        "rev": "b0a62f234fae02a006123e661ff70e62af16106b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "repo": "colmena",
+        "type": "github"
+      }
+    },
     "darwin": {
       "inputs": {
         "nixpkgs": [
@@ -79,6 +100,37 @@
         "url": "https://code.m3tam3re.com/m3tam3re/dotfiles-flake-demo.git"
       }
     },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1650374568,
+        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -120,6 +172,23 @@
         "type": "github"
       }
     },
+    "nix-darwin": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_3"
+      },
+      "locked": {
+        "lastModified": 1730184279,
+        "narHash": "sha256-6OB+WWR6gnaWiqSS28aMJypKeK7Pjc2Wm6L0MtOrTuA=",
+        "owner": "LnL7",
+        "repo": "nix-darwin",
+        "rev": "b379bd4d872d159e5189053ce9a4adf86d56db4b",
+        "type": "github"
+      },
+      "original": {
+        "id": "nix-darwin",
+        "type": "indirect"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1703013332,
@@ -153,6 +222,35 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1725103162,
+        "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1729665710,
+        "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
+        "path": "/nix/store/lsy6c2f9alj2gkjj36h754kk63x6701l-source",
+        "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
+        "type": "path"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1726463316,
         "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=",
@@ -171,13 +269,31 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
+        "colmena": "colmena",
         "disko": "disko",
         "dotfiles": "dotfiles",
         "home-manager": "home-manager_2",
-        "nixpkgs": "nixpkgs_2",
+        "nix-darwin": "nix-darwin",
+        "nixpkgs": "nixpkgs_4",
         "nixpkgs-stable": "nixpkgs-stable"
       }
     },
+    "stable": {
+      "locked": {
+        "lastModified": 1724316499,
+        "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,

flake.nix

@@ -18,6 +18,8 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
 
+    colmena.url = "github:zhaofengli/colmena";
+
     agenix.url = "github:ryantm/agenix";
 
     disko = {
@@ -35,7 +37,9 @@
     self,
     agenix,
     home-manager,
+    nix-darwin,
     nixpkgs,
+    nixpkgs-stable,
     ...
   } @ inputs: let
     inherit (self) outputs;
@@ -66,7 +70,27 @@
       "m3tam3re@m3-kratos-vm" = home-manager.lib.homeManagerConfiguration {
         pkgs = nixpkgs.legacyPackages."x86_64-linux";
         extraSpecialArgs = {inherit inputs outputs;};
-        modules = [./home/m3tam3re/m3tam3re.nix];
+        modules = [./home/m3tam3re/m3-kratos.nix];
+      };
+    };
+    colmena = {
+      meta = {
+        nixpkgs = import nixpkgs {
+          system = "x86_64-linux";
+        };
+        specialArgs = {inherit inputs outputs;};
+      };
+      m3-kratos-vm = {
+        deployment = {
+          targetHost = "m3-kratos-vm";
+          targetUser = "m3tam3re";
+          tags = ["vm"];
+        };
+        imports = [
+          ./hosts/m3-kratos
+          inputs.disko.nixosModules.disko
+          agenix.nixosModules.default
+        ];
       };
     };
   };

home/common/default.nix

@@ -36,7 +36,7 @@
   nix = {
     package = lib.mkDefault pkgs.nix;
     settings = {
-      experimental-features = ["nix-command" "flakes" "repl-flake"];
+      experimental-features = ["nix-command" "flakes"];
       warn-dirty = false;
     };
   };

hosts/m3-kratos/configuration.nix

@@ -89,6 +89,11 @@
   networking.nat.enable = true;
   networking.nat.internalInterfaces = ["ve-+"];
   networking.nat.externalInterface = "enp1s0";
+
+  #security.sudo.wheelNeedsPassword = false;
+
+  security.sudo.extraConfig = "m3tam3re ALL=(ALL) NOPASSWD: ALL";
+
   # networking.firewall.enable = false;
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

hosts/m3-kratos/default.nix

@@ -38,7 +38,7 @@
     ./configuration.nix
     ./secrets.nix
     ./services
+    ./specialisations.nix
   ];
-
   extraServices.podman.enable = true;
 }

hosts/m3-kratos/specialisations.nix

@@ -0,0 +1,83 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  specialisation = {
+    "HTTPD".configuration = {
+      system.nixos.tags = ["HTTPD"];
+      services.httpd.enable = true;
+      services.httpd.virtualHosts."foo.example.com" = {
+        documentRoot = "/var/www/foo";
+        extraConfig = ''
+          <Directory /var/www/foo>
+            Options Indexes FollowSymLinks MultiViews
+            AllowOverride None
+            Require all granted
+          </Directory>
+        '';
+      };
+    };
+    "NGINX".configuration = {
+      system.nixos.tags = ["NGINX"];
+      services.httpd.enable = false;
+      services.nginx.enable = true;
+      services.nginx.config = ''
+        http {
+          server {
+            listen 80;
+            server_name bar.example.com;
+
+            root /var/www/bar;
+
+            location / {
+              index index.html;
+            }
+          }
+        }
+      '';
+    };
+    "NVIDIA".configuration = {
+      boot.kernelParams = [
+        "nvidia.NVreg_PreserveVideoMemoryAllocations=1"
+        "nvidia-drm.modeset=1"
+      ];
+      system.nixos.tags = ["NVIDIA"];
+      services.xserver.videoDrivers = ["nvidia"];
+      hardware = {
+        nvidia = {
+          open = false;
+          package = config.boot.kernelPackages.nvidiaPackages.stable;
+          modesetting.enable = true;
+          powerManagement.enable = true;
+        };
+        graphics = {
+          enable = true;
+          enable32Bit = true;
+        };
+      };
+      environment.sessionVariables = {
+        GBM_BACKEND = "nvidia-drm";
+        __GLX_VENDOR_LIBRARY_NAME = "nvidia";
+        LIBVA_DRIVER_NAME = "nvidia";
+        QT_QPA_PLATFORM = "wayland";
+        WLR_NO_HARDWARE_CURSORS = "1";
+        XDG_SESSION_TYPE = "wayland";
+      };
+    };
+  };
+  environment.systemPackages = [
+    (pkgs.writeShellScriptBin "switch-spec" ''
+      if [ $# -ne 1 ]; then
+        echo "Usage: switch-spec <specialisation>"
+        exit 1
+      fi
+
+      sudo /nix/var/nix/profiles/system/specialisation/$1/bin/switch-to-configuration switch
+    '')
+  ];
+  environment.sessionVariables = lib.mkIf (config.specialisation != {}) {
+    SPECIALISATION = "NONE";
+  };
+}

justfile

@@ -0,0 +1,42 @@
+
+# List available commands
+default:
+    @just --list
+
+# Deploy system configuration
+deploy SYSTEM:
+    nixos-rebuild switch --flake .#{{SYSTEM}} --target-host {{SYSTEM}} --use-remote-sudo
+
+# Update flake
+update:
+    nix flake update
+
+# Commit and push changes
+commit MESSAGE:
+    git add .
+    git commit -m "{{MESSAGE}}"
+    git push
+
+# Update, commit, and push changes
+update-and-commit MESSAGE: update
+    @just commit "{{MESSAGE}}"
+
+# Deploy, update, commit, and push changes
+deploy-update-commit SYSTEM MESSAGE: (deploy SYSTEM) update
+    @just commit "{{MESSAGE}}"
+
+# Check flake
+check:
+    nix flake check
+
+# Show flake info
+show:
+    nix flake show
+
+# Build system configuration
+build SYSTEM:
+    nixos-rebuild build --flake .#{{SYSTEM}}
+
+# Enter a development shell
+dev-shell:
+    nix develop