diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..1c7a9a3
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,25 @@
+# Changelog
+
+## v0.2.0-alpha
+Initial "stable" release. Cerulean is currently usable and supports:
+1. local & remote deployment configuration
+2. nixos/homemanager module-level support for any number of nixpkg branches
+3. use of the [nix-systems standard](https://github.com/nix-systems/nix-systems), the introduction of the `snow/flake` standard, and the introduction of the `nixpkgs.nix` standard module.
+4. hierarchical groups for NixOS hosts via `snow.nix`
+
+This is still a alpha-build of Cerulean. Everything will break in the future as I change the internals a bunch. I'll aim to write documentation in future cause currently there's no guide.
+
+## v0.2.1-alpha
+Minor patches
+- cerulean no longer has a `inputs.nixpkgs-unstable` (the `nixpkgs.nix` is the new alternative)
+- `home-manager.nixosModules.default` and `microvm.nixosModules.microvm` are added as default modules
+- fixed `groups.all` not being added to nodes with `groups = []`
+
+## v0.2.2-alpha
+Minor patches
+- fixed `nexus.groups.all` not added to empty `nexus.nodes.*.groups` declarations
+- fixed bad propagation of inputs
+- forced system architecture to be specified per node
+- cerulean no longer depends on `nixpkgs`, `base` package set should be set instead
+- rename `extraModules` -> `modules`
+- rename `specialArgs` -> `args`
diff --git a/README.md b/README.md
index b62396e..b1362ae 100644
--- a/README.md
+++ b/README.md
@@ -1,19 +1,51 @@
+
+
+
>[!WARNING]
> ✨ **Under Construction** ✨
-> Cerulean has lived rent free in my head for the last 12 months.
-> I'm developing this project for personal use and especially
-> for use at my workplace. **Be not afraid!** It's only a matter
-> of time until Cerulean is ready for use!
+>
+> Cerulean is in an **experimental alpha release stage**.
+> **Be not afraid!** It's only a matter of time until Cerulean is ready for use!
+>
+> If you're curious about or want to use Cerulean then
+> *please please please* contact me on Bluesky [@dobutterfliescry.net](https://bsky.app/profile/dobutterfliescry.net).
+> (i would actually *melt* and fall in love with you...)
+
+# 🌌 🚀 Cerulean Nexus
+The culmination of 2 years designing better Nix flakes. Cerulean removes the boilerplate of managing
+NixOS infrastructure by declaring each machine as a **node** and their relationships as *"Nexus Networks"*,
+virtual networks of servers that Cerulean can manage. Each Nexus is **very powerful**. Allowing for simple
+distributed computing, automatic construction of VPNs, DNS for local hostnames, and that's just scratching the surface...
+
+- Is your node a VPS? Set `deploy.ssh.host = "example.com"` and Cerulean will configure custom build users,
+ ssh deployment via custom PAM modules, etc etc
+- Is your node a VM? Set `vms = [ nodes.VM_NODE ]` on your host node, and Cerulean will configure
+ all the bridging, NAT, and other networking you so desire!
+
+## 🩷💜 Motivation
+Nix is intended as a non-restrictive & unopinionated system, which is amazing, but it also means
+every user develops their own standards to simplify their config. Cerulean however is very much
+opinionated and contains all the standards I personally believe should be sane defaults for every NixOS machine.
+
+> Flakes are not designed for NixOS, they're designed for Nix, and that's an important distinction.
+
+Flakes and NixOS don't offer anything to simplify managing interconnected nodes of machines.
+But this ends with *extremely messy configs* with **a lot of footguns**. You shouldn't have to spend
+days reading about networking and learning to work with other peoples' modules.
+
+Finally, the Nix module system assumes you only use one channel of `github:NixOS/nixpkgs` but this
+just isn't realistic. Most people have both `inputs.nixpkgs` and `inputs.nixpkgs-unstable` defined.
+So cerulean declares the `nixpkgs.channels.*` option so you don't have to import your channels
+manually!
## 💙 Same Colour, More Control
-Cerulean is what you wish Azure could be. An expansive collection of microservices, pre-configured systems,
+>[!NOTE]
+> This section is *mostly* for the business minded people.
+
+Cerulean is what you wish Azure could be. Providing an expansive collection of microservices, pre-configured systems,
and entirely self-hosted! Cerulean is built using NixOS as a foundation so you know it's never going to break randomly.
NixOS backing makes Cerulean **extremely scalable**! Just rent a new VPS and Cerulean will build an ISO of your configuration.
No stress, no hassle!
Say goodbye to Azure! And say goodbye to Kubernetes! You're taking life into your own hands 💙
-### 🌌 🚀 Nexus
-Cerulean allows you to declare *"Nexus Networks"*, virtual networks of servers that Cerulean can manage.
-Each Nexus is **very powerful**. Allowing for simple distributed computing, automatic construction of a wireguard
-VPN, distributed DNS for local hostnames, and that's just scratching the surface...
diff --git a/TODO.md b/TODO.md
index 25f6f1b..1dde662 100755
--- a/TODO.md
+++ b/TODO.md
@@ -1,8 +1,64 @@
-Allow `Cerulean.mkNexus` to be an alias for `flake-parts.lib.mkFlake`
-also rename `Cerulean` to `cerulean` in Nix to maintain the naming convention.
+- [ ] base should automatically be set as the default (dont do anything with the default)
+- [ ] try to remove common foot guns, ie abort if the user provides the home-manager or microvm nixosModules
+ since cerulean ALREADY provides these
-Using `flake-parts` ensures Cerulean is usable without restricting
-yourself only to the Cerulean ecosystem.
+- [ ] deploy port should default to the first port given to `services.openssh`
-- [ ] extend the options.nixpkgs to allow any number of package repositories!!
-- [x] auto-propagate the same specialArgs for hosts to home-manager
+- [ ] use the Nix module system instead of projectOnto for `cerulean.mkNexus`
+- [ ] create an alternative to nixos-install called cerulean-install that
+ allows people to easily bootstrap new machines (and host it on dobutterfliescry.net)
+
+- [ ] find an alternative to `nix.settings.trusted-users` probably
+- [ ] add the ceru-build user,
+- [ ] add support for github:microvm-nix/microvm.nix
+- [ ] add support for sops-nix
+
+- [ ] it would be cool to enable/disable groups and hosts
+- [ ] find a standard for how nixpkgs.nix can have a different base per group
+
+- [ ] go through all flake inputs (recursively) and ENSURE we remove all duplicates by using follows!!
+
+- [X] rename nixos-modules/ to nixos/
+- [X] ensure all machines are in groups.all by default
+
+- [X] fix nixpkgs.nix not working (default not respected)
+- [X] remove dependence on nixpkgs
+
+- [ ] allow multiple privesc methods, the standard is pam_ssh_agent_auth
+
+## Low Priority
+- [X] rename extraModules to modules?
+- [X] rename specialArgs to args?
+
+- [ ] make an extension to the nix module system (different to mix)
+ that allows transformations (ie a stop post config, ie outputs, which
+ it then returns instead of config)
+
+
+- [ ] what if we automated the process of replacing windows with Nix??
+ then push this to nixos-anywhere or nix-infect lmaooo
+
+- [ ] patch microvm so that acpi=off https://github.com/microvm-nix/microvm.nix/commit/b59a26962bb324cc0a134756a323f3e164409b72
+ cause otherwise 2GB causes a failure
+
+- [ ] rewrite the ceru cli in rust
+- [ ] make `ceru` do local and remote deployments
+
+- [ ] support `legacyImports`
+
+```nix
+# REF: foxora
+vms = {
+ home-assistant = {
+ autostart = true;
+ # matches in vms/*
+ image = "home-assistant";
+ options = {
+ mem = 2048;
+ };
+ };
+ equinox = {
+ image = "home-assistant";
+ };
+};
+```
diff --git a/cerulean/default.nix b/cerulean/default.nix
index d7797c4..202fdf9 100644
--- a/cerulean/default.nix
+++ b/cerulean/default.nix
@@ -13,7 +13,7 @@
# limitations under the License.
{
mix,
- deploy-rs,
+ inputs,
...
} @ args:
mix.newMixture args (mixture: {
@@ -21,22 +21,16 @@ mix.newMixture args (mixture: {
./nexus
];
- version = "0.2.0";
+ version = "0.2.2";
nixosModules = rec {
default = cerulean;
- cerulean = ./nixos-module;
+ cerulean = ./nixos;
};
overlays = [
# build deploy-rs as a package not from the flake input,
# hence we can rely on a nixpkg binary cache.
- deploy-rs.overlays.default
- # (self: super: {
- # deploy-rs = {
- # inherit (super) deploy-rs;
- # lib = super.deploy-rs.lib;
- # };
- # })
+ inputs.deploy-rs.overlays.default
];
})
diff --git a/cerulean/nexus/nexus.nix b/cerulean/nexus/nexus.nix
index 7466bb8..5d0ca02 100644
--- a/cerulean/nexus/nexus.nix
+++ b/cerulean/nexus/nexus.nix
@@ -15,12 +15,12 @@
self,
this,
nt,
- lib,
- deploy-rs,
+ inputs,
...
}: let
inherit
(builtins)
+ all
attrNames
concatLists
concatStringsSep
@@ -50,15 +50,11 @@
(nt.naive.terminal)
Terminal
;
-
- missing = msg: path:
- Terminal (abort ''
- Each Cerulean Nexus node is required to specify ${msg}!
- Ensure `nexus.${path}` exists under your call to `cerulean.mkNexus`.
- '');
in {
- extraModules = [];
- specialArgs = Terminal {};
+ base = null;
+ modules = [];
+ args = Terminal {};
+ homeManager = null;
groups = Terminal {};
nodes = Terminal {};
@@ -96,15 +92,15 @@
assert isAttrs nexus
|| abort ''
Cerulean Nexus config must be provided as an attribute set, got "${typeOf nexus}" instead!
- Ensure all the `nexus` declaration is an attribute set under your call to `cerulean.mkNexus`.
+ Ensure the `nexus` declaration is an attribute set under your call to `cerulean.mkNexus`.
''; let
- base = nt.projectOnto templateNexus nexus;
+ decl = nt.projectOnto templateNexus nexus;
in
# XXX: TODO: create a different version of nt.projectOnto that can actually
# XXX: TODO: handle applying a transformation to the result of each datapoint
- base
+ decl
// {
- groups = parseGroupDecl base.groups;
+ groups = parseGroupDecl decl.groups;
};
parseDecl = outputsBuilder: let
@@ -133,7 +129,14 @@
Cerulean Nexus node "${nodeName}" does not declare group membership as a list, got "${typeOf node.groups}" instead!
Ensure `nexus.nodes.${nodeName}.groups` is a list under your call to `cerulean.mkNexus`.
'';
- node.groups
+ # ensure root group is always added
+ (node.groups
+ ++ [
+ {
+ _parent = null;
+ _name = ROOT_GROUP_NAME;
+ }
+ ])
# ensure all members are actually groups
|> map (group: let
got =
@@ -181,32 +184,63 @@ in {
customOutputs = removeAttrs decl ["nexus"];
outputs = rec {
- nixosConfigurations = mapNodes nexus.nodes (
- nodeName: node: let
- nixosDecl = lib.nixosSystem {
- system = node.system;
- specialArgs = let
- specialArgs =
- nexus.specialArgs
- // node.specialArgs
- // {
- inherit root specialArgs;
- inherit (node) system;
- _deploy-rs = deploy-rs;
- };
- in
- specialArgs;
- modules =
- [self.nixosModules.default (findImport (root + "/hosts/${nodeName}"))]
- ++ (getGroupModules root nodeName node)
- ++ node.extraModules
- ++ nexus.extraModules;
- };
+ nixosConfigurations = mapNodes nexus (
+ {
+ base,
+ lib,
+ nodeName,
+ node,
+ ...
+ }: let
+ nixosDecl = let
+ homeManager =
+ if node.homeManager != null
+ then node.homeManager
+ else nexus.homeManager;
+
+ userArgs = nexus.args // node.args;
+ ceruleanArgs = {
+ inherit root base;
+ inherit (node) system;
+ _cerulean = {
+ inherit inputs userArgs ceruleanArgs homeManager;
+ specialArgs = userArgs // ceruleanArgs;
+ };
+ };
+ specialArgs = assert (userArgs
+ |> attrNames
+ |> all (argName:
+ ! ceruleanArgs ? argName
+ || abort ''
+ `specialArgs` are like super important to Cerulean my love... mapAttrs (nodeName: nodeAttrs: f nodeName (parseNode nodeName nodeAttrs));
+ mapNodes = nexus: f:
+ nexus.nodes
+ |> mapAttrs (nodeName: nodeAttrs: let
+ node = parseNode nodeName nodeAttrs;
+
+ # use per-node base or default to nexus base
+ base =
+ if node.base != null
+ then node.base
+ else if nexus.base != null
+ then nexus.base
+ else
+ abort ''
+ Cerulean cannot construct nexus node "${nodeName}" without a base package source.
+ Ensure `nexus.nodes.*.base` or `nexus.base` is a flake reference to the github:NixOS/nixpkgs repository.
+ '';
+ in
+ f {
+ inherit nodeName node base;
+ inherit (base) lib;
+ });
}
diff --git a/cerulean/nexus/snow.nix b/cerulean/nexus/snow.nix
new file mode 100644
index 0000000..28496ca
--- /dev/null
+++ b/cerulean/nexus/snow.nix
@@ -0,0 +1,108 @@
+# Copyright 2026 Emile Clark-Boman
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{
+ inputs,
+ lib,
+ ...
+}: {
+ # nexus
+ options = let
+ inherit
+ (lib)
+ mkOption
+ types
+ ;
+ in {
+ modules = mkOption {
+ type = types.listOf types.path;
+ };
+ args = mkOption {
+ type = types.attrs;
+ };
+
+ groups = mkOption {
+ type = types.attrs;
+ };
+
+ nodes = mkOption {
+ type = types.attrsOf (types.submoduleWith ({...}: {
+ options = {
+ enabled = mkOption {
+ type = types.bool;
+ default = true;
+ };
+ system = mkOption {
+ type = types.enum inputs.systems;
+ };
+ groups = mkOption {
+ type = types.list;
+ };
+ modules = mkOption {
+ type = types.list;
+ };
+ args = mkOption {
+ type = types.attrs;
+ };
+
+ deploy = {
+ user = mkOption {
+ type = types.str;
+ };
+ sudoCmd = mkOption {
+ type = types.str;
+ };
+ interactiveSudo = mkOption {
+ type = types.bool;
+ };
+
+ remoteBuild = mkOption {
+ type = types.bool;
+ };
+ autoRollback = mkOption {
+ type = types.bool;
+ };
+ magicRollback = mkOption {
+ type = types.bool;
+ };
+
+ activationTimeout = mkOption {
+ type = types.int;
+ };
+ confirmTimeout = mkOption {
+ type = types.int;
+ };
+
+ ssh = {
+ host = mkOption {
+ type = types.str;
+ };
+ user = mkOption {
+ type = types.str;
+ };
+ port = mkOption {
+ type = types.int;
+ };
+ opts = mkOption {
+ type = types.listOf types.str;
+ };
+ };
+ };
+ };
+ }));
+ };
+ };
+
+ config = {
+ };
+}
diff --git a/cerulean/nixos-module/nixpkgs.nix b/cerulean/nixos-module/nixpkgs.nix
deleted file mode 100644
index c5a97f7..0000000
--- a/cerulean/nixos-module/nixpkgs.nix
+++ /dev/null
@@ -1,114 +0,0 @@
-# Copyright 2026 Emile Clark-Boman
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-{
- lib,
- system,
- config,
- contextName,
- ...
-}: let
- inherit
- (builtins)
- mapAttrs
- ;
-
- cfg = config.nixpkgs.channels;
-in {
- options.nixpkgs.channels = lib.mkOption {
- type = lib.types.attrsOf (lib.types.attrs);
- default = {};
- description = "Declare package repositories per module context (nixos, home-manager, etc)";
- example = {
- "homes" = {
- "pkgs" = {
- source = "inputs.nixpkgs";
- system = "x86-64-linux";
- config = {
- allowUnfree = true;
- allowBroken = false;
- };
- };
- "upkgs" = {
- source = "inputs.nixpkgs-unstable";
- system = "x86-64-linux";
- config = {
- allowUnfree = true;
- allowBroken = false;
- };
- };
- };
- };
- };
-
- # or abort ''
- # `nixpkgs.channels.${contextName}` does not exist, but neither does `nixpkgs.channels.default`!
- # A channel configuration must be declared for module context "${contextName}".
- # ''
-
- config = let
- # TODO: use lib.types.submodule to restrict what options
- # TODO: can be given to `nixpkgs.channels.${moduleName}.${name}`
- decl =
- cfg.${contextName} or cfg.default;
-
- repos =
- decl
- |> mapAttrs (
- name: args:
- lib.mkForce (
- # builtins.trace "SAVE ME GOT NAME: ${name}" (
- assert args ? source
- || abort ''
- ${toString ./.}
- `nixpkgs.channels.${contextName}.${name}` missing required attribute "source"
- '';
- ((removeAttrs args ["source"])
- // {inherit system;})
- |> import args.source
- # DEBUG: |> lib.mkOverride 200
- )
- # )
- );
- in {
- # NOTE: _module.args is a special option that allows us to
- # NOTE: set extend specialArgs from inside the modules.
- # "pkgs" is unique since the nix module system already handles it
- # DEBUG: _module.args = lib.mkOverride 200 (
- # _module.args = (
- # if contextName == "hosts"
- # then repos
- # else
- # assert (
- # repos
- # |> builtins.attrNames
- # |> map (x: "\"${x}\"")
- # |> builtins.concatStringsSep " "
- # |> (x: "FUCK YOU SO BAD: { ${x} }")
- # |> abort
- # );
- # removeAttrs repos ["pkgs"]
- # );
- _module.args = repos;
-
- nixpkgs =
- if contextName == "hosts"
- then {flake.source = lib.mkIf (decl ? pkgs) (lib.mkOverride 200 decl.pkgs.source);}
- else if contextName == "homes"
- then {
- config = decl.pkgs.config or {};
- overlays = decl.pkgs.overlays or {};
- }
- else {};
- };
-}
diff --git a/cerulean/nixos/default.nix b/cerulean/nixos/default.nix
new file mode 100644
index 0000000..ea7c359
--- /dev/null
+++ b/cerulean/nixos/default.nix
@@ -0,0 +1,36 @@
+# Copyright 2026 Emile Clark-Boman
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{
+ root,
+ system,
+ _cerulean,
+ ...
+} @ args: {
+ imports =
+ [
+ # user configuration
+ (import (root + "/nixpkgs.nix"))
+ # options declarations
+ (import ./nixpkgs.nix (args // {contextName = "hosts";}))
+ ]
+ ++ (
+ if _cerulean.homeManager != null
+ then [./home-manager.nix]
+ else []
+ );
+
+ environment.systemPackages = with _cerulean.inputs; [
+ deploy-rs.packages.${system}.default
+ ];
+}
diff --git a/cerulean/nixos-module/home-manager.nix b/cerulean/nixos/home-manager.nix
similarity index 75%
rename from cerulean/nixos-module/home-manager.nix
rename to cerulean/nixos/home-manager.nix
index e693ac9..1d281cb 100644
--- a/cerulean/nixos-module/home-manager.nix
+++ b/cerulean/nixos/home-manager.nix
@@ -15,7 +15,7 @@
root,
config,
lib,
- specialArgs,
+ _cerulean,
...
} @ args: let
inherit
@@ -30,20 +30,16 @@ in {
config.users.users
|> attrNames
|> filter (x: pathExists (root + "/homes/${x}"))
- |> (x: lib.genAttrs x (y: import (root + "/homes/${y}")));
+ |> (x:
+ lib.genAttrs x (y:
+ import (root + "/homes/${y}")));
- # extraSpecialArgs = specialArgs;
+ extraSpecialArgs = _cerulean.specialArgs;
sharedModules = [
# user configuration
- # (import (root + "/nixpkgs.nix"))
(import (root + "/nixpkgs.nix"))
# options declarations
- # (import ./nixpkgs.nix (args // {contextName = "homes";}))
(import ./nixpkgs.nix (args // {contextName = "homes";}))
];
-
- # disable home-manager trying anything fancy
- # we control the pkgs now!!
- # useGlobalPkgs = true;
};
}
diff --git a/cerulean/nixos-module/default.nix b/cerulean/nixos/microvm-child.nix
similarity index 63%
rename from cerulean/nixos-module/default.nix
rename to cerulean/nixos/microvm-child.nix
index f15b236..2b6a12e 100644
--- a/cerulean/nixos-module/default.nix
+++ b/cerulean/nixos/microvm-child.nix
@@ -11,22 +11,3 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-{
- root,
- system,
- _deploy-rs,
- ...
-} @ args: {
- imports = [
- # user configuration
- (import (root + "/nixpkgs.nix"))
- # options declarations
- (import ./nixpkgs.nix (args // {contextName = "hosts";}))
-
- ./home-manager.nix
- ];
-
- environment.systemPackages = [
- _deploy-rs.packages.${system}.default
- ];
-}
diff --git a/cerulean/nixos/microvm-parent.nix b/cerulean/nixos/microvm-parent.nix
new file mode 100644
index 0000000..2b6a12e
--- /dev/null
+++ b/cerulean/nixos/microvm-parent.nix
@@ -0,0 +1,13 @@
+# Copyright 2026 Emile Clark-Boman
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/cerulean/nixos/nixpkgs.nix b/cerulean/nixos/nixpkgs.nix
new file mode 100644
index 0000000..0376f47
--- /dev/null
+++ b/cerulean/nixos/nixpkgs.nix
@@ -0,0 +1,94 @@
+# Copyright 2026 Emile Clark-Boman
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{
+ base,
+ lib,
+ system,
+ config,
+ contextName,
+ ...
+}: let
+ inherit
+ (builtins)
+ mapAttrs
+ ;
+
+ cfg = config.nixpkgs.channels;
+in {
+ options.nixpkgs.channels = lib.mkOption {
+ type = lib.types.attrs;
+ default = {};
+ description = "Declare package repositories";
+ example = {
+ "pkgs" = {
+ source = "inputs.nixpkgs";
+ system = "x86-64-linux";
+ config = {
+ allowUnfree = true;
+ allowBroken = false;
+ };
+ };
+ "upkgs" = {
+ source = "inputs.nixpkgs-unstable";
+ system = "x86-64-linux";
+ config = {
+ allowUnfree = false;
+ allowBroken = true;
+ };
+ };
+ };
+ };
+
+ config = let
+ repos =
+ cfg
+ |> (xs: removeAttrs xs ["default"])
+ |> mapAttrs (
+ name: args:
+ lib.mkForce (
+ assert args ? source
+ || abort ''
+ `nixpkgs.channels.${name}` missing required attribute "source"
+ '';
+ import args.source ({inherit system;} // (removeAttrs args ["source"]))
+ )
+ );
+
+ # XXX: TODO: would it work to use `base` instead of having default?
+ defaultPkgs =
+ cfg.default or (throw ''
+ Your `nixpkgs.nix` file does not declare a default package source.
+ Ensure you set `nixpkgs.channels.*.default = ...;`
+ '');
+ in {
+ # NOTE: _module.args is a special option that allows us to
+ # NOTE: set extend specialArgs from inside the modules.
+ # WARNING: pkgs is a reserved specialArg
+ _module.args = removeAttrs repos ["pkgs"];
+
+ nixpkgs =
+ if contextName == "hosts"
+ then {
+ flake.source = lib.mkOverride 200 base; # DEBUG: temp while getting base to work
+ overlays = lib.mkOverride 200 (defaultPkgs.overlays or {});
+ config = lib.mkOverride 200 (defaultPkgs.config or {});
+ }
+ else if contextName == "homes"
+ then {
+ config = lib.mkOverride 200 (defaultPkgs.config or {});
+ overlays = lib.mkOverride 200 (defaultPkgs.overlays or []);
+ }
+ else {};
+ };
+}
diff --git a/flake.lock b/flake.lock
index 0dd06b1..fc8e402 100644
--- a/flake.lock
+++ b/flake.lock
@@ -3,7 +3,9 @@
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
- "nixpkgs": "nixpkgs",
+ "nixpkgs": [
+ "nixpkgs"
+ ],
"utils": "utils"
},
"locked": {
@@ -58,6 +60,27 @@
"type": "github"
}
},
+ "microvm": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "spectrum": "spectrum"
+ },
+ "locked": {
+ "lastModified": 1771365290,
+ "narHash": "sha256-1XJOslVyF7yzf6yd/yl1VjGLywsbtwmQh3X1LuJcLI4=",
+ "owner": "microvm-nix",
+ "repo": "microvm.nix",
+ "rev": "789c90b164b55b4379e7a94af8b9c01489024c18",
+ "type": "github"
+ },
+ "original": {
+ "owner": "microvm-nix",
+ "repo": "microvm.nix",
+ "type": "github"
+ }
+ },
"nix-github-actions": {
"inputs": {
"nixpkgs": [
@@ -105,38 +128,6 @@
}
},
"nixpkgs": {
- "locked": {
- "lastModified": 1743014863,
- "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixpkgs-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs-unstable": {
- "locked": {
- "lastModified": 1768305791,
- "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_2": {
"locked": {
"lastModified": 1768323494,
"narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",
@@ -152,7 +143,7 @@
"type": "github"
}
},
- "nixpkgs_3": {
+ "nixpkgs_2": {
"locked": {
"lastModified": 1767313136,
"narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=",
@@ -171,7 +162,7 @@
"nt": {
"inputs": {
"nix-unit": "nix-unit",
- "nixpkgs": "nixpkgs_3",
+ "nixpkgs": "nixpkgs_2",
"systems": "systems_2"
},
"locked": {
@@ -191,12 +182,28 @@
"root": {
"inputs": {
"deploy-rs": "deploy-rs",
- "nixpkgs": "nixpkgs_2",
- "nixpkgs-unstable": "nixpkgs-unstable",
+ "microvm": "microvm",
+ "nixpkgs": "nixpkgs",
"nt": "nt",
"systems": "systems_3"
}
},
+ "spectrum": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1759482047,
+ "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
+ "ref": "refs/heads/main",
+ "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
+ "revCount": 996,
+ "type": "git",
+ "url": "https://spectrum-os.org/git/spectrum"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://spectrum-os.org/git/spectrum"
+ }
+ },
"systems": {
"locked": {
"lastModified": 1681028828,
diff --git a/flake.nix b/flake.nix
index ff430bc..c1a5498 100644
--- a/flake.nix
+++ b/flake.nix
@@ -17,23 +17,31 @@
inputs = {
systems.url = "github:nix-systems/default";
+ # WARNING: nixpkgs is ONLY included so flakes using Cerulean can
+ # WARNING: force Cerulean's inputs to follow a specific revision.
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
- nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nt.url = "github:cry128/nt";
- deploy-rs.url = "github:serokell/deploy-rs";
+ deploy-rs = {
+ url = "github:serokell/deploy-rs";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+
+ microvm = {
+ url = "github:microvm-nix/microvm.nix";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
};
outputs = {
- nixpkgs,
+ self,
nt,
...
} @ inputs:
import ./cerulean
- (inputs
- // {
- inherit (nixpkgs) lib;
- inherit (nt) mix;
- });
+ {
+ inherit inputs self nt;
+ inherit (nt) mix;
+ };
}