Merge fort-nix/nix-bitcoin#432: Improve flake

6be3fb3e77 flake: provide a single NixOS module (Erik Arvstedt)
d69524143b flake: remove nonstandard top-level flake attrs (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 6be3fb3e77

Tree-SHA512: 78a41366407fc696156322600f596d4dfb12899c089503d330847ae175cfb7825689bb3888632ec80baff8a50efe037f4a5c33ded3220bcafa54b87b4f311528

examples/flakes/flake.nix

@@ -8,19 +8,11 @@
     nixosConfigurations.mynode = nix-bitcoin.inputs.nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
       modules = [
-        ## Note:
+        nix-bitcoin.nixosModule
-        ## If you use a custom nixpkgs version for evaluating your system,
-        ## consider using `withLockedPkgs` instead of `withSystemPkgs` to use the exact
-        ## pkgs versions for nix-bitcoin services that are tested by nix-bitcoin.
-        ## The downsides are increased evaluation times and increased system
-        ## closure size.
-        #
-        # nix-bitcoin.nixosModules.withLockedPkgs
-        nix-bitcoin.nixosModules.withSystemPkgs
 
-        ## Optional:
+        # Optional:
-        ## Import the secure-node preset, an opinionated config to enhance security
+        # Import the secure-node preset, an opinionated config to enhance security
-        ## and privacy.
+        # and privacy.
         #
         # "${nix-bitcoin}/modules/presets/secure-node.nix"
 
@@ -46,6 +38,15 @@
             isNormalUser = true;
             password = "a";
           };
+
+          # If you use a custom nixpkgs version for evaluating your system
+          # (instead of `nix-bitcoin.inputs.nixpkgs` like in this example),
+          # consider setting `useVersionLockedPkgs = true` to use the exact pkgs
+          # versions for nix-bitcoin services that are tested by nix-bitcoin.
+          # The downsides are increased evaluation times and increased system
+          # closure size.
+          #
+          # nix-bitcoin.useVersionLockedPkgs = true;
         }
       ];
     };

flake.nix

@@ -15,30 +15,46 @@
       supportedSystems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
     in
     rec {
+      lib = {
         mkNbPkgs = {
           system
           , pkgs ? import nixpkgs { inherit system; }
           , pkgsUnstable ? import nixpkgsUnstable { inherit system; }
         }:
           import ./pkgs { inherit pkgs pkgsUnstable; };
-
-      overlay = final: prev: let
-        nbPkgs = mkNbPkgs { inherit (final) system; pkgs = final; };
-      in removeAttrs nbPkgs [ "pinned" "nixops19_09" "krops" ];
-
-      nixosModules = {
-        # Uses the default system pkgs for nix-bitcoin.pkgs
-        withSystemPkgs =  { pkgs, ... }: {
-          imports = [ ./modules/modules.nix ];
-          nix-bitcoin.pkgs = (mkNbPkgs { inherit (pkgs) system; inherit pkgs; }).modulesPkgs;
       };
 
-        # Uses the nixpkgs version locked by this flake for nix-bitcoin.pkgs.
+      overlay = final: prev: let
-        # More stable, but slightly slower to evaluate and needs more space if the
+        nbPkgs = lib.mkNbPkgs { inherit (final) system; pkgs = final; };
-        # locked and the system nixpkgs versions differ.
+      in removeAttrs nbPkgs [ "pinned" "nixops19_09" "krops" ];
-        withLockedPkgs =  { config, ... }: {
+
+      nixosModule = { config, pkgs, lib, ... }: {
         imports = [ ./modules/modules.nix ];
-          nix-bitcoin.pkgs = (mkNbPkgs { inherit (config.nixpkgs) system; }).modulesPkgs;
+
+        options = with lib; {
+          nix-bitcoin.useVersionLockedPkgs = mkOption {
+            type = types.bool;
+            default = false;
+            description = ''
+              Use the nixpkgs version locked by this flake for `nix-bitcoin.pkgs`.
+              Only relevant if you are using a nixpkgs version for evaluating your system
+              that differs from the one that is locked by this flake (via input `nixpkgs`).
+              If this is the case, enabling this option may result in a more stable system
+              because the nix-bitcoin services use the exact pkgs versions that are tested
+              by nix-bitcoin.
+              The downsides are increased evaluation times and increased system
+              closure size.
+
+              If `false`, the default system pkgs are used.
+            '';
+          };
+        };
+
+        config = {
+          nix-bitcoin.pkgs =
+            if config.nix-bitcoin.useVersionLockedPkgs
+            then (self.lib.mkNbPkgs { inherit (config.nixpkgs) system; }).modulesPkgs
+            else (self.lib.mkNbPkgs { inherit (pkgs) system; inherit pkgs; }).modulesPkgs;
         };
       };
 
@@ -51,6 +67,8 @@
       let
         pkgs = import nixpkgs { inherit system; };
 
+        nbPkgs = self.lib.mkNbPkgs { inherit system pkgs; };
+
         mkVMScript = vm: pkgs.writers.writeBash "run-vm" ''
           set -euo pipefail
           export TMPDIR=$(mktemp -d /tmp/nix-bitcoin-vm.XXX)
@@ -59,8 +77,6 @@
           QEMU_OPTS="-smp $(nproc) -m 1500" ${vm}/bin/run-*-vm
         '';
       in rec {
-        nbPkgs = self.mkNbPkgs { inherit system pkgs; };
-
         packages = flake-utils.lib.flattenTree (removeAttrs nbPkgs [
           "pinned" "modulesPkgs" "nixops19_09" "krops" "generate-secrets" "netns-exec"
         ]) // {
@@ -75,7 +91,7 @@
               inherit system;
               configuration = {
                 imports = [
-                  nix-bitcoin.nixosModules.withSystemPkgs
+                  nix-bitcoin.nixosModule
                   "${nix-bitcoin}/modules/presets/secure-node.nix"
                 ];
 
@@ -92,6 +108,11 @@
             }).vm;
         };
 
+        # Allow accessing the whole nested `nbPkgs` attrset (including `modulesPkgs`)
+        # via this flake.
+        # `packages` is not allowed to contain nested pkgs attrsets.
+        legacyPackages = { inherit nbPkgs; };
+
         defaultApp = apps.vm;
 
         apps = {