From fbcc30ae4125dd5b298524df9aac5016e9a5a95c Mon Sep 17 00:00:00 2001
From: Izan Gil <66965250+SrIzan10@users.noreply.github.com>
Date: Mon, 4 May 2026 22:26:43 +0200
Subject: [PATCH] chore: flake reviewing

---
 configuration.nix  | 42 +++++++++++++++++++++++++++++-------------
 docs/docs/index.md | 26 +++++++++++++++++++++++++-
 install.sh         |  2 +-
 3 files changed, 55 insertions(+), 15 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index f3221c4..d93dd63 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -2,6 +2,11 @@
 
 let
   username = "usuario";
+  hasHardwareConfiguration = builtins.pathExists ./hardware-configuration.nix;
+  hasInstallLocal = builtins.pathExists ./install-local.nix;
+  missingLocalFiles =
+    lib.optional (!hasHardwareConfiguration) "./hardware-configuration.nix"
+    ++ lib.optional (!hasInstallLocal) "./install-local.nix";
   learningml-desktop = pkgs.callPackage ./pkgs/learningml-desktop.nix { };
   andaredConnectScript = pkgs.writeShellScriptBin "andared-connect" (builtins.readFile ./andared-connect.sh);
   labUpdateMonitor = pkgs.writeShellScriptBin "lab-update-monitor" (builtins.readFile ./update-monitor.sh);
@@ -44,30 +49,40 @@ let
 in
 {
   imports =
-    lib.optionals (builtins.pathExists ./hardware-configuration.nix) [
+    lib.optionals hasHardwareConfiguration [
       ./hardware-configuration.nix
     ]
-    ++ lib.optionals (builtins.pathExists ./install-local.nix) [
+    ++ lib.optionals hasInstallLocal [
       ./install-local.nix
     ]
     ++ [
       (import ./locale-es.nix { inherit lib username; })
     ];
 
-  assertions = [
-    {
-      assertion = builtins.pathExists ./hardware-configuration.nix;
-      message = ''
-        Missing ./hardware-configuration.nix.
+  system.activationScripts.requireLocalInstallFiles =
+    lib.mkIf (missingLocalFiles != [ ]) {
+      text = ''
+        cat >&2 <<'EOF'
+        Missing generated local install files:
+${lib.concatMapStringsSep "\n" (file: "          - ${file}") missingLocalFiles}
 
-        Generate it on the target machine with:
+        Run ./install.sh on the target machine so it can generate hardware and
+        boot-loader settings for that machine.
+
+        For manual recovery, generate the hardware file with:
           sudo nixos-generate-config --show-hardware-config > hardware-configuration.nix
-
-        Then rebuild with:
-          sudo nixos-rebuild switch --flake .#
+        EOF
+        exit 1
       '';
-    }
-  ];
+    };
+
+  # Lets reviewers evaluate the flake without a machine-specific generated file.
+  # Real installs still stop in the activation script above until the installer
+  # writes hardware-configuration.nix for the target machine.
+  fileSystems."/" = lib.mkIf (!hasHardwareConfiguration) {
+    device = lib.mkDefault "tmpfs";
+    fsType = lib.mkDefault "tmpfs";
+  };
 
   system.stateVersion = "25.11";
   nixpkgs.config.allowUnfree = true;
@@ -94,6 +109,7 @@ in
     ];
     # hide bootloader menu (can still be accessed by holding shift during boot)
     loader.timeout = 0;
+    loader.grub.devices = lib.mkDefault (lib.optionals (!hasInstallLocal) [ "nodev" ]);
   };
 
   # networking
diff --git a/docs/docs/index.md b/docs/docs/index.md
index 089525f..2a0768b 100644
--- a/docs/docs/index.md
+++ b/docs/docs/index.md
@@ -8,8 +8,32 @@ A NixOS configuration for the computer lab of eth0's school. Currently unused, b
 
 For the installation guide, go to [Installation](/installation)
 
+## Reviewing the flake
+
+To check that the flake evaluates without installing or switching the system:
+
+```sh
+nix --extra-experimental-features "nix-command flakes" flake metadata --no-write-lock-file .
+nix --extra-experimental-features "nix-command flakes" flake show --no-write-lock-file .
+nix --extra-experimental-features "nix-command flakes" flake check --no-build --no-write-lock-file .
+```
+
+For a deeper no-install check of what the NixOS system build would need, run:
+
+```sh
+nix --extra-experimental-features "nix-command flakes" build --dry-run --no-link --no-write-lock-file .#nixosConfigurations.nixos.config.system.build.toplevel
+```
+
+This prints the store paths that would be built or downloaded. That output is
+expected; it is not installing or switching the system.
+
+The machine-specific `hardware-configuration.nix` and `install-local.nix` files
+are generated during installation. They are not required for the no-install
+review commands above, but activation will fail with a clear message if someone
+tries to install or switch without them.
+
 ## Why Nix?
 
 NixOS is a Linux distribution that uses the Nix package manager to provide a declarative and reproducible configuration system. This means that you can define your entire system configuration in a single file, and Nix will take care of installing and configuring everything for you.
 
-This makes it easy to set up and maintain a consistent environment across multiple machines, which is ideal for a computer lab setting, where not always you want to install programs on every machine manually.
\ No newline at end of file
+This makes it easy to set up and maintain a consistent environment across multiple machines, which is ideal for a computer lab setting, where not always you want to install programs on every machine manually.
diff --git a/install.sh b/install.sh
index 3eabd1b..f70be6f 100644
--- a/install.sh
+++ b/install.sh
@@ -209,7 +209,7 @@ EOF
 {
   boot.loader.grub = {
     enable = true;
-    device = "$disk";
+    devices = [ "$disk" ];
   };
 }
 EOF