blob: 2dafc74162da5eb4eefc59921ac3cbb691d28b4b [file] [log] [blame]
{
description = "A flake to deploy and configure Clicks' NixOS server";
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
inputs.flake-utils.url = "github:numtide/flake-utils";
inputs.deploy-rs.url = "github:serokell/deploy-rs";
inputs.home-manager.url = "github:nix-community/home-manager/release-22.11";
inputs.sops-nix.url = "github:Mic92/sops-nix";
inputs.scalpel.url = "github:polygon/scalpel";
inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.inputs.utils.follows = "deploy-rs/utils";
inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs";
inputs.scalpel.inputs.nixpkgs.follows = "nixpkgs";
inputs.scalpel.inputs.sops-nix.follows = "sops-nix";
outputs = { self, nixpkgs, deploy-rs, home-manager, sops-nix, scalpel, nixpkgs-unstable, ... }@inputs:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
pkgs-unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
in
{
nixosConfigurations.clicks =
let
base = nixpkgs.lib.nixosSystem {
inherit system pkgs;
modules = [
./default/configuration.nix
./default/hardware-configuration.nix
./modules/caddy.nix
./modules/clamav.nix
./modules/code-server.nix
./modules/dmarc.nix
./modules/dnsmasq.nix
./modules/doas.nix
./modules/docker.nix
./modules/ecryptfs.nix
./modules/fail2ban.nix
./modules/fuck.nix
./modules/git.nix
./modules/grafana.nix
./modules/home-manager-users.nix
./modules/kitty.nix
./modules/loginctl-linger.nix
./modules/matrix.nix
./modules/mongodb.nix
./modules/node.nix
./modules/postgres.nix
./modules/samba.nix
./modules/scalpel.nix
./modules/tesseract.nix
sops-nix.nixosModules.sops
{
users.mutableUsers = false;
_module.args = { inherit pkgs-unstable; };
}
];
specialArgs = { base = null; };
};
in
base.extendModules {
modules = [
scalpel.nixosModules.scalpel
];
specialArgs = { inherit base; };
};
deploy.nodes.clicks = {
sudo = "doas -u";
profiles = {
system = {
remoteBuild = true;
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.clicks;
};
} // (
let
mkServiceConfig = service: {
remoteBuild = true;
user = service;
profilePath = "/nix/var/nix/profiles/per-user/${service}/home-manager";
path =
deploy-rs.lib.x86_64-linux.activate.home-manager (home-manager.lib.homeManagerConfiguration
{
inherit pkgs;
modules = [
{
home.homeDirectory = "/services/${service}";
home.username = service;
home.stateVersion = "22.11";
programs.home-manager.enable = true;
}
"${./services}/${service}"
];
});
};
in
nixpkgs.lib.pipe ./services [
builtins.readDir
(nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
builtins.attrNames
(map (name: {
inherit name; value = mkServiceConfig name;
}))
builtins.listToAttrs
]
);
hostname = "clicks";
profilesOrder = [ "system" ];
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
};
}