Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 50bbc8f50325d0f0cd7fc2096a66c4eb1663d4d9 / . / flake.nix
blob: 2af4e0d669fc7968c0838c58b0ff93843ef39523 [file] [log] [blame]
{
description = "A flake to deploy and configure Clicks' NixOS server";
# input URLs
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
inputs.nixpkgs-clicksforms.url = "github:nixos/nixpkgs/nixos-22.05";
inputs.flake-utils.url = "github:numtide/flake-utils";
inputs.deploy-rs.url = "github:serokell/deploy-rs";
inputs.home-manager.url = "github:nix-community/home-manager/release-23.11";
inputs.sops-nix.url = "github:Mic92/sops-nix";
inputs.scalpel.url = "github:polygon/scalpel";
inputs.nixpkgs-privatebin.url = "github:e1mo/nixpkgs/privatebin";
inputs.nixpkgs-mongodb.url = "github:nixos/nixpkgs?rev=8dfad603247387df1df4826b8bea58efc5d012d8";
inputs.helpers.url = "git+https://git.clicks.codes/Infra/NixHelpers";
inputs.frappix.url = "github:ClicksCodes/frappix";
# follow settings
inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs";
inputs.scalpel.inputs.nixpkgs.follows = "nixpkgs";
inputs.scalpel.inputs.sops-nix.follows = "sops-nix";
inputs.gerrit-oauth = {
url = "https://gerrit-ci.gerritforge.com/job/plugin-oauth-bazel-master-master/lastBuild/artifact/bazel-bin/plugins/oauth/oauth.jar";
flake = false;
};
outputs = { self, nixpkgs, nixpkgs-unstable, deploy-rs, home-manager, sops-nix, scalpel
, nixpkgs-privatebin, frappix, ... }@inputs:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
# frappix -> wkhtmltopdf
config.permittedInsecurePackages = ["openssl-1.1.1w"];
overlays = [
(final: prev: {
inherit (nixpkgs-unstable.legacyPackages.${system})
vaultwarden vaultwarden-postgresql # vaultwarden updates often fix compatibility with the extension
matrix-sliding-sync; # matrix-sliding-sync updates very fast and being on an old version breaks app compatibility
}) # pin-unstable
(final: prev: {
inherit (nixpkgs-privatebin.legacyPackages.${system})
privatebin pbcli;
})
(functorBuster: frappix.toolsOverlay.${system} functorBuster)
(functorBuster: frappix.pythonOverlay.${system} functorBuster)
(functorBuster: frappix.frappeOverlay.${system} functorBuster)
(final: prev: {
python311 = prev.python311.override {
packageOverrides = pyFinal: pyPrev: {
elasticsearch = (
pyPrev.elasticsearch.overrideAttrs (prevAttrs: {
propagatedBuildInputs = prevAttrs.propagatedBuildInputs ++ [
final.python311Packages.elastic-transport
];
})
);
};
};
})
];
};
helpers = inputs.helpers.helpers { inherit pkgs nixpkgs; };
drive_paths = import ./variables/drive_paths.nix;
a1d1 = import ./modules/a1d1 { inherit self pkgs system inputs drive_paths; };
a1d2 = import ./modules/a1d2 { inherit self pkgs system inputs; drive_paths = null; };
in rec {
nixosConfigurations.clicks = let
base = nixpkgs.lib.nixosSystem {
inherit system pkgs;
modules = [
{
system.stateVersion = "22.11";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.trusted-users = [ "minion" "coded" ];
time.timeZone = "Etc/UTC";
users.mutableUsers = false;
fileSystems."/" = {};
}
]
++ (helpers.nixFilesIn ./modules/common)
++ [
sops-nix.nixosModules.sops
"${nixpkgs-privatebin}/nixos/modules/services/web-apps/privatebin.nix"
frappix.nixosModules.${system}.frappix
];
specialArgs = inputs // {
base = null;
inherit system;
inherit helpers;
drive_paths = null;
};
};
in base.extendModules {
modules = [ scalpel.nixosModules.scalpel ];
specialArgs = { inherit base; };
};
nixosConfigurations.clicks-without-mongodb =
nixosConfigurations.clicks.extendModules {
modules = [{ services.mongodb.enable = nixpkgs.lib.mkForce false; }];
};
nixosConfigurations.a1d1 = a1d1.config;
nixosConfigurations.a1d2 = a1d2.config;
deploy.nodes.a1d1 = a1d1.deploy;
deploy.nodes.a1d2 = a1d2.deploy;
devShells.x86_64-linux.default =
pkgs.mkShell { packages = [ pkgs.deploy-rs ]; };
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;
};
}