| { |
| description = "A flake to deploy and configure Clicks' NixOS server"; |
| |
| # input URLs |
| inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; |
| inputs.nixpkgs-clicksforms.url = "github:nixos/nixpkgs/nixos-22.05"; |
| inputs.flake-utils.url = "github:numtide/flake-utils"; |
| inputs.deploy-rs.url = "github:serokell/deploy-rs"; |
| inputs.home-manager.url = "github:nix-community/home-manager/release-23.11"; |
| inputs.sops-nix.url = "github:Mic92/sops-nix"; |
| inputs.scalpel.url = "github:polygon/scalpel"; |
| |
| inputs.nixpkgs-privatebin.url = "github:e1mo/nixpkgs/privatebin"; |
| inputs.nixpkgs-mongodb.url = "github:nixos/nixpkgs?rev=8dfad603247387df1df4826b8bea58efc5d012d8"; |
| |
| inputs.helpers.url = "git+https://git.clicks.codes/Infra/NixHelpers"; |
| |
| inputs.frappix.url = "github:blaggacao/frappix"; |
| |
| # follow settings |
| inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs"; |
| |
| inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs"; |
| |
| inputs.scalpel.inputs.nixpkgs.follows = "nixpkgs"; |
| inputs.scalpel.inputs.sops-nix.follows = "sops-nix"; |
| |
| inputs.gerrit-oauth = { |
| url = "https://gerrit-ci.gerritforge.com/job/plugin-oauth-bazel-master-master/lastBuild/artifact/bazel-bin/plugins/oauth/oauth.jar"; |
| flake = false; |
| }; |
| |
| inputs.frappix.inputs.nixpkgs.follows = "nixpkgs"; |
| |
| outputs = { self, nixpkgs, deploy-rs, home-manager, sops-nix, scalpel |
| , nixpkgs-privatebin, frappix, ... }@inputs: |
| let |
| system = "x86_64-linux"; |
| pkgs = import nixpkgs { |
| inherit system; |
| config.allowUnfree = true; |
| |
| # frappix -> wkhtmltopdf |
| config.permittedInsecurePackages = ["openssl-1.1.1w"]; |
| |
| overlays = [ |
| (final: prev: { |
| inherit (nixpkgs-privatebin.legacyPackages.${system}) |
| privatebin pbcli; |
| }) |
| (functorBuster: frappix.toolsOverlay.${system} functorBuster) |
| (functorBuster: frappix.pythonOverlay.${system} functorBuster) |
| (functorBuster: frappix.frappeOverlay.${system} functorBuster) |
| (final: prev: { |
| python311 = prev.python311.override { |
| packageOverrides = pyFinal: pyPrev: { |
| elasticsearch = ( |
| pyPrev.elasticsearch.overrideAttrs (prevAttrs: { |
| propagatedBuildInputs = prevAttrs.propagatedBuildInputs ++ [ |
| final.python311Packages.elastic-transport |
| ]; |
| }) |
| ); |
| }; |
| }; |
| }) |
| ]; |
| }; |
| helpers = inputs.helpers.helpers { inherit pkgs nixpkgs; }; |
| drive_paths = import ./variables/drive_paths.nix; |
| |
| a1d1 = import ./modules/a1d1 { inherit self pkgs system inputs drive_paths; }; |
| a1d2 = import ./modules/a1d2 { inherit self pkgs system inputs; drive_paths = null; }; |
| in rec { |
| nixosConfigurations.clicks = let |
| base = nixpkgs.lib.nixosSystem { |
| inherit system pkgs; |
| modules = [ |
| { |
| system.stateVersion = "22.11"; |
| nix.settings.experimental-features = [ "nix-command" "flakes" ]; |
| nix.settings.trusted-users = [ "minion" "coded" ]; |
| time.timeZone = "Etc/UTC"; |
| users.mutableUsers = false; |
| |
| fileSystems."/" = {}; |
| } |
| ] |
| ++ (helpers.nixFilesIn ./modules/common) |
| ++ [ |
| sops-nix.nixosModules.sops |
| "${nixpkgs-privatebin}/nixos/modules/services/web-apps/privatebin.nix" |
| frappix.nixosModules.${system}.frappix |
| ]; |
| specialArgs = inputs // { |
| base = null; |
| inherit system; |
| inherit helpers; |
| drive_paths = null; |
| }; |
| }; |
| in base.extendModules { |
| modules = [ scalpel.nixosModules.scalpel ]; |
| specialArgs = { inherit base; }; |
| }; |
| |
| nixosConfigurations.clicks-without-mongodb = |
| nixosConfigurations.clicks.extendModules { |
| modules = [{ services.mongodb.enable = nixpkgs.lib.mkForce false; }]; |
| }; |
| |
| nixosConfigurations.a1d1 = a1d1.config; |
| nixosConfigurations.a1d2 = a1d2.config; |
| |
| deploy.nodes.a1d1 = a1d1.deploy; |
| deploy.nodes.a1d2 = a1d2.deploy; |
| |
| devShells.x86_64-linux.default = |
| pkgs.mkShell { packages = [ pkgs.deploy-rs ]; }; |
| |
| formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt; |
| }; |
| } |