Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 0ad4562bcde64303dda2e2312ee0901899ea8439 / . / flake.nix
blob: e7b747095423aa3450bc7fc9b4b07fc45600c1f2 [file] [log] [blame]
Skyler Grey1e2187f2023-03-03 22:45:10 +0000[diff] [blame]1{
2 description = "A flake to deploy and configure Clicks' NixOS server";
3
Samuel Shuertf68685d2023-10-28 20:07:56 -0400[diff] [blame]4 # input URLs
Skyler Grey915067d2023-12-03 13:46:53 +0000[diff] [blame]5 inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
Skyler Grey68b893f2024-04-18 10:36:40 +0000[diff] [blame]6 inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
Skyler Greyb30f5dd2023-09-01 21:02:44 +0000[diff] [blame]7 inputs.nixpkgs-clicksforms.url = "github:nixos/nixpkgs/nixos-22.05";
Skyler Grey061574c2023-05-01 21:39:24 +0000[diff] [blame]8 inputs.flake-utils.url = "github:numtide/flake-utils";
Skyler Grey1e2187f2023-03-03 22:45:10 +0000[diff] [blame]9 inputs.deploy-rs.url = "github:serokell/deploy-rs";
Skyler Grey915067d2023-12-03 13:46:53 +0000[diff] [blame]10 inputs.home-manager.url = "github:nix-community/home-manager/release-23.11";
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]11 inputs.sops-nix.url = "github:Mic92/sops-nix";
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]12 inputs.scalpel.url = "github:polygon/scalpel";
Skyler Grey1e2187f2023-03-03 22:45:10 +0000[diff] [blame]13
Samuel Shuertf68685d2023-10-28 20:07:56 -0400[diff] [blame]14 inputs.nixpkgs-privatebin.url = "github:e1mo/nixpkgs/privatebin";
15 inputs.nixpkgs-mongodb.url = "github:nixos/nixpkgs?rev=8dfad603247387df1df4826b8bea58efc5d012d8";
16
Skyler Grey99fbd702024-03-11 00:04:20 +0000[diff] [blame]17 inputs.helpers.url = "git+https://git.clicks.codes/Infra/NixHelpers";
Samuel Shuertf68685d2023-10-28 20:07:56 -0400[diff] [blame]18
Skyler Greyfc048592024-03-10 13:46:17 +0000[diff] [blame]19 inputs.frappix.url = "github:blaggacao/frappix";
20
Samuel Shuertf68685d2023-10-28 20:07:56 -0400[diff] [blame]21 # follow settings
Skyler Greyfed0bb12023-05-01 21:42:03 +0000[diff] [blame]22 inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
Skyler Greyfed0bb12023-05-01 21:42:03 +0000[diff] [blame]23
Skyler Greya7fbaee2023-05-12 00:29:20 +0000[diff] [blame]24 inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs";
25
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]26 inputs.scalpel.inputs.nixpkgs.follows = "nixpkgs";
27 inputs.scalpel.inputs.sops-nix.follows = "sops-nix";
28
Skyler Greyc5ed69c2023-12-23 02:25:41 +0000[diff] [blame]29 inputs.gerrit-oauth = {
30 url = "https://gerrit-ci.gerritforge.com/job/plugin-oauth-bazel-master-master/lastBuild/artifact/bazel-bin/plugins/oauth/oauth.jar";
31 flake = false;
32 };
33
Skyler Greyfc048592024-03-10 13:46:17 +0000[diff] [blame]34 inputs.frappix.inputs.nixpkgs.follows = "nixpkgs";
35
Skyler Grey68b893f2024-04-18 10:36:40 +0000[diff] [blame]36 outputs = { self, nixpkgs, nixpkgs-unstable, deploy-rs, home-manager, sops-nix, scalpel
Skyler Greyfc048592024-03-10 13:46:17 +0000[diff] [blame]37 , nixpkgs-privatebin, frappix, ... }@inputs:
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]38 let
39 system = "x86_64-linux";
40 pkgs = import nixpkgs {
41 inherit system;
42 config.allowUnfree = true;
Skyler Greyfc048592024-03-10 13:46:17 +0000[diff] [blame]43
44 # frappix -> wkhtmltopdf
45 config.permittedInsecurePackages = ["openssl-1.1.1w"];
46
Skyler Grey9fe61282023-08-20 21:52:48 +0000[diff] [blame]47 overlays = [
Skyler Greyfe1740c2023-10-21 01:24:18 +0000[diff] [blame]48 (final: prev: {
Skyler Grey68b893f2024-04-18 10:36:40 +0000[diff] [blame]49 inherit (nixpkgs-unstable.legacyPackages.${system})
50 vaultwarden vaultwarden-postgresql # vaultwarden updates often fix compatibility with the extension
51 matrix-sliding-sync; # matrix-sliding-sync updates very fast and being on an old version breaks app compatibility
52 }) # pin-unstable
53 (final: prev: {
Skyler Greyfe1740c2023-10-21 01:24:18 +0000[diff] [blame]54 inherit (nixpkgs-privatebin.legacyPackages.${system})
55 privatebin pbcli;
56 })
Skyler Grey99fbd702024-03-11 00:04:20 +0000[diff] [blame]57 (functorBuster: frappix.toolsOverlay.${system} functorBuster)
58 (functorBuster: frappix.pythonOverlay.${system} functorBuster)
59 (functorBuster: frappix.frappeOverlay.${system} functorBuster)
60 (final: prev: {
61 python311 = prev.python311.override {
62 packageOverrides = pyFinal: pyPrev: {
63 elasticsearch = (
64 pyPrev.elasticsearch.overrideAttrs (prevAttrs: {
65 propagatedBuildInputs = prevAttrs.propagatedBuildInputs ++ [
66 final.python311Packages.elastic-transport
67 ];
68 })
69 );
70 };
71 };
72 })
Skyler Grey9fe61282023-08-20 21:52:48 +0000[diff] [blame]73 ];
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]74 };
Samuel Shuertf68685d2023-10-28 20:07:56 -0400[diff] [blame]75 helpers = inputs.helpers.helpers { inherit pkgs nixpkgs; };
76 drive_paths = import ./variables/drive_paths.nix;
77
78 a1d1 = import ./modules/a1d1 { inherit self pkgs system inputs drive_paths; };
79 a1d2 = import ./modules/a1d2 { inherit self pkgs system inputs; drive_paths = null; };
Skyler Greyfe1740c2023-10-21 01:24:18 +0000[diff] [blame]80 in rec {
81 nixosConfigurations.clicks = let
82 base = nixpkgs.lib.nixosSystem {
83 inherit system pkgs;
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]84 modules = [
Samuel Shuertf68685d2023-10-28 20:07:56 -0400[diff] [blame]85 {
86 system.stateVersion = "22.11";
87 nix.settings.experimental-features = [ "nix-command" "flakes" ];
Samuel Shuert32d3fb52023-11-22 16:25:10 -0500[diff] [blame]88 nix.settings.trusted-users = [ "minion" "coded" ];
Samuel Shuertf68685d2023-10-28 20:07:56 -0400[diff] [blame]89 time.timeZone = "Etc/UTC";
90 users.mutableUsers = false;
91
92 fileSystems."/" = {};
93 }
94 ]
95 ++ (helpers.nixFilesIn ./modules/common)
96 ++ [
Skyler Greyfe1740c2023-10-21 01:24:18 +0000[diff] [blame]97 sops-nix.nixosModules.sops
98 "${nixpkgs-privatebin}/nixos/modules/services/web-apps/privatebin.nix"
Skyler Greyfc048592024-03-10 13:46:17 +0000[diff] [blame]99 frappix.nixosModules.${system}.frappix
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]100 ];
Samuel Shuertf68685d2023-10-28 20:07:56 -0400[diff] [blame]101 specialArgs = inputs // {
Skyler Greyfe1740c2023-10-21 01:24:18 +0000[diff] [blame]102 base = null;
Skyler Greyfe1740c2023-10-21 01:24:18 +0000[diff] [blame]103 inherit system;
Samuel Shuertf68685d2023-10-28 20:07:56 -0400[diff] [blame]104 inherit helpers;
105 drive_paths = null;
Skyler Greyfe1740c2023-10-21 01:24:18 +0000[diff] [blame]106 };
Skyler Grey4f3e6062023-03-04 01:29:29 +0000[diff] [blame]107 };
Skyler Greyfe1740c2023-10-21 01:24:18 +0000[diff] [blame]108 in base.extendModules {
109 modules = [ scalpel.nixosModules.scalpel ];
110 specialArgs = { inherit base; };
111 };
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]112
Skyler Greyb3516c22023-05-24 19:17:11 +0200[diff] [blame]113 nixosConfigurations.clicks-without-mongodb =
114 nixosConfigurations.clicks.extendModules {
Skyler Greyfe1740c2023-10-21 01:24:18 +0000[diff] [blame]115 modules = [{ services.mongodb.enable = nixpkgs.lib.mkForce false; }];
Skyler Greyb3516c22023-05-24 19:17:11 +0200[diff] [blame]116 };
117
Samuel Shuertf68685d2023-10-28 20:07:56 -0400[diff] [blame]118 nixosConfigurations.a1d1 = a1d1.config;
119 nixosConfigurations.a1d2 = a1d2.config;
Skyler Grey07584fb2023-05-01 21:37:13 +0000[diff] [blame]120
Samuel Shuertf68685d2023-10-28 20:07:56 -0400[diff] [blame]121 deploy.nodes.a1d1 = a1d1.deploy;
122 deploy.nodes.a1d2 = a1d2.deploy;
Skyler Grey1e2187f2023-03-03 22:45:10 +0000[diff] [blame]123
Skyler Greyfe1740c2023-10-21 01:24:18 +0000[diff] [blame]124 devShells.x86_64-linux.default =
125 pkgs.mkShell { packages = [ pkgs.deploy-rs ]; };
Skyler Greyb30f5dd2023-09-01 21:02:44 +0000[diff] [blame]126
Skyler Grey2ca6ccd2023-10-14 22:56:43 +0000[diff] [blame]127 formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;
Skyler Grey1e2187f2023-03-03 22:45:10 +0000[diff] [blame]128 };
Skyler Grey1e2187f2023-03-03 22:45:10 +0000[diff] [blame]129}