blob: c71216bdd20bc243be46628aefed2704abdd03e1 [file] [log] [blame]
Skyler Grey1e2187f2023-03-03 22:45:10 +00001{
2 description = "A flake to deploy and configure Clicks' NixOS server";
3
Skyler Grey07c947a2023-06-08 14:11:23 +02004 inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
Skyler Greyb30f5dd2023-09-01 21:02:44 +00005 inputs.nixpkgs-clicksforms.url = "github:nixos/nixpkgs/nixos-22.05";
Skyler Grey061574c2023-05-01 21:39:24 +00006 inputs.flake-utils.url = "github:numtide/flake-utils";
Skyler Grey1e2187f2023-03-03 22:45:10 +00007 inputs.deploy-rs.url = "github:serokell/deploy-rs";
Skyler Grey07c947a2023-06-08 14:11:23 +02008 inputs.home-manager.url = "github:nix-community/home-manager/release-23.05";
Skyler Greya7fbaee2023-05-12 00:29:20 +00009 inputs.sops-nix.url = "github:Mic92/sops-nix";
Skyler Greya78aa672023-05-20 13:48:18 +020010 inputs.scalpel.url = "github:polygon/scalpel";
Skyler Grey1e2187f2023-03-03 22:45:10 +000011
Skyler Greyfed0bb12023-05-01 21:42:03 +000012 inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
Skyler Greyfed0bb12023-05-01 21:42:03 +000013
Skyler Greya7fbaee2023-05-12 00:29:20 +000014 inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs";
15
Skyler Greya78aa672023-05-20 13:48:18 +020016 inputs.scalpel.inputs.nixpkgs.follows = "nixpkgs";
17 inputs.scalpel.inputs.sops-nix.follows = "sops-nix";
18
Skyler Grey9fe61282023-08-20 21:52:48 +000019 inputs.nixpkgs-privatebin.url = "github:e1mo/nixpkgs/privatebin";
20
Skyler Grey2ca6ccd2023-10-14 22:56:43 +000021 inputs.helpers.url = "git+https://git.clicks.codes/Clicks/NixHelpers";
22
Skyler Greyfe1740c2023-10-21 01:24:18 +000023 outputs = { self, nixpkgs, deploy-rs, home-manager, sops-nix, scalpel
24 , nixpkgs-privatebin, helpers, ... }@inputs:
Skyler Grey07584fb2023-05-01 21:37:13 +000025 let
26 system = "x86_64-linux";
27 pkgs = import nixpkgs {
28 inherit system;
29 config.allowUnfree = true;
Skyler Grey9fe61282023-08-20 21:52:48 +000030 overlays = [
Skyler Greyfe1740c2023-10-21 01:24:18 +000031 (final: prev: {
32 inherit (nixpkgs-privatebin.legacyPackages.${system})
33 privatebin pbcli;
34 })
Skyler Grey9fe61282023-08-20 21:52:48 +000035 ];
Skyler Grey07584fb2023-05-01 21:37:13 +000036 };
Skyler Greyfe1740c2023-10-21 01:24:18 +000037 in rec {
38 nixosConfigurations.clicks = let
39 base = nixpkgs.lib.nixosSystem {
40 inherit system pkgs;
Skyler Grey07584fb2023-05-01 21:37:13 +000041 modules = [
Skyler Greyfe1740c2023-10-21 01:24:18 +000042 ./default/configuration.nix
43 ./default/hardware-configuration.nix
44 ./modules/cache.nix
45 ./modules/clamav.nix
46 ./modules/cloudflare-ddns.nix
47 ./modules/dmarc.nix
48 ./modules/dnsmasq.nix
49 ./modules/doas.nix
50 ./modules/docker.nix
51 ./modules/drivePaths.nix
52 ./modules/ecryptfs.nix
53 ./modules/fail2ban.nix
54 ./modules/gerrit.nix
55 ./modules/git.nix
56 ./modules/grafana.nix
57 ./modules/home-manager-users.nix
58 ./modules/keycloak.nix
59 ./modules/kitty.nix
60 ./modules/loginctl-linger.nix
61 ./modules/matrix.nix
62 ./modules/mongodb.nix
63 ./modules/networking.nix
64 ./modules/nextcloud.nix
65 ./modules/nginx-routes.nix
66 ./modules/nginx.nix
67 ./modules/node.nix
68 ./modules/postgres.nix
69 ./modules/privatebin.nix
70 ./modules/samba.nix
71 ./modules/scalpel.nix
72 ./modules/ssh.nix
73 ./modules/static-ip.nix
74 ./modules/syncthing.nix
75 ./modules/tesseract.nix
76 ./modules/vaultwarden.nix
77 sops-nix.nixosModules.sops
78 "${nixpkgs-privatebin}/nixos/modules/services/web-apps/privatebin.nix"
79 { users.mutableUsers = false; }
Skyler Grey07584fb2023-05-01 21:37:13 +000080 ];
Skyler Greyfe1740c2023-10-21 01:24:18 +000081 specialArgs = {
82 base = null;
83 drive_paths = import ./variables/drive_paths.nix;
84 inherit system;
85 helpers = helpers.helpers { inherit pkgs; };
86 };
Skyler Grey4f3e6062023-03-04 01:29:29 +000087 };
Skyler Greyfe1740c2023-10-21 01:24:18 +000088 in base.extendModules {
89 modules = [ scalpel.nixosModules.scalpel ];
90 specialArgs = { inherit base; };
91 };
Skyler Grey07584fb2023-05-01 21:37:13 +000092
Skyler Greyb3516c22023-05-24 19:17:11 +020093 nixosConfigurations.clicks-without-mongodb =
94 nixosConfigurations.clicks.extendModules {
Skyler Greyfe1740c2023-10-21 01:24:18 +000095 modules = [{ services.mongodb.enable = nixpkgs.lib.mkForce false; }];
Skyler Greyb3516c22023-05-24 19:17:11 +020096 };
97
Skyler Grey07584fb2023-05-01 21:37:13 +000098 deploy.nodes.clicks = {
99 sudo = "doas -u";
100 profiles = {
101 system = {
102 remoteBuild = true;
103 user = "root";
104 path = deploy-rs.lib.x86_64-linux.activate.nixos
105 self.nixosConfigurations.clicks;
106 };
Skyler Greyfe1740c2023-10-21 01:24:18 +0000107 } // (let
108 mkServiceConfig = service: {
109 remoteBuild = true;
110 user = service;
Skyler Grey07584fb2023-05-01 21:37:13 +0000111
Skyler Greyfe1740c2023-10-21 01:24:18 +0000112 profilePath =
113 "/nix/var/nix/profiles/per-user/${service}/home-manager";
114 path = deploy-rs.lib.x86_64-linux.activate.home-manager
115 (home-manager.lib.homeManagerConfiguration {
116 inherit pkgs;
117 modules = [
Skyler Grey07584fb2023-05-01 21:37:13 +0000118 {
Skyler Greyfe1740c2023-10-21 01:24:18 +0000119 home.homeDirectory = "/services/${service}";
120 home.username = service;
121 home.stateVersion = "22.11";
122 programs.home-manager.enable = true;
123 }
124 "${./services}/${service}"
125 ];
126 extraSpecialArgs = {
127 inherit (inputs) nixpkgs-clicksforms;
128 inherit system;
129 };
130 });
131 };
132 in nixpkgs.lib.pipe ./services [
133 builtins.readDir
134 (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
135 builtins.attrNames
136 (map (name: {
137 inherit name;
138 value = mkServiceConfig name;
139 }))
140 builtins.listToAttrs
141 ]) // (let
142 mkBlankConfig = username: {
143 remoteBuild = true;
144 user = username;
Skyler Grey5b2c0382023-05-29 11:09:05 +0200145
Skyler Greyfe1740c2023-10-21 01:24:18 +0000146 profilePath =
147 "/nix/var/nix/profiles/per-user/${username}/home-manager";
148 path = deploy-rs.lib.x86_64-linux.activate.home-manager
149 (home-manager.lib.homeManagerConfiguration {
150 inherit pkgs;
151 modules = [
152 {
153 home.username = username;
154 home.stateVersion = "22.11";
155 programs.home-manager.enable = true;
156 }
157 "${./homes}/${username}"
158 ];
159 });
160 };
161 in nixpkgs.lib.pipe ./homes [
162 builtins.readDir
163 (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
164 builtins.attrNames
165 (map (name: {
166 inherit name;
167 value = mkBlankConfig name;
168 }))
169 builtins.listToAttrs
170 ]);
Skyler Grey07584fb2023-05-01 21:37:13 +0000171 hostname = "clicks";
172 profilesOrder = [ "system" ];
Skyler Grey1e2187f2023-03-03 22:45:10 +0000173 };
Skyler Grey1e2187f2023-03-03 22:45:10 +0000174
Skyler Greyfe1740c2023-10-21 01:24:18 +0000175 devShells.x86_64-linux.default =
176 pkgs.mkShell { packages = [ pkgs.deploy-rs ]; };
Skyler Greyb30f5dd2023-09-01 21:02:44 +0000177
Skyler Grey2ca6ccd2023-10-14 22:56:43 +0000178 formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;
Skyler Grey1e2187f2023-03-03 22:45:10 +0000179 };
Skyler Grey1e2187f2023-03-03 22:45:10 +0000180}