{ description = "tlater.net host configuration"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05"; nixos-hardware.url = "github:nixos/nixos-hardware/master"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; tlaternet-webserver = { url = "git+https://gitea.tlater.net/tlaternet/tlaternet.git"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, nixos-hardware, sops-nix, tlaternet-webserver, }: let system = "x86_64-linux"; overlays = [ (final: prev: { local = import ./pkgs { pkgs = prev; }; }) ]; pkgs = import nixpkgs {inherit system overlays;}; sops-pkgs = sops-nix.packages.${system}; in { nixosConfigurations = { tlaternet = nixpkgs.lib.nixosSystem { inherit system; modules = [ ({modulesPath, ...}: { imports = [(modulesPath + "/profiles/headless.nix")]; nixpkgs.overlays = overlays; }) (import ./modules) (import ./configuration) (import ./configuration/linode.nix) (import ./configuration/hardware-configuration.nix) sops-nix.nixosModules.sops tlaternet-webserver.nixosModules.default ]; }; vm = nixpkgs.lib.nixosSystem { inherit system; modules = [ ({modulesPath, ...}: { imports = [(modulesPath + "/profiles/headless.nix")]; nixpkgs.overlays = overlays; }) (import ./modules) (import ./configuration) sops-nix.nixosModules.sops tlaternet-webserver.nixosModules.default ({lib, ...}: { users.users.tlater.password = "insecure"; # Disable graphical tty so -curses works boot.kernelParams = ["nomodeset"]; # Sets the base domain for nginx to localhost so that we # can easily test locally with the VM. services.nginx.domain = lib.mkOverride 99 "localhost"; # Use the staging secrets sops.defaultSopsFile = lib.mkOverride 99 ./keys/staging.yaml; # # Set up VM settings to match real VPS # virtualisation.memorySize = 3941; # virtualisation.cores = 2; }) ]; }; }; apps.${system}.default = let inherit (self.nixosConfigurations.vm.config.system.build) vm; inherit (nixpkgs.legacyPackages.${system}) writeShellScript; inherit (nixpkgs.lib.attrsets) mapAttrsToList; inherit (nixpkgs.lib.strings) concatStringsSep; ports = { "2222" = "2222"; "3080" = "80"; "3443" = "443"; "2221" = "2221"; "21025" = "21025"; # Starbound }; QEMU_NET_OPTS = concatStringsSep "," (mapAttrsToList (host: vm: "hostfwd=::${host}-:${vm}") ports); in { type = "app"; program = builtins.toString (writeShellScript "run-vm" '' export QEMU_OPTS="-m 3941 -smp 2 -curses" export QEMU_NET_OPTS="${QEMU_NET_OPTS}" "${vm}/bin/run-tlaternet-vm" ''); }; devShells.${system}.default = pkgs.mkShell { sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"]; nativeBuildInputs = [ sops-pkgs.sops-import-keys-hook ]; buildInputs = with pkgs; [ nixfmt git-lfs sops-pkgs.sops-init-gpg-key ]; shellHook = '' # Work around sudo requiring a full terminal when deploying to # a remote host export NIX_SSHOPTS="-t" ''; }; }; }