{ description = "tlater.net host configuration"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05"; nixos-hardware.url = "github:nixos/nixos-hardware/master"; flake-utils.url = "github:numtide/flake-utils"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; tlaternet-webserver = { url = "git+https://gitea.tlater.net/tlaternet/tlaternet.git"; inputs = { flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; }; }; tlaternet-templates = { url = "git+https://gitea.tlater.net/tlaternet/tlaternet-templates.git"; inputs = { flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; }; }; }; outputs = { self, nixpkgs, nixos-hardware, flake-utils, sops-nix , tlaternet-webserver, tlaternet-templates, ... }@inputs: let overlays = [ (final: prev: { tlaternet-webserver = tlaternet-webserver.legacyPackages.${prev.system}.packages; tlaternet-templates = tlaternet-templates.legacyPackages.${prev.system}.packages; local = import ./pkgs { pkgs = prev; local-lib = self.lib.${prev.system}; }; }) ]; in { nixosConfigurations = { tlaternet = let system = "x86_64-linux"; in nixpkgs.lib.nixosSystem { inherit system; modules = [ ({ modulesPath, ... }: { imports = [ (modulesPath + "/profiles/headless.nix") ]; nixpkgs.overlays = overlays; }) (import ./modules) (import ./configuration) (import ./configuration/linode.nix) (import ./configuration/hardware-configuration.nix) sops-nix.nixosModules.sops ]; }; vm = let system = "x86_64-linux"; in nixpkgs.lib.nixosSystem { inherit system; modules = [ ({ modulesPath, ... }: { imports = [ (modulesPath + "/profiles/headless.nix") ]; nixpkgs.overlays = overlays; }) (import ./modules) (import ./configuration) sops-nix.nixosModules.sops ({ lib, ... }: { users.users.tlater.password = "insecure"; # Disable graphical tty so -curses works boot.kernelParams = [ "nomodeset" ]; # Sets the base domain for nginx to localhost so that we # can easily test locally with the VM. services.nginx.domain = lib.mkOverride 99 "localhost"; # # Set up VM settings to match real VPS # virtualisation.memorySize = 3941; # virtualisation.cores = 2; }) ]; }; }; } // flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system overlays; }; sops-pkgs = sops-nix.packages.${system}; in { devShell = pkgs.mkShell { sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"]; nativeBuildInputs = with sops-pkgs; [ sops-import-keys-hook ]; buildInputs = with pkgs; with sops-pkgs; [ nixfmt git-lfs sops-init-gpg-key # For the minecraft mod update script (python3.withPackages (pypkgs: with pypkgs; [ dateutil requests ipython python3.withPackages (ppkgs: with pkgs; [ python-lsp-server python-lsp-black pyls-isort pyls-mypy rope pyflakes mccabe pycodestyle pydocstyle ]) ])) ]; shellHook = let inherit (pkgs.lib.attrsets) mapAttrsToList; inherit (pkgs.lib.strings) concatStringsSep; ports = { "3022" = "2222"; "3080" = "80"; "3443" = "443"; "3021" = "2221"; "25565" = "25565"; "21025" = "21025"; # Starbound }; QEMU_NET_OPTS = concatStringsSep "," (mapAttrsToList (host: vm: "hostfwd=::${host}-:${vm}") ports); in '' export QEMU_OPTS="-m 3941 -smp 2 -curses" export QEMU_NET_OPTS="${QEMU_NET_OPTS}" # Work around sudo requiring a full terminal export NIX_SSHOPTS="-t" ''; }; packages = import ./pkgs { inherit pkgs; local-lib = self.lib.${system}; }; lib = import ./lib { inherit pkgs inputs; lib = nixpkgs.lib; }; }); }