{ description = "tlater.net host configuration"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-21.11"; nixos-hardware.url = "github:nixos/nixos-hardware/master"; flake-utils.url = "github:numtide/flake-utils"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; tlaternet-webserver = { url = "git+https://gitea.tlater.net/tlaternet/tlaternet.git"; inputs = { flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; }; }; tlaternet-templates = { url = "git+https://gitea.tlater.net/tlaternet/tlaternet-templates.git"; inputs = { flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; }; }; }; outputs = { self, nixpkgs, nixos-hardware, flake-utils, sops-nix , tlaternet-webserver, tlaternet-templates, ... }@inputs: let overlays = [ (final: prev: { tlaternet-webserver = tlaternet-webserver.legacyPackages.${prev.system}.packages; tlaternet-templates = tlaternet-templates.legacyPackages.${prev.system}.packages; local = import ./pkgs { pkgs = prev; local-lib = self.lib.${prev.system}; }; }) sops-nix.overlay ]; in { nixosConfigurations = { tlaternet = let system = "x86_64-linux"; in nixpkgs.lib.nixosSystem { inherit system; modules = [ sops-nix.nixosModules.sops ({ modulesPath, ... }: { imports = [ (modulesPath + "/profiles/headless.nix") ]; nixpkgs.overlays = overlays; }) (import ./modules) (import ./configuration) (import ./configuration/linode.nix) (import ./configuration/hardware-configuration.nix) ]; }; vm = let system = "x86_64-linux"; in nixpkgs.lib.nixosSystem { inherit system; modules = [ sops-nix.nixosModule ({ modulesPath, ... }: { imports = [ (modulesPath + "/profiles/headless.nix") ]; nixpkgs.overlays = overlays; }) (import ./modules) (import ./configuration) ({ lib, ... }: { users.users.tlater.password = "insecure"; # Disable graphical tty so -curses works boot.kernelParams = [ "nomodeset" ]; # Sets the base domain for nginx to localhost so that we # can easily test locally with the VM. services.nginx.domain = lib.mkOverride 99 "localhost"; # Use a default password for the grafana instance for # easy testing. services.grafana.security = { adminPassword = "insecure"; adminPasswordFile = lib.mkOverride 99 null; }; # # Set up VM settings to match real VPS # virtualisation.memorySize = 3941; # virtualisation.cores = 2; }) ]; }; }; } // flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system overlays; }; in { devShell = with pkgs; mkShell { buildInputs = [ nixfmt git-lfs sops-init-gpg-key # For the minecraft mod update script (python3.withPackages (pypkgs: with pypkgs; [ dateutil requests # ipython # python-language-server # pyls-black # pyls-isort # pyls-mypy ])) ]; # nativeBuildInputs = [ sops-import-keys-hook ]; Breaks the shellHook somehow sopsPGPKeyDirs = [ "./keys/hosts/" "./keys/users/" ]; shellHook = '' export QEMU_OPTS="-m 3941 -smp 2 -curses" export QEMU_NET_OPTS="hostfwd=::3022-:2222,hostfwd=::3080-:80,hostfwd=::3443-:443,hostfwd=::3021-:2221,hostfwd=::25565-:25565" # Work around sudo requiring a full terminal export NIX_SSHOPTS="-t" ''; }; packages = import ./pkgs { inherit pkgs; local-lib = self.lib.${system}; }; lib = import ./lib { inherit pkgs inputs; lib = nixpkgs.lib; }; }); }