{ description = "tlater.net host configuration"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11-small"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small"; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; deploy-rs.url = "github:serokell/deploy-rs"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; tlaternet-webserver = { url = "git+https://gitea.tlater.net/tlaternet/tlaternet.git"; inputs.nixpkgs.follows = "nixpkgs"; }; foundryvtt = { url = "github:reckenrode/nix-foundryvtt"; inputs.nixpkgs.follows = "nixpkgs"; }; sonnenshift = { url = "git+ssh://git@github.com/sonnenshift/battery-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; nixpkgs-crowdsec.url = "github:tlater/nixpkgs/tlater/fix-crowdsec"; }; outputs = { self, nixpkgs, sops-nix, deploy-rs, ... }@inputs: let system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages.${system}; vm = nixpkgs.lib.nixosSystem { inherit system; specialArgs.flake-inputs = inputs; modules = [ ./configuration ./configuration/hardware-specific/vm.nix ]; }; in { ################## # Configurations # ################## nixosConfigurations = { # The actual system definition hetzner-1 = nixpkgs.lib.nixosSystem { inherit system; specialArgs.flake-inputs = inputs; modules = [ ./configuration ./configuration/hardware-specific/hetzner ]; }; }; ############################ # Deployment configuration # ############################ deploy.nodes = { hetzner-1 = { hostname = "116.202.158.55"; profiles.system = { user = "root"; path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.hetzner-1; }; sshUser = "tlater"; sshOpts = [ "-p" "2222" "-o" "ForwardAgent=yes" ]; }; }; ######### # Tests # ######### checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; ########################### # Garbage collection root # ########################### packages.${system} = let localPkgs = import ./pkgs { inherit pkgs; }; in { default = vm.config.system.build.vm; crowdsec = pkgs.callPackage "${inputs.nixpkgs-crowdsec}/pkgs/by-name/cr/crowdsec/package.nix" { }; crowdsec-hub = localPkgs.crowdsec.hub; crowdsec-firewall-bouncer = localPkgs.crowdsec.firewall-bouncer; }; ################### # Utility scripts # ################### apps.${system} = { default = self.apps.${system}.run-vm; run-vm = { type = "app"; program = let in (pkgs.writeShellScript "" '' ${vm.config.system.build.vm.outPath}/bin/run-testvm-vm '').outPath; }; update-crowdsec-packages = let git = pkgs.lib.getExe pkgs.git; nvfetcher = pkgs.lib.getExe pkgs.nvfetcher; in { type = "app"; program = (pkgs.writeShellScript "update-crowdsec-packages" '' cd "$(${git} rev-parse --show-toplevel)" cd ./pkgs/crowdsec ${nvfetcher} echo 'Remember to update the vendorHash of any go packages!' '').outPath; }; }; ########################### # Development environment # ########################### devShells.${system}.default = nixpkgs.legacyPackages.${system}.mkShell { sopsPGPKeyDirs = [ "./keys/hosts/" "./keys/users/" ]; nativeBuildInputs = [ sops-nix.packages.${system}.sops-import-keys-hook ]; packages = with pkgs; [ sops-nix.packages.${system}.sops-init-gpg-key deploy-rs.packages.${system}.default nixpkgs-fmt cargo clippy rustc rustfmt rust-analyzer pkg-config openssl ]; }; }; }