tlaternet-server/flake.nix
Tristan Daniël Maat be1d739b40
bump: Update inputs
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/fa5746ecea1772cf59b3f34c5816ab3531478142?narHash=sha256-xFnU%2BuUl48Icas2wPQ%2BZzlL2O3n8f6J2LrzNK9f2nng%3D' (2025-02-15)
  → 'github:nix-community/disko/15dbf8cebd8e2655a883b74547108e089f051bf0?narHash=sha256-lSOXdgW/1zi/SSu7xp71v%2B55D5Egz8ACv0STkj7fhbs%3D' (2025-02-18)
• Updated input 'foundryvtt':
    'github:reckenrode/nix-foundryvtt/0a72a4bf64224c6584fd1b9e9f0012dd09af979a?narHash=sha256-vM9C1gFiQGa3nTYqmTBI8MoiUfprkQdepUBbxV7ECMQ%3D' (2025-01-17)
  → 'github:reckenrode/nix-foundryvtt/a7fa493ba2c623cf90e83756b62285b3b58f18d2?narHash=sha256-u3m%2BawbdL%2B0BKk8IWidsWMr%2BR0ian3GZMUlH7623kd8%3D' (2025-02-16)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/30d4471a8a2a13b716530d3aad60b9846ea5ff83?narHash=sha256-jGiez5BtGGJUB/LXzRa%2B4AQurMO9acc1B69kBfgQhJc%3D' (2025-02-15)
  → 'github:nixos/nixpkgs/11415c7ae8539d6292f2928317ee7a8410b28bb9?narHash=sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM%3D' (2025-02-21)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/31ff66eb77d02e9ac34b7256a02edb1c43fb9998?narHash=sha256-3bnOIZz8KXtzcaXGuH9Eriv0HiQyr1EIfcye%2BVHLQZE%3D' (2025-02-15)
  → 'github:nixos/nixpkgs/8465e233b0668cf162c608a92e62e8d78c1ba7e4?narHash=sha256-wzBbGGZ6i1VVBA/cDJaLfuuGYCUriD7fwsLgJJHRVRk%3D' (2025-02-22)
2025-02-23 01:45:11 +08:00

171 lines
4.3 KiB
Nix

{
description = "tlater.net host configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11-small";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
deploy-rs.url = "github:serokell/deploy-rs";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
tlaternet-webserver = {
url = "git+https://gitea.tlater.net/tlaternet/tlaternet.git";
inputs.nixpkgs.follows = "nixpkgs";
};
foundryvtt = {
url = "github:reckenrode/nix-foundryvtt";
inputs.nixpkgs.follows = "nixpkgs";
};
sonnenshift = {
url = "git+ssh://git@github.com/sonnenshift/battery-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
nixpkgs,
sops-nix,
deploy-rs,
...
}@inputs:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
vm = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs.flake-inputs = inputs;
modules = [
./configuration
./configuration/hardware-specific/vm.nix
];
};
in
{
##################
# Configurations #
##################
nixosConfigurations = {
# The actual system definition
hetzner-1 = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs.flake-inputs = inputs;
modules = [
./configuration
./configuration/hardware-specific/hetzner
];
};
};
############################
# Deployment configuration #
############################
deploy.nodes = {
hetzner-1 = {
hostname = "116.202.158.55";
profiles.system = {
user = "root";
path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.hetzner-1;
};
sshUser = "tlater";
sshOpts = [
"-p"
"2222"
"-o"
"ForwardAgent=yes"
];
};
};
#########
# Tests #
#########
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
###########################
# Garbage collection root #
###########################
packages.${system} =
let
localPkgs = import ./pkgs { inherit pkgs; };
in
{
default = vm.config.system.build.vm;
crowdsec-hub = localPkgs.crowdsec.hub;
crowdsec-firewall-bouncer = localPkgs.crowdsec.firewall-bouncer;
};
###################
# Utility scripts #
###################
apps.${system} = {
default = self.apps.${system}.run-vm;
run-vm = {
type = "app";
program =
let
in
(pkgs.writeShellScript "" ''
${vm.config.system.build.vm.outPath}/bin/run-testvm-vm
'').outPath;
};
update-crowdsec-packages =
let
git = pkgs.lib.getExe pkgs.git;
nvfetcher = pkgs.lib.getExe pkgs.nvfetcher;
in
{
type = "app";
program =
(pkgs.writeShellScript "update-crowdsec-packages" ''
cd "$(${git} rev-parse --show-toplevel)"
cd ./pkgs/crowdsec
${nvfetcher}
echo 'Remember to update the vendorHash of any go packages!'
'').outPath;
};
};
###########################
# Development environment #
###########################
devShells.${system}.default = nixpkgs.legacyPackages.${system}.mkShell {
sopsPGPKeyDirs = [
"./keys/hosts/"
"./keys/users/"
];
nativeBuildInputs = [ sops-nix.packages.${system}.sops-import-keys-hook ];
packages = with pkgs; [
sops-nix.packages.${system}.sops-init-gpg-key
deploy-rs.packages.${system}.default
nixpkgs-fmt
cargo
clippy
rustc
rustfmt
rust-analyzer
pkg-config
openssl
];
};
};
}