# SPDX-FileCopyrightText: 2022 Richard Brežák # # SPDX-License-Identifier: LGPL-3.0-or-later { inputs = { nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; nixpkgs-stable.url = "github:NixOS/nixpkgs?ref=nixos-23.05"; nixpkgs-hashicorp.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; nixinate.url = "github:MagicRB/nixinate"; home-manager.url = "github:nix-community/home-manager?ref=master"; nixng.url = "github:nix-community/NixNG"; flake-parts.url = "github:hercules-ci/flake-parts"; nix-gaming.url = "github:fufexan/nix-gaming"; nix-gaming.inputs.nixpkgs.follows = "nixpkgs"; nix-gaming.inputs.flake-parts.follows = "flake-parts"; nil.url = "github:oxalica/nil"; uterranix.url = "sourcehut:~magic_rb/uterranix"; dwarffs.url = "github:edolstra/dwarffs"; dwarffs.inputs.nix.follows = "nix"; haskell-nix.url = "github:input-output-hk/haskell.nix"; serokell-nix.url = "github:magicrb/serokell.nix"; serokell-nix.inputs.haskell-nix.follows = "haskell-nix"; website.url = "sourcehut:~magic_rb/website"; microvm.url = "github:astro/microvm.nix"; notnft.url = "github:chayleaf/notnft"; impermenance.url = "github:MagicRB/impermanence"; numen-nix.url = "github:anpandey/numen-nix"; hydra.url = "github:NixOS/hydra"; nix.url = "github:NixOS/nix"; thingiverse-downloader.url = "sourcehut:~magic_rb/thingiverse_downloader"; thingiverse-downloader.flake = false; uk3s-nix.url = "path:///home/main/repos/uk3s.nix"; pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; nix-eval-jobs.url = "github:nix-community/nix-eval-jobs"; nix-fast-build.url = "github:Mic92/nix-fast-build"; yafas.url = "github:UbiqueLambda/yafas"; yafas.inputs.flake-schemas.follows = "nix-empty-flake"; nix-empty-flake.url = "github:chaotic-cx/nix-empty-flake"; chaotic-nyx.url = "github:chaotic-cx/nyx"; chaotic-nyx.inputs.nixpkgs.follows = "nixpkgs"; chaotic-nyx.inputs.home-manager.follows = "home-manager"; chaotic-nyx.inputs.compare-to.follows = "nix-empty-flake"; chaotic-nyx.inputs.yafas.follows = "yafas"; chaotic-nyx.inputs.flake-schemas.follows = "nix-empty-flake"; chaotic-nyx.inputs.attic.follows = "nix-empty-flake"; chaotic-nyx.inputs.crane.follows = "nix-empty-flake"; chaotic-nyx.inputs.flake-compat.follows = "nix-empty-flake"; chaotic-nyx.inputs.flake-utils.follows = "nix-empty-flake"; chaotic-nyx.inputs.fenix.follows = "nix-empty-flake"; chaotic-nyx.inputs.nix-filter.follows = "nix-empty-flake"; disko.url = "github:nix-community/disko"; nixos-anywhere.url = "github:numtide/nixos-anywhere"; tuxedo-rs.url = "github:AaronErhardt/tuxedo-rs"; tuxedo-rs.inputs.nixpkgs.follows = "nixpkgs"; tuxedo-nixos.url = "github:blitz/tuxedo-nixos"; tuxedo-nixos.inputs.nixpkgs.follows = "nixpkgs"; emacs.url = "sourcehut:~magic_rb/emacs"; emacs.flake = false; vtermModule.url = "github:akermu/emacs-libvterm"; vtermModule.flake = false; secret.url = "path:///home/main/dotfiles/secret"; secret.flake = false; ical2org.url = "sourcehut:~magic_rb/ical2orgpy"; ical2org.flake = false; udp-over-tcp.url = "github:mullvad/udp-over-tcp"; udp-over-tcp.flake = false; }; outputs = inputs @ { flake-parts, self, secret, ... }: flake-parts.lib.mkFlake {inherit inputs;} ({ config, lib', ... }: { imports = [ modules/nixngConfigurations.nix modules/lib_overlays.nix lib/load_secrets.nix nixos/systems/omen nixos/systems/heater nixos/systems/toothpick nixos/systems/liveusb nixos/systems/blowhole nixos/systems/altra nixos/systems/gooseberry nixos/systems/grasshopper nixos/systems/inkbook nixng/containers/ingress-blowhole nixng/containers/ingress-toothpick nixng/containers/matrix/mautrix-signal nixng/containers/matrix/mautrix-discord nixng/containers/matrix/mautrix-slack nixng/containers/matrix/mautrix-facebook nixng/containers/matrix/heisenbridge nixng/containers/matrix/synapse nixng/containers/website nixng/containers/home-assistant nixng/containers/email/getmail nixng/containers/email/dovecot.nix nixng/containers/email/postfix nixng/containers/gitea nixng/containers/hydra nixng/containers/syncthing nixng/containers/minecraft/enigmatica-6 # nixng/containers/minecraft/vanilla # nixng/containers/minecraft/ftb-infinity # nixng/containers/minecraft/ftb-integrations overlays/udp-over-tcp.nix overlays/emacsclient-remote overlays/magic-screenshot overlays/emacs-rofi overlays/tree-sitter-grammars.nix overlays/emacs-master-nativecomp overlays/zfs-relmount overlays/mautrix-discord.nix overlays/mautrix-slack.nix overlays/getmail6 overlays/maildrop overlays/courier-unicode.nix overlays/ds3os.nix overlays/terraform-provider-vault.nix overlays/terraform-provider-influxdb-v2.nix overlays/bootloadHID.nix overlays/itp overlays/virtiofsd-zfs overlays/show-files-to-be-deleted overlays/rolling_datasets overlays/ledger-compat overlays/ifstate overlays/microvmp overlays/symlink-state overlays/thingiverse-downloader dev-shells/default.nix inputs.uterranix.flakeModule inputs.uk3s-nix.flakeModules.helmCharts ]; _module.args.lib' = let inherit (inputs.nixpkgs) lib; inherit (inputs.nixpkgs.lib) extend ; in lib.foldl (acc: x: acc.extend x) lib (with config.flake.libOverlays; [ loadSecrets ]); flake.hydraJobs = let inherit (lib') mapAttrs filterAttrs ; recurseIntoAttrs = attrs: attrs // {recurseForDerivations = {};}; in { nixng = recurseIntoAttrs (mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixngConfigurations); nixos = recurseIntoAttrs (mapAttrs (_: v: v.config.system.build.toplevel) { inherit (config.flake.nixosConfigurations) blowhole heater ; }); packages = recurseIntoAttrs (mapAttrs (_: v: recurseIntoAttrs v) (filterAttrs (n: v: n != "armv8-linux" && n != "riscv64-linux") config.flake.packages)); }; flake.evalJobs = let tweak = lib'.mapAttrs ( name: val: if name == "recurseForDerivations" then true else if lib'.isAttrs val && val.type or null != "derivation" then lib'.recurseIntoAttrs (tweak val) else val ); in tweak config.flake.hydraJobs; uterranix.configurations.main = [ ./terranix/default.nix { _module.args.secret = lib'.loadSecrets secret; _module.args.vars = { flake_rev = self.rev or (lib'.warn "No flake revision available, do not deploy containers!" ""); flake_sha = self.narHash or (lib'.warn "No flake nar hash available, do not deploy containers!" ""); flake_ref = "master"; flake_host = "git+https://git.sr.ht/~magic_rb/dotfiles"; }; _module.args.config' = config; } ]; uterranix.specialArgs = {pkgs, ...}: { elib = import ./terranix/lib { lib = lib'; inherit pkgs; tflib = inputs.uterranix.lib; }; }; uterranix.preInit = '' TEMPFILE="$(ssh -t blowhole.hosts.in.redalder.org mktemp)" ssh -t blowhole.hosts.in.redalder.org $"sudo sh -c $'kubectl create token --duration=10m cluster-admin --namespace kube-system 1>$TEMPFILE ; chown \"\$SUDO_USER:root\" $TEMPFILE'" export KUBE_TOKEN=$(ssh blowhole.hosts.in.redalder.org "cat $TEMPFILE") ssh blowhole.hosts.in.redalder.org "rm $TEMPFILE" export FLAKE_ROOT="$(pwd)" ''; uterranix.terraform = pkgs: let hpkgs = import inputs.nixpkgs { inherit (pkgs.stdenv) system; overlays = with self.overlays; [ terraform-provider-vault terraform-provider-influxdb-v2 ]; config.allowUnfreePredicate = lib'.traceVal (pkgs: builtins.elem (lib'.getName pkgs) [ "terraform" ]); }; in hpkgs.terraform.withPlugins (p: [ p.consul p.kubernetes p.nomad p.local p.vault p.random p.null p.external p.influxdb-v2 p.hcloud ]); flake.nixosModules = { hashicorp = nixos/modules/hashicorp.nix; hashicorp-envoy = nixos/modules/hashicorp-envoy.nix; telegraf = nixos/modules/telegraf.nix; grafana = nixos/modules/grafana.nix; influx-provisioning = nixos/modules/influx-provisioning.nix; microvm-extras = nixos/modules/microvm-extras.nix; microvm-extras-host = nixos/modules/microvm-extras-host.nix; notnft = nixos/modules/notnft.nix; ucontainers = nixos/modules/ucontainers.nix; }; flake.apps = inputs.nixpkgs.lib.genAttrs config.systems (system: { nixos-anywhere.program = inputs.nixos-anywhere.packages.${system}.nixos-anywhere; nixos-anywhere.type = "app"; }); perSystem = { system, pkgs, ... }: { helmCharts.main = { }; checks.pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run { src = ./.; hooks = { alejandra.enable = true; }; }; packages = let inherit (lib') attrValues ; pkgs' = pkgs.appendOverlays (attrValues config.flake.overlays ++ [ inputs.nixng.overlays.default ]); in { terraform-provider-influxdb-v2 = pkgs'.terraform-providers.influxdb-v2; terraform-provider-vault = pkgs'.terraform-providers.vault; inherit (pkgs') thingiverse-downloader-bash emacsclient-remote emacs-master-nativecomp emacs-rofi getmail6 magic-screenshot maildrop zfs-relmount bootloadHID tree-sitter-grammars udp-over-tcp itp rolling_datasets ifstate microvmp symlink-state ; # ds3os; }; }; flake.patches = { hashicorp-nomad.revert-change-consul-si-tokens-to-be-local = patches/0001-Revert-Change-consul-SI-tokens-to-be-local.patch; hashicorp-nomad.add-nix-integration = patches/0001-Add-Nix-integration.patch; hostapd.intel_lar-and-noscan = patches/0001-intel_lar-and-noscan.patch; hostapd.hostapd-2_10-lar = patches/999-hostapd-2.10-lar.patch; hostapd.hostapd-2_10-lar-2 = patches/hostapd-2.10-lar.patch; terraform-provider-nomad.allow-null-in-authMountTuneSchema = patches/vault-provider-Allow-null-in-authMountTuneSchema.patch; systemd.override-cgroup-hierarchy = patches/0001-Add-env-SYSTEMD_UNIFIED_CGROUP_HIERARCHY.patch; }; systems = [ "x86_64-linux" "aarch64-linux" ]; }); }