# SPDX-FileCopyrightText: 2022 Richard Brežák # # SPDX-License-Identifier: LGPL-3.0-or-later { inputs = { nixpkgs.follows = "nixpkgs-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; nixpkgs-stable.url = "github:NixOS/nixpkgs?ref=nixos-24.05"; home-manager.follows = "home-manager-unstable"; home-manager-stable.url = "github:nix-community/home-manager?ref=release-24.05"; home-manager-unstable.url = "github:nix-community/home-manager?ref=master"; nixng.url = "github:nix-community/NixNG"; flake-parts.url = "github:hercules-ci/flake-parts"; nix-gaming.url = "github:fufexan/nix-gaming"; nix-gaming.inputs.nixpkgs.follows = "nixpkgs"; nix-gaming.inputs.flake-parts.follows = "flake-parts"; nil.url = "github:oxalica/nil"; uterranix.url = "sourcehut:~magic_rb/uterranix"; dwarffs.url = "github:edolstra/dwarffs"; dwarffs.inputs.nix.follows = "nix"; website.url = "sourcehut:~magic_rb/website"; microvm.url = "github:astro/microvm.nix"; notnft.url = "github:chayleaf/notnft"; impermenance.url = "github:MagicRB/impermanence"; hydra.url = "github:NixOS/hydra"; nix.url = "github:NixOS/nix"; thingiverse-downloader.url = "sourcehut:~magic_rb/thingiverse_downloader"; thingiverse-downloader.flake = false; nix-snapshotter.url = "github:pdtpartners/nix-snapshotter"; uk3s-nix.url = "sourcehut:~magic_rb/uk3s.nix"; uk3s-nix.inputs.nix-snapshotter.follows = "nix-snapshotter"; uk3s-nix.inputs.nixng.follows = "nixng"; pre-commit-hooks.url = "github:magicrb/git-hooks.nix?ref=imports-modules"; nix-eval-jobs.url = "github:nix-community/nix-eval-jobs"; nix-fast-build.url = "github:Mic92/nix-fast-build"; buildbot-nix.url = "path:///home/main/repos/buildbot-nix"; # "github:magicrb/buildbot-nix?ref=github_app"; # buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; # do not override buildbot-nix vendors its buildbot instance haumea = { url = "github:nix-community/haumea/v0.2.2"; inputs.nixpkgs.follows = "nixpkgs"; }; percept.url = "git+https://codeberg.org/magic_rb/percept?ref=master"; percept.flake = false; yafas.url = "github:UbiqueLambda/yafas"; yafas.inputs.flake-schemas.follows = "nix-empty-flake"; nix-empty-flake.url = "github:chaotic-cx/nix-empty-flake"; chaotic-nyx.url = "github:chaotic-cx/nyx"; chaotic-nyx.inputs.nixpkgs.follows = "nixpkgs"; chaotic-nyx.inputs.home-manager.follows = "home-manager"; chaotic-nyx.inputs.compare-to.follows = "nix-empty-flake"; chaotic-nyx.inputs.yafas.follows = "yafas"; chaotic-nyx.inputs.flake-schemas.follows = "nix-empty-flake"; chaotic-nyx.inputs.attic.follows = "nix-empty-flake"; chaotic-nyx.inputs.crane.follows = "nix-empty-flake"; chaotic-nyx.inputs.flake-compat.follows = "nix-empty-flake"; chaotic-nyx.inputs.flake-utils.follows = "nix-empty-flake"; chaotic-nyx.inputs.fenix.follows = "nix-empty-flake"; chaotic-nyx.inputs.nix-filter.follows = "nix-empty-flake"; disko.url = "github:nix-community/disko"; nixos-anywhere.url = "github:numtide/nixos-anywhere"; tuxedo-rs.url = "github:AaronErhardt/tuxedo-rs"; tuxedo-rs.inputs.nixpkgs.follows = "nixpkgs"; tuxedo-nixos.url = "github:blitz/tuxedo-nixos"; tuxedo-nixos.inputs.nixpkgs.follows = "nixpkgs"; emacs.url = "sourcehut:~magic_rb/emacs"; emacs.flake = false; vtermModule.url = "github:akermu/emacs-libvterm"; vtermModule.flake = false; secret.url = "path:///home/main/dotfiles/secret"; secret.flake = false; ical2org.url = "sourcehut:~magic_rb/ical2orgpy"; ical2org.flake = false; udp-over-tcp.url = "github:mullvad/udp-over-tcp"; udp-over-tcp.flake = false; }; outputs = inputs @ { flake-parts, self, secret, ... }: flake-parts.lib.mkFlake {inherit inputs;} ({ config, lib', ... }: { imports = [ modules/nixngConfigurations.nix modules/lib_overlays.nix lib/load_secrets.nix nixos/systems/omen nixos/systems/buildbot-container nixos/systems/heater nixos/systems/toothpick nixos/systems/liveusb nixos/systems/blowhole nixos/systems/altra nixos/systems/gooseberry nixos/systems/grasshopper nixos/systems/inkbook nixos/systems/hela nixng/containers/ingress-blowhole nixng/containers/ingress-toothpick nixng/containers/matrix/mautrix-signal nixng/containers/matrix/mautrix-discord nixng/containers/matrix/mautrix-slack nixng/containers/matrix/mautrix-facebook nixng/containers/matrix/heisenbridge nixng/containers/matrix/synapse nixng/containers/website nixng/containers/home-assistant nixng/containers/email/getmail nixng/containers/email/dovecot.nix nixng/containers/email/postfix nixng/containers/gitea nixng/containers/hydra nixng/containers/syncthing nixng/containers/minecraft/enigmatica-6 # nixng/containers/minecraft/vanilla # nixng/containers/minecraft/ftb-infinity # nixng/containers/minecraft/ftb-integrations overlays/udp-over-tcp.nix overlays/emacsclient-remote overlays/magic-screenshot overlays/emacs-rofi overlays/tree-sitter-grammars.nix overlays/emacs-master-nativecomp overlays/zfs-relmount overlays/mautrix-discord.nix overlays/mautrix-slack.nix overlays/getmail6 overlays/maildrop overlays/courier-unicode.nix overlays/ds3os.nix overlays/terraform-provider-vault.nix overlays/terraform-provider-influxdb-v2.nix overlays/bootloadHID.nix overlays/itp overlays/virtiofsd-zfs overlays/show-files-to-be-deleted overlays/rolling_datasets overlays/ledger-compat overlays/ifstate overlays/microvmp overlays/symlink-state overlays/thingiverse-downloader overlays/bumps.nix overlays/kobo-firmware-extractor overlays/ip-search overlays/perl.nix overlays/uboot overlays/linux overlays/rp-pppoe.nix inputs.percept.outPath dev-shells/default.nix ./checks nixos/tests inputs.uterranix.flakeModule inputs.uk3s-nix.flakeModules.helmCharts ]; _module.args.lib' = let inherit (inputs.nixpkgs) lib; inherit (inputs.nixpkgs.lib) extend ; in lib.foldl (acc: x: acc.extend x) lib (with config.flake.libOverlays; [ loadSecrets ]); flake.hydraJobs = let inherit (lib') mapAttrs filterAttrs ; recurseIntoAttrs = attrs: attrs // {recurseForDerivations = {};}; in { nixng = recurseIntoAttrs (mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixngConfigurations); nixos = recurseIntoAttrs (mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixosConfigurations); packages = recurseIntoAttrs (mapAttrs (_: v: recurseIntoAttrs v) (filterAttrs (n: v: n != "armv8-linux" && n != "riscv64-linux") config.flake.packages)); }; flake.evalJobs = let tweak = lib'.mapAttrs ( name: val: if name == "recurseForDerivations" then true else if lib'.isAttrs val && val.type or null != "derivation" then lib'.recurseIntoAttrs (tweak val) else val ); in tweak config.flake.hydraJobs; uterranix.configurations.main = [ ./terranix/main/default.nix { _module.args.secret = lib'.loadSecrets secret; _module.args.vars = { flake_rev = self.rev or (lib'.warn "No flake revision available, do not deploy containers!" ""); flake_sha = self.narHash or (lib'.warn "No flake nar hash available, do not deploy containers!" ""); flake_ref = "master"; flake_host = "git+https://git.sr.ht/~magic_rb/dotfiles"; }; _module.args.config' = config; } ]; uterranix.configurations.prepare = [ ./terranix/prepare/default.nix ]; uterranix.specialArgs = {pkgs, ...}: { paths.root = ./.; elib = import ./terranix/lib { lib = lib'; inherit pkgs; uterranix-lib = inputs.uterranix.lib.${pkgs.stdenv.system}; }; }; uterranix.preInit = '' TEMPFILE="$(ssh -t blowhole.hosts.in.redalder.org mktemp)" ssh -t blowhole.hosts.in.redalder.org $"sudo sh -c $'kubectl -s https://172.26.96.2:6443 create token --duration=10m cluster-admin --namespace kube-system 1>$TEMPFILE ; chown \"\$SUDO_USER:root\" $TEMPFILE'" export KUBE_TOKEN=$(ssh blowhole.hosts.in.redalder.org "cat $TEMPFILE") ssh blowhole.hosts.in.redalder.org "rm $TEMPFILE" export FLAKE_ROOT="$(pwd)" ''; uterranix.terraform = pkgs: let hpkgs = import inputs.nixpkgs { inherit (pkgs.stdenv) system; overlays = with self.overlays; [ terraform-provider-vault terraform-provider-influxdb-v2 ]; config.allowUnfreePredicate = pkgs: builtins.elem (lib'.getName pkgs) [ "terraform" ]; }; in hpkgs.terraform.withPlugins (p: [ p.consul p.kubernetes p.nomad p.local p.vault p.random p.null p.external p.influxdb-v2 p.hcloud ]); flake.nixosModules = { hashicorp = nixos/modules/hashicorp.nix; acme-sh = nixos/modules/acme-sh.nix; hashicorp-envoy = nixos/modules/hashicorp-envoy.nix; telegraf = nixos/modules/telegraf.nix; grafana = nixos/modules/grafana.nix; influx-provisioning = nixos/modules/influx-provisioning.nix; notnft = nixos/modules/notnft.nix; notnft-ns = nixos/modules/notnft-ns.nix; ucontainers = nixos/modules/ucontainers.nix; netboot-xyz = nixos/modules/netboot-xyz.nix; netnsIf = nixos/modules/router/netns-if.nix; }; flake.apps = inputs.nixpkgs.lib.genAttrs config.systems (system: { nixos-anywhere.program = inputs.nixos-anywhere.packages.${system}.nixos-anywhere; nixos-anywhere.type = "app"; }); perSystem = { system, pkgs, ... }: { helmCharts.main = { }; packages = let inherit (lib') attrValues ; pkgs' = pkgs.appendOverlays (attrValues config.flake.overlays ++ [ inputs.nixng.overlays.default ]); in { terraform-provider-influxdb-v2 = pkgs'.terraform-providers.influxdb-v2; terraform-provider-vault = pkgs'.terraform-providers.vault; ubootClaraHD = pkgs'.pkgsCross.armv7l-hf-multiplatform.ubootClaraHD; linuxClaraHD = pkgs'.pkgsCross.armv7l-hf-multiplatform.linuxClaraHD; ubootBananaPiR4 = pkgs'.pkgsCross.aarch64-multiplatform.ubootBananaPiR4; linuxBananaPiR4 = pkgs'.pkgsCross.aarch64-multiplatform.linuxBananaPiR4; inherit (pkgs') thingiverse-downloader-bash emacsclient-remote emacs-master-nativecomp emacs-rofi getmail6 magic-screenshot maildrop zfs-relmount bootloadHID tree-sitter-grammars udp-over-tcp itp rolling_datasets ifstate microvmp symlink-state kobo-firmware-extractor ip-search percept ; # ds3os; }; }; flake.patches = { hashicorp-nomad.revert-change-consul-si-tokens-to-be-local = patches/0001-Revert-Change-consul-SI-tokens-to-be-local.patch; hashicorp-nomad.add-nix-integration = patches/0001-Add-Nix-integration.patch; hostapd.intel_lar-and-noscan = patches/0001-intel_lar-and-noscan.patch; hostapd.hostapd-2_10-lar = patches/999-hostapd-2.10-lar.patch; hostapd.hostapd-2_10-lar-2 = patches/hostapd-2.10-lar.patch; terraform-provider-nomad.allow-null-in-authMountTuneSchema = patches/vault-provider-Allow-null-in-authMountTuneSchema.patch; systemd.override-cgroup-hierarchy = patches/0001-Add-env-SYSTEMD_UNIFIED_CGROUP_HIERARCHY.patch; bubblewrap.dont-bail-on-caps = patches/0001-Don-t-bail-if-we-have-capabilities-in-non-setuid-cas.patch; }; systems = [ "x86_64-linux" "aarch64-linux" "armv7l-linux" ]; }); }