{ description = "A flake for building my infra"; outputs = inputs: let nixpkgsLib = inputs.nixpkgs.lib; forAllSystems = function: ( nixpkgsLib.genAttrs [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ] (system: function inputs.nixpkgs.legacyPackages."${system}") ); transformer = name: value: ( if name == [] then value else ( if (builtins.hasAttr "default" value) then value.default else value ) ); pathLoader = inputs.haumea.lib.loaders.path; importLoader = inputs.haumea.lib.loaders.verbatim; pkgsLoader = pkgs: (path: path: pkgs.callPackage path {}); loadDir = loader: src: inputs.haumea.lib.load { inherit src loader transformer; }; generateSystemConfiguration = nodeName: node: { system = node.system; specialArgs = { inherit inputs nodeName node; dnsNix = inputs.dnsNix.lib; nixStd = inputs.nixStd.lib; secrets = inputs.self.secrets; ctucxLib = inputs.self.lib; ctucxConfig = inputs.self.ctucxConfig.nixos; } // nixpkgsLib.optionalAttrs (nixpkgsLib.hasSuffix "darwin" node.system) { ctucxConfig = inputs.self.ctucxConfig.darwin; }; modules = [ { nixpkgs.overlays = [ inputs.self.overlays.packages inputs.self.overlays.nixpkgsUnstable inputs.ctucxWebsite.overlays.default ] ++ (if nixpkgsLib.hasSuffix "linux" node.system then [ inputs.stagit.overlays.default inputs.travelynx2fedi.overlays.default inputs.mqttWebUI.overlays.default inputs.ctucxThings.overlays.default inputs.ctucxGallery.overlays.default inputs.oeffisearch.overlays.default inputs.flauschehornSexy.overlays.default inputs.gpxMap.overlays.default inputs.mobileCoverageMap.overlays.default ] else [ inputs.self.overlays.darwinPackages inputs.self.overlays.darwinOverlay ]); } inputs.lixModule.nixosModules.default node.configuration ] ++ (if nixpkgsLib.hasSuffix "linux" node.system then [ inputs.impermanence.nixosModules.default inputs.homeManager.nixosModules.default inputs.agenix.nixosModules.default inputs.lanzaboote.nixosModules.lanzaboote inputs.simpleNixosMailserver.nixosModules.default inputs.grapevine.nixosModules.default inputs.ctucxThings.nixosModules.default inputs.self.nixosModules.default inputs.self.ctucxConfig.nixos.default ] else [ inputs.homeManager.darwinModules.default inputs.agenix.darwinModules.default inputs.self.darwinModules.default inputs.self.ctucxConfig.darwin.default ]); }; in { checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) (nixpkgsLib.filterAttrs (key: value: key != "x86_64-darwin") inputs.deploy-rs.lib); packages = forAllSystems (pkgs: ( (loadDir (pkgsLoader pkgs) ./packages/all) // nixpkgsLib.optionalAttrs pkgs.stdenv.isDarwin (loadDir (pkgsLoader pkgs) ./packages/darwin) )); nixosModules = loadDir pathLoader ./modules/nixos; darwinModules = loadDir pathLoader ./modules/darwin; overlays.nixpkgsUnstable = final: prev: { unstable = inputs.nixpkgsUnstable.legacyPackages.${prev.system}; }; overlays.darwinOverlay = import ./packages/darwinOverlay.nix; overlays.packages = final: prev: loadDir (path: path: final.callPackage path {}) ./packages/all; overlays.darwinPackages = final: prev: loadDir (path: path: final.callPackage path {}) ./packages/darwin; nodes = loadDir importLoader ./nodes; lib = loadDir (path: path: import path inputs) ./lib; secrets = loadDir [(inputs.haumea.lib.matchers.extension "age" pathLoader)] ./secrets; agenixKeys = (inputs.self.nodes |> builtins.mapAttrs (nodeName: nodeConfig: nodeConfig.sshPubKey)) // { main = "age1mn57hntgx775kwcwx4jrrd7rfl7z4wl54kqtgq8w2kzg7agz7alsv5eesw"; }; agenixSecrets = ( inputs.self.secrets |> nixpkgsLib.mapAttrsRecursive (path: value: [ (nixpkgsLib.nameValuePair "secrets/${nixpkgsLib.concatStringsSep "/" path}.age" { publicKeys = ( if inputs.self.nodes ? "${builtins.head path}" then [ inputs.self.agenixKeys.main inputs.self.agenixKeys."${builtins.head path}" ] else ( if (builtins.head path) == "allNodes" then builtins.attrValues inputs.self.agenixKeys else [ inputs.self.agenixKeys.main ] ) ); }) ]) |> nixpkgsLib.collect builtins.isList |> nixpkgsLib.flatten |> builtins.listToAttrs ) // { "secrets/briefkasten/influx/grafanaTokenMqttData.age".publicKeys = with inputs.self.agenixKeys; [ main briefkasten rabbit ]; }; ctucxConfig = rec { homeManager = loadDir pathLoader ./configurations/homeManager; common = (loadDir pathLoader ./configurations/common ) // { inherit homeManager; }; nixos = nixpkgsLib.recursiveUpdate common (loadDir pathLoader ./configurations/nixos); darwin = nixpkgsLib.recursiveUpdate common (loadDir pathLoader ./configurations/darwin); }; nixosConfigurations = builtins.mapAttrs (nodeName: node: ( nixpkgsLib.nixosSystem (generateSystemConfiguration nodeName node) )) (nixpkgsLib.filterAttrs (nodeName: node: nixpkgsLib.hasSuffix "linux" node.system) inputs.self.nodes); darwinConfigurations = builtins.mapAttrs (nodeName: node: ( inputs.nixDarwin.lib.darwinSystem (generateSystemConfiguration nodeName node) )) (nixpkgsLib.filterAttrs (nodeName: node: nixpkgsLib.hasSuffix "darwin" node.system) inputs.self.nodes); deploy = { activationTimeout = 600; confirmTimeout = 240; nodes = builtins.mapAttrs (nodeName: node: { hostname = node.config.networking.fqdn; sshUser = "root"; sshOpts = [ "-p" "${builtins.toString (nixpkgsLib.head node.config.services.openssh.ports)}" ]; profiles.system = { user = "root"; path = inputs.deploy-rs.lib.${node.config.nixpkgs.system}.activate.nixos node; }; }) inputs.self.nixosConfigurations; }; }; inputs = { # these are just dependencies of other inputs flakeCompat.url = "github:edolstra/flake-compat"; flakeyProfile.url = "github:lf-/flakey-profile"; flakeUtils.url = "github:numtide/flake-utils"; flakeParts.url = "github:hercules-ci/flake-parts"; nixSystemsDefault.url = "github:nix-systems/default"; flakeUtils.inputs.systems.follows = "nixSystemsDefault"; flakeParts.inputs.nixpkgs-lib.follows = "nixpkgs"; # nixpkgs nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgsDarwin.url = "github:NixOS/nixpkgs/nixpkgs-24.11-darwin"; nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixDarwin.url = "github:lnl7/nix-darwin/nix-darwin-24.11"; nixDarwin.inputs.nixpkgs.follows = "nixpkgs"; nixStd.url = "github:chessai/nix-std"; impermanence.url = "github:nix-community/impermanence"; haumea.url = "github:nix-community/haumea"; haumea.inputs.nixpkgs.follows = "nixpkgs"; dnsNix.url = "git+https://git.katja.wtf/dns.nix"; dnsNix.inputs.nixpkgs.follows = "nixpkgs"; homeManager.url = "github:nix-community/home-manager/release-24.11"; homeManager.inputs.nixpkgs.follows = "nixpkgs"; # agenix.url = "github:ryantm/agenix"; agenix.url = "github:oluceps/agenix/with-sysuser"; agenix.inputs.nixpkgs.follows = "nixpkgs"; agenix.inputs.darwin.follows = "nixDarwin"; agenix.inputs.systems.follows = "nixSystemsDefault"; agenix.inputs.home-manager.follows = "homeManager"; lanzaboote.url = "github:nix-community/lanzaboote/v0.4.1"; lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; lanzaboote.inputs.flake-parts.follows = "flakeParts"; lanzaboote.inputs.flake-utils.follows = "flakeUtils"; lanzaboote.inputs.flake-compat.follows = "flakeCompat"; simpleNixosMailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11"; simpleNixosMailserver.inputs.nixpkgs.follows = "nixpkgs"; simpleNixosMailserver.inputs.nixpkgs-24_11.follows = "nixpkgs"; simpleNixosMailserver.inputs.flake-compat.follows = "flakeCompat"; lix.url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"; lix.flake = false; lixModule.url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"; lixModule.inputs.lix.follows = "lix"; lixModule.inputs.flake-utils.follows = "flakeUtils"; lixModule.inputs.flakey-profile.follows = "flakeyProfile"; lixModule.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.inputs.utils.follows = "flakeUtils"; deploy-rs.inputs.flake-compat.follows = "flakeCompat"; conduwuit.url = "github:girlbossceo/conduwuit"; grapevine.url = "gitlab:matrix/grapevine?host=gitlab.computer.surgery&ref=main"; grapevine.inputs = { nixpkgs.follows = "nixpkgs"; flake-compat.follows = "flakeCompat"; flake-utils.follows = "flakeUtils"; }; stagit.url = "git+https://git.katja.wtf/stagit"; stagit.inputs.nixpkgs.follows = "nixpkgs"; mqttWebUI.url = "git+https://git.katja.wtf/mqtt-webui"; mqttWebUI.inputs.nixpkgs.follows = "nixpkgs"; oeffisearch.url = "git+https://git.katja.wtf/oeffisearch"; oeffisearch.inputs.nixpkgs.follows = "nixpkgs"; ctucxWebsite.url = "git+https://git.katja.wtf/website"; ctucxWebsite.inputs.nixpkgs.follows = "nixpkgs"; ctucxThings.url = "git+https://git.katja.wtf/ctucx.things"; ctucxThings.inputs.nixpkgs.follows = "nixpkgs"; ctucxGallery.url = "git+https://git.katja.wtf/gallery"; ctucxGallery.inputs.nixpkgs.follows = "nixpkgs"; flauschehornSexy.url = "git+https://git.katja.wtf/flauschehorn.sexy"; flauschehornSexy.inputs.nixpkgs.follows = "nixpkgs"; mobileCoverageMap.url = "git+https://git.katja.wtf/mobile-coverage-map"; mobileCoverageMap.inputs.nixpkgs.follows = "nixpkgs"; gpxMap.url = "git+https://git.katja.wtf/gpx-map"; gpxMap.inputs.nixpkgs.follows = "nixpkgs"; travelynx2fedi.url = "git+https://git.katja.wtf/travelynx2fedi"; travelynx2fedi.inputs.nixpkgs.follows = "nixpkgs"; firefoxGnomeTheme.flake = false; firefoxGnomeTheme.url = "github:rafaelmardojai/firefox-gnome-theme/v136"; }; }