{ description = "hacc infra stuff"; inputs = { nixpkgs.url = "nixpkgs/nixos-24.05-small"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable-small"; nixpkgs-oldstable.url = "github:/NixOS/nixpkgs?rev=c4aec3c021620d98861639946123214207e98344"; nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; tracktrain.url = "git+https://stuebinm.eu/git/tracktrain?ref=main"; tracktrain.flake = false; deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable"; # these exist mostly to make the flake.lock somewhat more human-friendly # note that in theory doing this might break things, but it seems fairly unlikely nixos-mailserver.inputs = { "nixpkgs-24_05".follows = "nixpkgs"; nixpkgs.follows = "nixpkgs-unstable"; utils.follows = "/deploy-rs/utils"; flake-compat.follows = "/deploy-rs/flake-compat"; }; }; outputs = { self, nixpkgs, deploy-rs, sops-nix, ... }@inputs: let modules = { bindMounts = import ./modules/bindmounts.nix; nopersist = import ./modules/nopersist.nix; encboot = import ./modules/encboot.nix; }; profiles = { container = import ./modules/container-profile.nix; }; pkgs = import ./pkgs { sources = inputs; system = "x86_64-linux"; config.allowUnfree = true; config.permittedInsecurePackages = [ "nextcloud-27.1.11" ]; }; in { nixosConfigurations.parsons = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ ./parsons/configuration.nix ./modules/buildinfo.nix ./modules/containers.nix sops-nix.nixosModules.sops { nixpkgs.pkgs = pkgs; } ]; specialArgs = { sources = inputs; inherit modules profiles; inherit (nixpkgs.lib) nixosSystem; }; }; deploy.nodes.parsons = { hostname = "parsons"; profiles.system = { user = "root"; autoRollback = false; path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.parsons; }; }; # This is highly advised, and will prevent many possible mistakes checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; apps.x86_64-linux = let mkApp = pkg: { type = "app"; program = pkgs.lib.getExe pkg; }; websites = pkgs.lib.mapAttrs (name: mkApp) self.nixosConfigurations.parsons.config.hacc.websites.builders; in { docs = websites."docs.hacc.space"; } // websites; packages.x86_64-linux = { inherit (pkgs) mattermost hacc-scripts; }; }; }