{ description = "Nix flake for my infrastructure"; inputs = { agenix.url = "github:ryantm/agenix?rev=1f677b3e161d3bdbfd08a939e8f25de2568e0ef4"; terranix.url = "github:terranix/terranix"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixinate.url = "github:matthewcroughan/nixinate"; nixpkgs-wayland = { url = "github:nix-community/nixpkgs-wayland"; inputs.nixpkgs.follows = "nixpkgs"; }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy"; kubenix.url = "github:hall/kubenix"; }; outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland, kubenix }@inputs: let pkgs = nixpkgs.legacyPackages.x86_64-linux; tf = terranix.lib.terranixConfiguration { system = "x86_64-linux"; modules = [ ./terraform/main.nix ]; }; in { devShells.x86_64-linux.default = with pkgs; mkShell { shellHook = '' set -o allexport source .env set set +o allexport ''; nativeBuildInputs = [ jq opentofu kubectl awscli2 nodePackages.yaml-language-server k9s terraform-ls kubernetes-helm nil ]; buildInputs = [ ]; }; packages.aarch64-linux = { raspberry-pi = nixos-generators.nixosGenerate { system = "aarch64-linux"; modules = [ (nixpkgs + "/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix") ./pi-imgs/pi-initial.nix ]; format = "sd-aarch64-installer"; }; }; packages.x86_64-linux = { kubernetes = (kubenix.evalModules.x86_64-linux { module = { kubenix, ... }: { imports = [ kubenix.modules.k8s ./homelab/kubernetes.nix ]; }; }).config.kubernetes.result; }; apps = nixinate.nixinate.x86_64-linux self // { x86_64-linux = { tf-plan = { type = "app"; program = toString (pkgs.writers.writeBash "plan" '' if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi cp ${tf} terraform/config.tf.json \ && ${pkgs.opentofu}/bin/tofu -chdir=terraform init \ && ${pkgs.opentofu}/bin/tofu -chdir=terraform plan -out=plan.out ''); }; tf-apply = { type = "app"; program = toString (pkgs.writers.writeBash "apply" '' if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi cp ${tf} terraform/config.tf.json \ && ${pkgs.opentofu}/bin/tofu -chdir=terraform init \ && ${pkgs.opentofu}/bin/tofu -chdir=terraform apply plan.out ''); }; }; }; homeConfigurations."gsimmer" = home-manager.lib.homeManagerConfiguration { inherit pkgs; modules = [ ./nix/london/gsimmer.nix ]; }; nixosConfigurations = { london = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ (import ./nix/london/configuration.nix) home-manager.nixosModules.home-manager { home-manager.useUserPackages = true; home-manager.users.gsimmer = import ./nix/london/gsimmer.nix; } ({pkgs, config, ... }: { config = { nix.settings = { # add binary caches trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" ]; substituters = [ "https://cache.nixos.org" "https://nixpkgs-wayland.cachix.org" ]; }; # use it as an overlay nixpkgs.overlays = [ nixpkgs-wayland.overlay ]; # or, pull specific packages (built against inputs.nixpkgs, usually `nixos-unstable`) environment.systemPackages = [ nixpkgs-wayland.packages.x86_64-linux.waybar ]; }; } ) ]; }; oracle-gitea-runner = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ (import ./nix/oracle-gitea-runner/configuration.nix) { _module.args.nixinate = { host = "143.47.229.209"; sshUser = "root"; buildOn = "remote"; substituteOnTarget = true; hermetic = false; }; } ]; }; monitoring = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ (import ./nix/monitoring/configuration.nix) agenix.nixosModules.default alertmanager-ntfy.nixosModules.x86_64-linux.default { _module.args.nixinate = { host = "monitoring"; sshUser = "root"; buildOn = "remote"; substituteOnTarget = true; hermetic = false; }; } ]; }; nas = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ (import ./nix/nas/configuration.nix) agenix.nixosModules.default home-manager.nixosModules.home-manager { home-manager.users.gsimmer = import ./nix/nas/home.nix; _module.args.nixinate = { host = "vancouver"; sshUser = "gsimmer"; buildOn = "remote"; substituteOnTarget = true; hermetic = false; }; } ]; }; seattle = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ (import ./nix/seattle/configuration.nix) { _module.args.nixinate = { host = "seattle"; sshUser = "gsimmer"; buildOn = "remote"; substituteOnTarget = true; hermetic = false; }; } ]; }; glasgow = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ (import ./nix/glasgow/configuration.nix) { _module.args.nixinate = { host = "glasgow"; sshUser = "gsimmer"; buildOn = "remote"; substituteOnTarget = true; hermetic = false; }; } ]; }; }; }; }