{ description = "Fudo Host Configuration"; inputs = { nixpkgs.url = "nixpkgs/nixos-23.11"; # "git+https://fudo.dev/nix/nixpkgs.git"; fudo-home = { url = "git+https://fudo.dev/nix/home.git"; # url = "path:/state/fudo-home"; inputs.nixpkgs.follows = "nixpkgs"; }; # This MUST be a clean git repo, because we use the timestamp. fudo-entities.url = "git+https://fudo.dev/nix/entities.git"; fudo-lib.url = "git+https://fudo.dev/nix/lib.git"; fudo-pkgs.url = "git+https://fudo.dev/nix/pkgs.git"; fudo-secrets = { url = "path:/secrets"; inputs.nixpkgs.follows = "nixpkgs"; }; # chute = { # url = "git+https://fudo.dev/chute/chute.git?ref=stable"; # inputs.nixpkgs.follows = "nixpkgs"; # }; # chuteUnstable = { # url = "git+https://fudo.dev/chute/chute.git?ref=master"; # inputs.nixpkgs.follows = "nixpkgs"; # }; # pricebot = { # url = "git+https://fudo.dev/public/pricebot.git"; # inputs.nixpkgs.follows = "nixpkgs"; # }; nixpkgsUnstable.url = "nixpkgs/nixos-unstable"; wallfly = { url = "git+https://fudo.dev/public/wallfly.git"; inputs.nixpkgs.follows = "nixpkgs"; }; objectifier = { url = "git+https://fudo.dev/public/objectifier.git"; inputs.nixpkgs.follows = "nixpkgs"; }; nexus = { url = "git+https://fudo.dev/public/nexus.git"; inputs.nixpkgs.follows = "nixpkgs"; }; suanni = { url = "git+https://fudo.dev/public/suanni.git"; inputs.nixpkgs.follows = "nixpkgs"; }; snooper = { url = "git+https://fudo.dev/public/snooper.git"; inputs.nixpkgs.follows = "nixpkgs"; }; tattler = { url = "git+https://fudo.dev/public/tattler.git"; inputs.nixpkgs.follows = "nixpkgs"; }; mabel = { url = "git+https://fudo.dev/public/mabel.git"; inputs.nixpkgs.follows = "nixpkgs"; }; arion = { url = "github:hercules-ci/arion"; inputs.nixpkgs.follows = "nixpkgs"; }; lemmy-docker = { url = "git+https://fudo.dev/public/lemmy-docker.git"; inputs = { nixpkgs.follows = "nixpkgs"; arion.follows = "arion"; }; }; tesla-mate-container = { url = "git+https://fudo.dev/public/tesla-mate-container.git"; inputs = { nixpkgs.follows = "nixpkgs"; arion.follows = "arion"; }; }; mastodon-container = { url = "git+https://fudo.dev/public/mastodon-container.git"; inputs = { nixpkgs.follows = "nixpkgs"; arion.follows = "arion"; }; }; lemmy-container = { url = "git+https://fudo.dev/public/lemmy-container.git"; inputs = { nixpkgs.follows = "nixpkgs"; arion.follows = "arion"; }; }; authentik-container = { url = "git+https://fudo.dev/nix/authentik-container.git"; inputs = { nixpkgs.follows = "nixpkgs"; arion.follows = "arion"; }; }; nextcloud-container = { url = "git+https://fudo.dev/public/nextcloud-container.git"; inputs = { nixpkgs.follows = "nixpkgs"; arion.follows = "arion"; }; }; matrix-module = { url = "git+https://fudo.dev/public/matrix-module.git"; inputs.nixpkgs.follows = "nixpkgs"; }; mail-server = { url = "git+https://fudo.dev/public/mail-server.git"; inputs = { arion.follows = "arion"; nixpkgs.follows = "nixpkgs"; }; }; immich-container = { url = "git+https://fudo.dev/public/immich-container.git"; inputs = { arion.follows = "arion"; nixpkgs.follows = "nixpkgs"; }; }; immich-ml-container = { url = "git+https://fudo.dev/public/immich-ml-container.git"; inputs = { arion.follows = "arion"; nixpkgs.follows = "nixpkgs"; }; }; authoritative-dns = { url = "git+https://fudo.dev/public/authoritative-dns.git"; inputs.nixpkgs.follows = "nixpkgs"; }; frigate-container = { url = "git+https://fudo.dev/public/frigate-container.git"; inputs.nixpkgs.follows = "nixpkgs"; }; grafana-module = { url = "git+https://fudo.dev/public/grafana-module.git"; inputs.nixpkgs.follows = "nixpkgs"; }; textfiles = { url = "git+https://git.informis.land/informis/textfiles.git"; flake = false; }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; outputs = { self, nixpkgs, fudo-home, fudo-lib, fudo-entities, fudo-pkgs , fudo-secrets, nixpkgsUnstable, wallfly, objectifier, nexus, suanni , snooper, tattler, lemmy-docker, tesla-mate-container, mastodon-container , authentik-container, nextcloud-container, textfiles, matrix-module , mail-server, authoritative-dns, frigate-container, grafana-module , lemmy-container, immich-container, immich-ml-container, mabel , nixos-hardware, ... }@inputs: with nixpkgs.lib; let fudo-nixos-hosts = filterAttrs (hostname: hostOpts: hostOpts.nixos-system) fudo-entities.entities.hosts; fudo-networks = fudo-entities.entities.networks; unstable-for = arch: import nixpkgsUnstable { system = arch; config.allowUnfree = true; }; pkgs-for = arch: let unstable = unstable-for arch; in import nixpkgs { system = arch; config = { allowUnfree = true; permittedInsecurePackages = [ # Necessary for Kerberos "openssl-1.1.1w" "python3.10-requests-2.28.2" "python3.10-cryptography-40.0.1" "gitea-1.19.4" ]; }; overlays = [ fudo-lib.overlays.default fudo-pkgs.overlays.default fudo-secrets.overlays.default fudo-entities.overlays.default self.overlays.fudoHostConfig (final: prev: { chute = chute.packages.${arch}.chute; chuteUnstable = chuteUnstable.packages.${arch}.chute; }) (final: prev: { pkgsUnstable = unstable; inherit nixos-hardware; }) (final: prev: { signal-desktop = unstable.signal-desktop; factorio-experimental = unstable.factorio-experimental; factorio-headless-experimental = unstable.factorio-headless-experimental; }) (final: prev: { inherit textfiles; }) (final: prev: { nvidia-container-toolkit = unstable.nvidia-container-toolkit; }) ]; }; latest-modified-timestamp = head (sort (a: b: a > b) (map (input: toInt input.lastModifiedDate) (filter (input: hasAttr "lastModifiedDate" input) (attrValues inputs)))); concat-timestamp = timestamp: toInt (substring 0 10 (toString timestamp)); mkFudoHostConfig = hostname: hostOpts: let config-dir = ./config; build-timestamp = concat-timestamp latest-modified-timestamp; in { config, ... }: { imports = [ fudo-home.nixosModules.default fudo-secrets.nixosModules.default fudo-lib.nixosModules.default fudo-entities.nixosModule # pricebot.nixosModules.default wallfly.nixosModule objectifier.nixosModules.default suanni.nixosModules.default snooper.nixosModules.default tattler.nixosModules.default lemmy-docker.nixosModules.default tesla-mate-container.nixosModules.default mastodon-container.nixosModules.default authentik-container.nixosModules.default nextcloud-container.nixosModules.default matrix-module.nixosModules.default mail-server.nixosModules.default authoritative-dns.nixosModules.default frigate-container.nixosModules.default grafana-module.nixosModules.default lemmy-container.nixosModules.default immich-container.nixosModules.default immich-ml-container.nixosModules.default mabel.nixosModules.default nexus.nixosModules.nexus-client nexus.nixosModules.nexus-server nexus.nixosModules.nexus-powerdns ./config (config-dir + "/hardware/${hostname}.nix") (config-dir + "/host-config/${hostname}.nix") (config-dir + "/profile-config/${hostOpts.profile}.nix") (config-dir + "/domain-config/${hostOpts.domain}.nix") (config-dir + "/site-config/${hostOpts.site}.nix") (import ./hardware-modules.nix nixos-hardware.nixosModules hostname) ]; config = let pkgs = pkgs-for hostOpts.arch; in { instance = let build-seed = builtins.readFile config.fudo.secrets.files.build-seed; in { inherit hostname build-timestamp build-seed; }; environment.etc.nixos-live.source = ./.; nix = { registry = { nixpkgs.flake = nixpkgs; fudo-nixos.flake = self; fudo-entities.flake = fudo-entities; fudo-lib.flake = fudo-lib; fudo-pkgs.flake = fudo-pkgs; }; nixPath = let lib = nixpkgs.lib; in lib.mkDefault (lib.mkBefore [ "nixpkgs=${nixpkgs}" ]); }; nixpkgs.pkgs = pkgs; }; }; mkFudoNixOsSystem = hostname: hostOpts: let system = hostOpts.arch; in nixosSystem { inherit system; modules = [ (mkFudoHostConfig hostname hostOpts) ]; }; mkFudoNixopsHostConfig = hostname: hostOpts: let zone-hosts = fudo-entities.entities.zones.${hostOpts.domain}.hosts; in { imports = [ (mkFudoHostConfig hostname hostOpts) (_: { config.deployment.targetHost = zone-hosts.${hostname}.ipv4-address; }) ]; }; in { nixosConfigurations = mapAttrs mkFudoNixOsSystem fudo-nixos-hosts; nixopsHostConfigurations = mapAttrs mkFudoNixopsHostConfig fudo-nixos-hosts; lib = { inherit mkFudoHostConfig mkFudoNixOsSystem mkFudoNixopsHostConfig; }; overlays = rec { default = fudoHostConfig; fudoHostConfig = (final: prev: { lib = prev.lib // self.lib; moduleRegistry = { authoritativeDns = authoritative-dns.nixosModules.default; }; }); }; }; }