{ description = "NixOS definitions for our physical servers"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; deploy-rs.url = "github:serokell/deploy-rs"; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, ... }: let system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages.${system}; pkgs-unstable = nixpkgs-unstable.legacyPackages.${system}; machines = { jefke = { name = "jefke"; hostname = "jefke.hyp"; user-cert = builtins.readFile ./jefke_user_ed25519-cert.pub; host-cert = builtins.readFile ./jefke_host_ed25519-cert.pub; }; }; in { devShells.${system}.default = pkgs.mkShell { packages = [ pkgs.libsecret pkgs-unstable.nixos-anywhere pkgs-unstable.deploy-rs ]; }; # TODO. if uncommented, nix flake check fails # formatter = pkgs.nixfmt; # TODO create helper nixosConfigurations = nixpkgs.lib.foldlAttrs (acc: name: machine: acc // { "${name}" = nixpkgs.lib.nixosSystem { inherit system; specialArgs = { inherit machine; }; modules = [ disko.nixosModules.disko agenix.nixosModules.default ./configuration.nix ]; }; }) { } machines; deploy = { sshUser = "root"; user = "root"; # TODO create helper nodes = nixpkgs.lib.foldlAttrs (acc: name: machine: acc // { "${name}" = { hostname = machine.hostname; profiles.hypervisor = { path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.${name}; }; }; }) { } machines; }; checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; }; }