nixos-servers/flake.nix

{
  description = "NixOS definitions for our physical servers";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    deploy-rs.url = "github:serokell/deploy-rs";
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, ... }:
    let
      system = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${system};
      pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
    in {
      devShells.${system}.default = pkgs.mkShell {
        packages = with pkgs-unstable; [ libsecret nixos-anywhere ];
      };

      formatter = pkgs.nixfmt;

      nixosConfigurations.hypervisor = nixpkgs.lib.nixosSystem {
        inherit system;
        modules = [
          disko.nixosModules.disko
          agenix.nixosModules.default
          ./configuration.nix
        ];
      };

      deploy = {
        sshUser = "root";
        user = "root";

        nodes.jefke = {
          hostname = "jefke.hyp";
          profiles.hypervisor = {
            path = deploy-rs.lib.${system}.activate.nixos
              self.nixosConfigurations.hypervisor;
          };
        };
      };

      checks = builtins.mapAttrs
        (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
    };
}