{ inputs = { nixpkgs.url = "nixpkgs/nixos-23.05"; agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; inputs.darwin.follows = ""; }; attic = { url = "github:zhaofengli/attic"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, agenix, attic, ... }@attrs: let containerDef = import ./containers.nix; serviceContainers = containerDef.containers; pkgs = import nixpkgs { inherit system; }; system = "x86_64-linux"; in { devShell.x86_64-linux = pkgs.mkShell { buildInputs = [ agenix.packages.x86_64-linux.default (pkgs.nixos { }).nixos-rebuild pkgs.terraform ]; shellHook = '' alias deploy="nixos-rebuild switch --target-host root@matri.cx --build-host root@matri.cx --flake .#eve-psr-nix0" ''; }; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt; nixosConfigurations = { eve-psr-nix0 = nixpkgs.lib.nixosSystem { inherit system; specialArgs = attrs; modules = [ ({ modulesPath, ... }: { imports = [ agenix.nixosModules.default attic.nixosModules.atticd ./hardware-configuration.nix ]; nix = { buildMachines = [ ]; distributedBuilds = false; settings = { auto-optimise-store = false; # https://github.com/NixOS/nix/issues/7273 experimental-features = [ "nix-command" "flakes" ]; }; }; boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; }; time.timeZone = "America/Chicago"; networking = { hostName = "eve-psr-nix0"; firewall = { allowedTCPPorts = [ 22 80 443 3034 ]; allowedUDPPorts = [ 22 80 443 ]; }; }; environment.systemPackages = with pkgs; [ git pciutils vim wget ]; services = { openssh = { enable = true; }; atticd = { enable = true; credentialsFile = self.nixosConfigurations.eve-psr-nix0.config.age.secrets.attic_token.path; settings = { listen = "0.0.0.0:8040"; chunking = { nar-size-threshold = 64 * 1024; # 64 KiB min-size = 16 * 1024; # 16 KiB avg-size = 64 * 1024; # 64 KiB max-size = 256 * 1024; # 256 KiB }; }; }; hydra = { enable = true; hydraURL = "https://hydra.matri.cx"; listenHost = "192.168.0.130"; port = 3034; extraConfig = '' using_frontend_proxy = 1 base_uri = "https://hydra.matri.cx" ''; useSubstitutes = true; notificationSender = "hydra@matri.cx"; buildMachinesFiles = [ ]; }; minio = { enable = true; listenAddress = ":9000"; rootCredentialsFile = self.nixosConfigurations.eve-psr-nix0.config.age.secrets.minio_root.path; }; }; virtualisation = { oci-containers = { backend = "podman"; containers = serviceContainers; }; }; security.sudo.wheelNeedsPassword = false; users = { users = { sezycei = { isNormalUser = true; passwordFile = self.nixosConfigurations.eve-psr-nix0.config.age.secrets.sezycei.path; extraGroups = [ "wheel" ]; packages = with pkgs; [ byobu tmux stack ]; }; torrent = { isNormalUser = true; }; }; }; age = { secrets = { attic_token.file = ./secrets/attic_token.age; keys.file = ./secrets/keys.age; minio_root.file = ./secrets/minio_root.age; sezycei.file = ./secrets/sezycei.age; }; }; system.stateVersion = "22.11"; }) ]; }; }; }; }