{ inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; sops = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, sops, ... }@attrs: let pkgs = import nixpkgs { inherit system; }; system = "x86_64-linux"; in { devShell.x86_64-linux = pkgs.mkShell { buildInputs = [ (pkgs.nixos { }).nixos-rebuild pkgs.terraform pkgs.sops ]; shellHook = " alias sops-deploy=\"nixos-rebuild switch --target-host root@matri.cx --build-host root@matri.cx --flake .#eve-psr-nix0\"\n"; }; nixosConfigurations = { eve-psr-nix0 = nixpkgs.lib.nixosSystem { inherit system; specialArgs = attrs; modules = [ ({ modulesPath, ... }: { imports = [ sops.nixosModules.sops ./hardware-configuration.nix ]; boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; }; nix = { buildMachines = [ ]; distributedBuilds = false; settings.experimental-features = [ "nix-command" "flakes" ]; }; networking = { hostName = "eve-psr-nix0"; firewall = { allowedTCPPorts = [ 22 80 443 ]; allowedUDPPorts = [ 22 80 443 ]; }; }; time.timeZone = "America/Chicago"; services = { hydra = { enable = true; hydraURL = "http://localhost:3000"; notificationSender = "hydra@eversole.co"; buildMachinesFiles = []; useSubstitutes = true; }; openssh.enable = true; }; virtualisation.docker = { enable = true; liveRestore = false; }; environment.systemPackages = with pkgs; [ git pciutils vim wget ]; programs.zsh.enable = true; users = { defaultUserShell = pkgs.zsh; users = { sezycei = { isNormalUser = true; initialPassword = "bootMaster"; extraGroups = [ "wheel" "docker" ]; packages = with pkgs; [ byobu tmux stack ]; }; torrent = { isNormalUser = true; initialPassword = "torrentUserTemp"; }; }; }; security.sudo.wheelNeedsPassword = false; sops = { age = { sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; defaultSopsFile = ./secrets/keys.yaml; secrets = { hostname = { }; }; }; system.stateVersion = "22.11"; }) ]; }; }; }; }