self-hosting/flake.nix

{
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
    sops-nix.url = "github:Mic92/sops-nix";
    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
    deploy-rs.url = "github:serokell/deploy-rs";
    simple-nixos-mailserver.url =
      "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
    foundryvtt.url = "github:reckenrode/nix-foundryvtt";
  };

  outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, deploy-rs, sops-nix
    , simple-nixos-mailserver, foundryvtt }:
    let
      pkgs = nixpkgs.legacyPackages.x86_64-linux;
      pkgs-unstable = nixpkgs-unstable.legacyPackages.x86_64-linux;
      defaultModuleArgs = { pkgs, ... }: {
        _module.args.pkgs-unstable = import nixpkgs-unstable {
          inherit (pkgs.stdenv.targetPlatform) system;
          config.allowUnfreePredicate = pkg:
            builtins.elem (pkgs.lib.getName pkg) [ "minecraft-server" ];
        };
      };
    in {
      devShells.x86_64-linux.default = pkgs.mkShell {
        sopsPGPKeyDirs = [ "./keys/hosts" "./keys/users" ];

        nativeBuildInputs =
          [ (pkgs.callPackage sops-nix { }).sops-import-keys-hook ];

        buildInputs = with pkgs-unstable; [
          nixpkgs-fmt
          opentofu
          terraform-ls
          sops
          deploy-rs.packages."x86_64-linux".deploy-rs
        ];
      };

      nixosConfigurations = {
        db1 = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          specialArgs = { inherit nixpkgs; };
          modules = [
            sops-nix.nixosModules.sops
            ./profiles/db.nix
            ({
              sops.defaultSopsFile = ./secrets.enc.yml;
              networking.hostName = "db1";
              networking.domain = "banditlair.com";
              nix.registry.nixpkgs.flake = nixpkgs;

              system.stateVersion = "21.05";
            })
          ];
        };
        backend1 = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          specialArgs = { inherit nixpkgs; };
          modules = [
            sops-nix.nixosModules.sops
            ./profiles/backend.nix
            ({
              sops.defaultSopsFile = ./secrets.enc.yml;
              networking.hostName = "backend1";
              networking.domain = "banditlair.com";
              nix.registry.nixpkgs.flake = nixpkgs;

              system.stateVersion = "21.05";
            })
          ];
        };
        storage1 = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          specialArgs = { inherit nixpkgs; };
          modules = [
            defaultModuleArgs
            sops-nix.nixosModules.sops
            simple-nixos-mailserver.nixosModule
            foundryvtt.nixosModules.foundryvtt
            ./profiles/storage.nix
            ({
              sops.defaultSopsFile = ./secrets.enc.yml;
              networking.hostName = "storage1";
              networking.domain = "banditlair.com";
              nix.registry.nixpkgs.flake = nixpkgs;

              system.stateVersion = "21.05";
            })
          ];
        };
      };

      deploy.nodes = let
        createSystemProfile = configuration: {
          user = "root";
          sshUser = "root";
          path = deploy-rs.lib.x86_64-linux.activate.nixos configuration;
        };
      in {
        db1 = {
          hostname = "db1.banditlair.com";
          profiles.system = createSystemProfile self.nixosConfigurations.db1;
        };
        backend1 = {
          hostname = "backend1.banditlair.com";
          profiles.system =
            createSystemProfile self.nixosConfigurations.backend1;
        };
        storage1 = {
          hostname = "78.46.96.243";
          profiles.system =
            createSystemProfile self.nixosConfigurations.storage1;
        };
      };

      checks = builtins.mapAttrs
        (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
    };
}
Move Synapse on hcloud and deploy it with Terraform + NixOs 2021-07-15 13:38:22 +02:00			`{`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`inputs = {`
Update to NixOS 23.11 2023-12-13 18:51:56 +01:00			`nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";`
			`sops-nix.url = "github:Mic92/sops-nix";`
			`sops-nix.inputs.nixpkgs.follows = "nixpkgs";`
			`deploy-rs.url = "github:serokell/deploy-rs";`
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`simple-nixos-mailserver.url =`
			`"gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";`
Add FoundryVTT 2023-10-12 02:59:56 +02:00			`foundryvtt.url = "github:reckenrode/nix-foundryvtt";`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`};`
Move Synapse on hcloud and deploy it with Terraform + NixOs 2021-07-15 13:38:22 +02:00
Add FoundryVTT 2023-10-12 02:59:56 +02:00			`outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, deploy-rs, sops-nix`
			`, simple-nixos-mailserver, foundryvtt }:`
Move Synapse on hcloud and deploy it with Terraform + NixOs 2021-07-15 13:38:22 +02:00			`let`
			`pkgs = nixpkgs.legacyPackages.x86_64-linux;`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`pkgs-unstable = nixpkgs-unstable.legacyPackages.x86_64-linux;`
Use minecraft-server from unstable 2022-07-19 06:34:33 +02:00			`defaultModuleArgs = { pkgs, ... }: {`
			`_module.args.pkgs-unstable = import nixpkgs-unstable {`
			`inherit (pkgs.stdenv.targetPlatform) system;`
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`config.allowUnfreePredicate = pkg:`
			`builtins.elem (pkgs.lib.getName pkg) [ "minecraft-server" ];`
Use minecraft-server from unstable 2022-07-19 06:34:33 +02:00			`};`
			`};`
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`in {`
Use minecraft-server from unstable 2022-07-19 06:34:33 +02:00			`devShells.x86_64-linux.default = pkgs.mkShell {`
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`sopsPGPKeyDirs = [ "./keys/hosts" "./keys/users" ];`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`nativeBuildInputs =`
			`[ (pkgs.callPackage sops-nix { }).sops-import-keys-hook ];`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00
			`buildInputs = with pkgs-unstable; [`
Update packages and deploy using deploy-rs 2021-11-25 00:33:28 +01:00			`nixpkgs-fmt`
Update to NixOS 23.11 2023-12-13 18:51:56 +01:00			`opentofu`
Update packages and deploy using deploy-rs 2021-11-25 00:33:28 +01:00			`terraform-ls`
			`sops`
			`deploy-rs.packages."x86_64-linux".deploy-rs`
			`];`
			`};`

			`nixosConfigurations = {`
			`db1 = nixpkgs.lib.nixosSystem {`
			`system = "x86_64-linux";`
Use nixpkgs from flake input as NIX_PATH 2022-07-31 22:40:10 +02:00			`specialArgs = { inherit nixpkgs; };`
Configure Monit to watch sshfs mount 2021-11-25 00:59:46 +01:00			`modules = [`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`sops-nix.nixosModules.sops`
Configure Monit to watch sshfs mount 2021-11-25 00:59:46 +01:00			`./profiles/db.nix`
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`({`
			`sops.defaultSopsFile = ./secrets.enc.yml;`
			`networking.hostName = "db1";`
			`networking.domain = "banditlair.com";`
			`nix.registry.nixpkgs.flake = nixpkgs;`
Configure Monit to watch sshfs mount 2021-11-25 00:59:46 +01:00
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`system.stateVersion = "21.05";`
			`})`
Update packages and deploy using deploy-rs 2021-11-25 00:33:28 +01:00			`];`
			`};`
			`backend1 = nixpkgs.lib.nixosSystem {`
			`system = "x86_64-linux";`
Use nixpkgs from flake input as NIX_PATH 2022-07-31 22:40:10 +02:00			`specialArgs = { inherit nixpkgs; };`
Configure Monit to watch sshfs mount 2021-11-25 00:59:46 +01:00			`modules = [`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`sops-nix.nixosModules.sops`
Configure Monit to watch sshfs mount 2021-11-25 00:59:46 +01:00			`./profiles/backend.nix`
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`({`
			`sops.defaultSopsFile = ./secrets.enc.yml;`
			`networking.hostName = "backend1";`
			`networking.domain = "banditlair.com";`
			`nix.registry.nixpkgs.flake = nixpkgs;`
Configure Monit to watch sshfs mount 2021-11-25 00:59:46 +01:00
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`system.stateVersion = "21.05";`
			`})`
Add new storage1 deploy-rs config 2021-11-26 00:14:44 +01:00			`];`
			`};`
			`storage1 = nixpkgs.lib.nixosSystem {`
			`system = "x86_64-linux";`
Use nixpkgs from flake input as NIX_PATH 2022-07-31 22:40:10 +02:00			`specialArgs = { inherit nixpkgs; };`
Add new storage1 deploy-rs config 2021-11-26 00:14:44 +01:00			`modules = [`
Use minecraft-server from unstable 2022-07-19 06:34:33 +02:00			`defaultModuleArgs`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`sops-nix.nixosModules.sops`
			`simple-nixos-mailserver.nixosModule`
Add FoundryVTT 2023-10-12 02:59:56 +02:00			`foundryvtt.nixosModules.foundryvtt`
Add new storage1 deploy-rs config 2021-11-26 00:14:44 +01:00			`./profiles/storage.nix`
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`({`
			`sops.defaultSopsFile = ./secrets.enc.yml;`
			`networking.hostName = "storage1";`
			`networking.domain = "banditlair.com";`
			`nix.registry.nixpkgs.flake = nixpkgs;`
Add new storage1 deploy-rs config 2021-11-26 00:14:44 +01:00
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`system.stateVersion = "21.05";`
			`})`
Split Nix config in modules 2021-07-15 17:09:32 +02:00			`];`
			`};`
Update packages and deploy using deploy-rs 2021-11-25 00:33:28 +01:00			`};`
Fix dkim public key for froidmont.org 2021-09-02 16:11:58 +02:00
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`deploy.nodes = let`
			`createSystemProfile = configuration: {`
			`user = "root";`
			`sshUser = "root";`
			`path = deploy-rs.lib.x86_64-linux.activate.nixos configuration;`
			`};`
			`in {`
			`db1 = {`
			`hostname = "db1.banditlair.com";`
			`profiles.system = createSystemProfile self.nixosConfigurations.db1;`
Add new storage1 deploy-rs config 2021-11-26 00:14:44 +01:00			`};`
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`backend1 = {`
			`hostname = "backend1.banditlair.com";`
			`profiles.system =`
			`createSystemProfile self.nixosConfigurations.backend1;`
			`};`
			`storage1 = {`
			`hostname = "78.46.96.243";`
			`profiles.system =`
			`createSystemProfile self.nixosConfigurations.storage1;`
			`};`
			`};`
Update packages and deploy using deploy-rs 2021-11-25 00:33:28 +01:00
Update to NixOS 23.05 2023-07-10 19:19:25 +02:00			`checks = builtins.mapAttrs`
			`(system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;`
Update packages and deploy using deploy-rs 2021-11-25 00:33:28 +01:00			`};`
Move Synapse on hcloud and deploy it with Terraform + NixOs 2021-07-15 13:38:22 +02:00			`}`