{ inputs = { disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; flake-utils.url = "github:numtide/flake-utils"; nix-pre-commit-hooks = { url = "github:cachix/pre-commit-hooks.nix/master"; inputs.nixpkgs.follows = "nixpkgs"; }; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; nixos-hardware.url = "github:nixos/nixos-hardware/master"; krops = { url = "github:Mic92/krops"; inputs.flake-utils.follows = "flake-utils"; inputs.nixpkgs.follows = "nixpkgs"; }; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; sbruder-overlay = { url = "github:sbruder/nixpkgs-overlay"; inputs = { flake-utils.follows = "flake-utils"; nix-pre-commit-hooks.follows = "nix-pre-commit-hooks"; nixpkgs.follows = "nixpkgs"; }; }; }; outputs = { self , flake-utils , krops , nix-pre-commit-hooks , nixpkgs , ... }@inputs: flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system; overlays = [ self.overlays.default ]; }; inherit (pkgs) lib; in rec { checks = { pre-commit-check = nix-pre-commit-hooks.lib.${system}.run { src = ./.; hooks = { black.enable = true; deadnix.enable = true; nixpkgs-fmt.enable = true; shellcheck.enable = true; statix = { enable = true; settings.ignore = [ ".direnv" ]; }; }; }; }; devShells.default = pkgs.mkShell { name = "fablab-nixos-config"; buildInputs = with pkgs; [ black nixpkgs-fmt shellcheck sops ssh-to-pgp ]; shellHook = '' find ${./keys} -type f -print0 | xargs -0 ${pkgs.gnupg}/bin/gpg --quiet --import '' + self.checks.${system}.pre-commit-check.shellHook; }; apps = lib.mapAttrs (_name: program: { type = "app"; program = toString program; }) (flake-utils.lib.flattenTree { deploy = lib.recurseIntoAttrs (lib.mapAttrs (hostname: machine: let inherit (krops.packages.${system}) writeCommand; inherit (krops) lib; in writeCommand "deploy-${hostname}" { target = lib.mkTarget "root@${machine.config.deployment.targetHost}" // { extraOptions = [ # force allocation of tty to allow aborting with ^C and to show build progress "-t" ]; }; source = lib.evalSource (lib.singleton { config.file = { path = toString ./.; useChecksum = true; }; }); command = targetPath: '' nixos-rebuild switch --flake ${targetPath}/config -L --keep-going ''; } ) self.nixosConfigurations); showKeyFingerprint = pkgs.writeShellScript "show-key-fingerprint" '' ${pkgs.gnupg}/bin/gpg --with-fingerprint --with-colons --show-key "keys/''${1}.asc" | awk -F: '$1 == "fpr" { print $10; exit }' ''; }); packages = lib.filterAttrs (_n: v: lib.elem system v.meta.platforms) (flake-utils.lib.flattenTree { inherit (pkgs) fablab; }); }) // { overlays.default = import ./pkgs; nixosConfigurations = nixpkgs.lib.mapAttrs (hostname: { system , extraModules ? [ ] , targetHost ? hostname }: nixpkgs.lib.nixosSystem rec { inherit system; modules = [ (./machines + "/${hostname}/configuration.nix") ./modules { _module.args.inputs = inputs; } # deployment settings ({ lib, ... }: { options.deployment = { targetHost = lib.mkOption { type = lib.types.str; readOnly = true; internal = true; }; }; config.deployment = { inherit targetHost; }; }) ] ++ (with inputs; [ sops-nix.nixosModules.sops disko.nixosModules.disko ]) ++ extraModules; }) (import ./machines inputs); }; }