{ description = "Price Hiller's flake for managing system configurations"; inputs = { nix.url = "github:nixos/nix"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; deploy-rs.url = "github:serokell/deploy-rs"; impermanence = { url = "github:nix-community/impermanence"; }; agenix = { url = "github:yaxitech/ragenix"; inputs.nixpkgs.follows = "nixpkgs"; }; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; blog = { url = "git+https://git.orion-technologies.io/blog/blog"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = inputs@{ self, nixpkgs, deploy-rs, impermanence, agenix, disko , flake-utils, blog, ... }: let lib = (import ./lib { lib = nixpkgs.lib; }) // nixpkgs.lib; persist-dir = "/persist"; defaults = { config = { environment.etc.machine-id.source = "${persist-dir}/ephemeral/etc/machine-id"; environment.persistence.save = { hideMounts = true; persistentStoragePath = "${persist-dir}/save"; }; environment.persistence.ephemeral = { persistentStoragePath = "${persist-dir}/ephemeral"; hideMounts = true; directories = [ "/var/lib" "/etc/nixos" ]; }; }; }; in { nixosConfigurations = { orion = let hostname = "orion"; in nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit self; inherit inputs; inherit hostname; inherit lib; inherit persist-dir; root-disk = "/dev/vda"; }; modules = [ defaults impermanence.nixosModules.impermanence agenix.nixosModules.default disko.nixosModules.disko { config = (import "${self}/secrets" { agenix = false; inherit lib; }).${hostname}; } ./hosts/${hostname} ]; }; luna = let hostname = "luna"; in nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit self; inherit blog; inherit flake-utils; inherit inputs; inherit hostname; inherit nixpkgs; inherit lib; inherit persist-dir; root-disk = "/dev/nvme0n1"; fqdn = "orion-technologies.io"; }; modules = [ defaults impermanence.nixosModules.impermanence agenix.nixosModules.default disko.nixosModules.disko { config = (import "${self}/secrets" { agenix = false; inherit lib; }).${hostname}; } ./hosts/${hostname} ]; }; }; deploy.nodes = { orion = { hostname = "boot"; fastConnection = true; profiles.system = { sshUser = "price"; user = "root"; path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.orion; }; }; luna = { hostname = "luna.hosts.orion-technologies.io"; fastConnection = true; profiles.system = { sshUser = "price"; user = "root"; path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.luna; }; }; }; } // flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system; overlays = [ agenix.overlays.default ]; }; in { devShells.default = pkgs.mkShell { packages = with pkgs; [ age age-plugin-yubikey pkgs.agenix nixos-rebuild pkgs.deploy-rs ]; shellHook = '' export RULES="$PWD/secrets/secrets.nix" ''; }; }); }