{ description = "StuRa HTWD NixOS Configurations"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; authentik = { url = "github:nix-community/authentik-nix"; }; mailserver = { url = "git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver?ref=nixos-25.11"; }; sops = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, authentik, mailserver, disko, sops, }: let sshkeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7" ]; in rec { formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; packages.x86_64-linux = builtins.foldl' ( result: name: result // { # run nixos-rebuild switch on the target system # the config will be built locally and copied over "${name}-update" = nixpkgs.legacyPackages.x86_64-linux.writeShellScriptBin "update" '' nixos-rebuild switch --flake .#${name} --target-host root@${name}.test.htw.stura-dresden.de ''; # copy install image to testserver and deploy the specified configuration to it "${name}-deploy-test" = nixpkgs.legacyPackages.x86_64-linux.writeShellScriptBin "deploy" '' FILENAME="$(ls ${self.packages.x86_64-linux."installer-iso".outPath}/iso)" scp ${self.packages.x86_64-linux."installer-iso".outPath}/iso/$FILENAME root@10.1.0.17:/var/lib/vz/template/iso/$FILENAME ssh 10.1.0.17 "qm create $1 --name ${nixosConfigurations.${name}.config.networking.fqdn} --cores 4 --memory 4096 --sata1 file=/var/lib/vz/template/iso/$FILENAME,media=cdrom --scsi1 pool1:32 --scsihw virtio-scsi-single --net0 virtio,bridge=vmbr1 --description \"von goeranh mailserver flake genierierte wegwerf-vm
${nixosConfigurations.${name}.config.networking.fqdn}\"" ssh 10.1.0.17 "qm start $1" # hardcoded deployment ip # wait until a connection to port 22 on the deployment ip is reachable until nc -vzw 2 141.56.51.98 22 2>/dev/null; do echo trying; sleep 2; done # run nixos-anywhere on the deployment address with the specified configuration nix run github:nix-community/nixos-anywhere -- --flake .#${name} --target-host root@141.56.51.98 ''; } ) { } ( # filter all nixos configs containing installer builtins.filter (item: !nixpkgs.lib.hasInfix "-" item) ( builtins.attrNames nixosConfigurations ) ) // (let iso-config = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ "${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix" { users.users.administration = { password = "test"; isNormalUser = true; }; users.users.root.openssh.authorizedKeys.keys = sshkeys; networking.interfaces.ens18.ipv4.addresses = [{ address = "141.56.51.98"; prefixLength = 24; }]; services.getty.autologinUser = "root"; services.openssh.enable = true; system.stateVersion = "25.11"; networking.dhcpcd.enable = nixpkgs.lib.mkForce false; networking.defaultGateway.address = "141.56.51.254"; networking.nameservers = [ "9.9.9.9" ]; } ]; }; in { installer-iso = iso-config.config.system.build.isoImage; installer-vm = iso-config.config.system.build.vm; }); nixosConfigurations = builtins.foldl' ( result: input: result // { "${input}" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ ./hosts/${input} ./hosts/${input}/hetzner-disk.nix ./default.nix disko.nixosModules.disko authentik.nixosModules.default mailserver.nixosModules.mailserver ]; }; } ) { } (builtins.attrNames (builtins.readDir ./hosts)); }; }