{ description = "StuRa HTWD NixOS Configurations"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; authentik = { url = "github:nix-community/authentik-nix"; }; mailserver = { url = "git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver?ref=nixos-25.11"; }; sops = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, authentik, mailserver, disko, sops, }: let sshkeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSwdCtJZNZzrVa6m4I3OBZHGgWYhEBCBdnCR5rSJimz ocxe@nix" ]; in rec { formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; devShells.x86_64-linux.default = let pkgs = nixpkgs.legacyPackages.x86_64-linux; in pkgs.mkShell { # Import GPG keys from keys directory sopsPGPKeyDirs = [ "${toString ./.}/keys/hosts" "${toString ./.}/keys/users" ]; # Isolate sops GPG keys to .git/gnupg (optional) # sopsCreateGPGHome = true; nativeBuildInputs = [ sops.packages.x86_64-linux.sops-import-keys-hook ]; buildInputs = [ pkgs.sops ]; }; packages.x86_64-linux = let pkgs = nixpkgs.legacyPackages.x86_64-linux; # Hugo documentation site package docs-site = pkgs.stdenv.mkDerivation { name = "stura-infra-docs"; src = ./.; nativeBuildInputs = [ pkgs.hugo ]; buildPhase = '' # Create Hugo structure mkdir -p hugo-site cp ${./docs/hugo.yaml} hugo-site/hugo.yaml # Install hugo-book theme mkdir -p hugo-site/themes cp -r ${ pkgs.fetchFromGitHub { owner = "alex-shpak"; repo = "hugo-book"; rev = "v13"; sha256 = "sha256-r2KfmWK7BC7LjnZVvwb2Mbqnd8a6Q32fBqiQfZTpGy4="; } } hugo-site/themes/hugo-book # Build content from README files bash ${./docs/build-docs.sh} . hugo-site/content # Build Hugo site cd hugo-site hugo --minify ''; installPhase = '' mkdir -p $out cp -r public/* $out/ ''; }; in builtins.foldl' ( result: name: result // { # run nixos-rebuild switch on the target system # the config will be built locally and copied over "${name}-update" = pkgs.writeShellScriptBin "update" '' nixos-rebuild switch --flake .#${name} --target-host root@${ (builtins.head ( nixosConfigurations.${name}.config.networking.interfaces.${ builtins.head (builtins.attrNames nixosConfigurations.${name}.config.networking.interfaces) }.ipv4.addresses )).address } ''; } ) { inherit docs-site; } ( # filter all nixos configs containing installer builtins.filter (item: !nixpkgs.lib.hasInfix "-" item) (builtins.attrNames nixosConfigurations) ) // ( let iso-config = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ "${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix" { users.users.administration = { password = "test"; isNormalUser = true; }; users.users.root.openssh.authorizedKeys.keys = sshkeys; networking.interfaces.ens18.ipv4.addresses = [ { address = "141.56.51.98"; prefixLength = 24; } ]; services.getty.autologinUser = "root"; services.openssh.enable = true; system.stateVersion = "25.11"; networking.dhcpcd.enable = nixpkgs.lib.mkForce false; networking.defaultGateway.address = "141.56.51.254"; networking.nameservers = [ "141.56.1.1" ]; } ]; }; in { installer-iso = iso-config.config.system.build.isoImage; installer-vm = iso-config.config.system.build.vm; } ) // ( # Container tarballs for LXC deployment to Proxmox # Only generates tarballs for hosts that import proxmox-lxc.nix let lxcHosts = builtins.filter ( name: let hostPath = ./hosts/${name}/default.nix; content = builtins.readFile hostPath; in builtins.match ".*proxmox-lxc.nix.*" content != null ) (builtins.attrNames (builtins.readDir ./hosts)); in builtins.foldl' ( result: name: result // { "containers-${name}" = nixosConfigurations.${name}.config.system.build.tarball; } ) { } lxcHosts ); nixosConfigurations = builtins.foldl' ( result: input: result // { "${input}" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = let modulesPath = "${nixpkgs}"; in [ ./hosts/${input} ./default.nix disko.nixosModules.disko authentik.nixosModules.default mailserver.nixosModules.mailserver { _module.args = { inherit self modulesPath; }; } ]; }; } ) { } (builtins.attrNames (builtins.readDir ./hosts)); }; }