{ self, ... }: let inherit (self.inputs) nixpkgs home-manager agenix nur colmena flake-registry nixos-hardware srvos disko ; nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem; colmenaModules = [ colmena.nixosModules.deploymentOptions ]; commonModules = [ { _module.args.self = self; _module.args.inputs = self.inputs; srvos.flake = self; } # only include admins here for monitoring/backup infrastructure ./modules/users/admins.nix ./modules/packages.nix ./modules/nix-daemon.nix ./modules/tor-ssh.nix ./modules/hosts.nix ./modules/network.nix ./modules/zsh.nix # FIXME: ./modules/buildbot — whenever you are ready. disko.nixosModules.disko srvos.nixosModules.server srvos.nixosModules.mixins-trusted-nix-caches srvos.nixosModules.mixins-terminfo # srvos.nixosModules.mixins-telegraf # srvos.nixosModules.mixins-terminfo agenix.nixosModules.default ({ pkgs , config , lib , ... }: let sopsFile = ./. + "/hosts/${config.networking.hostName}.yml"; in { nix.nixPath = [ "home-manager=${home-manager}" "nixpkgs=${pkgs.path}" "nur=${nur}" ]; # TODO: share nixpkgs for each machine to speed up local evaluation. #nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.${system}; #users.withSops = builtins.pathExists sopsFile; #sops.secrets = lib.mkIf (config.users.withSops) { # root-password-hash.neededForUsers = true; #}; # sops.defaultSopsFile = lib.mkIf (builtins.pathExists sopsFile) sopsFile; nix.extraOptions = '' flake-registry = ${flake-registry}/flake-registry.json builders-use-substitutes = true ''; nix.registry = { home-manager.flake = home-manager; nixpkgs.flake = nixpkgs; nur.flake = nur; }; time.timeZone = "UTC"; environment.systemPackages = [ pkgs.kitty.terminfo ]; }) ]; in { flake.nixosConfigurations = { epyc = nixosSystem { system = "x86_64-linux"; modules = commonModules ++ colmenaModules ++ [ ./hosts/epyc.nix ]; }; }; flake.colmena = { meta.nixpkgs = import nixpkgs { system = "x86_64-linux"; }; epyc = { imports = commonModules ++ [ ./hosts/epyc.nix ]; }; }; }