{ description = "jana's server infrastructure"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/release-25.05"; colmena.url = "github:zhaofengli/colmena"; flake-utils.url = "github:numtide/flake-utils"; sops-nix.url = "github:Mic92/sops-nix"; vpn-confinement.url = "github:Maroka-chan/VPN-Confinement"; # websites homepage.url = "github:jdonszelmann/homepage"; totpal.url = "github:jdonszelmann/totpal"; harmonica.url = "git+ssh://git@github.com/jdonszelmann/harmonica-tabs"; mapf.url = "git+ssh://git@github.com/jdonszelmann/mapf-server"; reviewqueue.url = "github:jdonszelmann/review-queue"; compiler-construction-2021.url = "git+ssh://forgejo@git.donsz.nl/jana/eelco-visser-compiler-construction.git"; mifg.url = "git+ssh://forgejo@git.donsz.nl/jana/money.is.fckn.gay.git"; }; outputs = { self, nixpkgs, colmena, flake-utils, sops-nix, vpn-confinement, mapf, ... }@inputs: let pkgsForSystem = system: import nixpkgs { inherit system; config.allowUnfree = true; overlays = [ ]; }; in { colmenaHive = colmena.lib.makeHive self.outputs.colmena; colmena = { meta = { nixpkgs = pkgsForSystem "x86_64-linux"; specialArgs.flakes = inputs; }; fili = { deployment = { targetHost = "donsz.nl"; targetPort = 22; replaceUnknownProfiles = false; tags = [ "server" ]; # buildOnTarget = true; targetUser = "jana"; }; imports = [ ./fili/configuration.nix ./users/users.nix ./default-machine-config.nix sops-nix.nixosModules.sops vpn-confinement.nixosModules.default ]; }; }; } // flake-utils.lib.eachDefaultSystem ( system: let pkgs = pkgsForSystem system; in { devShells.default = pkgs.mkShell { buildInputs = with pkgs; [ lix colmena.packages.${system}.colmena (pkgs.writeShellScriptBin "apply" '' colmena apply --no-substitute '') ]; shellHook = "exec $NIX_BUILD_SHELL"; }; formatter = pkgs.nixfmt-rfc-style; } ); nixConfig = { extra-substituters = [ "https://jana.cachix.org" ]; extra-trusted-public-keys = [ "jana.cachix.org-1:LN0lzHx7QH1RBoDn3+psi4HOEAXW3EqRa/u0ncQ1XBE=" ]; }; }