{ description = "CCCB services"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; #flake-utils.url = "github:numtide/flake-utils"; agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, #flake-utils, agenix, }: #flake-utils.lib.eachDefaultSystem ( # system: let pkgs = import nixpkgs { inherit system; }; system = "x86_64-linux"; in { formatter.${system} = pkgs.nixfmt-tree; apps.nixos-diff = { type = "app"; program = "${pkgs.writeShellScript "nixos-diff.sh" '' ${pkgs.git}/bin/git pull --ff-only ${pkgs.nixos-rebuild}/bin/nixos-rebuild build --log-format internal-json -v |& ${pkgs.nix-output-monitor}/bin/nom --json ${pkgs.nvd}/bin/nvd diff /run/current-system ./result ''}"; }; devShells.${system}.default = pkgs.mkShell { packages = [ (agenix.packages.${system}.default) pkgs.age ]; }; nixosConfigurations."matrix" = nixpkgs.lib.nixosSystem { #system = "x86_64-linux"; #pkgs = import nixpkgs { inherit system; }; inherit system; modules = [ agenix.nixosModules.default { environment.systemPackages = [ (agenix.packages.${system}.default) ]; } { age.secrets = { matrix_registration_shared_secret = { file = ./secrets/matrix_registration_shared_secret.age; mode = "440"; owner = "matrix-synapse"; group = "matrix-synapse"; }; matrix_signing_key = { file = ./secrets/matrix_signing_key.age; mode = "440"; owner = "matrix-synapse"; group = "matrix-synapse"; }; matrix_db_password = { file = ./secrets/matrix_db_password.age; mode = "440"; owner = "matrix-synapse"; group = "matrix-synapse"; }; draupnir_access_token = { file = ./secrets/draupnir_access_token.age; mode = "440"; owner = "root"; group = "root"; }; }; } ./hosts/matrix ]; }; nixosConfigurations."md" = nixpkgs.lib.nixosSystem { #system = "x86_64-linux"; #pkgs = import nixpkgs { inherit system; }; inherit system; modules = [ agenix.nixosModules.default { environment.systemPackages = [ (agenix.packages.${system}.default) ]; } { age.secrets.hedgedoc_db_password = { file = ./secrets/hedgedoc_db_password.age; owner = "hedgedoc"; group = "hedgedoc"; mode = "0440"; }; } ./hosts/md ]; }; nixosConfigurations."www" = nixpkgs.lib.nixosSystem { #system = "x86_64-linux"; #pkgs = import nixpkgs { inherit system; }; inherit system; modules = [ agenix.nixosModules.default { environment.systemPackages = [ (agenix.packages.${system}.default) ]; } { age.secrets = { www-staging-htpasswd = { file = ./secrets/www-staging-htpasswd.age; owner = "nginx"; group = "nginx"; mode = "0440"; }; }; } ./hosts/www ]; }; nixosConfigurations."monitoring" = nixpkgs.lib.nixosSystem { #system = "x86_64-linux"; #pkgs = import nixpkgs { inherit system; }; inherit system; modules = [ agenix.nixosModules.default { environment.systemPackages = [ (agenix.packages.${system}.default) ]; } { age.secrets = { grafana_secret_key = { file = ./secrets/grafana_secret_key.age; mode = "440"; owner = "grafana"; group = "grafana"; }; grafana_admin_password = { file = ./secrets/grafana_admin_password.age; mode = "440"; owner = "grafana"; group = "grafana"; }; grafana_basic_auth = { file = ./secrets/grafana_basic_auth.age; mode = "440"; owner = "nginx"; group = "nginx"; }; postgres-grafana = { file = ./secrets/postgres-grafana.age; mode = "440"; owner = "grafana"; group = "grafana"; }; pve-exporter = { file = ./secrets/pve-exporter.age; mode = "440"; owner = "prometheus"; group = "prometheus"; }; }; } ./hosts/monitoring ]; }; nixosConfigurations."sql" = nixpkgs.lib.nixosSystem { #system = "x86_64-linux"; #pkgs = import nixpkgs { inherit system; }; inherit system; modules = [ agenix.nixosModules.default { environment.systemPackages = [ (agenix.packages.${system}.default) ]; } { age.secrets = { postgres-matrix-synapse = { file = ./secrets/postgres-matrix-synapse.age; owner = "postgres"; group = "postgres"; mode = "0400"; }; postgres-hedgedoc = { file = ./secrets/postgres-hedgedoc.age; owner = "postgres"; group = "postgres"; mode = "0400"; }; postgres-grafana = { file = ./secrets/postgres-grafana.age; owner = "postgres"; group = "postgres"; mode = "0400"; }; }; } ./hosts/sql ]; }; }; #); }