nix-config/flake.nix

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";

    flake-utils.url = "github:numtide/flake-utils";

    # mail server
    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11";
    simple-nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs";
    simple-nixos-mailserver.inputs.nixpkgs-21_11.follows = "nixpkgs";

    # agenix
    agenix.url = "github:ryantm/agenix";
    agenix.inputs.nixpkgs.follows = "nixpkgs";

    # radio
    radio.url = "git+https://git.neet.dev/zuckerberg/radio.git?ref=main&rev=5bf607fed977d41a269942a7d1e92f3e6d4f2473";
    radio.inputs.nixpkgs.follows = "nixpkgs";
    radio.inputs.flake-utils.follows = "flake-utils";
    radio-web.url = "git+https://git.neet.dev/zuckerberg/radio-web.git";
    radio-web.flake = false;

    # drastikbot
    dailybuild_modules.url = "git+https://git.neet.dev/zuckerberg/dailybuild_modules.git";
    dailybuild_modules.inputs.nixpkgs.follows = "nixpkgs";
    dailybuild_modules.inputs.flake-utils.follows = "flake-utils";

    # archivebox
    archivebox.url = "git+https://git.neet.dev/zuckerberg/archivebox.git";
    archivebox.inputs.nixpkgs.follows = "nixpkgs";
    archivebox.inputs.flake-utils.follows = "flake-utils";
  };

  outputs = { self, nixpkgs, nixpkgs-unstable, ... }@inputs: {

    nixosConfigurations =
    let
      modules = system: [
        ./common
        inputs.simple-nixos-mailserver.nixosModule
        inputs.agenix.nixosModule
        inputs.dailybuild_modules.nixosModule
        inputs.archivebox.nixosModule
        ({ lib, ... }: {
          config.environment.systemPackages = [ inputs.agenix.defaultPackage.${system} ];

          # because nixos specialArgs doesn't work for containers... need to pass in inputs a different way
          options.inputs = lib.mkOption { default = inputs; };
          options.currentSystem = lib.mkOption { default = system; };
        })
      ];

      mkVpnContainer = system: pkgs: mount: config: {
        ephemeral = true;
        autoStart = true;
        bindMounts = {
          "/var/lib" = {
            hostPath = "/var/lib/";
            isReadOnly = false;
          };
          "/run/agenix" = {
            hostPath = "/run/agenix";
            isReadOnly = true;
          };
          "/dev/fuse" = {
            hostPath = "/dev/fuse";
            isReadOnly = false;
          };
          "${mount}" = {
            hostPath = mount;
            isReadOnly = false;
          };
        };
        enableTun = true;
        privateNetwork = true;
        hostAddress = "172.16.100.1";
        localAddress = "172.16.100.2";

        config = { lib, ... }: {
          imports = (modules system) ++ [config];

          nixpkgs.pkgs = pkgs;

          networking.firewall.enable = lib.mkForce false;
          pia.enable = true;

          # run it's own DNS resolver
          networking.useHostResolvConf = false;
          services.resolved.enable = true;
        };
      };

      mkSystem = system: nixpkgs: path:
        nixpkgs.lib.nixosSystem {
          inherit system;
          modules = (modules system) ++ [path];

          specialArgs = {
            mkVpnContainer = (mkVpnContainer system);
          };
        };
    in
    {
      "reg" = mkSystem "x86_64-linux" nixpkgs ./machines/reg/configuration.nix;
      "ray" = mkSystem "x86_64-linux" nixpkgs ./machines/ray/configuration.nix;
      "nat" = mkSystem "aarch64-linux" nixpkgs ./machines/nat/configuration.nix;
      "liza" = mkSystem "x86_64-linux" nixpkgs ./machines/liza/configuration.nix;
      "ponyo" = mkSystem "x86_64-linux" nixpkgs ./machines/ponyo/configuration.nix;
      "s0" = mkSystem "aarch64-linux" nixpkgs-unstable ./machines/storage/s0/configuration.nix;
      "n1" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n1/configuration.nix;
      "n2" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n2/configuration.nix;
      "n3" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n3/configuration.nix;
      "n4" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n4/configuration.nix;
      "n5" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n5/configuration.nix;
      "n6" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n6/configuration.nix;
      "n7" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n7/configuration.nix;
    };

    packages = let
      mkKexec = system:
        (nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [ ./machines/kexec.nix ];
        }).config.system.build.kexec_tarball;
    in {
      "x86_64-linux"."kexec" = mkKexec "x86_64-linux";
      "aarch64-linux"."kexec" = mkKexec "aarch64-linux";
    };
  };
}