nixfiles/flake.nix

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    bij = {
      url = "git+https://git.clerie.de/clerie/bij.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    chaosevents = {
      url = "git+https://git.clerie.de/clerie/chaosevents.git";
      #inputs.nixpkgs.follows = "nixpkgs";
    };
    fernglas = {
      url = "github:wobcom/fernglas";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    harmonia = {
      url = "github:clerie/harmonia/clerie/multiple-signing-keys";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    fieldpoc.url = "git+https://git.clerie.de/clerie/fieldpoc.git";
    nixos-exporter = {
      url = "git+https://git.clerie.de/clerie/nixos-exporter.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    solid-xmpp-alarm = {
      url = "git+https://git.clerie.de/clerie/solid-xmpp-alarm.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    ssh-to-age = {
      url = "github:Mic92/ssh-to-age";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let
    lib = import ./lib inputs;
    helper = lib.flake-helper;
    localNixpkgs = import ./flake/nixpkgs.nix inputs;
  in {
    clerie.hosts = {
      aluminium = {
        group = "event";
      };
      astatine = {
        group = "event";
        modules = [
          ./users/criese-nethinks
          ./users/isa
        ];
      };
      backup-4 = {};
      beryllium = {
        group = "event";
      };
      carbon = {};
      clerie-backup = {};
      dn42-il-gw1 = {};
      dn42-il-gw5 = {};
      dn42-il-gw6 = {};
      dn42-ildix-clerie = {};
      dn42-ildix-service = {};
      gatekeeper = {};
      hydra-1 = {};
      hydra-2 = {};
      krypton = {
        modules = [
          nixos-hardware.nixosModules.lenovo-thinkpad-x270
        ];
      };
      mail-2 = {};
      monitoring-3 = {};
      nonat = {};
      osmium = {};
      palladium = {};
      porter = {};
      storage-2 = {};
      web-2 = {};
      zinc = {
        modules = [
          nixos-hardware.nixosModules.common-cpu-intel
        ];
      };
      # nixfiles-auto-install: add new host above
      _iso = {};
    };

    nixosConfigurations = import ./flake/nixosConfigurations.nix inputs;

    nixosModules = {
      nixfilesInputs = import ./flake/modules.nix inputs;
      clerie = import ./modules;
      default = self.nixosModules.clerie;
    };

    overlays = {
      nixfilesInputs = import ./flake/overlay.nix inputs;
      clerie = import ./pkgs/overlay.nix;
      default = self.overlays.clerie;
    };

    packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let
      pkgs = localNixpkgs.${system};
    in {
      inherit (pkgs)
        clerie-keys
        clerie-system-upgrade
        clerie-merge-nixfiles-update
        clerie-update-nixfiles
        clerie-sops
        clerie-sops-config
        clerie-sops-edit
        chromium-incognito
        iot-data
        nix-remove-result-links
        nixfiles-auto-install
        nixfiles-generate-config
        nixfiles-generate-backup-secrets
        nixfiles-update-ssh-host-keys
        print-afra
        ssh-gpg
        update-from-hydra
        uptimestatus;
    });

    inherit lib self;

    hydraJobs = import ./flake/hydraJobs.nix inputs;

    nixConfig = {
      extra-substituters = [
        "https://nix-cache.clerie.de"
      ];
      extra-trusted-public-keys = [
        "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="
      ];
    };
  };
}