bos55-nix-config-cicd/flake.nix

{
  description = "Homelab configuration using flakes";

  inputs = {
    nixpkgs.url = "nixpkgs/nixos-unstable";

    flake-utils.url = "github:numtide/flake-utils";
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    utils = {
      url = "github:gytis-ivaskevicius/flake-utils-plus";
      inputs.flake-utils.follows = "flake-utils";
    };
    deploy-rs = {
      url = "github:serokell/deploy-rs";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = inputs@{
    self, nixpkgs,
    flake-utils, sops-nix, utils, deploy-rs,
    ...
  }:
  let
    system = utils.lib.system.x86_64-linux;
    lib = nixpkgs.lib;
  in
    utils.lib.mkFlake {
      inherit self inputs;

      hostDefaults.modules = [
        ./modules
        ./users
        sops-nix.nixosModules.sops
        ({ self, ... }: {
          sops.defaultSopsFile = "${self}/secrets/secrets.yaml";
          sops.age.keyFile = "/var/lib/sops-nix/key.txt";
        })
        ({ self, ... }: {
          sops.defaultSopsFile = "${self}/secrets/secrets.yaml";
          sops.age.keyFile = "/var/lib/sops-nix/key.txt";
        })
      ];

      hosts = {
        # Infrastructure
        Niko.modules        = [ ./hosts/Niko        ];
        Ingress.modules     = [ ./hosts/Ingress     ];
        Gitea.modules       = [ ./hosts/Gitea       ];
        Vaultwarden.modules = [ ./hosts/Vaultwarden ];

        # Production
        Binnenpost.modules    = [ ./hosts/Binnenpost    ];
        Production.modules    = [ ./hosts/Production    ];
        ProductionGPU.modules = [ ./hosts/ProductionGPU ];
        ProductionArr.modules = [ ./hosts/ProductionArr ];
        ACE.modules           = [ ./hosts/ACE           ];

        # Lab
        Template.modules    = [ ./hosts/Template    ];
        Development.modules = [ ./hosts/Development ];
        Testing.modules     = [ ./hosts/Testing     ];
      };

      deploy.nodes = let
        pkg = deploy-rs.lib.${system};
        isDeployable = nixos: (nixos.config.homelab.users.deploy.enable or false) && (nixos.config.homelab.networking.hostIp != null);
      in
      builtins.mapAttrs (_: nixos: {
        hostname = nixos.config.homelab.networking.hostIp;
        sshUser  = "deploy";
        user     = "root";
        profiles.system.path = pkg.activate.nixos nixos;
        profiles.test.path   = pkg.activate.custom nixos.config.system.build.toplevel ''
          $PROFILE/bin/switch-to-configuration test
        '';
      }) (lib.filterAttrs (_: isDeployable) self.nixosConfigurations);

      checks = builtins.mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib;

      outputsBuilder = channels: {
        formatter = channels.nixpkgs.alejandra;
        devShells.default = channels.nixpkgs.mkShell {
          name = "homelab-dev";
          buildInputs = [
            deploy-rs.packages.${system}.deploy-rs
            channels.nixpkgs.sops
            channels.nixpkgs.age
          ];
          shellHook = "echo '🛡️ Homelab Development Shell Loaded'";
        };
      };
    };
}