ops-jrz1/flake.nix

{
  description = "ops-jrz1 NixOS server configuration with Matrix platform";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";

    sops-nix = {
      url = "github:Mic92/sops-nix/c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3";  # Pin to June 2024 version compatible with nixpkgs 24.05
      inputs.nixpkgs.follows = "nixpkgs";
    };

    beads = {
      url = "github:steveyegge/beads";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };

    opencode = {
      url = "github:sst/opencode";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };
  };

  outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, ... }@inputs:
  let
    system = "x86_64-linux";
  in {
    # Pre-deploy checks: nix flake check
    checks.${system} = {
      # Verify production config evaluates and builds
      ops-jrz1-config = self.nixosConfigurations.ops-jrz1.config.system.build.toplevel;

      # Verify VM config evaluates (lighter weight)
      ops-jrz1-vm-config = self.nixosConfigurations.ops-jrz1-vm.config.system.build.toplevel;
    };

    nixosConfigurations = {
      # Production configuration (for actual VPS deployment)
      ops-jrz1 = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = {
          pkgs-unstable = import nixpkgs-unstable {
            system = "x86_64-linux";
            config = {
              allowUnfree = true;
              permittedInsecurePackages = [
                "olm-3.2.16"  # Required by mautrix bridges
              ];
            };
          };
          beads = inputs.beads.packages.x86_64-linux.default;
          opencode = inputs.opencode.packages.x86_64-linux.default;
        };
        modules = [
          ./configuration.nix
          ./hosts/ops-jrz1.nix
          sops-nix.nixosModules.sops
        ];
      };

      # VM testing configuration (for local validation before deployment)
      ops-jrz1-vm = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = {
          pkgs-unstable = import nixpkgs-unstable {
            system = "x86_64-linux";
            config = {
              allowUnfree = true;
              permittedInsecurePackages = [
                "olm-3.2.16"  # Required by mautrix bridges (VM testing only)
              ];
            };
          };
          beads = inputs.beads.packages.x86_64-linux.default;
          opencode = inputs.opencode.packages.x86_64-linux.default;
        };
        modules = [
          ./configuration.nix
          ./hosts/ops-jrz1-vm.nix
          # Note: No sops-nix for VM testing
        ];
      };
    };
  };
}