dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ops-jrz1/flake.nix
Dan ae16db4898 Refresh musiclink integration docs and tooling 
Use local musiclink flake input with Go 1.24.

Add matterbridge patch, routing docs, and deploy check script.
2026-01-21 22:52:39 -08:00

122 lines
3.7 KiB
Nix
Raw Blame History

{
description = "ops-jrz1 NixOS server configuration with Matrix platform";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
opencode = {
url = "github:sst/opencode/f6fe709f6ee75427ba64829af25b64d9a3111569";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
beads = {
url = "github:steveyegge/beads";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
musiclink = {
url = "git+file:///home/dan/proj/musiclink";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, ... }@inputs:
let
system = "x86_64-linux";
pkgs = import nixpkgs { inherit system; };
pkgs-unstable = import nixpkgs-unstable {
inherit system;
config = {
allowUnfree = true;
permittedInsecurePackages = [ "olm-3.2.16" ];
};
};
opencode = inputs.opencode.packages.${system}.default;
beads = inputs.beads.packages.${system}.default;
musiclink = inputs.musiclink.packages.${system}.default.overrideAttrs (old: {
nativeBuildInputs = [ pkgs-unstable.go_1_24 ]
++ (old.nativeBuildInputs or []);
});
in {
# Pre-deploy checks: nix flake check
checks.${system} = {
# Verify production config evaluates and builds
ops-jrz1-config = self.nixosConfigurations.ops-jrz1.config.system.build.toplevel;
# Verify VM config evaluates (lighter weight)
ops-jrz1-vm-config = self.nixosConfigurations.ops-jrz1-vm.config.system.build.toplevel;
# Shell script linting (errors and warnings)
shellcheck = pkgs.runCommand "shellcheck-scripts" {
nativeBuildInputs = [ pkgs.shellcheck ];
src = ./scripts;
} ''
cd $src
shellcheck *.sh killswitch cpu-watchdog egress-watchdog egress-status
touch $out
'';
# VM integration test - boots VM and verifies services
vm-integration = import ./tests/vm-integration.nix {
inherit pkgs pkgs-unstable opencode musiclink;
};
};
nixosConfigurations = {
# Production configuration (for actual VPS deployment)
ops-jrz1 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
pkgs-unstable = import nixpkgs-unstable {
system = "x86_64-linux";
config = {
allowUnfree = true;
permittedInsecurePackages = [
"olm-3.2.16" # Required by mautrix bridges
];
};
};
opencode = inputs.opencode.packages.x86_64-linux.default;
beads = inputs.beads.packages.x86_64-linux.default;
musiclink = musiclink;
};
modules = [
./configuration.nix
./hosts/ops-jrz1.nix
sops-nix.nixosModules.sops
];
};
# VM testing configuration (for local validation before deployment)
ops-jrz1-vm = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
pkgs-unstable = import nixpkgs-unstable {
system = "x86_64-linux";
config = {
allowUnfree = true;
permittedInsecurePackages = [
"olm-3.2.16" # Required by mautrix bridges (VM testing only)
];
};
};
opencode = inputs.opencode.packages.x86_64-linux.default;
beads = inputs.beads.packages.x86_64-linux.default;
musiclink = musiclink;
};
modules = [
./configuration.nix
./hosts/ops-jrz1-vm.nix
# Note: No sops-nix for VM testing
];
};
};
};
}
Reference in a new issue View git blame Copy permalink