nix-infra/flake.nix

{
  description = "CCCHH Nix Infrastructure";

  inputs = {
    # Use the NixOS small channels for nixpkgs.
    # https://nixos.org/manual/nixos/stable/#sec-upgrading
    # https://github.com/NixOS/nixpkgs
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11-small";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";

    # Add nixos-generators as an input.
    # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
    nixos-generators = {
      url = "github:nix-community/nixos-generators";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    # Add sops-nix as an input for secret management.
    # See here: https://github.com/Mic92/sops-nix?tab=readme-ov-file#flakes-current-recommendation
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }:
    let
      system = "x86_64-linux";
      # Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support.
      shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
        shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
          # See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md
          configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ];
          buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ];
          # Use specific Shairport Sync and nqptp versions, since with those the
          # following error doesn't happen:
          # fatal error: The nqptp service on this system, which is required for
          # Shairport Sync to operate, does not seem to be initialised.
          #
          # Also use a more recent dev version to fix Pipewire stuttering issue.
          # See:
          # https://github.com/mikebrady/shairport-sync/issues/1736
          # https://github.com/mikebrady/shairport-sync/blob/a65ec2d7f1f380bbae196d7f8f1cd6a88ef5777b/RELEASENOTES-DEVELOPMENT.md#version-432-dev-51-g98679bbb
          src = final.fetchFromGitHub {
            owner = "mikebrady";
            repo = finalAttr.pname;
            rev = "98679bbb54f5aaeda859e34aa28425647b8d179e";
            hash = "sha256-k0kcgtWk2xlG34lP0ryEaqdskYMNM68YnIRLwFR3jaY=";
          };
        });
        nqptp = prev.nqptp.overrideAttrs (finalAttr: previousAttr: {
          # See Shairport Sync version note.
          src = final.fetchFromGitHub {
            owner = "mikebrady";
            repo = finalAttr.pname;
            rev = "1.2.4";
            hash = "sha256-roTNcr3v2kzE6vQ5plAVtlw1+2yJplltOYsGGibtoZo=";
          };
          # Custom install phase to avoid setcap.
          # See:
          # https://github.com/mikebrady/nqptp/blob/1.2.4/Makefile.am#L23
          installPhase = ''
            mkdir -p $out/bin
            cp nqptp $out/bin/
          '';
        });
      };
      pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
    in
    {
      nixosConfigurations = {
        audio-hauptraum-kueche = nixpkgs-unstable.lib.nixosSystem {
          inherit system;
          modules = [
            ./config/common
            ./config/proxmox-vm
            { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
            ./config/hosts/audio-hauptraum-kueche
          ];
        };

        audio-hauptraum-tafel = nixpkgs-unstable.lib.nixosSystem {
          inherit system;
          modules = [
            ./config/common
            ./config/proxmox-vm
            { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
            ./config/hosts/audio-hauptraum-tafel
          ];
        };

        esphome = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            ./config/common
            ./config/proxmox-vm
            ./config/hosts/esphome
          ];
        };

        public-reverse-proxy = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            ./config/common
            ./config/proxmox-vm
            ./config/hosts/public-reverse-proxy
          ];
        };

        netbox = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            ./config/common
            ./config/proxmox-vm
            sops-nix.nixosModules.sops
            ./config/hosts/netbox
          ];
        };

        matrix = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            ./config/common
            ./config/proxmox-vm
            sops-nix.nixosModules.sops
            ./config/hosts/matrix
          ];
        };

        public-web-static = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            ./config/common
            ./config/proxmox-vm
            sops-nix.nixosModules.sops
            ./config/hosts/public-web-static
          ];
        };

        git = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            ./config/common
            ./config/proxmox-vm
            sops-nix.nixosModules.sops
            ./config/hosts/git
          ];
          specialArgs = {
            inherit pkgs-unstable;
          };
        };

        forgejo-actions-runner = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            ./config/common
            ./config/proxmox-vm
            sops-nix.nixosModules.sops
            ./config/hosts/forgejo-actions-runner
          ];
        };

        ptouch-print-server = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            ./config/common
            ./config/proxmox-vm
            ./config/hosts/ptouch-print-server
          ];
        };

        eh22-wiki = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            ./config/common
            ./config/proxmox-vm
            ./config/hosts/eh22-wiki
          ];
        };

        nix-box-june = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            ./config/common
            ./config/proxmox-vm
            ./config/hosts/nix-box-june
          ];
        };

        yate = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            ./config/common
            ./config/proxmox-vm
            sops-nix.nixosModules.sops
            ./config/hosts/yate
          ];
        };
      };

      packages.x86_64-linux = {
        proxmox-nixos-template = nixos-generators.nixosGenerate {
          system = "x86_64-linux";
          modules = [
            ./config/nixos-generators/proxmox.nix
            ./config/common
            ./config/proxmox-vm
          ];
          format = "proxmox";
        };

        proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
          system = "x86_64-linux";
          modules = [
            ./config/nixos-generators/proxmox-chaosknoten.nix
            ./config/proxmox-chaosknoten-additional-initial-config.nix
            ./config/common
            ./config/proxmox-vm
          ];
          format = "proxmox";
        };
      };

      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
    };
}