nixos-systems/system.nix

{ configuration, inputs, nixpkgs, roles ? [], system}:
let
	allowed-unfree-packages = [
		"corefonts"
		"google-chrome"
		"mongodb"
	];
	
	configFiles = nixpkgs.legacyPackages.${system}.stdenv.mkDerivation {
		name = "config-files";
		src = ./configs;
		installPhase = ''
			mkdir -p $out
			cp -r * $out/
		'';
	};
	
	pkgs = import nixpkgs {
		inherit system;
		config = {
			allowUnfreePredicate = pkg: 
				builtins.elem (nixpkgs.lib.getName pkg) allowed-unfree-packages;
		};
	};
in
nixpkgs.lib.nixosSystem {
	inherit system pkgs;
	
	specialArgs = {
		inherit inputs configFiles;
	};
	
	modules = [
		configuration
		inputs.authentik-nix.nixosModules.default
		inputs.disko.nixosModules.disko
		inputs.home-manager.nixosModules.home-manager
		{
			home-manager.extraSpecialArgs = { inherit configFiles inputs; };
			home-manager.sharedModules = [
				inputs.nixvim.homeModules.nixvim
				./modules/home/nixvim.nix
			];
			home-manager.useGlobalPkgs = true;
			home-manager.useUserPackages = true;
		}
		inputs.sops-nix.nixosModules.sops
		{
			sops = {
				age.generateKey = true;
				age.keyFile = "/var/lib/sops-nix/key.txt";
				age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
				defaultSopsFile = ./secrets/secrets.yaml;
			};
		}
		./modules
		./users
	] ++ roles;
}
Add nix-unstable for LLM within our main flake This is a pretty big refactor of the way systems work, but it avoids bifurcating further. At this commit point I actually used nixos-anywhere on the staging server and it came out okay, which is encouraging. 2026-05-09 00:17:11 +00:00			`{ configuration, inputs, nixpkgs, roles ? [], system}:`
			`let`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`allowed-unfree-packages = [`
			`"corefonts"`
Deploy nidus sync 0.0.12, with mailer support. 2026-04-18 00:02:06 +00:00			`"google-chrome"`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`"mongodb"`
			`];`
Add nix-unstable for LLM within our main flake This is a pretty big refactor of the way systems work, but it avoids bifurcating further. At this commit point I actually used nixos-anywhere on the staging server and it came out okay, which is encouraging. 2026-05-09 00:17:11 +00:00
			`configFiles = nixpkgs.legacyPackages.${system}.stdenv.mkDerivation {`
			`name = "config-files";`
			`src = ./configs;`
			`installPhase = ''`
			`mkdir -p $out`
			`cp -r * $out/`
			`'';`
			`};`

			`pkgs = import nixpkgs {`
			`inherit system;`
			`config = {`
			`allowUnfreePredicate = pkg:`
			`builtins.elem (nixpkgs.lib.getName pkg) allowed-unfree-packages;`
			`};`
			`};`
			`in`
			`nixpkgs.lib.nixosSystem {`
			`inherit system pkgs;`

			`specialArgs = {`
			`inherit inputs configFiles;`
			`};`

Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`modules = [`
Add nix-unstable for LLM within our main flake This is a pretty big refactor of the way systems work, but it avoids bifurcating further. At this commit point I actually used nixos-anywhere on the staging server and it came out okay, which is encouraging. 2026-05-09 00:17:11 +00:00			`configuration`
Pass authentik-nix through as an input We aren't operating on it, just passing it through, so no need to manually enumerate it on every pass-through point. 2025-10-07 16:51:26 +00:00			`inputs.authentik-nix.nixosModules.default`
Add nix-unstable for LLM within our main flake This is a pretty big refactor of the way systems work, but it avoids bifurcating further. At this commit point I actually used nixos-anywhere on the staging server and it came out okay, which is encouraging. 2026-05-09 00:17:11 +00:00			`inputs.disko.nixosModules.disko`
			`inputs.home-manager.nixosModules.home-manager`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`{`
Pass authentik-nix through as an input We aren't operating on it, just passing it through, so no need to manually enumerate it on every pass-through point. 2025-10-07 16:51:26 +00:00			`home-manager.extraSpecialArgs = { inherit configFiles inputs; };`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`home-manager.sharedModules = [`
Add nix-unstable for LLM within our main flake This is a pretty big refactor of the way systems work, but it avoids bifurcating further. At this commit point I actually used nixos-anywhere on the staging server and it came out okay, which is encouraging. 2026-05-09 00:17:11 +00:00			`inputs.nixvim.homeModules.nixvim`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`./modules/home/nixvim.nix`
			`];`
			`home-manager.useGlobalPkgs = true;`
			`home-manager.useUserPackages = true;`
			`}`
Add nix-unstable for LLM within our main flake This is a pretty big refactor of the way systems work, but it avoids bifurcating further. At this commit point I actually used nixos-anywhere on the staging server and it came out okay, which is encouraging. 2026-05-09 00:17:11 +00:00			`inputs.sops-nix.nixosModules.sops`
			`{`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`sops = {`
			`age.generateKey = true;`
Add nix-unstable for LLM within our main flake This is a pretty big refactor of the way systems work, but it avoids bifurcating further. At this commit point I actually used nixos-anywhere on the staging server and it came out okay, which is encouraging. 2026-05-09 00:17:11 +00:00			`age.keyFile = "/var/lib/sops-nix/key.txt";`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];`
			`defaultSopsFile = ./secrets/secrets.yaml;`
			`};`
			`}`
Add nix-unstable for LLM within our main flake This is a pretty big refactor of the way systems work, but it avoids bifurcating further. At this commit point I actually used nixos-anywhere on the staging server and it came out okay, which is encouraging. 2026-05-09 00:17:11 +00:00			`./modules`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`./users`
Add system definition for nocix-amd-legacy-hexcore 2025-10-07 16:35:12 +00:00			`] ++ roles;`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`}`