nixos-systems/system.nix

{ configFiles, configuration, disko, home-manager, inputs, nixpkgs, nixvim, roles, sops-nix, system, timecard-bot, ... }:
let 
	allowed-unfree-packages = [
		"corefonts"
		"mongodb"
	];
in nixpkgs.lib.nixosSystem {
	modules = [
		inputs.authentik-nix.nixosModules.default
		disko.nixosModules.disko
		home-manager.nixosModules.home-manager
		{
			home-manager.extraSpecialArgs = { inherit configFiles inputs; };
			home-manager.sharedModules = [
				nixvim.homeModules.nixvim
				./modules/home/nixvim.nix
			];
			home-manager.useGlobalPkgs = true;
			home-manager.useUserPackages = true;
		}
		configuration
		./modules
		sops-nix.nixosModules.sops {
			sops = {
				age.generateKey = true;
				age.keyFile = "/var/libs/sops-nix/key.txt";
				age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
				defaultSopsFile = ./secrets/secrets.yaml;
			};
		}
		./users
	] ++ roles;
	pkgs = import nixpkgs {
		config = {
			allowUnfreePredicate = pkg: builtins.elem (nixpkgs.lib.getName pkg) allowed-unfree-packages;
		};
		system = "${system}";
	};
	specialArgs = {
		inherit configFiles inputs timecard-bot;
	};
	system = "${system}";
}
Pass authentik-nix through as an input We aren't operating on it, just passing it through, so no need to manually enumerate it on every pass-through point. 2025-10-07 16:51:26 +00:00			`{ configFiles, configuration, disko, home-manager, inputs, nixpkgs, nixvim, roles, sops-nix, system, timecard-bot, ... }:`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`let`
			`allowed-unfree-packages = [`
			`"corefonts"`
			`"mongodb"`
			`];`
			`in nixpkgs.lib.nixosSystem {`
			`modules = [`
Pass authentik-nix through as an input We aren't operating on it, just passing it through, so no need to manually enumerate it on every pass-through point. 2025-10-07 16:51:26 +00:00			`inputs.authentik-nix.nixosModules.default`
Attempt to make new corp hardware the definitive corp hardware This is...a big change. If I run this on the old corp server it will break a lot, LOT of stuff. So don't do that. This is also the first time I'm attempting to use disko to fully define a server in a single step rather than as a bootstrapping step. 2025-09-08 20:36:59 +00:00			`disko.nixosModules.disko`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`home-manager.nixosModules.home-manager`
			`{`
Pass authentik-nix through as an input We aren't operating on it, just passing it through, so no need to manually enumerate it on every pass-through point. 2025-10-07 16:51:26 +00:00			`home-manager.extraSpecialArgs = { inherit configFiles inputs; };`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`home-manager.sharedModules = [`
Remove warning from nixvim 2026-01-07 03:25:55 +00:00			`nixvim.homeModules.nixvim`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`./modules/home/nixvim.nix`
			`];`
			`home-manager.useGlobalPkgs = true;`
			`home-manager.useUserPackages = true;`
			`}`
			`configuration`
			`./modules`
			`sops-nix.nixosModules.sops {`
			`sops = {`
			`age.generateKey = true;`
			`age.keyFile = "/var/libs/sops-nix/key.txt";`
			`age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];`
			`defaultSopsFile = ./secrets/secrets.yaml;`
			`};`
			`}`
			`./users`
Add system definition for nocix-amd-legacy-hexcore 2025-10-07 16:35:12 +00:00			`] ++ roles;`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`pkgs = import nixpkgs {`
			`config = {`
			`allowUnfreePredicate = pkg: builtins.elem (nixpkgs.lib.getName pkg) allowed-unfree-packages;`
			`};`
			`system = "${system}";`
			`};`
			`specialArgs = {`
Pass authentik-nix through as an input We aren't operating on it, just passing it through, so no need to manually enumerate it on every pass-through point. 2025-10-07 16:51:26 +00:00			`inherit configFiles inputs timecard-bot;`
Move common system code into a dedicated file Remove a lot of copy-pasting 2025-08-15 16:35:41 +00:00			`};`
			`system = "${system}";`
			`}`