server-config/flake.nix

{
  description = "Flake for server muffin";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";

    lanzaboote = {
      url = "github:nix-community/lanzaboote";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    nixos-hardware.url = "github:NixOS/nixos-hardware/master";

    nix-minecraft = {
      url = "github:Infinidoge/nix-minecraft";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    vpn-confinement.url = "github:Maroka-chan/VPN-Confinement";

    home-manager = {
      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    srvos = {
      url = "github:nix-community/srvos";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    deploy-rs = {
      url = "github:serokell/deploy-rs";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    impermanence = {
      url = "github:nix-community/impermanence";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.home-manager.follows = "home-manager";
      inputs.darwin.follows = "";
    };

    senior_project-website = {
      url = "github:Titaniumtown/senior-project-website";
      flake = false;
    };

    website = {
      url = "git+https://git.sigkill.computer/titaniumtown/website";
      flake = false;
    };

    trackerlist = {
      url = "github:ngosang/trackerslist";
      flake = false;
    };

    ytbn-graphing-software = {
      url = "git+https://git.sigkill.computer/titaniumtown/YTBN-Graphing-Software";
    };

    arr-init = {
      url = "git+ssh://gitea@git.gardling.com/titaniumtown/arr-init";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs =
    {
      self,
      nixpkgs,
      nix-minecraft,
      nixos-hardware,
      vpn-confinement,
      home-manager,
      lanzaboote,
      disko,
      srvos,
      deploy-rs,
      impermanence,
      arr-init,
      ...
    }@inputs:
    let
      username = "primary";
      hostname = "muffin";
      eth_interface = "enp4s0";
      system = "x86_64-linux";

      service_configs = import ./service-configs.nix;

      pkgs = import nixpkgs {
        inherit system;
        targetPlatform = system;
        buildPlatform = builtins.currentSystem;
      };
      lib = import ./modules/lib.nix { inherit inputs pkgs service_configs; };
      testSuite = import ./tests/tests.nix {
        inherit pkgs lib inputs;
        config = self.nixosConfigurations.muffin.config;
      };
    in
    {
      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-tree;
      nixosConfigurations.${hostname} = lib.nixosSystem {
        inherit system;
        specialArgs = {
          inherit
            username
            hostname
            eth_interface
            service_configs
            inputs
            ;
        };
        modules = [
          # SAFETY! make sure no ports collide
          (
            { lib, ... }:
            {
              config.assertions = [
                {
                  assertion =
                    let
                      ports = lib.attrValues service_configs.ports;
                      uniquePorts = lib.unique ports;
                    in
                    (lib.length ports) == (lib.length uniquePorts);
                  message = "Duplicate ports detected in 'ports' configuration";
                }
              ];
            }
          )

          # sets up things like the watchdog
          srvos.nixosModules.server

          # diff terminal support
          srvos.nixosModules.mixins-terminfo

          ./disk-config.nix
          ./configuration.nix

          {
            nixpkgs.overlays = [
              nix-minecraft.overlay
              (import ./modules/overlays.nix)
            ];
            nixpkgs.config.allowUnfreePredicate =
              pkg:
              builtins.elem (nixpkgs.lib.getName pkg) [
                "minecraft-server"
              ];
          }

          lanzaboote.nixosModules.lanzaboote

          arr-init.nixosModules.default

          home-manager.nixosModules.home-manager
          (
            {
              home-manager,
              ...
            }:
            {
              home-manager.users.${username} = import ./modules/home.nix;
            }
          )
        ]
        ++ (with nixos-hardware.nixosModules; [
          common-cpu-amd-pstate
          common-cpu-amd-zenpower
          common-pc-ssd
          common-gpu-intel
        ]);
      };

      deploy.nodes.muffin = {
        hostname = "server-public";
        profiles.system = {
          sshUser = "root";
          user = "root";
          path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.muffin;
        };
      };

      checks.${system} = testSuite;

      packages.${system} = {
        tests = pkgs.linkFarm "all-tests" (
          pkgs.lib.mapAttrsToList (name: test: {
            name = name;
            path = test;
          }) testSuite
        );
      }
      // (pkgs.lib.mapAttrs' (name: test: {
        name = "test-${name}";
        value = test;
      }) testSuite);
    };
}