{ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; flake-parts.url = "github:hercules-ci/flake-parts"; git-hooks.url = "github:cachix/git-hooks.nix"; agenix.url = "github:ryantm/agenix"; disko.url = "github:nix-community/disko"; nixops4.url = "github:nixops4/nixops4"; nixops4-nixos.url = "github:nixops4/nixops4/eval"; }; outputs = inputs@{ flake-parts, ... }: flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; imports = [ inputs.git-hooks.flakeModule inputs.nixops4-nixos.modules.flake.default ./deployment/flake-part.nix ./infra/flake-part.nix ./keys/flake-part.nix ./services/flake-part.nix ./secrets/flake-part.nix ]; perSystem = { config, pkgs, inputs', ... }: { formatter = pkgs.nixfmt-rfc-style; pre-commit.settings.hooks = ## Not everybody might want pre-commit hooks, so we make them ## opt-in. Maybe one day we will decide to have them everywhere. let inherit (builtins) concatStringsSep; optin = [ "deployment" "infra" "keys" "secrets" "services" ]; files = "^((" + concatStringsSep "|" optin + ")/.*\\.nix|[^/]*\\.nix)$"; in { nixfmt-rfc-style = { enable = true; inherit files; }; deadnix = { enable = true; inherit files; }; trim-trailing-whitespace = { enable = true; inherit files; }; }; devShells.default = pkgs.mkShell { packages = [ pkgs.nil inputs'.agenix.packages.default inputs'.nixops4.packages.default ]; shellHook = config.pre-commit.installationScript; }; }; }; }