{ inputs = { agenix.url = "github:ryantm/agenix"; disko.url = "github:nix-community/disko"; nixpkgs.url = "github:nixos/nixpkgs/release-24.11"; }; outputs = inputs@{ nixpkgs, ... }: let system = "x86_64-linux"; inherit (nixpkgs) lib; in { nixosConfigurations = let ## NOTE: All of these secrets are publicly available in this source file ## and will end up in the Nix store. We don't care as they are only ever ## used for testing anyway. ## ## FIXME: Generate and store in NixOps4's state. mastodonS3KeyConfig = { pkgs, ... }: { s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK3515373e4c851ebaad366558"; s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34"; }; peertubeS3KeyConfig = { pkgs, ... }: { s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK1f9feea9960f6f95ff404c9b"; s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7295c4201966a02c2c3d25b5cea4a5ff782966a2415e3a196f91924631191395"; }; pixelfedS3KeyConfig = { pkgs, ... }: { s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GKb5615457d44214411e673b7b"; s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987"; }; in lib.mapAttrs ( _: module: lib.nixosSystem { inherit system; specialArgs = { inherit system inputs; }; modules = [ inputs.disko.nixosModules.default inputs.agenix.nixosModules.default ../services/fediversity ./resource.nix module { nixpkgs = { inherit system; }; } ( { pkgs, terraform, ... }: let inherit (terraform) hostname; in { imports = [ # FIXME: get VM details from TF ../infra/test-machines/${hostname} ]; fediversityVm.name = hostname; fediversity = { inherit (terraform) domain; temp.initialUser = { inherit (terraform.initialUser) username email displayName; # FIXME: disgusting, but nvm, this is going to be replaced by # proper central authentication at some point passwordFile = pkgs.writeText "password" terraform.initialUser.password; }; }; } ) ]; } ) { garage = { pkgs, ... }: { fediversity = { garage.enable = true; pixelfed = pixelfedS3KeyConfig { inherit pkgs; }; mastodon = mastodonS3KeyConfig { inherit pkgs; }; peertube = peertubeS3KeyConfig { inherit pkgs; }; }; }; mastodon = { pkgs, ... }: { fediversity = { mastodon = mastodonS3KeyConfig { inherit pkgs; } // { enable = true; }; temp.cores = 1; # FIXME: should come from NixOps4 eventually }; }; peertube = { pkgs, ... }: { fediversity = { peertube = peertubeS3KeyConfig { inherit pkgs; } // { enable = true; ## NOTE: Only ever used for testing anyway. ## ## FIXME: Generate and store in NixOps4's state. secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24"; }; }; }; pixelfed = { pkgs, ... }: { fediversity = { pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // { enable = true; }; }; }; }; }; }