black-start/flake.nix

{
  description = "Black Start essential infrastructure for cloud operations";

  nixConfig = {
    substituters = [
      "https://nix-cache.dubyatp.xyz/duby"
      "https://cache.nixos.org/"
    ];

    trusted-public-keys = [
      "duby:IUVsFbQu499JOaHmUpi/mwhZEVQK7soFn7H6lD2/2T4="
      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
    ];
  };

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";

    disko = {
      url = "github:nix-community/disko/v1.13.0";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, disko, sops-nix, ... }:
  {
    nixosConfigurations = {
      weyma-bs = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          disko.nixosModules.disko
          { disko.devices.disk.main.device = "/dev/vda"; }
          ./common/core.nix
          ./security/security.nix
          ./disko/uefi-nosecure.nix
          ./users/users.nix
          ./kubernetes/kubernetes.nix
          {
            config.boot = {
              loader = {
                systemd-boot = {
                  enable = true;
                };

                efi = {
                  canTouchEfiVariables = false;
                };
                timeout = 5;
              };
              initrd = {
                verbose = false;
                systemd.enable = true;
              };
            };
            config.fileSystems = {
              "/" = {
                options = ["noatime" "nodiratime" "discard"];
              };
            };
            options.my.hostname = nixpkgs.lib.mkOption {
              type = nixpkgs.lib.types.str;
              default = "weyma-bs";
              description = "Machine hostname";
            };
          }
          ({config, lib, pkgs, modulesPath, ...}: {
            imports = [(modulesPath + "/profiles/qemu-guest.nix")];
            boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "sr_mod" "virtio_blk" ];
            boot.initrd.kernelModules = [ ];
            boot.kernelModules = [ "kvm-intel" ];
            boot.extraModulePackages = [ ];
            swapDevices = [ ];
            nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
          })
        ];
        specialArgs = {
          inputs = {
            inherit self nixpkgs disko sops-nix;
          };
        };
      };
    };

    packages.x86_64-linux.attic = nixpkgs.legacyPackages.x86_64-linux.attic-client;
  };
}