flake.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

{
  description = ''
    A tool to manage credentials and other secrets as mutable state within a NixOS environment,
    consisting of a Rust executable, NixOS configuration, and associated documentation.
    Published as part of the Small Tech Kit, ISL's public resource for small organizations
    that want to host their own infrastructure, but usable independently.
  '';

  inputs = {
    nixpkgs = {
      type = "github";
      owner = "NixOS";
      repo = "nixpkgs";
      ref = "nixos-25.05";
    };

    crane = {
      type = "github";
      owner = "ipetkov";
      repo = "crane";
    };
  };

  outputs = { self, nixpkgs, crane }:
  let supportedSystems = [ "aarch64-linux" "x86_64-linux" ];
      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
      nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; });
  in {
    nixosModules.default = { ... }: {
      imports = [
        # Please note that checks.nix also directly references options.nix,
        # so if you add anything else to these imports, also add it in
        # checks.nix.
        ./options.nix
      ];
    };

    packages = forAllSystems (system: let pkgs = nixpkgsFor.${system}; in {
      default = (crane.mkLib pkgs).buildPackage {
        src = ./.;
      };
    });

    devShells = forAllSystems (system: let pkgs = nixpkgsFor.${system}; in {
      default = pkgs.mkShell {
        nativeBuildInputs = with pkgs; [
          cargo
          rustc
        ];
      };
    });

    # The checks are quite verbose, so they're in a separate file.
    checks = forAllSystems (system:
                 let pkgs = nixpkgsFor.${system};
                 in import ./checks.nix {
                   inherit pkgs self system;
                 });
  };
}