feat: add NixOS module for deployment

- Create nix/module.nix with comprehensive systemd service - Support both relayOwnerNsecFile and relayOwnerNsec options - Auto-generate nsec if neither specified - Add security hardening (NoNewPrivileges, ProtectSystem, etc.) - Expose as nixosModules.default and nixosModules.ngit-grasp - Include example configuration in nix/example-configuration.nix - Add outputHashes for nostr git dependency
author: DanConwayDev <DanConwayDev@protonmail.com> 2026-01-10 21:55:28 +0000
committer: DanConwayDev <DanConwayDev@protonmail.com> 2026-01-10 21:55:28 +0000
commit: 8536be07962ee6b23ecca0f1c084db11a3c104e0 (patch)
tree: eb53898684353527958a6ff3ae16c5cd19df8c56 /flake.nix
parent: a9ff76e7e294fb54ae3a6876bca3e30ac6a5bdef (diff)
1 files changed, 22 insertions, 25 deletions
diff --git a/flake.nix b/flake.nix
index 6edab71..71749b9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -8,28 +8,20 @@
  };
  outputs = { self, nixpkgs, rust-overlay, flake-utils }:
-    flake-utils.lib.eachDefaultSystem (system:
+    (flake-utils.lib.eachDefaultSystem (system:
      let
        overlays = [ (import rust-overlay) ];
-        pkgs = import nixpkgs {
+        pkgs = import nixpkgs { inherit system overlays; };
-          inherit system overlays;
-        };
-        
        rustToolchain = pkgs.rust-bin.stable.latest.default.override {
          extensions = [ "rust-src" "rust-analyzer" ];
        };
-      in
+      in {
-      {
        devShells.default = pkgs.mkShell {
-          buildInputs = with pkgs; [
+          buildInputs = with pkgs; [ rustToolchain pkg-config openssl git ];
-            rustToolchain
-            pkg-config
-            openssl
-            git
-          ];
          RUST_SRC_PATH = "${rustToolchain}/lib/rustlib/src/rust/library";
-          
          shellHook = ''
            echo "🚀 ngit-grasp development environment"
            echo "Rust version: $(rustc --version)"
@@ -46,16 +38,21 @@
          pname = "ngit-grasp";
          version = "0.1.0";
          src = ./.;
-          cargoLock.lockFile = ./Cargo.lock;
+          cargoLock = {
-          
+            lockFile = ./Cargo.lock;
-          nativeBuildInputs = with pkgs; [
+            outputHashes = {
-            pkg-config
+              "nostr-0.44.1" =
-          ];
+                "sha256-02cawkx6bxfi3bn1sb5ws8cn9wzcwsk8cdv1vx8h8lad1jdic1qg";
-          
+            };
-          buildInputs = with pkgs; [
+          };
-            openssl
-          ];
+          nativeBuildInputs = with pkgs; [ pkg-config ];
+          buildInputs = with pkgs; [ openssl ];
        };
-      }
+      })) // {
-    );
+        # NixOS module for deployment
+        nixosModules.default = import ./nix/module.nix;
+        nixosModules.ngit-grasp = self.nixosModules.default;
+      };
 }
author	DanConwayDev <DanConwayDev@protonmail.com>	2026-01-10 21:55:28 +0000
committer	DanConwayDev <DanConwayDev@protonmail.com>	2026-01-10 21:55:28 +0000
commit	8536be07962ee6b23ecca0f1c084db11a3c104e0 (patch)
tree	eb53898684353527958a6ff3ae16c5cd19df8c56 /flake.nix
parent	a9ff76e7e294fb54ae3a6876bca3e30ac6a5bdef (diff)

diff --git a/flake.nix b/flake.nix index 6edab71..71749b9 100644 --- a/flake.nix +++ b/flake.nix
@@ -8,28 +8,20 @@
8	};	8	};
9		9
10	outputs = { self, nixpkgs, rust-overlay, flake-utils }:	10	outputs = { self, nixpkgs, rust-overlay, flake-utils }:
11	flake-utils.lib.eachDefaultSystem (system:	11	(flake-utils.lib.eachDefaultSystem (system:
12	let	12	let
13	overlays = [ (import rust-overlay) ];	13	overlays = [ (import rust-overlay) ];
14	pkgs = import nixpkgs {	14	pkgs = import nixpkgs { inherit system overlays; };
15	inherit system overlays;	15
16	};
17
18	rustToolchain = pkgs.rust-bin.stable.latest.default.override {	16	rustToolchain = pkgs.rust-bin.stable.latest.default.override {
19	extensions = [ "rust-src" "rust-analyzer" ];	17	extensions = [ "rust-src" "rust-analyzer" ];
20	};	18	};
21	in	19	in {
22	{
23	devShells.default = pkgs.mkShell {	20	devShells.default = pkgs.mkShell {
24	buildInputs = with pkgs; [	21	buildInputs = with pkgs; [ rustToolchain pkg-config openssl git ];
25	rustToolchain
26	pkg-config
27	openssl
28	git
29	];
30		22
31	RUST_SRC_PATH = "${rustToolchain}/lib/rustlib/src/rust/library";	23	RUST_SRC_PATH = "${rustToolchain}/lib/rustlib/src/rust/library";
32		24
33	shellHook = ''	25	shellHook = ''
34	echo "🚀 ngit-grasp development environment"	26	echo "🚀 ngit-grasp development environment"
35	echo "Rust version: $(rustc --version)"	27	echo "Rust version: $(rustc --version)"
@@ -46,16 +38,21 @@
46	pname = "ngit-grasp";	38	pname = "ngit-grasp";
47	version = "0.1.0";	39	version = "0.1.0";
48	src = ./.;	40	src = ./.;
49	cargoLock.lockFile = ./Cargo.lock;	41	cargoLock = {
50		42	lockFile = ./Cargo.lock;
51	nativeBuildInputs = with pkgs; [	43	outputHashes = {
52	pkg-config	44	"nostr-0.44.1" =
53	];	45	"sha256-02cawkx6bxfi3bn1sb5ws8cn9wzcwsk8cdv1vx8h8lad1jdic1qg";
54		46	};
55	buildInputs = with pkgs; [	47	};
56	openssl	48
57	];	49	nativeBuildInputs = with pkgs; [ pkg-config ];
		50
		51	buildInputs = with pkgs; [ openssl ];
58	};	52	};
59	}	53	})) // {
60	);	54	# NixOS module for deployment
		55	nixosModules.default = import ./nix/module.nix;
		56	nixosModules.ngit-grasp = self.nixosModules.default;
		57	};
61	}	58	}