nixops/seattle/flake.nix

{
  description = "Definition of the Seattle NixOps network.";

  inputs = {
    nixpkgs.url = "nixpkgs/nixos-21.05";

    fudo-home.url = "path:../fudo-home";

    fudo-secrets.url = "path:/state/secrets";

    fudo-pkgs.url = "path:../fudo-pkgs";

    # fudo-pkgs.url = "path:/state/nixos/fudo-pkgs";

    fudo-nixos = {
      url = "path:../fudo-nixos";
      # Don't import it as a flake
      flake = false;
    };
  };

  outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let
    domain = "sea.fudo.org";
    site = "seattle";

    build-timestamp = self.sourceInfo.lastModified;

    hostlib = import (fudo-nixos + /lib/hosts.nix) { lib = nixpkgs.lib; };

    hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts:
      hostOpts.nixos-system && hostOpts.site == site)
      (hostlib.base-host-config (fudo-nixos + /config/hosts));

    network-hosts = (import (fudo-nixos + /config/networks/${domain}.nix)).hosts;

    pkgs-for = system: import nixpkgs {
      inherit system;
      config = {
        allowUnfree = true;
        permittedInsecurePackages = [
          "openssh-with-gssapi-8.4p1"
        ];
      };
      overlays = [
        fudo-pkgs.overlay
        (import (fudo-nixos + "/lib/overlay.nix"))
      ];
    };

    initialize-host = import (fudo-nixos + /initialize.nix);

  in {
    nixopsConfigurations.default = {
      inherit nixpkgs;

      network = {
        description = "Seattle NixOps network.";
        enableRollback = true;
      };
    } // (nixpkgs.lib.mapAttrs (hostname: hostOpts: let
      system = hostOpts.arch;
      profile = hostOpts.profile;
    in { config, pkgs, lib, ... }: {
      imports = [
        fudo-home.nixosModule
        fudo-secrets.nixosModule
        (initialize-host {
          inherit hostname build-timestamp site domain profile config pkgs lib;
        })
      ];

      nixpkgs.pkgs = pkgs-for system;

      deployment.targetHost = network-hosts.${hostname}.ipv4-address;
    }) hosts);
  };
}