deployments/common/deployment.nix

{ inputs, deployment-hosts, description, enable-rollback ? true, ... }:
with inputs.nixpkgs.lib;
let
  network-config = {
    nixpkgs = inputs.nixpkgs;
    network = {
      inherit description;
      enableRollback = enable-rollback;

      storage.legacy = { databasefile = "~/.nixops/deployments.nixops"; };
    };
  };

  host-config = hostname:
    inputs.fudo-nixos.nixopsHostConfigurations.${hostname};

  host-ip = hostname: domain:
    let zone-hosts = inputs.fudo-entities.entities.zones.${domain}.hosts;
    in zone-hosts.${hostname}.ipv4-address;

  host-uber-secrets = hostname:
    { config, ... }:
    let uber-secrets = config.fudo.secrets.files.host-filesystem-keys;
    in {
      config.deployment.keys = mkIf (hasAttr hostname uber-secrets) (mapAttrs
        (secret: secret-file: {
          keyFile = secret-file;
          user = "root";
          permissions = "0400";
        }) uber-secrets.${hostname});
    };

in network-config // (mapAttrs (hostname: hostOpts: {
  imports = [ (host-config hostname) (host-uber-secrets hostname) ];

  deployment.targetHost = host-ip hostname hostOpts.domain;
}) deployment-hosts)