nixos-config/flake.nix

{
  description = "Fudo Host Configuration";

  inputs = {
    nixpkgs.url = "nixpkgs/nixos-22.11";

    fudo-home = {
      url = "git+https://git.fudo.org/fudo-nix/home.git";
      # url = "path:/state/fudo-home";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    # This MUST be a clean git repo, because we use the timestamp.
    fudo-entities = {
      url = "git+https://git.fudo.org/fudo-nix/entities.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    fudo-lib = { url = "git+https://git.fudo.org/fudo-nix/lib.git"; };

    fudo-pkgs = { url = "git+https://git.fudo.org/fudo-nix/pkgs.git"; };

    fudo-secrets.url = "path:/secrets";

    chute.url = "git+https://git.fudo.org/chute/chute.git?ref=stable";

    chuteUnstable.url = "git+https://git.fudo.org/chute/chute.git?ref=master";

    pricebot.url = "git+https://git.fudo.org/fudo-public/pricebot.git";

    nixpkgsUnstable.url = "nixpkgs/nixos-unstable";

    nixpkgs2111.url = "nixpkgs/nixos-21.11";

    wallfly.url = "git+https://git.fudo.org/fudo-public/wallfly.git";

    objectifier.url = "git+https://git.fudo.org/fudo-public/objectifier.git";

    nexus.url = "git+https://git.fudo.org/fudo-public/nexus.git";

    suanni.url = "git+https://git.fudo.org/fudo-public/suanni.git";

    snooper.url = "git+https://git.fudo.org/fudo-public/snooper.git";

    tattler.url = "git+https://git.fudo.org/fudo-public/tattler.git";
  };

  outputs = { self, nixpkgs, fudo-home, fudo-lib, fudo-entities, fudo-pkgs
    , fudo-secrets, chute, chuteUnstable, nixpkgsUnstable, nixpkgs2111, pricebot
    , wallfly, objectifier, nexus, suanni, snooper, tattler, ... }@inputs:
    with nixpkgs.lib;
    let
      fudo-nixos-hosts = filterAttrs (hostname: hostOpts: hostOpts.nixos-system)
        fudo-entities.entities.hosts;

      fudo-networks = fudo-entities.entities.networks;

      unstable-for = arch:
        import nixpkgsUnstable {
          system = arch;
          config.allowUnfree = true;
        };

      pkgs-for = arch:
        let unstable = unstable-for arch;
        in import nixpkgs {
          system = arch;
          config = {
            allowUnfree = true;
            permittedInsecurePackages =
              [ "openssh-with-gssapi-8.4p1" "python3.10-certifi-2022.9.24" ];
          };
          overlays = [
            fudo-lib.overlay
            fudo-pkgs.overlays.default
            fudo-secrets.overlays.default
            fudo-entities.overlays.default
            (final: prev: {
              chute = chute.packages.${arch}.chute;
              chuteUnstable = chuteUnstable.packages.${arch}.chute;
            })
            (final: prev: {
              pkgs2111 = import nixpkgs2111 {
                system = arch;
                config.allowUnfree = true;
              };
              pkgsUnstable = unstable;
            })
            (final: prev: {
              signal-desktop = unstable.signal-desktop;
              factorio-experimental = unstable.factorio-experimental;
              factorio-headless-experimental =
                unstable.factorio-headless-experimental;
            })
          ];
        };

      latest-modified-timestamp = head (sort (a: b: a > b)
        (map (input: toInt input.lastModifiedDate)
          (filter (input: hasAttr "lastModifiedDate" input)
            (attrValues inputs))));

      concat-timestamp = timestamp: toInt (substring 0 10 (toString timestamp));

      common-host-config = hostname: hostOpts:
        let
          config-dir = ./config;
          build-timestamp = concat-timestamp latest-modified-timestamp;
        in { config, ... }: {
          imports = [
            fudo-home.nixosModules.default
            fudo-secrets.nixosModules.default
            fudo-lib.nixosModule
            fudo-entities.nixosModule
            pricebot.nixosModules.default
            wallfly.nixosModule
            objectifier.nixosModules.default
            suanni.nixosModules.default
            snooper.nixosModules.default
            tattler.nixosModules.default

            nexus.nixosModules.nexus-client
            nexus.nixosModules.nexus-server
            nexus.nixosModules.nexus-powerdns

            ./config
            (config-dir + "/hardware/${hostname}.nix")
            (config-dir + "/host-config/${hostname}.nix")
            (config-dir + "/profile-config/${hostOpts.profile}.nix")
            (config-dir + "/domain-config/${hostOpts.domain}.nix")
            (config-dir + "/site-config/${hostOpts.site}.nix")
          ];

          config = let pkgs = pkgs-for hostOpts.arch;
          in {
            instance = let
              build-seed =
                builtins.readFile config.fudo.secrets.files.build-seed;
            in { inherit hostname build-timestamp build-seed; };

            environment.etc.nixos-live.source = ./.;

            nix = {
              registry = {
                nixpkgs.flake = nixpkgs;
                fudo-nixos.flake = self;
                fudo-entities.flake = fudo-entities;
                fudo-lib.flake = fudo-lib;
                fudo-pkgs.flake = fudo-pkgs;
              };
              nixPath = let lib = nixpkgs.lib;
              in lib.mkDefault (lib.mkBefore [ "nixpkgs=${nixpkgs}" ]);
            };

            nixpkgs.pkgs = pkgs;
          };
        };

      nixos-host-config = hostname: hostOpts:
        let system = hostOpts.arch;
        in nixosSystem {
          inherit system;
          modules = [ (common-host-config hostname hostOpts) ];
        };

      nixops-host-config = hostname: hostOpts:
        let zone-hosts = fudo-entities.entities.zones.${hostOpts.domain}.hosts;
        in {
          imports = [
            (common-host-config hostname hostOpts)

            (_: {
              config.deployment.targetHost =
                zone-hosts.${hostname}.ipv4-address;
            })
          ];
        };

    in {
      nixosConfigurations = mapAttrs nixos-host-config fudo-nixos-hosts;
      nixopsHostConfigurations = mapAttrs nixops-host-config fudo-nixos-hosts;
    };
}