infrastructure/flake.nix

{
  description = "0x76's infrastructure";

  # For minecraft use:
  # * https://github.com/Infinidoge/nix-minecraft

  inputs = {
    nixpkgs.url = "nixpkgs/nixos-unstable-small";
    flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus";
    nur.url = "github:nix-community/NUR";
    colmena.url = "github:zhaofengli/colmena";
    deploy.url = "github:serokell/deploy-rs";
    vault-secrets.url = "github:serokell/vault-secrets";

    microvm.url = "github:astro/microvm.nix";

    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";

    mailserver.url = "git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git";
    mailserver.inputs.nixpkgs.follows = "nixpkgs";

    nixvim.url = "github:pta2002/nixvim";

    nixos-generators.url = "github:nix-community/nixos-generators";
    nixos-generators.inputs.nixpkgs.follows = "nixpkgs";

    nixos-hardware.url = "github:nixos/nixos-hardware";

    lanzaboote.url = "github:nix-community/lanzaboote";
    lanzaboote.inputs.nixpkgs.follows = "nixpkgs";

    vault-unseal.url = "git+https://git.0x76.dev/v/vault-unseal.git";
    vault-unseal.inputs.nixpkgs.follows = "nixpkgs";

    gnome-autounlock-keyring.url = "git+https://git.0x76.dev/v/gnome-autounlock-keyring.git";

    t.url = "github:jdonszelmann/t-rs";
    t.inputs.nixpkgs.follows = "nixpkgs";

    attic.url = "github:zhaofengli/attic";
    attic.inputs.nixpkgs.follows = "nixpkgs";

    catppuccin.url = "github:catppuccin/nix";

    essentials.url = "github:jdonszelmann/essentials";
    essentials.inputs.nixpkgs.follows = "nixpkgs";

    autostart.url = "github:Zocker1999NET/home-manager-xdg-autostart";

    hyprland-qtutils.url = "github:hyprwm/hyprland-qtutils";
  };

  outputs =
    {
      self,
      nixpkgs,
      flake-utils-plus,
      nur,
      attic,
      deploy,
      home-manager,
      gnome-autounlock-keyring,
      lanzaboote,
      t,
      catppuccin,
      ...
    }@inputs:
    let
      pkgs = self.pkgs.x86_64-linux.nixpkgs;
      apply-local = pkgs.writeShellScriptBin "apply-local" ''
        nh os switch --ask
      '';
    in
    flake-utils-plus.lib.mkFlake {
      # `self` and `inputs` arguments are required
      inherit self inputs;

      # Supported systems, used for packages, apps, devShell and multiple other definitions. Defaults to `flake-utils.lib.defaultSystems`.
      supportedSystems = [ "x86_64-linux" ];

      # Channels config
      channelsConfig = {
        allowUnfree = true;
        permittedInsecurePackages = [ "electron" ];
      };
      sharedOverlays = [
        (import ./pkgs)
        nur.overlays.default
      ];

      # host defaults
      hostDefaults = {
        system = "x86_64-linux";
        modules = [
          home-manager.nixosModules.home-manager
          gnome-autounlock-keyring.nixosModules.default
          catppuccin.nixosModules.catppuccin
          ./common
        ];

        specialArgs = {
          inherit self inputs home-manager;
        };
      };

      # hosts
      hosts = {
        "olympus.bastion" = {
          modules = [
            ./common/generic-vm.nix
            ./hosts/olympus/bastion
          ];
        };

        aoife = {
          modules = [
            lanzaboote.nixosModules.lanzaboote
            ./common/desktop
            ./hosts/thalassa/aoife
          ];
        };

        eevee = {
          modules = [
            ./common/desktop
            ./hosts/olympus/eevee
          ];
        };
      };

      # deploy-rs
      deploy = {
        user = "root";
        nodes = {
          "bastion-olympus" = {
            hostname = "bastion.olympus";
            fastConnection = true;
            remoteBuild = true;
            profiles = {
              system = {
                path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations."olympus.bastion";
              };
            };
          };

          aoife = {
            remoteBuild = true;
            fastConnection = true;
            hostname = "aoife";
            profiles.system.path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations.aoife;
          };

          eevee = {
            fastConnection = true;
            hostname = "eevee.olympus";
            profiles.system.path = deploy.lib.x86_64-linux.activate.nixos self.nixosConfigurations.eevee;
          };
        };
      };

      # Outputs
      outputsBuilder = channels: {
        devShells.default = channels.nixpkgs.mkShell {
          name = "devShell";
          VAULT_ADDR = "http://vault.olympus:8200/";
          FLAKE = "/home/vivian/src/infrastructure-new";
          packages = with pkgs; [
            # attic.packages.${system}.attic
            apply-local
            deploy.packages.${system}.deploy-rs
            deadnix
            statix
            vault
            yamllint
            jq
            fup-repl
            nh
            nixfmt-rfc-style
          ];
        };
      };

      # Checks
      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib // {
        x86_64-linux.mac = pkgs.stdenvNoCC.mkDerivation {
          name = "mac check";
          src = self;
          dontBuild = true;
          doCheck = true;
          checkPhase = ''
            echo "Hello World"
          '';
          installPhase = "mkdir $out";
        };
      };
    };
}