nix-infra/flake.nix

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
    nixpkgs-master.url = "github:NixOS/nixpkgs/master";
    nixos-generators = {
      url = "github:nix-community/nixos-generators";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
    pterodactyl = {
      url = "git+https://git.nekover.se/fi/pterodactyl.git";
    };
  };

  outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixos-generators, simple-nixos-mailserver, pterodactyl, ... }@inputs:
  let
    hosts = import ./hosts.nix inputs;
    helper = import ./helper.nix inputs;
  in {
    colmena = {
      meta = {
        # Set the default pkgs, which is pointless in this case,
        # because nodeNixpkgs is overriding it anyway and a default value is generated.
        # It is still needed for colmena to run.
        nixpkgs = nixpkgs.legacyPackages."x86_64-linux";

        # Specify nixpkgs to use for each host.
        # The default is "nixpkgs" for "x86_64-linux" systems,
        # but it is overridden by the host-specific "hostNixpkgs" and "system" attributes.
        nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts;

        specialArgs = {
          inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver pterodactyl;

          # Provide environment for secret key command
          keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ];
        };
      };
    } // builtins.mapAttrs (helper.generateColmenaHost) hosts;

    hydraJobs = {
      nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host {
        inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
      }) hosts;
    };

    # Generate a base VM image for Proxmox with `nix build .#base-proxmox`
    packages.x86_64-linux = {
      base-proxmox = nixos-generators.nixosGenerate {
        system = "x86_64-linux";
        modules = [
          ./config/common
          ./config/nixos-generators
          ./config/nixos-generators/proxmox.nix
          ./config/environments/proxmox-vm
        ];
        format = "proxmox";
      };
      base-openstack = nixos-generators.nixosGenerate {
        system = "x86_64-linux";
        modules = [
          ./config/common
          ./config/nixos-generators
          ./config/environments/openstack-vm
        ];
        format = "openstack";
      };
    };

    # Binary cache hint
    nixConfig = {
      extra-substituters = [
        "https://nix-cache.nekover.se"
      ];
      extra-trusted-public-keys = [
        "nix-cache.nekover.se:f/VfGqC5lctLzOa6pLLDmEkihcip4WYpYShlW3rivLU="
      ];
    };
  };
}