infra/flake.nix

{
  description = "Bagel cooking infrastructure";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    terranix.url = "github:terranix/terranix";

    agenix.url = "github:ryantm/agenix";
    agenix.inputs.nixpkgs.follows = "nixpkgs";

    colmena.url = "github:zhaofengli/colmena";
    colmena.inputs.nixpkgs.follows = "nixpkgs";

    hydra.url = "git+https://git.lix.systems/the-distro/hydra.git";
    hydra.inputs.nixpkgs.follows = "nixpkgs";

    nix-gerrit.url = "git+https://git.lix.systems/the-distro/nix-gerrit.git";
    nix-gerrit.inputs.nixpkgs.follows = "nixpkgs";

    buildbot-nix.url = "git+https://git.lix.systems/lix-project/buildbot-nix.git?ref=refs/heads/non-flakes";
    buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";

    lix.follows = "hydra/lix";

    grapevine = {
      type = "gitlab";
      host = "gitlab.computer.surgery";
      owner = "matrix";
      repo = "grapevine-fork";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
    pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
  };

  outputs =
    {
      self,
      nixpkgs,
      terranix,
      colmena,
      pre-commit-hooks,
      ...
    }@inputs:
    let
      supportedSystems = [
        "x86_64-linux"
        "aarch64-linux"
      ];
      forEachSystem =
        f:
        builtins.listToAttrs (
          map (system: {
            name = system;
            value = f system;
          }) supportedSystems
        );
      systemBits = forEachSystem (system: rec {
        inherit system;
        pkgs = import nixpkgs {
          localSystem = system;
          overlays = [
            inputs.hydra.overlays.default
            inputs.lix.overlays.default
            inputs.nix-gerrit.overlays.default
          ];
        };
        terraform = pkgs.opentofu;
        terraformCfg = terranix.lib.terranixConfiguration {
          inherit system;
          modules = [
            ./terraform
            {
              bagel.gandi.enable = true;
              bagel.hydra.enable = true;
            }
          ];
        };
      });
      forEachSystem' = f: forEachSystem (system: (f systemBits.${system}));
      inherit (nixpkgs) lib;
    in
    {
      apps = forEachSystem' (
        {
          system,
          pkgs,
          terraformCfg,
          terraform,
          ...
        }:
        {
          tf = {
            type = "app";
            program = toString (
              pkgs.writers.writeBash "tf" ''
                set -eo pipefail
                ln -snf ${terraformCfg} config.tf.json
                exec ${lib.getExe terraform} "$@"
              ''
            );
          };

          default = self.apps.${system}.tf;
        }
      );

      devShells = forEachSystem' (
        { system, pkgs, ... }:
        {
          default = pkgs.mkShell {
            packages = [
              inputs.agenix.packages.${system}.agenix

              pkgs.opentofu

              (pkgs.callPackage ./lib/colmena-wrapper.nix { })
            ];

            inherit (inputs.self.checks.${system}.pre-commit) shellHook;
          };
        }
      );

      checks = forEachSystem' (
        { system, pkgs, ... }:
        {
          pre-commit = pre-commit-hooks.lib.${system}.run {
            src = ./.;
            hooks.nixfmt = {
              enable = true;
              package = pkgs.nixfmt-rfc-style;
            };
          };
        }
      );

      nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes;

      colmena =
        let
          commonModules = [
            inputs.agenix.nixosModules.default
            inputs.hydra.nixosModules.hydra
            inputs.buildbot-nix.nixosModules.buildbot-coordinator
            inputs.buildbot-nix.nixosModules.buildbot-worker

            ./services
            ./common
          ];

          makeBuilder =
            i:
            lib.nameValuePair "builder-${toString i}" {
              imports = commonModules;
              bagel.baremetal.builders = {
                enable = true;
                num = i;
                netboot = i >= 6;
              };
            };

          builders = lib.listToAttrs (lib.genList makeBuilder 12);
        in
        {
          meta.nixpkgs = systemBits.x86_64-linux.pkgs;
          meta.specialArgs.inputs = inputs;

          bagel-box.imports = commonModules ++ [ ./hosts/bagel-box ];
          meta01.imports = commonModules ++ [ ./hosts/meta01 ];
          gerrit01.imports = commonModules ++ [ ./hosts/gerrit01 ];
          fodwatch.imports = commonModules ++ [ ./hosts/fodwatch ];
          git.imports = commonModules ++ [ ./hosts/git ];
          wob-vpn-gw.imports = commonModules ++ [ ./hosts/wob-vpn-gw ];
          buildbot.imports = commonModules ++ [ ./hosts/buildbot ];
          public01.imports = commonModules ++ [ ./hosts/public01 ];
        }
        // builders;

      hydraJobs = builtins.mapAttrs (
        n: v: v.config.system.build.netbootDir or v.config.system.build.toplevel
      ) self.nixosConfigurations;
      buildbotJobs = builtins.mapAttrs (_: v: v.config.system.build.toplevel) self.nixosConfigurations;
    };
}