{ description = "Bagel cooking infrastructure"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; terranix.url = "github:terranix/terranix"; agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; colmena.url = "github:zhaofengli/colmena"; colmena.inputs.nixpkgs.follows = "nixpkgs"; hydra.url = "git+https://git.lix.systems/the-distro/hydra.git"; hydra.inputs.nixpkgs.follows = "nixpkgs"; nix-gerrit.url = "git+https://git.lix.systems/the-distro/nix-gerrit.git"; nix-gerrit.inputs.nixpkgs.follows = "nixpkgs"; buildbot-nix.url = "git+https://git.lix.systems/lix-project/buildbot-nix.git?ref=refs/heads/non-flakes"; buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; lix.follows = "hydra/lix"; grapevine = { type = "gitlab"; host = "gitlab.computer.surgery"; owner = "matrix"; repo = "grapevine-fork"; inputs.nixpkgs.follows = "nixpkgs"; }; pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { self, nixpkgs, terranix, colmena, pre-commit-hooks, ... }@inputs: let supportedSystems = [ "x86_64-linux" "aarch64-linux" ]; forEachSystem = f: builtins.listToAttrs ( map (system: { name = system; value = f system; }) supportedSystems ); systemBits = forEachSystem (system: rec { inherit system; pkgs = import nixpkgs { localSystem = system; overlays = [ inputs.hydra.overlays.default inputs.lix.overlays.default inputs.nix-gerrit.overlays.default ]; }; terraform = pkgs.opentofu; terraformCfg = terranix.lib.terranixConfiguration { inherit system; modules = [ ./terraform { bagel.gandi.enable = true; bagel.hydra.enable = true; } ]; }; }); forEachSystem' = f: forEachSystem (system: (f systemBits.${system})); inherit (nixpkgs) lib; in { apps = forEachSystem' ( { system, pkgs, terraformCfg, terraform, ... }: { tf = { type = "app"; program = toString ( pkgs.writers.writeBash "tf" '' set -eo pipefail ln -snf ${terraformCfg} config.tf.json exec ${lib.getExe terraform} "$@" '' ); }; default = self.apps.${system}.tf; } ); devShells = forEachSystem' ( { system, pkgs, ... }: { default = pkgs.mkShell { packages = [ inputs.agenix.packages.${system}.agenix pkgs.opentofu (pkgs.callPackage ./lib/colmena-wrapper.nix { }) ]; inherit (inputs.self.checks.${system}.pre-commit) shellHook; }; } ); checks = forEachSystem' ( { system, pkgs, ... }: { pre-commit = pre-commit-hooks.lib.${system}.run { src = ./.; hooks.nixfmt = { enable = true; package = pkgs.nixfmt-rfc-style; }; }; } ); nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes; colmena = let commonModules = [ inputs.agenix.nixosModules.default inputs.hydra.nixosModules.hydra inputs.buildbot-nix.nixosModules.buildbot-coordinator inputs.buildbot-nix.nixosModules.buildbot-worker ./services ./common ]; makeBuilder = i: lib.nameValuePair "builder-${toString i}" { imports = commonModules; bagel.baremetal.builders = { enable = true; num = i; netboot = i >= 6; }; }; builders = lib.listToAttrs (lib.genList makeBuilder 12); in { meta.nixpkgs = systemBits.x86_64-linux.pkgs; meta.specialArgs.inputs = inputs; bagel-box.imports = commonModules ++ [ ./hosts/bagel-box ]; meta01.imports = commonModules ++ [ ./hosts/meta01 ]; gerrit01.imports = commonModules ++ [ ./hosts/gerrit01 ]; fodwatch.imports = commonModules ++ [ ./hosts/fodwatch ]; git.imports = commonModules ++ [ ./hosts/git ]; wob-vpn-gw.imports = commonModules ++ [ ./hosts/wob-vpn-gw ]; buildbot.imports = commonModules ++ [ ./hosts/buildbot ]; public01.imports = commonModules ++ [ ./hosts/public01 ]; } // builders; hydraJobs = builtins.mapAttrs ( n: v: v.config.system.build.netbootDir or v.config.system.build.toplevel ) self.nixosConfigurations; buildbotJobs = builtins.mapAttrs (_: v: v.config.system.build.toplevel) self.nixosConfigurations; }; }