From e80a3d65acc09ea5db14b58eac95eddaab789358 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sat, 2 Mar 2024 13:58:17 +0100
Subject: [PATCH] split flake into multiple parts

---
 flake.lock                                    | 19 +---
 flake.nix                                     | 97 +++----------------
 .../flake/bootstrap/bootstrap.sh              |  2 +-
 nixos/flake/bootstrap/default.nix             | 16 +++
 nixos/flake/checks.nix                        | 11 +++
 nixos/flake/deploy.nix                        | 23 +++++
 nixos/flake/nixos.nix                         | 20 ++++
 7 files changed, 85 insertions(+), 103 deletions(-)
 rename bootstrap.sh => nixos/flake/bootstrap/bootstrap.sh (91%)
 create mode 100644 nixos/flake/bootstrap/default.nix
 create mode 100644 nixos/flake/checks.nix
 create mode 100644 nixos/flake/deploy.nix
 create mode 100644 nixos/flake/nixos.nix

diff --git a/flake.lock b/flake.lock
index d73a01c..1beb669 100644
--- a/flake.lock
+++ b/flake.lock
@@ -248,22 +248,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-unstable": {
-      "locked": {
-        "lastModified": 1707588924,
-        "narHash": "sha256-0e1ce6X5ghapv6cAF9rxLZKeNyFHHXsLbGxN2cQQE8U=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "10b813040df67c4039086db0f6eaf65c536886c6",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs_2": {
       "locked": {
         "lastModified": 1707514827,
@@ -289,8 +273,7 @@
         "flake-utils": "flake-utils_2",
         "microvm": "microvm",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_2",
-        "nixpkgs-unstable": "nixpkgs-unstable"
+        "nixpkgs": "nixpkgs_2"
       }
     },
     "spectrum": {
diff --git a/flake.nix b/flake.nix
index e0c9a28..eb83955 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,11 +1,8 @@
-# TODO: good way to improve flake design: https://gist.github.com/lucperkins/437600b6aaaf0e1e8f91fb22fe421234
-# Good tutorial for multiple architectures: https://ertt.ca/nix/shell-scripts/
 {
   description = "NixOS definitions for our physical servers";
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
-    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
     deploy-rs.url = "github:serokell/deploy-rs";
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
     flake-utils.url = "github:numtide/flake-utils";
@@ -32,87 +29,19 @@
   };
 
   outputs =
-    { self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, dns, microvm, nixos-hardware, flake-utils, ... }:
-    (flake-utils.lib.eachDefaultSystem (system:
+    inputs@{ self, nixpkgs, deploy-rs, disko, agenix, dns, microvm, nixos-hardware, flake-utils, ... }:
     let
-      pkgs = nixpkgs.legacyPackages.${system};
-      lib = pkgs.lib;
-      pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
-      machines = (lib.modules.evalModules { modules = [ (import ./nixos/machines) ]; }).config.machines;
+      hostSystem = "x86_64-linux";
+      hostPkgs = import nixpkgs { system = hostSystem; };
+      machines = (hostPkgs.lib.modules.evalModules { modules = [ (import ./nixos/machines) ]; }).config.machines;
+      physicalMachines = hostPkgs.lib.filterAttrs (n: v: v.isPhysical) machines;
     in
-    {
-      formatter = pkgs.nixfmt;
-
-      checks = deploy-rs.lib.${system}.deployChecks (self.deploy // {
-        nodes = (lib.attrsets.filterAttrs
-          (name: node:
-            machines.${name}.arch == system
-          )
-          self.deploy.nodes);
-      });
-
-      packages.bootstrap =
-        let
-          name = "bootstrap";
-          buildInputs = with pkgs; [ libsecret coreutils pkgs-unstable.nixos-anywhere ];
-          script = (pkgs.writeScriptBin name (builtins.readFile ./bootstrap.sh)).overrideAttrs (old: {
-            buildCommand = "${old.buildCommand}\n patchShebangs $out";
-          });
-        in
-        pkgs.symlinkJoin {
-          inherit name;
-          paths = [ script ] ++ buildInputs;
-          buildInputs = [ pkgs.makeWrapper ];
-          postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin";
-        };
-
-      apps.deploy = {
-        type = "app";
-        program = "${pkgs-unstable.deploy-rs}/bin/deploy";
-      };
-    })) //
-    (
-      let
-        system = "x86_64-linux";
-        pkgs = nixpkgs.legacyPackages.${system};
-        lib = pkgs.lib;
-        machines = (lib.modules.evalModules { modules = [ (import ./nixos/machines) ]; }).config.machines;
-        physicalMachines = lib.filterAttrs (n: v: v.isPhysical) machines;
-        mkNixosSystems = systemDef:
-          builtins.mapAttrs
-            (name: machine:
-              nixpkgs.lib.nixosSystem (systemDef name machine)
-            )
-            physicalMachines;
-        mkDeployNodes = nodeDef:
-          builtins.mapAttrs
-            (name: machine: nodeDef name machine)
-            physicalMachines;
-      in
-      {
-        nixosConfigurations = mkNixosSystems (name: machine: {
-          system = machine.arch;
-
-          specialArgs = { inherit machines machine dns microvm disko agenix nixos-hardware; };
-          modules = [
-            ./nixos
-            { networking.hostName = name; }
-          ];
-        });
-
-        deploy = {
-          sshUser = "root";
-          user = "root";
-
-          nodes = mkDeployNodes (name: machine: {
-            hostname = self.nixosConfigurations.${name}.config.networking.fqdn;
-            profiles.system = {
-              remoteBuild = machine.arch != system;
-              path = deploy-rs.lib."${machine.arch}".activate.nixos
-                self.nixosConfigurations.${name};
-            };
-          });
-        };
-      }
-    );
+    flake-utils.lib.meld (inputs // { inherit hostPkgs machines physicalMachines; }) [
+      ./nixos/flake/bootstrap
+      ./nixos/flake/checks.nix
+      ./nixos/flake/deploy.nix
+      ./nixos/flake/nixos.nix
+    ] // (flake-utils.lib.eachDefaultSystem (system: {
+      formatter = nixpkgs.legacyPackages.${system}.nixfmt;
+    }));
 }
diff --git a/bootstrap.sh b/nixos/flake/bootstrap/bootstrap.sh
similarity index 91%
rename from bootstrap.sh
rename to nixos/flake/bootstrap/bootstrap.sh
index daccc3e..6f6ad13 100755
--- a/bootstrap.sh
+++ b/nixos/flake/bootstrap/bootstrap.sh
@@ -43,4 +43,4 @@ secret-tool lookup age-identity "$servername" > "$temp/etc/age_ed25519"
 chmod 600 "$temp/etc/age_ed25519"
 
 # Install NixOS to the host system with our age identity
-nixos-anywhere --extra-files "$temp" --flake ".#${servername}" "root@${hostname}"
+nixos-anywhere --help #--extra-files "$temp" --flake ".#${servername}" "root@${hostname}"
diff --git a/nixos/flake/bootstrap/default.nix b/nixos/flake/bootstrap/default.nix
new file mode 100644
index 0000000..e20cf30
--- /dev/null
+++ b/nixos/flake/bootstrap/default.nix
@@ -0,0 +1,16 @@
+{ flake-utils, hostPkgs, ... }: flake-utils.lib.eachDefaultSystem (system: {
+  packages.bootstrap =
+    let
+      name = "bootstrap";
+      buildInputs = with hostPkgs; [ libsecret coreutils nixos-anywhere ];
+      script = (hostPkgs.writeScriptBin name (builtins.readFile ./bootstrap.sh)).overrideAttrs (old: {
+        buildCommand = "${old.buildCommand}\n patchShebangs $out";
+      });
+    in
+    hostPkgs.symlinkJoin {
+      inherit name;
+      paths = [ script ] ++ buildInputs;
+      buildInputs = [ hostPkgs.makeWrapper ];
+      postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin";
+    };
+})
diff --git a/nixos/flake/checks.nix b/nixos/flake/checks.nix
new file mode 100644
index 0000000..c5d8b3a
--- /dev/null
+++ b/nixos/flake/checks.nix
@@ -0,0 +1,11 @@
+{ self, hostPkgs, machines, flake-utils, deploy-rs, ... }: flake-utils.lib.eachDefaultSystem (system: {
+  # Deploy-rs' flake checks seem broken for architectures different from the deployment machine.
+  # We skip these here.
+  checks = deploy-rs.lib.${system}.deployChecks (self.deploy // {
+    nodes = (hostPkgs.lib.attrsets.filterAttrs
+      (name: node:
+        machines.${name}.arch == system
+      )
+      self.deploy.nodes);
+  });
+})
diff --git a/nixos/flake/deploy.nix b/nixos/flake/deploy.nix
new file mode 100644
index 0000000..39408b8
--- /dev/null
+++ b/nixos/flake/deploy.nix
@@ -0,0 +1,23 @@
+{ self, hostPkgs, physicalMachines, deploy-rs, ... }:
+let
+  mkDeployNodes = nodeDef:
+    builtins.mapAttrs
+      (name: machine: nodeDef name machine)
+      physicalMachines;
+in
+{
+  deploy = {
+    sshUser = "root";
+    user = "root";
+
+    nodes = mkDeployNodes (name: machine: {
+      hostname = self.nixosConfigurations.${name}.config.networking.fqdn;
+      profiles.system = {
+        remoteBuild = machine.arch != hostPkgs.stdenv.hostPlatform.system;
+        path = deploy-rs.lib.${machine.arch}.activate.nixos
+          self.nixosConfigurations.${name};
+      };
+    });
+  };
+
+}
diff --git a/nixos/flake/nixos.nix b/nixos/flake/nixos.nix
new file mode 100644
index 0000000..304d46e
--- /dev/null
+++ b/nixos/flake/nixos.nix
@@ -0,0 +1,20 @@
+{ nixpkgs, machines, physicalMachines, dns, microvm, disko, agenix, nixos-hardware, ... }:
+let
+  mkNixosSystems = systemDef:
+    builtins.mapAttrs
+      (name: machine:
+        nixpkgs.lib.nixosSystem (systemDef name machine)
+      )
+      physicalMachines;
+in
+{
+  nixosConfigurations = mkNixosSystems (name: machine: {
+    system = machine.arch;
+
+    specialArgs = { inherit machines machine dns microvm disko agenix nixos-hardware; };
+    modules = [
+      ../.
+      { networking.hostName = name; }
+    ];
+  });
+}