# TODO: good way to improve flake design: https://gist.github.com/lucperkins/437600b6aaaf0e1e8f91fb22fe421234
# Good tutorial for multiple architectures: https://ertt.ca/nix/shell-scripts/
{
  description = "NixOS definitions for our physical servers";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    deploy-rs.url = "github:serokell/deploy-rs";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    flake-utils.url = "github:numtide/flake-utils";

    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    dns = {
      url = "github:kirelagin/dns.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    microvm = {
      url = "github:astro/microvm.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs =
    { self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, dns, microvm, nixos-hardware, flake-utils, ... }:
    (flake-utils.lib.eachDefaultSystem (system:
    let
      pkgs = nixpkgs.legacyPackages.${system};
      lib = pkgs.lib;
      pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
      machines = (lib.modules.evalModules { modules = [ (import ./nixos/machines) ]; }).config.machines;
    in
    {
      formatter = pkgs.nixfmt;

      checks = deploy-rs.lib.${system}.deployChecks (self.deploy // {
        nodes = (lib.attrsets.filterAttrs
          (name: node:
            machines.${name}.arch == system
          )
          self.deploy.nodes);
      });

      packages.bootstrap =
        let
          name = "bootstrap";
          buildInputs = with pkgs; [ libsecret coreutils pkgs-unstable.nixos-anywhere ];
          script = (pkgs.writeScriptBin name (builtins.readFile ./bootstrap.sh)).overrideAttrs (old: {
            buildCommand = "${old.buildCommand}\n patchShebangs $out";
          });
        in
        pkgs.symlinkJoin {
          inherit name;
          paths = [ script ] ++ buildInputs;
          buildInputs = [ pkgs.makeWrapper ];
          postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin";
        };

      apps.deploy = {
        type = "app";
        program = "${pkgs-unstable.deploy-rs}/bin/deploy";
      };
    })) //
    (
      let
        system = "x86_64-linux";
        pkgs = nixpkgs.legacyPackages.${system};
        lib = pkgs.lib;
        machines = (lib.modules.evalModules { modules = [ (import ./nixos/machines) ]; }).config.machines;
        physicalMachines = lib.filterAttrs (n: v: v.isPhysical) machines;
        mkNixosSystems = systemDef:
          builtins.mapAttrs
            (name: machine:
              nixpkgs.lib.nixosSystem (systemDef name machine)
            )
            physicalMachines;
        mkDeployNodes = nodeDef:
          builtins.mapAttrs
            (name: machine: nodeDef name machine)
            physicalMachines;
      in
      {
        nixosConfigurations = mkNixosSystems (name: machine: {
          system = machine.arch;

          specialArgs = { inherit machines machine dns microvm disko agenix nixos-hardware; };
          modules = [
            ./nixos
            { networking.hostName = name; }
          ];
        });

        deploy = {
          sshUser = "root";
          user = "root";

          nodes = mkDeployNodes (name: machine: {
            hostname = self.nixosConfigurations.${name}.config.networking.fqdn;
            profiles.system = {
              remoteBuild = machine.arch != system;
              path = deploy-rs.lib."${machine.arch}".activate.nixos
                self.nixosConfigurations.${name};
            };
          });
        };
      }
    );
}