nixlab/flake.nix

{
  description = "straight up nixing it";

  inputs = {
    flake-parts.url = "github:hercules-ci/flake-parts";

    authentik-nix.url = "github:nix-community/authentik-nix";
    terranix.url = "github:terranix/terranix";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    
    # Later version of nixpkgs for forgejo
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    
    deploy-rs.url = "github:serokell/deploy-rs";
    agenix.url = "github:ryantm/agenix";
  };

  outputs = inputs@{ flake-parts, self, ... }:
    let
      sshUser = "root";
      activateConfig = inputs.deploy-rs.lib.x86_64-linux.activate.nixos;
      
      baseModules = [
        ./secrets
        inputs.agenix.nixosModules.default
        {
          _module.args.unstable = import inputs.nixpkgs-unstable {
            system = "x86_64-linux";
            config.allowUnfree = true;
          };
        }
      ];
      
      hosts = {
        nix01 = {
          location = "nix01.cluster";
        };

        nix02 = {
          location = "nix02.cluster";
        };
      };
    in
    flake-parts.lib.mkFlake { inherit inputs; } {
      systems = [ "x86_64-linux" ];
      perSystem = { config, self', inputs', pkgs, system, ... }: {
        _module.args.pkgs = import inputs.nixpkgs {
          inherit system;
          config.allowUnfree = true;
        };

        devShells.default = pkgs.mkShell {
          packages = with pkgs; [
            terraform
            deploy-rs
            just
            inputs'.agenix.packages.default
          ];
        };
        
        packages.default = inputs.terranix.lib.terranixConfiguration {
          inherit system;
          modules = [ ./config/tf.nix ];
        };
      };

      flake = {
        nixosConfigurations.nixos = inputs.nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          modules = baseModules ++ [ 
            ./config/nixos.nix 
          ];
        };

        # deploy.nodes.nixos = {
        #   hostname = "nixos.cluster";
        #   profiles.system = {
        #     sshUser = "root";
        #     path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.nixos;
        #   };
        # };

        nixosConfigurations.nix01 = inputs.nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          modules = baseModules ++ [
            ./config/nix01.nix
          ];
        };

        deploy.nodes.nix01 = {
          hostname = hosts.nix01.location;
          profiles.system = {
            inherit sshUser;
            path = activateConfig self.nixosConfigurations.nix01;
          };
        };
        
        nixosConfigurations.nix02 = inputs.nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          modules = baseModules ++ [
            ./config/nix02.nix
            inputs.authentik-nix.nixosModules.default
          ];
        };

        deploy.nodes.nix02 = {
          hostname = hosts.nix02.location;
          profiles.system = {
            inherit sshUser;
            path = activateConfig self.nixosConfigurations.nix02;
          };
        };

        # This is highly advised, and will prevent many possible mistakes
        checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
      };
    };
}