infrastructure/hive.nix

# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan.lahfa@dgnum.eu>
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
# SPDX-FileContributor: Maurice Debray <maurice.debray@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

# TODO: change comments to ### \n # [text] \n #

let
  ### Init some tooling

  sources = import ./sources.nix;

  lib = sources.fullLib;

  inherit (lib.extra) mapSingleFuse;

  ### Let's build meta
  meta = (import ./meta) lib;

  nodes = builtins.attrNames meta.nodes;

  ### Nixpkgs instanciation

  nixpkgs' = import ./meta/nixpkgs.nix;

  # Build up the nixpkgs configuration for Liminix embedded systems
  mkLiminixConfig =
    system: _:
    (import "${sources.liminix}/devices/${system}").system
    // {
      overlays = [ (import "${sources.liminix}/overlay.nix") ];
      config = {
        allowUnsupportedSystem = true; # mipsel
        permittedInsecurePackages = [
          "python-2.7.18.8" # Python < 3.x is needed for kernel backports.
        ];
      };
    };

  # Build up the arguments to instantiate a nixpkgs given a system and a version.
  mkNixpkgsConfig =
    system:
    {
      nixos = _: { overlays = [ (import "${sources.nix-pkgs}/overlay.nix").default ]; };
      zyxel-nwa50ax = mkLiminixConfig system;
      netconf = _: { };
    }
    .${system} or (throw "Unknown system: ${system} for nixpkgs configuration instantiation");

  # Instanciates the required nixpkgs version
  mkSystemNixpkgs =
    system: version: import sources."nixos-${version}" (mkNixpkgsConfig system version);

  # All supported nixpkgs versions × systems, instanciated
  nixpkgs = mapSingleFuse (s: mapSingleFuse (mkSystemNixpkgs s) nixpkgs'.versions) nixpkgs'.systems;

  # Get the configured nixos version for the node,
  # defaulting to the one defined in meta/nixpkgs
  version = node: meta.nodes.${node}.nixpkgs.version;
  system = node: meta.nodes.${node}.nixpkgs.system;
  category = node: nixpkgs'.categories.${system node};

  nodePkgs = node: nixpkgs.${system node}.${version node};

  ##########
  # Function to create arguments based on the node 
  #
  mkArgs = node: rec {
    lib = sourcePkgs.lib.extend sources.libOverlay;

    sourcePkgs = nodePkgs node;
    inherit meta;

    nodeMeta = meta.nodes.${node};
    nodePath = "machines/${category node}/${node}";
  };

  ##########
  # Module for each node (quite empty since almost everything is in the default module)
  #
  mkNode = node: {
    deployment.systemType = system node;
  };

in

{
  meta = {
    nixpkgs = import nixpkgs.nixos.unstable.path;
    nodeNixpkgs = mapSingleFuse nodePkgs nodes;

    specialArgs = {
      inherit nixpkgs sources;

      dgn-keys = import ./lib/keys { inherit meta lib; };
    };

    nodeSpecialArgs = mapSingleFuse mkArgs nodes;
  };

  registry = {
    zyxel-nwa50ax = {
      evalConfig =
        args:
        (import "${sources.liminix}/lib/eval-config.nix" {
          nixpkgs = args.specialArgs.sourcePkgs.path;
        })
          args;

      defaults =
        { name, nodePath, ... }:
        {
          # Import the default modules
          imports = [
            # Import the base configuration for each node
            ./${nodePath}/_configuration.nix
            ./modules/generic
            ./modules/${category name}
          ];
          # It's impure, but who cares?
          # Can Flakes even do that? :)
          nixpkgs.buildPlatform = builtins.currentSystem;
        };
    };

    netconf = {
      evalConfig = nixpkgs.nixos.unstable.lib.evalModules;

      defaults =
        {
          name,
          nodeMeta,
          nodePath,
          ...
        }:
        {
          _module.args = {
            pkgs = nixpkgs.nixos.unstable;
          };

          # Import the default modules
          imports = [
            # Import the base configuration for each node
            ./${nodePath}.nix
            ./modules/netconf
            ./lib/netconf-junos
            "${sources.nixpkgs}/nixos/modules/misc/assertions.nix"
          ];

          system.host-name = name;

          inherit (nodeMeta) deployment;
        };
    };

    nixos = {
      evalConfig = args: import "${args.specialArgs.sourcePkgs.path}/nixos/lib/eval-config.nix" args;
      defaults =
        {
          lib,
          name,
          nodes,
          nodeMeta,
          nodePath,
          meta,
          sourcePkgs,
          ...
        }:
        {
          # Import the default modules
          imports = [
            # Import the base configuration for each node
            ./${nodePath}/_configuration.nix
            ./modules/generic
            (import "${sources.lix-module}/module.nix" { inherit (sources) lix; })
            ./modules/${category name}
          ];

          _module.args.serverNodes = lib.filterAttrs (
            name: _: meta.nodes.${name}.nixpkgs.system == "nixos"
          ) nodes;

          # Include default secrets
          age-secrets.sources = [ ./${nodePath}/secrets ];

          # Deployment config is specified in meta.nodes.${node}.deployment
          inherit (nodeMeta) deployment;

          nix = {
            # Set NIX_PATH to the patched version of nixpkgs
            nixPath = [ "nixpkgs=${builtins.storePath sourcePkgs.path}" ];
            optimise.automatic = true;

            gc = {
              automatic = true;
              dates = "weekly";
              options = "--delete-older-than 7d";
            };

            settings =
              {
                substituters = [ "https://tvix-store.dgnum.eu/infra" ];
              }
              // (import ./machines/nixos/storage01/tvix-cache/cache-settings.nix {
                caches = [ "infra" ];
              });
          };

          # Allow unfree packages
          nixpkgs.config.allowUnfree = true;

          # Use the stateVersion declared in the metadata
          system = {
            inherit (nodeMeta) stateVersion;
          };
        };
    };
  };

}
// (mapSingleFuse mkNode nodes)