infrastructure/hive.nix

# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan.lahfa@dgnum.eu>
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
# SPDX-FileContributor: Maurice Debray <maurice.debray@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

let
  sources' = import ./npins;

  # Patch sources directly
  sources =
    builtins.mapAttrs (patch.base { pkgs = import sources'.nixos-unstable { }; }).applyPatches'
      sources';

  nix-lib = import ./lib/nix-lib;
  inherit (nix-lib) mapSingleFuse;

  patch = import ./lib/nix-patches { patchFile = ./patches; };

  nodes' = import ./meta/nodes;
  nodes = builtins.attrNames nodes';

  mkNode = node: {
    deployment.systemType = system node;
  };

  nixpkgs' = import ./meta/nixpkgs.nix;
  # All supported nixpkgs versions × systems, instanciated
  nixpkgs = mapSingleFuse (s: mapSingleFuse (mkSystemNixpkgs s) nixpkgs'.versions) nixpkgs'.systems;

  # Get the configured nixos version for the node,
  # defaulting to the one defined in meta/nixpkgs
  version = node: nodes'.${node}.nixpkgs.version;
  system = node: nodes'.${node}.nixpkgs.system;
  category = node: nixpkgs'.categories.${system node};

  nodePkgs = node: nixpkgs.${system node}.${version node};

  # Builds a patched version of nixpkgs, only as the source
  mkNixpkgs' =
    v:
    patch.mkNixpkgsSrc rec {
      src = sources'.${name};
      name = "nixos-${v}";
    };

  # Build up the nixpkgs configuration for Liminix embedded systems
  mkLiminixConfig =
    system: _:
    (import "${sources.liminix}/devices/${system}").system
    // {
      overlays = [ (import "${sources.liminix}/overlay.nix") ];
      config = {
        allowUnsupportedSystem = true; # mipsel
        permittedInsecurePackages = [
          "python-2.7.18.8" # Python < 3.x is needed for kernel backports.
        ];
      };
    };

  # Build up the arguments to instantiate a nixpkgs given a system and a version.
  mkNixpkgsConfig =
    system:
    {
      nixos = _: { };
      zyxel-nwa50ax = mkLiminixConfig system;
      netconf = _: { };
    }
    .${system} or (throw "Unknown system: ${system} for nixpkgs configuration instantiation");

  # Instanciates the required nixpkgs version
  mkSystemNixpkgs = system: version: import (mkNixpkgs' version) (mkNixpkgsConfig system version);

  ###
  # Function to create arguments based on the node
  #
  mkArgs = node: rec {
    lib = sourcePkgs.lib // {
      extra = nix-lib;
    };

    sourcePkgs = nodePkgs node;
    meta = (import ./meta) lib;

    nodeMeta = meta.nodes.${node};
    nodePath = "machines/${category node}/${node}";
  };
in

{
  meta = {
    nixpkgs = import nixpkgs.nixos.unstable.path;
    nodeNixpkgs = mapSingleFuse nodePkgs nodes;

    specialArgs = {
      inherit nixpkgs sources;

      dgn-keys = import ./keys;
    };

    nodeSpecialArgs = mapSingleFuse mkArgs nodes;
  };

  registry = {
    zyxel-nwa50ax = {
      evalConfig =
        args:
        (import "${sources.liminix}/lib/eval-config.nix" {
          nixpkgs = args.specialArgs.sourcePkgs.path;
        })
          args;

      defaults =
        { name, nodePath, ... }:
        {
          # Import the default modules
          imports = [
            # Import the base configuration for each node
            ./${nodePath}/_configuration.nix
            ./modules/generic
            ./modules/${category name}
          ];
          # It's impure, but who cares?
          # Can Flakes even do that? :)
          nixpkgs.buildPlatform = builtins.currentSystem;
        };
    };

    netconf = {
      evalConfig = nixpkgs.nixos.unstable.lib.evalModules;

      defaults =
        {
          name,
          nodeMeta,
          nodePath,
          ...
        }:
        {
          _module.args = {
            pkgs = nixpkgs.nixos.unstable;
          };

          # Import the default modules
          imports = [
            # Import the base configuration for each node
            ./${nodePath}.nix
            ./modules/netconf
            ./lib/netconf-junos
            "${sources.nixos-unstable}/nixos/modules/misc/assertions.nix"
          ];

          system.host-name = name;

          inherit (nodeMeta) deployment;
        };
    };

    nixos = {
      evalConfig = args: import "${args.specialArgs.sourcePkgs.path}/nixos/lib/eval-config.nix" args;
      defaults =
        {
          lib,
          name,
          nodes,
          nodeMeta,
          nodePath,
          meta,
          sourcePkgs,
          ...
        }:
        {
          # Import the default modules
          imports = [
            # Import the base configuration for each node
            ./${nodePath}/_configuration.nix
            ./modules/generic
            (import "${sources.lix-module}/module.nix" { inherit (sources) lix; })
            ./modules/${category name}
          ];

          _module.args.serverNodes = lib.filterAttrs (
            name: _: meta.nodes.${name}.nixpkgs.system == "nixos"
          ) nodes;

          # Include default secrets
          age-secrets.sources = [ ./${nodePath}/secrets ];

          # Deployment config is specified in meta.nodes.${node}.deployment
          inherit (nodeMeta) deployment;

          nix = {
            # Set NIX_PATH to the patched version of nixpkgs
            nixPath = [ "nixpkgs=${builtins.storePath sourcePkgs.path}" ];
            optimise.automatic = true;

            gc = {
              automatic = true;
              dates = "weekly";
              options = "--delete-older-than 7d";
            };

            settings =
              {
                substituters = [ "https://tvix-store.dgnum.eu/infra" ];
              }
              // (import ./machines/nixos/storage01/tvix-cache/cache-settings.nix {
                caches = [ "infra" ];
              });
          };

          # Allow unfree packages
          nixpkgs.config.allowUnfree = true;

          # Use the stateVersion declared in the metadata
          system = {
            inherit (nodeMeta) stateVersion;
          };
        };
    };
  };
}
// (mapSingleFuse mkNode nodes)