Fediversity/infra/flake-part.nix

{
  self,
  inputs,
  lib,
  ...
}:

let
  inherit (lib) attrValues mapAttrs;
  inherit (lib.attrsets) genAttrs;

  makeResource =
    vmid:
    { providers, ... }:
    let
      vmmodule = import (./. + "/${vmid}");
    in
    {
      type = providers.local.exec;
      imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
      ssh = {
        # FIXME: The following assumes that `vmmodule` does not use arguments
        # and does not get `proxolix.vm.ip4` from an import, etc. I have tried
        # an approach with `lib.evalModules` but I cannot get it to work.
        host = vmmodule.procolix.vm.ip4;
        opts = "";
        hostPublicKey = self.keys.systems.${vmid};
      };
      nixpkgs = inputs.nixpkgs;
      nixos.module = {
        imports = [
          vmmodule
          ./common
          self.nixosModules.ageSecrets
          {
            fediversity.hostPublicKey = self.keys.systems.${vmid};

            ## FIXME: Remove direct root authentication once the NixOps4 NixOS
            ## provider supports users with password-less sudo.
            users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;
          }
        ];
      };
    };

  makeDeployments = mapAttrs (
    _: vmids:
    { providers, ... }:
    {
      providers.local = inputs.nixops4-nixos.modules.nixops4Provider.local;
      resources = genAttrs vmids (vmid: makeResource vmid { inherit providers; });
    }
  );

in
{
  nixops4Deployments = makeDeployments {
    git = [
      "vm02116"
      "fedi300"
    ];
    web = [ "vm02187" ];
    other = [
      "vm02179"
      "vm02186"
    ];
  };
}