nixos-config/shell.nix

let

  # host used to install stuff. (can be an onion id if you use torify)
  installHost = "localhost";

  #ops = import ../plops ;
  ops = import ((import <nixpkgs> { }).fetchgit {
    url = "https://github.com/mrVanDalo/plops.git";
    rev = "bad0f386afe20cb6a6b8692a3ec365556f8bdabb";
    sha256 = "1qfc7kkfg83dy1jliw3afaq7q758b4ybz9md74g5fqpqjdxhxrnw";
  });

  lib = ops.lib;
  pkgs = ops.pkgs;

  source = {

    raspberryNixPkgs = {
      nixpkgs.git = {
        ref = (ops.importJson ./.channelRaspberryStable.json).rev;
        url = "https://github.com/NixOS/nixpkgs-channels";
      };
      nixpkgs-unstable.git = {
        ref = (ops.importJson ./.channelRaspberryUnstable.json).rev;
        url = "https://github.com/NixOS/nixpkgs-channels";
      };
    };

    nixPkgs = {
      nixpkgs.git = {
        ref = (ops.importJson ./.channelStable.json).rev;
        url = "https://github.com/NixOS/nixpkgs-channels";
      };
      nixpkgs-unstable.git = {
        ref = (ops.importJson ./.channelUnstable.json).rev;
        url = "https://github.com/NixOS/nixpkgs-channels";
      };
    };

    system = name: {
      system.file = toString ./system;
      configs.file = toString ./configs;
      nixos-config.symlink = "configs/${name}/configuration.nix";
    };

    desktopSecrets = {
      desktop_secrets.pass = {
        dir = toString ~/.password-store;
        name = "krops/desktop_secrets";
      };
    };

    keys = name: {
      keys.pass = {
        dir = toString ~/.password-store;
        name = "krops/${name}/keys";
      };
    };

    secrets = name: {
      secrets.pass = {
        dir = toString ~/.password-store;
        name = "krops/${name}/secrets";
      };
      common_secrets.pass = {
        dir = toString ~/.password-store;
        name = "krops/common_secrets";
      };
    };

    modules = {
      modules.file = toString ./modules;
      library.file = toString ./library;
      pkgs.file = toString ./pkgs;
      assets.file = toString ./assets;

      nix-writers.git = {
        url = "https://cgit.krebsco.de/nix-writers/";
        ref = (ops.importJson ./.nix-writers.json).rev;
      };

      #backup-module.file = toString ~/dev/backup;
      backup-module.git = {
        url = "https://git.ingolf-wagner.de/nix-modules/backup.git";
        ref = "1.3.3";
      };

      #kops-lib.file = toString ~/dev/krops-lib;
      krops-lib.git = {
        url = "https://git.ingolf-wagner.de/nix-modules/krops.git";
        ref = "1.0.2";
      };

      #cluster-module.file = toString ~/dev/cluster-module;
      cluster-module.git = {
        url = "https://git.ingolf-wagner.de/nix-modules/cluster.git";
        ref = "1.2.0";
      };

      #home-manager.file = toString ~/dev/home-manager;
      home-manager.git = {
        url = "https://github.com/rycee/home-manager.git";
        ref = "024d1aa227978fe2dae2fb3e56bab9a7237c2401";
      };

      background-image-generators.git = {
        url =
          "https://git.ingolf-wagner.de/nix-modules/background-image-generators.git";
        ref = "1.0.0";
      };

      cleverca22.git = {
        url = "https://github.com/mrVanDalo/nixos-configs.git";
        ref = "76260ad60cd99d40ab25df1400b0663d48e736db";
      };

      # enable only on workhorse
      # wetten.file = toString ./wetten;

    };

  };

  hostPattern = name:
    if name == "porani" then "${name}.insecure" else "${name}.private";

  deployment = populateCommands: name:
    { host ? (hostPattern name), target ? "/var/src/", user ? "root"
    , commandPrefix ? "deploy", enableSwitch ? true }:
    with ops;
    jobs "${commandPrefix}-${name}" "${user}@${host}${target}"
    (populateCommands ++ (if enableSwitch then [ switch ] else [ ]));

  serverDeployment = name:
    with ops;
    deployment [
      (populate source.nixPkgs)
      (populate source.modules)
      (populate (source.secrets name))
      (populate (source.system name))
    ] name;

  desktopDeployment = name:
    with ops;
    deployment [
      (populate source.nixPkgs)
      (populate source.modules)
      (populate (source.secrets name))
      (populate (source.system name))
      (populate source.desktopSecrets)
    ] name;

  cleanupNix = name:
    let
      target = {
        host = hostPattern name;
        user = "root";
        port = "22";
      };
    in pkgs.writers.writeDashBin "clean-${name}" # sh
    ''
      set -eu
      ${pkgs.openssh}/bin/ssh \
        ${target.user}@${target.host} -p ${target.port} \
        nix-collect-garbage -d
    '';

  # generate tasks

  servers = with lib;
    let
      serverList = [ "workhorse" "sputnik" "porani" ];
      deployments = flip map serverList (name: serverDeployment name { });
      cleanup = flip map serverList (name: cleanupNix name);
      install = flip map serverList (name:
        serverDeployment name {
          commandPrefix = "install";
          host = installHost;
          target = "/mnt/var/src";
          enableSwitch = false;
        });
    in deployments ++ cleanup ++ install;

  desktops = with lib;
    let
      desktopList = [ "pepe" "workout" "sterni" "mobi" ];
      deployments = flip map desktopList (name: desktopDeployment name { });
      cleanup = flip map desktopList (name: cleanupNix name);
      install = flip map desktopList (name:
        desktopDeployment name {
          commandPrefix = "install";
          host = installHost;
          target = "/mnt/var/src";
          enableSwitch = false;
        });
    in deployments ++ cleanup ++ install;

in pkgs.mkShell {

  buildInputs = with pkgs;
    servers ++ desktops ++ [
      (pkgs.writers.writeBashBin "reformat" ''
        find ${
          toString ./.
        } -type f | egrep "nix$" | grep -v wetten | while read line ; do ${pkgs.nixfmt}/bin/nixfmt "$line"; done
      '')
    ];
}