flake.nix

{
  description = "horizon-haskell-packages";

  nixConfig = {
    extra-substituters = "https://horizon.cachix.org";
    extra-trusted-public-keys = "horizon.cachix.org-1:MeEEDRhRZTgv/FFGCv3479/dmJDfJ82G6kfUDxMSAw0=";
  };

  inputs = {
    horizon-core.url = "git+https://gitlab.horizon-haskell.net/package-sets/horizon-core";
    lint-utils = {
      url = "git+https://gitlab.nixica.dev/nix/lint-utils";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixica.url = "git+https://gitlab.horizon-haskell.net/nix/nixica-library";
    nixinate.url = "github:MatthewCroughan/nixinate";
    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
  };

  outputs =
    inputs@
    { self
    , horizon-core
    , lint-utils
    , nixpkgs
    , ...
    }:
    let
      system = "x86_64-linux";
      pkgs = import nixpkgs { inherit system; };

    in
    with pkgs.writers;
    let
      make-foliage-repo = writeBashBin "make-foliage-repo" ''
        mkdir _keys
        echo "$FOLIAGE_KEYS" | base64 -d | tar xz -C _keys
        ${horizon-core.packages.${system}.foliage}/bin/foliage -- build
        mkdir -p /var/horizon-haskell-packages/"
        ls _repo/* -alh
      '';

      make-foliage-repo-app = {
        type = "app";
        program = "${make-foliage-repo}/bin/make-foliage-repo";
      };

      build-push-foliage = writeBashBin "build-push-foliage" ''
        ${make-foliage-repo}/bin/make-foliage-repo
        scp -rvp _repo/* root@193.16.42.51:/var/www/horizon-haskell-packages
      '';

      build-push-foliage-app = {
        type = "app";
        program = "${build-push-foliage}/bin/build-push-foliage";
      };
    in
    {
      apps.${system} = inputs.nixinate.nixinate."x86_64-linux" self //
        {
          build-push-foliage-app = build-push-foliage-app;
        };

      nixosConfigurations = {
        terrokar = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          specialArgs = inputs;
          modules = [
            {
              _module.args.nixinate = {
                host = "193.16.42.51";
                sshUser = "root";
                buildOn = "local";
                substituteOnTarget = true;
                hermetic = false;
              };
              imports = [ "${nixpkgs}/nixos/modules/virtualisation/openstack-config.nix" ];
              networking.hostName = "terrokar";
              services.nginx = {
                enable = true;
                virtualHosts."packages.horizon-haskell.net" = {
                  enableACME = true;
                  forceSSL = true;
                  locations."/".root = "/var/www/horizon-haskell-packages";

                };
              };
              security.acme = {
                acceptTerms = true;
                certs = {
                  "packages.horizon-haskell.net".email = "acme@packages.horizon-haskell.net";
                };
              };

              networking.firewall.allowedTCPPorts = [ 25 80 443 ];

            }
          ];
        };
      };
    };

}