nix/flake.nix

{
    description = "LaSuite Federez Deployment";

    inputs = {
        # General sources
        deploy-rs.url = "github:serokell/deploy-rs";
        agenix.url = "github:ryantm/agenix";
        nixpkgs-25-05.url = "github:NixOS/nixpkgs/nixos-25.05";
        nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    };

    outputs = { self, nixpkgs-25-05, nixpkgs-unstable, deploy-rs, agenix }: let
        system = "x86_64-linux";

        # Unmodified nixpkgs
        pkgs-25-05 = import nixpkgs-25-05 { inherit system; };
        pkgs-unstable = import nixpkgs-unstable { inherit system; };

        # nixpkgs with deploy-rs overlay but force the nixpkgs package
        deployPkgs-25-05 = import nixpkgs-25-05 {
            inherit system;
            overlays = [
                deploy-rs.overlays.default
                (self: super: { deploy-rs = { inherit (pkgs-25-05) deploy-rs; lib = super.deploy-rs.lib; }; })
            ];
        };
        deployPkgs-unstable = import nixpkgs-unstable {
            inherit system;
            overlays = [
                deploy-rs.overlays.default
                (self: super: { deploy-rs = { inherit (pkgs-unstable) deploy-rs; lib = super.deploy-rs.lib; }; })
            ];
        };

        getDeployPkgs = ver: if ver == "25.05" then deployPkgs-25-05 else deployPkgs-unstable;
        getNixpkgs = ver: if ver == "25.05" then nixpkgs-25-05 else nixpkgs-unstable;

        nodes = import ./nodes.nix;
        mapping = import ./mapping.nix;

        findRolesForHost = hostName: builtins.filter 
            (roleName: builtins.elem hostName mapping.${roleName}.hosts)
            (builtins.attrNames mapping);

        getModulesForHost = hostName: let
            roles = findRolesForHost hostName;
            modulesList = builtins.map 
                (role: mapping.${role}._inherit or [])
                roles;
            in builtins.concatLists modulesList;

        defaultModules = [
            agenix.nixosModules.default
            ./shared/users.nix
            ./shared/commons.nix
        ];
    
    in {
        nixosConfigurations = builtins.mapAttrs (name: config: 
            (getNixpkgs config.ver).lib.nixosSystem {
                system = config.system;
                modules = getModulesForHost "${name}" ++ defaultModules ++ [{ hostName = "${name}"; }];
            }
        ) nodes;

        deploy = {
            user = "root";
            autoRollback = true;
            magicRollback = true;
            remoteBuild = true;
            nodes = builtins.mapAttrs (name: config: {
                hostname = builtins.head (builtins.split "/" config.ip4);
                profilesOrder = [ "system" ];
                profiles = {
                    system = {
                        path = (getDeployPkgs config.ver).deploy-rs.lib.activate.nixos self.nixosConfigurations.${name};
                    };
                };
            }) nodes;
        };

        # This is highly advised, and will prevent many possible mistakes, just run "deploy -s" to bypass it
        checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
    };
}