infrastructure/machines/configuration.nix

{ self
, nixpkgs-unstable
, nixpkgs
, sops-nix
, inputs
, nixos-hardware
, home-manager
, ...
}:
let
  nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
  nixosSystemUnstable = nixpkgs-unstable.lib.makeOverridable nixpkgs-unstable.lib.nixosSystem;

  baseModules = [
    # make flake inputs accessiable in NixOS
    { _module.args.inputs = inputs; }
    {
      imports = [
        ({ pkgs, ... }: {
          nix = {
            extraOptions = ''
              experimental-features = nix-command flakes
            '';

            settings = {
              substituters = [
                "https://cache.dynamicdiscord.de"
                "https://cache.nixos.org/"
              ];
              trusted-public-keys = [
                "cache.dynamicdiscord.de:DKueZicqi2NhJJXz9MYgUbiyobMs10fTyHCgAUibRP4="
              ];
              trusted-users = [ "root" "@wheel" ];
            };
          };
        })

        sops-nix.nixosModules.sops
      ];
    }
  ];
  defaultModules = baseModules;

  makeMicroVM = hostName: ipv4Addr: macAddr: modules: [
    inputs.microvm.nixosModules.microvm
    {
      microvm = {
        hypervisor = "cloud-hypervisor";
        mem = 2560;
        shares = [
          {
            source = "/nix/store";
            mountPoint = "/nix/.ro-store";
            tag = "store";
            proto = "virtiofs";
            socket = "store.socket";
          }
          {
            source = "/var/lib/microvms/${hostName}/etc";
            mountPoint = "/etc";
            tag = "etc";
            proto = "virtiofs";
            socket = "etc.socket";
          }
          {
            source = "/var/lib/microvms/${hostName}/var";
            mountPoint = "/var";
            tag = "var";
            proto = "virtiofs";
            socket = "var.socket";
          }
        ];

        interfaces = [
          {
            type = "tap";
            id = "vm-${hostName}";
            mac = "${macAddr}";
          }
        ];
      };

      systemd.network.enable = true;
      
      systemd.network.networks."20-lan" = {
        matchConfig.Type = "ether";
        networkConfig = {
          Address = [ "${ipv4Addr}/24" ];
          Gateway = "10.0.0.1";
          DNS = ["1.1.1.1"];
          DHCP = "no";
        };
      };
    }
  ] ++ defaultModules ++ modules;

  inputsMod = inputs // { malobeo = self; };

  hosts = import ./modules/host_builder.nix {};
in
  builtins.mapAttrs (host: settings: nixosSystem {
    system = if (settings.type == "rpi") then "aarch64-linux" else "x86_64-linux";
    specialArgs.inputs = inputs;
    modules = (if (settings.type != "microvm") then
      defaultModules ++ [ ./${host}/configuration.nix ]
      else
      makeMicroVM "${host}" "${settings.network.address}" "${settings.network.mac}" [
        ./${host}/configuration.nix
      ]);
  }) hosts.malobeo.hosts // 
  {
    testvm = nixosSystem {
      system = "x86_64-linux";
      specialArgs.inputs = inputs;
      specialArgs.self = self;
      modules = defaultModules ++ [ ./testvm ];
    };
  }
#{
#  louise = nixosSystem {
#    system = "x86_64-linux";
#    specialArgs.inputs = inputs;
#    modules = defaultModules ++ [
#      ./louise/configuration.nix
#    ];
#  };
#
#  bakunin = nixosSystem {
#    system = "x86_64-linux";
#    specialArgs.inputs = inputs;
#    modules = defaultModules ++ [
#      ./bakunin/configuration.nix
#      inputs.disko.nixosModules.disko
#    ];
#  };
#
#  lucia = nixosSystem {
#    system = "aarch64-linux";
#    specialArgs.inputs = inputs;
#    modules = defaultModules ++ [
#      ./lucia/configuration.nix
#      ./lucia/hardware_configuration.nix
#    ];
#  };
#
#  fanny = nixosSystem {
#    system = "x86_64-linux";
#    specialArgs.inputs = inputsMod;
#    modules = defaultModules ++ [
#      self.nixosModules.malobeo.vpn
#      ./fanny/configuration.nix
#    ];
#  };
#
#  durruti = nixosSystem {
#    system = "x86_64-linux";
#    specialArgs.inputs = inputs;
#    specialArgs.self = self;
#    modules = makeMicroVM "durruti" "10.0.0.5" "52:DA:0D:F9:EF:F9" [
#      ./durruti/configuration.nix
#    ];
#  };
#
#  vpn = nixosSystem {
#    system = "x86_64-linux";
#    specialArgs.inputs = inputs;
#    specialArgs.self = self;
#    modules = makeMicroVM "vpn" "10.0.0.10" "D0:E5:CA:F0:D7:E6" [
#      self.nixosModules.malobeo.vpn
#      ./vpn/configuration.nix
#    ];
#  };
#
#  infradocs = nixosSystem {
#    system = "x86_64-linux";
#    specialArgs.inputs = inputs;
#    specialArgs.self = self;
#    modules = makeMicroVM "infradocs" "10.0.0.11" "D0:E5:CA:F0:D7:E7" [
#      self.nixosModules.malobeo.vpn
#      ./infradocs/configuration.nix
#    ];
#  };
#
#  uptimekuma = nixosSystem {
#    system = "x86_64-linux";
#    specialArgs.inputs = inputs;
#    specialArgs.self = self;
#    modules = makeMicroVM "uptimekuma" "10.0.0.12" "D0:E5:CA:F0:D7:E8" [
#      ./uptimekuma/configuration.nix
#    ];
#  };
#
#  nextcloud = nixosSystem {
#    system = "x86_64-linux";
#    specialArgs.inputs = inputs;
#    specialArgs.self = self;
#    modules = makeMicroVM "nextcloud" "10.0.0.13" "D0:E5:CA:F0:D7:E9" [
#      ./nextcloud/configuration.nix
#    ];
#  };
#
#  overwatch = nixosSystem {
#    system = "x86_64-linux";
#    specialArgs.inputs = inputs;
#    specialArgs.self = self;
#    modules = makeMicroVM "overwatch" "10.0.0.14" "D0:E5:CA:F0:D7:E0" [
#      ./overwatch/configuration.nix
#    ];
#  };
#
#}