infrastructure/packages/default.nix

{
  system,
  inputs,
}: let
  lib = inputs.self.lib.nixlib;
  inherit (lib.strings) makeBinPath;
  inherit (inputs.std.lib) string list set;
  packages = inputs.self.packages.${system};
  inherit (inputs.self.legacyPackages.${system}) pkgs;
  fmt = import ../ci/fmt.nix;
  exports = ''
    export NF_CONFIG_ROOT=''${NF_CONFIG_ROOT-${toString ../.}}
  '';
  exportsSsh = ''
    export PATH="${makeBinPath [ packages.nf-hostname packages.nf-sshopts ]}:$PATH"
  '';
  exportsFmtNix = ''
    NF_NIX_BLACKLIST_DIRS=(${string.concatMapSep " " string.escapeShellArg fmt.nix.blacklistDirs})
    NF_NIX_WHITELIST_DIRS=(${string.concatMapSep " " string.escapeShellArg fmt.nix.whitelistDirs})
    NF_NIX_WHITELIST_FILES=(${string.concatMapSep " " string.escapeShellArg fmt.nix.whitelist})
  '';
  output = {
    inherit (pkgs.buildPackages)
      terraform tflint
      alejandra deadnix statix
      ssh-to-age jq
    ;
    inherit (inputs.deploy-rs.packages.${system}) deploy-rs;
    nf-deploy = pkgs.writeShellScriptBin "nf-deploy" ''
      ${exports}
      ${exportsSsh}
      exec ${pkgs.runtimeShell} ${../ci/deploy.sh} "$@"
    '';
    nf-setup-node = let
      reisen = ../systems/reisen;
      inherit (inputs.self.lib.lib) userIs;
      inherit (inputs.self.nixosConfigurations.hakurei.config) users;
      authorizedKeys = list.concatMap (user: user.openssh.authorizedKeys.keys) (
        list.filter (userIs "wheel") (set.values users.users)
      );
      inputAttrs = {
        INPUT_ROOT_SSH_AUTHORIZEDKEYS = pkgs.writeText "root.authorized_keys" (
          string.intercalate "\n" authorizedKeys
        );
        INPUT_TF_SSH_AUTHORIZEDKEYS = reisen + "/tf.authorized_keys";
        INPUT_SUBUID = reisen + "/subuid";
        INPUT_SUBGID = reisen + "/subgid";
        INPUT_INFRA_SETUP = reisen + "/setup.sh";
        INPUT_INFRA_PUTFILE64 = reisen + "/bin/putfile64.sh";
        INPUT_INFRA_PVE = reisen + "/bin/pve.sh";
        INPUT_INFRA_MKPAM = reisen + "/bin/mkpam.sh";
        INPUT_INFRA_CT_CONFIG = reisen + "/bin/ct-config.sh";
      };
      inputVars = set.mapToValues (key: path: ''${key}="$(base64 -w0 < ${path})"'') inputAttrs;
    in pkgs.writeShellScriptBin "nf-setup-node" ''
      ${exports}
      NF_SETUP_INPUTS=(
        ${string.intercalate "\n" inputVars}
      )
      source ${../ci/setup.sh}
    '';
    nf-hostname = pkgs.writeShellScriptBin "nf-hostname" ''
      ${exports}
      source ${../ci/hostname.sh}
    '';
    nf-sshopts = pkgs.writeShellScriptBin "nf-sshopts" ''
      ${exports}
      export PATH="$PATH:${makeBinPath [ pkgs.jq ]}"
      source ${../ci/sshopts.sh}
    '';
    nf-sops-keyscan = pkgs.writeShellScriptBin "nf-sops-keyscan" ''
      ${exports}
      ${exportsSsh}
      export PATH="$PATH:${makeBinPath [ pkgs.ssh-to-age ]}"
      source ${../ci/sops-keyscan.sh}
    '';
    nf-ssh = pkgs.writeShellScriptBin "nf-ssh" ''
      ${exports}
      ${exportsSsh}
      source ${../ci/ssh.sh}
    '';
    nf-build = pkgs.writeShellScriptBin "nf-build" ''
      ${exports}
      source ${../ci/build.sh}
    '';
    nf-tarball = pkgs.writeShellScriptBin "nf-tarball" ''
      ${exports}
      source ${../ci/tarball.sh}
    '';
    nf-switch = pkgs.writeShellScriptBin "nf-switch" ''
      ${exports}
      ${exportsSsh}
      source ${../ci/switch.sh}
    '';
    nf-generate = pkgs.writeShellScriptBin "nf-generate" ''
      ${exports}
      export PATH="$PATH:${makeBinPath [ pkgs.jq ]}"
      source ${../ci/generate.sh}
    '';
    nf-statix = pkgs.writeShellScriptBin "nf-statix" ''
      ${exports}
      export PATH="${makeBinPath [ packages.statix ]}:$PATH"
      source ${../ci/statix.sh}
    '';
    nf-deadnix = pkgs.writeShellScriptBin "nf-deadnix" ''
      ${exports}
      ${exportsFmtNix}
      export PATH="${makeBinPath [ packages.deadnix pkgs.findutils ]}:$PATH"
      source ${../ci/deadnix.sh}
    '';
    nf-alejandra = pkgs.writeShellScriptBin "nf-alejandra" ''
      ${exports}
      ${exportsFmtNix}
      export PATH="${makeBinPath [ packages.alejandra ]}:$PATH"
      source ${../ci/alejandra.sh}
    '';
    nf-lint-tf = pkgs.writeShellScriptBin "nf-lint-tf" ''
      ${exports}
      export PATH="$PATH:${makeBinPath [ packages.tflint ]}"
      source ${../ci/lint-tf.sh}
    '';
    nf-lint-nix = pkgs.writeShellScriptBin "nf-lint-nix" ''
      ${exports}
      export PATH="${makeBinPath [ packages.nf-statix packages.nf-deadnix ]}:$PATH"
      source ${../ci/lint-nix.sh}
    '';
    nf-fmt-tf = pkgs.writeShellScriptBin "nf-fmt-tf" ''
      ${exports}
      export PATH="${makeBinPath [ packages.terraform ]}:$PATH"
      source ${../ci/fmt-tf.sh}
    '';
    nf-fmt-nix = pkgs.writeShellScriptBin "nf-fmt-nix" ''
      ${exports}
      ${exportsFmtNix}
      export PATH=":{makeBinPath [ packages.nf-alejandra ]}:$PATH"
      source ${../ci/fmt-nix.sh}
    '';
    nf-docs = pkgs.writeShellScriptBin "nf-docs" ''
      ${exports}
      export NF_DOCS_PATH=${packages.docs}
      source ${../ci/docs.sh}
    '';
    docs = pkgs.callPackage ../docs/derivation.nix {
      inherit (inputs) self;
    };
  };
in output