infra/flake.nix

{
  description = "Gortium infra flake";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs?ref=25.11";
    agenix = {
      url = "github:ryantm/agenix";
      inputs.darwin.follows = "";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    lix = {
      url = "git+https://git.lix.systems/lix-project/lix?ref=main";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixpkgs-uconsole = {
      url = "github:nixos/nixpkgs/54170c54449ea4d6725efd30d719c5e505f1c10e";
    };
    nixos-uconsole = {
      url = "github:nixos-uconsole/nixos-uconsole/v1.1.0";
      inputs.nixpkgs.follows = "nixpkgs-uconsole";
    };
    nixos-raspberrypi = {
      url = "github:nvmd/nixos-raspberrypi/v1.20260317.0";
      inputs.nixpkgs.follows = "nixos-uconsole/nixpkgs";
    };
  };

  outputs = { self, nixpkgs, agenix, disko, lix, nixos-uconsole, nixos-raspberrypi, ... }@inputs:
    let
      system = "x86_64-linux";
      keys = import ./lib/keys.nix;
      paths = {
        flake = "/home/gortium/infra";
        identities = [
          "/home/gortium/.ssh/gortium_ssh_key"
          "/etc/ssh/ssh_host_ed25519_key"
          "/root/.age/bootstrap.key" ];
      };
      overlays = [ agenix.overlays.default (import ./overlays/reticulum.nix) ];
      pkgs = import nixpkgs {
        inherit system overlays;
        config.allowUnfree = true;
        config.permittedInsecurePackages = [
          "openclaw-2026.3.12"
        ];
      };

      devShell = import ./shells/nix_dev.nix {
        inherit pkgs system agenix;
      };
    in
      {
        nixosConfigurations = {
          lazyworkhorse = nixpkgs.lib.nixosSystem {
            specialArgs = { inherit system self keys paths inputs; };
            modules = [
              {
                nixpkgs.overlays = overlays;
                nixpkgs.config.allowUnfree = true;
                nixpkgs.config.rocmSupport = true;
                nixpkgs.config.permittedInsecurePackages = [
                  "openclaw-2026.3.12"
                ];
                nix.package = lix.packages.${system}.default;
              }
              agenix.nixosModules.default
              ./hosts/lazyworkhorse/configuration.nix
              ./hosts/lazyworkhorse/hardware-configuration.nix
              ./modules/nixos/filesystem/hoardingcow-mount.nix
              ./modules/nixos/services/docker_manager.nix
              ./modules/nixos/services/open_code_server.nix
              ./modules/nixos/services/ollama_init_custom_models.nix
              ./modules/nixos/services/openclaw_node.nix
              ./modules/nixos/security/ai-worker-restricted.nix
              ./users/gortium.nix
              ./users/ai-worker.nix
            ];
          };

          cyt-pi = nixpkgs.lib.nixosSystem {
            specialArgs = { inherit self keys paths inputs; };
            modules = [
              {
                nixpkgs.overlays = overlays;
                nixpkgs.config.allowUnfree = true;
                nixpkgs.hostPlatform = "aarch64-linux";
                nix.package = lix.packages."aarch64-linux".default;
              }
              ./hosts/cyt-pi/configuration.nix
              ./hosts/cyt-pi/hardware-configuration.nix
            ];
          };

          uConsole = nixos-uconsole.lib.mkUConsoleSystem {
            variant = "cm5";
            specialArgs = { inherit self keys paths inputs nixos-raspberrypi; };
            modules = [
              {
                nixpkgs.overlays = overlays;
                nixpkgs.config.allowUnfree = true;
                nixpkgs.config.permittedInsecurePackages = [
                  "openclaw-2026.3.12"
                ];
              }
              disko.nixosModules.disko
              ./hosts/uConsole/configuration.nix
              ./hosts/uConsole/hardware-configuration.nix
              ./hosts/uConsole/disko-config.nix
            ];
          };
        };
        devShells.${system}.default = devShell;
      };
}