nixos/Justfile

# Build the system config and switch to it when running `just` with no args
default: switch

hostname := `hostname | cut -d "." -f 1`
work_mac_impure := `if [ $(hostname) = "AMERMACC02G65A8MD6T" ]; then echo "--impure"; else echo ""; fi`
branch := `git branch --show-current`
commit := `git rev-parse HEAD`

# Build the nix-darwin system configuration without switching to it
[macos]
build target_host=hostname flags="":
  @echo "Building nix-darwin config..."
  nix --extra-experimental-features 'nix-command flakes' build {{work_mac_impure}} ".#darwinConfigurations.{{target_host}}.system" {{flags}}

# Build the nix-darwin config with the --show-trace flag set
[macos]
trace target_host=hostname: (build target_host "--show-trace")

# Build the nix-darwin configuration and switch to it
[macos]
switch target_host=hostname: (build target_host)
  @echo "switching to new config for {{target_host}}"
  # if macOS updates and overwrites /etc/shells, nix will refuse to update it
  sudo mv /etc/shells /tmp/shells.bak
  ./result/sw/bin/darwin-rebuild switch {{work_mac_impure}} --flake ".#{{target_host}}" 

# Reload the skhd (hotkey daemon) service to apply new config. Workaround for config changes not being auto-detected.
[macos]
reload-skhd:
  launchctl stop org.nixos.skhd && launchctl start org.nixos.skhd && sleep 1 && skhd -r

# on asahi linux, we need to pass the --impure flag to read in firmware files
rebuild_flags := `if [ -d /boot/asahi ]; then echo "--impure"; else echo ""; fi`

# Build the NixOS configuration without switching to it
[linux]
build target_host=hostname flags="":
	nixos-rebuild build --flake .#{{target_host}} {{rebuild_flags}} {{flags}}

# Build the NixOS config with the --show-trace flag set
[linux]
trace target_host=hostname: (build target_host "--show-trace")

# Build the NixOS configuration and switch to it.
[linux]
switch target_host=hostname:
  sudo nixos-rebuild switch --flake .#{{target_host}} {{rebuild_flags}}

# Update flake inputs to their latest revisions
update:
  nix flake update 

upgit: update
  git add flake.lock
  git commit -m "update flake.lock"
  git push

# Garbage collect old OS generations and remove stale packages from the nix store
gc generations="5d":
  sudo nix-env --delete-generations {{generations}}
  sudo nix-store --gc
  sudo nix-collect-garbage -d --delete-older-than {{generations}}

repair:
  sudo nix-store --repair --verify --check-contents

# Add a machine's age key for SOPS
sops-add machine_name target:
  bun tools/onboard-machine.js {{machine_name}} {{target}}
  sops updatekeys -y secrets/default.yaml

# Generate a SOPS keys file
sops-generate-keys:
  sudo cat /etc/ssh/ssh_host_ed25519_key | ssh-to-age --private-key > .sops.keys
  cat ~/.ssh/id_ed25519 | ssh-to-age --private-key >> .sops.keys

deploy target_host extra_flags="":
  @test -f nixos/hosts/{{target_host}}/.target || { echo "Host cannot be deployed, add a .target file with SSH destination"; exit 1; }
  ssh -A `cat nixos/hosts/{{target_host}}/.target` sudo nixos-rebuild switch {{extra_flags}} `cat nixos/hosts/{{target_host}}/.flags 2>/dev/null || echo ''` --accept-flake-config --flake \"git+https://git.sapphic.engineer/noe/nixos.git?ref={{branch}}\&rev={{commit}}#{{target_host}}\"

deploy2 target_host extra_flags="":
  @test -f nixos/hosts/{{target_host}}/.target || { echo "Host cannot be deployed, add a .target file with SSH destination"; exit 1; }
  nixos-rebuild switch {{extra_flags}} --target-host root@`cat nixos/hosts/{{target_host}}/.target` `cat nixos/hosts/{{target_host}}/.flags 2>/dev/null || echo ''` --accept-flake-config --verbose --flake .#{{target_host}}

# 
ssh target_host *args='':
  @test -f nixos/hosts/{{target_host}}/.target || { echo "Cannot SSH, add a .target file with SSH destination"; exit 1; }
  ssh -A `cat nixos/hosts/{{target_host}}/.target` {{args}}