homey/flake.nix

{
  description = "Homey - self-hosted home server NixOS configuration";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";

    # sops-nix for secret management
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    # Caddy with Cloudflare DNS plugin (not in nixpkgs mainline)
    caddy-cloudflare = {
      url = "github:NixOS/nixpkgs/nixos-24.11"; # see modules/caddy.nix for override
    };
  };

  outputs = { self, nixpkgs, sops-nix, ... }@inputs:
  let
    # Shared specialArgs passed to every host
    commonArgs = {
      inherit inputs;
      # Top-level site config — override per-host if needed
      homeyConfig = {
        domain       = "home.zakobar.com";   # base domain for all services
        organization = "Zakobar Home Server";
        timezone     = "Asia/Jerusalem";
        # External HD mount point — set in hardware.nix per host
        # dataDir is intentionally NOT set here; each host sets it
      };
    };

    mkHost = { system, hostPath, extraModules ? [] }:
      nixpkgs.lib.nixosSystem {
        inherit system;
        specialArgs = commonArgs;
        modules = [
          sops-nix.nixosModules.sops
          hostPath
          ./modules/common.nix
          ./modules/storage.nix
          ./modules/caddy.nix
          ./modules/cloudflared.nix
          ./modules/backup.nix
          ./modules/services/openldap.nix
          ./modules/services/authelia.nix
          ./modules/services/gitea.nix
          ./modules/services/nextcloud.nix
          ./modules/services/phpldapadmin.nix
          ./modules/services/jellyfin.nix
          ./modules/services/transmission.nix
        ] ++ extraModules;
      };

  in {
    nixosConfigurations = {

      # Primary Raspberry Pi 4
      pi-main = mkHost {
        system   = "aarch64-linux";
        hostPath = ./hosts/pi-main/default.nix;
      };

      # Future second machine (placeholder — uncomment and configure when ready)
      # pi-secondary = mkHost {
      #   system   = "x86_64-linux";  # or aarch64-linux for another Pi
      #   hostPath = ./hosts/pi-secondary/default.nix;
      # };

    };
  };
}