locals {
  environment = lookup(jsondecode(file("../config.json")), "terraform_packer_environment", "")
}

variable "nixos-version" {
  description = "NixOS version https://nixos.org/manual/nixos/stable/release-notes.html"
  default = "20.09"
}

variable "build-version" {
  description = "Internal build version"
  default = "0.0.1"
}

variable "nixos-infect" {
  description = "Ensure the desired version of nixos-infect is retrieved https://github.com/elitak/nixos-infect/commits/master"
  type = map(string)
  default = {
    "commit_hash" = "30441b1"
    "checksum_hash" = "daa557fa29609e8dbb0f2e9f62c08101"
  }
}

source "hcloud" "nixos-build-spec" {
  token = lookup(jsondecode(file("../secrets.json")), "hcloud_token_${local.environment}", "")
  image = "ubuntu-20.04"
  location = "nbg1"
  server_type = "cx11"
  ssh_username = "root"
  snapshot_name = "nixos-${var.nixos-version}-${var.build-version}"
  #ssh_keys = [""] # A user 'operator' with an authorized public key in is set up via Nix (see ./nix/system.nix)
}

build {
  name = "nixos"

  sources = ["sources.hcloud.nixos-build-spec"]

  provisioner "shell" {
    expect_disconnect = true
    environment_vars = [
      "NIXOS_INFECT_COMMIT_HASH=${lookup(var.nixos-infect, "commit_hash", "")}",
      "NIXOS_INFECT_CHECKSUM_HASH=${lookup(var.nixos-infect, "checksum_hash", "")}",
      "NIXOS_VERSION=${var.nixos-version}"
    ]
    script = "install.sh"
  }

  provisioner "shell" {
    inline = [
      "mkdir /tmp/packer_transfer"
    ]
  }

  provisioner "file" {
    source = "nix/"
    destination = "/tmp/packer_transfer"
  }

  provisioner "shell" {
    inline = [
      "rm /etc/nixos/*.nix",
      "install -m 0644 -o root -g root /tmp/packer_transfer/*.nix /etc/nixos/",
      "nixos-rebuild build && nixos-rebuild switch"
    ]
  }
}

packer {
  required_version = ">= 1.6.5, < 2.0.0"
}