name: Nix CI

on:
  push:
  pull_request:

jobs:
  build:
    runs-on: ubuntu-latest
    env:
      HOME: /root

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Install Nix
        uses: cachix/install-nix-action@v31
        with:
          nix_path: nixpkgs=channel:nixos-unstable
          extra_nix_config: |
            sandbox = false

      - name: Enable flakes
        run: |
          mkdir -p ~/.config/nix
          echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf

      - name: Setup SOPS key
        if: env.SOPS_AGE_KEY != ''
        run: |
          echo "$SOPS_AGE_KEY" > /tmp/key.txt
          export SOPS_AGE_KEY_FILE=/tmp/key.txt
        env:
          SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}

      - name: Flake check
        run: nix flake check

      - name: Remove homeless-shelter
        run: rm -rf /homeless-shelter

      - name: Build all hosts
        run: |
          nix flake show --json | jq -r '
            .nixosConfigurations | keys[]' | while read host; do
              echo "Building $host"
              nix build .#nixosConfigurations.$host.config.system.build.toplevel
          done