name: Nix CI

on:
  push:
  pull_request:

jobs:
  build:
    runs-on: ubuntu-latest
    env:
      HOME: /root

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
      - uses: DeterminateSystems/magic-nix-cache-action@main

      - name: Check Nix flake inputs
        uses: DeterminateSystems/flake-checker-action@main

      - name: Setup SOPS key
        if: env.SOPS_AGE_KEY != ''
        run: |
          echo "$SOPS_AGE_KEY" > /tmp/key.txt
          export SOPS_AGE_KEY_FILE=/tmp/key.txt
        env:
          SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}

      - name: Build all hosts
        run: |
          nix flake show --json | jq -r '
            .nixosConfigurations | keys[]' | while read host; do
              echo "Building $host"
              nix build .#nixosConfigurations.$host.config.system.build.toplevel
          done