# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ depot, system, ... }@ch:
let
  nixpkgsConfig = {
    allowUnfree = true;
    checkMeta = false;
    permittedInsecurePackages = [
      "nodejs-16.20.2"  # for openvscode-server

      # for authentik?
      "python3.10-requests-2.29.0"
      "python3.10-cryptography-40.0.2"
      "python3.11-requests-2.29.0"
      "python3.11-cryptography-40.0.2"
    ];
    packageOverrides = pkgs: rec {
      factorio = pkgs.factorio.override depot.ops.secrets.factorio;
      factorio-experimental = pkgs.factorio-experimental.override depot.ops.secrets.factorio;
      ntfy = (pkgs.ntfy.override {
        withXmpp = false;
        withSlack = false;
        python39 = pkgs.python3;
      }).overridePythonAttrs (oldAttrs: {
        doCheck = false;
        checkPhase = "";
        patches = oldAttrs.patches ++ [
          ./ntfy-0001-Swap-from-inspect.getargspec-to-inspect.signature-fo.patch
          ./ntfy-0003-Swap-description-file-for-description_file-to-make-s.patch
        ];
      });
      delve = pkgs.delve.overrideAttrs (oldAttrs: {
        meta = oldAttrs.meta // {
          platforms = oldAttrs.meta.platforms ++ [ "aarch64-linux" ];
        };
      });
      sofia_sip = pkgs.sofia_sip.overrideAttrs (oldAttrs: {
        src = pkgs.fetchFromGitHub {
          owner = "lukegb";
          repo = "sofia-sip";
          rev = "2e1e3117f4ab1b7dff7e2a70b238ba2ff7a90d11";  # tls-sni branch
          sha256 = "0llayw2a5nir0zx3hx4wf3kvyjfb5gksxv6wagwfbc0cca5qp1nc";
        };
      });
      freeswitch = pkgs.freeswitch.overrideAttrs (oldAttrs: {
        src = pkgs.fetchFromGitHub {
          owner = "lukegb";
          repo = "freeswitch";
          rev = "4f5a64c7912364ccb1059c64463daf06aaf49745";  # rtp-avpf-moz-variable
          sha256 = "1jdyk6d80jmsg6qn7hw58088yydn78g3kn3lmgg8argihb69pf2i";
        };
      });
    };
  };
  nixpkgs = import ./nixpkgs {
    inherit system;
    config = nixpkgsConfig;
    overlays = [(final: prev: {
      zcl-advanced-platform = final.callPackage ../nix/pkgs/zcl-advanced-platform { };
      home-assistant = prev.home-assistant.override {
        packageOverrides = final': prev': {
          home-assistant-chip = final'.callPackage ../nix/pkgs/home-assistant-chip {
            gn = final.gn1924;
          };
          home-assistant-chip-core = final'.home-assistant-chip.core;
          home-assistant-chip-clusters = final'.home-assistant-chip.clusters;
        };
      };
    })];
  };
  crate2nixSrc = nixpkgs.fetchFromGitHub {
    owner = "kolloch";
    repo = "crate2nix";
    rev = "e07af104b8e41d1cd7e41dc7ac3fdcdf4953efae";
    hash = "sha256:07syygn1rc5n1big7hf42pzgm5wc1r0mzglzvlbcb7rkzgqqhbqx";
  };
  naerskSrc = nixpkgs.fetchFromGitHub {
    owner = "nmattia";
    repo = "naersk";
    rev = "e0fe990b478a66178a58c69cf53daec0478ca6f9";
    sha256 = "sha256:0qjyfmw5v7s6ynjns4a61vlyj9cghj7vbpgrp9147ngb1f8krz2c";
  };
  poetry2nixSrc = nixpkgs.fetchFromGitHub {
    owner = "nix-community";
    repo = "poetry2nix";
    rev = "528d500ea826383cc126a9be1e633fc92b19ce5d";
    hash = "sha256:1q245v4q0bb30ncfj66gl6dl1k46am28x7kjj6d3y7r6l4fzppq8";
  };

  tvlDepot = import ./tvl { nixpkgsBisectPath = ./nixpkgs; inherit nixpkgsConfig; nixpkgsSystem = system; };
in
rec {
  inherit nixpkgsConfig nixpkgs;
  nixos = import ./nixpkgs/nixos;
  nixeval = import ./nixpkgs/nixos/lib/eval-config.nix;
  buildGo =
    let orig = import ./tvl/nix/buildGo { pkgs = nixpkgs; inherit gopkgs; };
    in orig // {
      program = { dockerData ? [], ... }@args:
        let
          origOut = orig.program (nixpkgs.lib.filterAttrs (n: v: n != "dockerData") args);
        in origOut // {
          dockerImage = nixpkgs.dockerTools.buildImage {
            name = args.name;
            copyToRoot = nixpkgs.buildEnv {
              name = "${args.name}-env";
              paths = dockerData;
            };
            config = {
              Entrypoint = [ "${origOut}/bin/${args.name}" ];
              Env = [
                "SSL_CERT_FILE=${nixpkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
              ];
            };
          };
        };
    };
  readTree = import ./tvl/nix/readTree {};
  gopkgs = readTree {
    args = ch;
    path = ./gopkgs;
  };

  bat_syntaxes = tvlDepot.third_party.bat_syntaxes;
  cheddar = tvlDepot.tools.cheddar;
  naersk = nixpkgs.callPackage naerskSrc {};

  crate2nix = import "${crate2nixSrc}" { pkgs = ch.depot.pkgs; };

  poetry2nix = import "${poetry2nixSrc}" { pkgs = ch.depot.pkgs; };
}