From bdd7ea92d11a8aeec81f5bb64714ab575bf08a11 Mon Sep 17 00:00:00 2001 From: Hung Date: Wed, 22 Feb 2023 13:18:44 -0700 Subject: [PATCH] just bare minimum for convenience of sops and access to credentials.yml --- dev-shell.nix | 7 ++-- flake.nix | 93 +++++++++++-------------------------------------- lib/default.nix | 61 -------------------------------- lib/serde.nix | 31 ----------------- lib/test.nix | 1 - 5 files changed, 24 insertions(+), 169 deletions(-) delete mode 100644 lib/default.nix delete mode 100644 lib/serde.nix delete mode 100644 lib/test.nix diff --git a/dev-shell.nix b/dev-shell.nix index 2a08266..a28a0e2 100644 --- a/dev-shell.nix +++ b/dev-shell.nix @@ -12,13 +12,14 @@ # buildInputs, or packages buildInputs = [ # shell scripts - (lib.shellAsDrv { script = ''echo "hello world"''; pname = "hello"; }) - # TODO: decompose hm-switch.sh with a base version (where HOME_MANAGER_BIN is injected) - # (lib.shellAsDrv {script = builtins.readFile ./scripts/hm-switch.sh; pname = "hm-switch";}) pkgs.rust4cargo pkgs.sops ]; + shellHook = '' + # Since we need late dispatch of ~, we have to put this in shellHook. + export SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt + ''; # env vars lol = "hello world"; } diff --git a/flake.nix b/flake.nix index 3a1b65e..6d6e1a9 100644 --- a/flake.nix +++ b/flake.nix @@ -61,46 +61,9 @@ # nixosConfigurations.${profile}, devShells.${profile}, packages.${profile} # and correctly produce supported_systems = flake-utils.lib.defaultSystems; - cross_platform = config_fn: let - # nixosConfigurations.${profile} -> nixosConfigurations.${system}.${profile} - # pass in: path.to.exports.nixosConfigurations - # get out: nixosConfigurations.${system} = {...} - strat_sandwich = field_name: config_field: system: { - "${field_name}"."${system}" = config_field; - }; - # homeConfigurations.${profile} -> packages.${system}.homeConfigurations.${profile} - # pass in: path.to.exports.homeConfigurations - # get: packages.${system}.homeConfigurations - strat_wrap_packages = field_name: config_field: system: { - packages."${system}"."${field_name}" = config_field; - }; - strat_noop = field_name: config_field: system: {"${field_name}" = config_field;}; - strategyMap = { - nixosConfigurations = strat_sandwich; - templates = strat_noop; - devShells = strat_sandwich; - devShell = strat_sandwich; - formatter = strat_sandwich; - homeConfigurations = strat_wrap_packages; - lib = strat_noop; - proj_root = strat_noop; - unit_tests = strat_noop; - secrets = strat_noop; - debug = strat_noop; - }; - # takes in {homeConfigurations = ...; nixosConfigurations = ...} - # -> {packages.$system.homeConfigurations} - mapConfig = config: system: (builtins.foldl' - (acc: confName: (strategyMap."${confName}" confName config."${confName}" system)) - {} (builtins.attrNames config)); - in builtins.foldl' nixlib.lib.recursiveUpdate {} ( - builtins.map (system: (mapConfig (config_fn system) system)) supported_systems - ); - in cross_platform (system: + forEachSystem = nixpkgs.lib.genAttrs supported_systems; + in let - # Context/global stuffs to be passed down - # NOTE: this will only read files that are within git tree - # all secrets should go into secrets.nix and secrets/*.age proj_root = let path = builtins.toString ./.; @@ -115,26 +78,24 @@ hosts.path = "${path}/hosts"; users.path = "${path}/users"; }; - overlays = import ./overlays.nix (_inputs // {inherit system;}); - pkgs = import nixpkgs { - inherit system overlays; + overlays = forEachSystem (system: import ./overlays.nix (_inputs // { inherit system; })); + pkgs = forEachSystem (system: (import nixpkgs { + inherit system; + overlays = overlays.${system}; config = { allowUnfree = true; }; - }; - # now, this lib is extremely powerful as it also engulfs nixpkgs.lib - # lib = nixpkgs.lib // pkgs.lib; + })); lib = (builtins.foldl' (lhs: rhs: (nixpkgs.lib.recursiveUpdate lhs rhs)) { } [ nixpkgs.lib - pkgs.lib - (import ./lib { - inherit proj_root pkgs overlays system; - inherit (pkgs) lib; - }) + nixlib.lib ]); - inputs_w_lib = (pkgs.lib.recursiveUpdate _inputs { - inherit system proj_root pkgs lib; - }); + inputs_w_lib = forEachSystem ( + system: lib.recursiveUpdate _inputs { + inherit system lib; + pkgs = pkgs.${system}; + } + ); modules = (import ./modules inputs_w_lib); hosts = (import ./hosts inputs_w_lib); @@ -143,28 +104,15 @@ # {nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat # ,pkgs, lib (extended), proj_root} final_inputs = inputs_w_lib; - - # Tests: unit + integration - unit_tests = (import ./lib/test.nix final_inputs) // - { - test_example = { - expr = "names must start with 'test'"; - expected = "or won't show up"; - }; - not_show = { - expr = "this will be ignored by lib.runTests"; - expected = "for sure"; - }; - }; - secrets = import ./secrets final_inputs; - in { inherit (hosts) nixosConfigurations; inherit (users) homeConfigurations; inherit lib proj_root; - devShells = import ./dev-shell.nix final_inputs; - templates = import ./templates final_inputs; + devShells = forEachSystem (system: + {default = (import ./dev-shell.nix final_inputs.${system});} + ); + templates = forEachSystem (system: import ./templates final_inputs.${system}); secrets = { pubKeys = { hosts = hosts.pubKeys; @@ -172,10 +120,9 @@ }; }; - # unit_tests = lib.runTests unit_tests; debug = { - inherit final_inputs hosts users modules lib inputs_w_lib unit_tests pkgs nixpkgs nixlib; + inherit final_inputs hosts users modules lib inputs_w_lib pkgs nixpkgs nixlib; }; # formatter."${system}" = pkgs.nixpkgs-fmt; - }); + }; } diff --git a/lib/default.nix b/lib/default.nix deleted file mode 100644 index 6568f0c..0000000 --- a/lib/default.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ pkgs - # ,nixpkgs -, proj_root - # ,agenix -, nixosDefaultVersion ? "22.05" -, defaultSystem ? "x86_64-linux" -, ... -}@inputs: -let - lib = pkgs.lib; - inputs_w_lib = (inputs // { inherit lib; }); - serde = import ./serde.nix inputs_w_lib; - shellAsDrv = { script, pname }: (pkgs.callPackage - ( - # just a pattern that we must remember: args to this are children of pkgs. - { writeShellScriptBin }: writeShellScriptBin pname script - ) - { }); - trimNull = lib.filterAttrs (name: value: value != null); - # ssh - flattenPubkey = lib.mapAttrs (_identity: meta_config: lib.attrByPath [ "metadata" "ssh_pubkey" ] null meta_config); - getPubkey = config: (lib.pipe config [ flattenPubkey trimNull ]); - # procedure = -in -{ - # short-hand to create a shell derivation - # NOTE: this is pure. This means, env vars from devShells might not - # be accessible unless MAYBE they are `export`ed - inherit shellAsDrv trimNull flattenPubkey getPubkey; - ssh = { - inherit flattenPubkey getPubkey; - }; - # Configures hosts as nixosConfiguration - # mkHost = {hostName - # , nixosBareConfiguration - # , finalInputs - # , users ? {} - # , nixosVersion? nixosDefaultVersion - # , system? defaultSystem - # , preset? "base"}: # base | minimal - # let - # hardwareConfig = hostname: import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix"; - # in nixpkgs.lib.nixosSystem (nixosBareConfiguration // { - # inherit system; - # modules = [ - # { - # system.stateVersion = nixosVersion; - # networking.hostName = hostName; - # users.users = users; - # } - # { - # _module.args = finalInputs; - # } - # import "${proj_root.modules.path}/secrets.nix" - # import "${proj_root.modules.path}/${preset}.sys.nix" - # ] ++ nixosBareConfiguration.modules; - # lib = finalInputs.lib; - # }); - inherit serde; - inherit (serde) fromYaml fromYamlPath; -} diff --git a/lib/serde.nix b/lib/serde.nix deleted file mode 100644 index d0d5732..0000000 --- a/lib/serde.nix +++ /dev/null @@ -1,31 +0,0 @@ -# Takes care of serializing and deserializing to some formats -# Blame: Pegasust -# TODO: Add to* formats from pkgs.formats.* -{ pkgs -, lib -, ... -} @ inputs: -let - yamlToJsonDrv = yamlContent: outputPath: pkgs.callPackage - ({ runCommand }: - # runCommand source: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/trivial-builders.nix#L33 - runCommand outputPath { inherit yamlContent; nativeBuildInputs = [ pkgs.yq ]; } - # run yq which outputs '.' (no filter) on file at yamlPath - # note that $out is passed onto the bash/sh script for execution - '' - echo "$yamlContent" | yq >$out - '') - { }; -in -{ - # Takes in a yaml string and produces a derivation with translated JSON at $outputPath - # similar to builtins.fromJSON, turns a YAML string to nix attrset - fromYaml = yamlContent: builtins.fromJSON (builtins.readFile (yamlToJsonDrv yamlContent "any_output.json")); - fromYamlPath = yamlPath: builtins.fromJSON ( - builtins.readFile ( - yamlToJsonDrv - ( - builtins.readFile yamlPath) - "any-output.json")); - # TODO: fromToml? -} diff --git a/lib/test.nix b/lib/test.nix deleted file mode 100644 index da4b506..0000000 --- a/lib/test.nix +++ /dev/null @@ -1 +0,0 @@ -{ lib, ... }: { }