just bare minimum for convenience of sops and access to credentials.yml

2023-02-22 13:18:44 -07:00 · 2023-02-22 13:18:44 -07:00 · bdd7ea92d1
parent ac131e1389
commit bdd7ea92d1
5 changed files with 24 additions and 169 deletions
--- a/dev-shell.nix
+++ b/dev-shell.nix
@ -12,13 +12,14 @@
  # buildInputs, or packages
  buildInputs = [
    # shell scripts
    (lib.shellAsDrv { script = ''echo "hello world"''; pname = "hello"; })
    # TODO: decompose hm-switch.sh with a base version (where HOME_MANAGER_BIN is injected)
    # (lib.shellAsDrv {script = builtins.readFile ./scripts/hm-switch.sh; pname = "hm-switch";})
    pkgs.rust4cargo
    pkgs.sops
  ];
  shellHook = ''
  # Since we need late dispatch of ~, we have to put this in shellHook.
  export SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt
  '';
  # env vars
  lol = "hello world";
 }
--- a/flake.nix
+++ b/flake.nix
@ -61,46 +61,9 @@
      # nixosConfigurations.${profile}, devShells.${profile}, packages.${profile}
      # and correctly produce 
      supported_systems = flake-utils.lib.defaultSystems;
-      cross_platform = config_fn: let 
+      forEachSystem = nixpkgs.lib.genAttrs supported_systems;
-        # nixosConfigurations.${profile} -> nixosConfigurations.${system}.${profile}
+    in
        # pass in: path.to.exports.nixosConfigurations
        # get out: nixosConfigurations.${system} = {...}
        strat_sandwich = field_name: config_field: system: {
          "${field_name}"."${system}" = config_field;
        };
        # homeConfigurations.${profile} -> packages.${system}.homeConfigurations.${profile}
        # pass in: path.to.exports.homeConfigurations
        # get: packages.${system}.homeConfigurations
        strat_wrap_packages = field_name: config_field: system: {
          packages."${system}"."${field_name}" = config_field;
        };
        strat_noop = field_name: config_field: system: {"${field_name}" = config_field;};
        strategyMap = {
          nixosConfigurations = strat_sandwich;
          templates =           strat_noop;
          devShells =           strat_sandwich;
          devShell =            strat_sandwich;
          formatter =           strat_sandwich;
          homeConfigurations =  strat_wrap_packages;
          lib =                 strat_noop;
          proj_root =           strat_noop;
          unit_tests =          strat_noop;
          secrets =             strat_noop;
          debug =               strat_noop;
        };
        # takes in {homeConfigurations = ...; nixosConfigurations = ...}
        # -> {packages.$system.homeConfigurations}
        mapConfig = config: system: (builtins.foldl' 
          (acc: confName: (strategyMap."${confName}" confName config."${confName}" system))
          {} (builtins.attrNames config));
      in builtins.foldl' nixlib.lib.recursiveUpdate {} (
        builtins.map (system: (mapConfig (config_fn system) system)) supported_systems
      );
    in cross_platform (system:
    let
      # Context/global stuffs to be passed down
      # NOTE: this will only read files that are within git tree
      # all secrets should go into secrets.nix and secrets/*.age
      proj_root =
        let
          path = builtins.toString ./.;
@ -115,26 +78,24 @@
          hosts.path = "${path}/hosts";
          users.path = "${path}/users";
        };
-      overlays = import ./overlays.nix (_inputs // {inherit system;});
+      overlays = forEachSystem (system: import ./overlays.nix (_inputs // { inherit system; }));
-      pkgs = import nixpkgs {
+      pkgs = forEachSystem (system: (import nixpkgs {
-        inherit system overlays;
+        inherit system;
        overlays = overlays.${system};
        config = {
          allowUnfree = true;
        };
-      };
+      }));
      # now, this lib is extremely powerful as it also engulfs nixpkgs.lib
      # lib = nixpkgs.lib // pkgs.lib;
      lib = (builtins.foldl' (lhs: rhs: (nixpkgs.lib.recursiveUpdate lhs rhs)) { } [
        nixpkgs.lib
-        pkgs.lib
+        nixlib.lib
        (import ./lib {
          inherit proj_root pkgs overlays system;
          inherit (pkgs) lib;
        })
      ]);
-      inputs_w_lib = (pkgs.lib.recursiveUpdate _inputs {
+      inputs_w_lib = forEachSystem (
-        inherit system proj_root pkgs lib;
+        system: lib.recursiveUpdate _inputs {
-      });
+          inherit system lib;
          pkgs = pkgs.${system};
        }
      );
      modules = (import ./modules inputs_w_lib);
      hosts = (import ./hosts inputs_w_lib);
@ -143,28 +104,15 @@
      # {nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat
      # ,pkgs, lib (extended), proj_root}
      final_inputs = inputs_w_lib;
      # Tests: unit + integration
      unit_tests = (import ./lib/test.nix final_inputs) //
        {
          test_example = {
            expr = "names must start with 'test'";
            expected = "or won't show up";
          };
          not_show = {
            expr = "this will be ignored by lib.runTests";
            expected = "for sure";
          };
        };
      secrets = import ./secrets final_inputs;
    in
    {
      inherit (hosts) nixosConfigurations;
      inherit (users) homeConfigurations;
      inherit lib proj_root;
-      devShells = import ./dev-shell.nix final_inputs;
+      devShells = forEachSystem (system:
-      templates = import ./templates final_inputs;
+        {default = (import ./dev-shell.nix final_inputs.${system});}
      );
      templates = forEachSystem (system: import ./templates final_inputs.${system});
      secrets = {
        pubKeys = {
          hosts = hosts.pubKeys;
@ -172,10 +120,9 @@
        };
      };
      # unit_tests = lib.runTests unit_tests;
      debug = {
-        inherit final_inputs hosts users modules lib inputs_w_lib unit_tests pkgs nixpkgs nixlib;
+        inherit final_inputs hosts users modules lib inputs_w_lib pkgs nixpkgs nixlib;
      };
      # formatter."${system}" = pkgs.nixpkgs-fmt;
-    });
+    };
 }
--- a/lib/default.nix
+++ b/lib/default.nix
@ -1,61 +0,0 @@
 { pkgs
  # ,nixpkgs
 , proj_root
  # ,agenix
 , nixosDefaultVersion ? "22.05"
 , defaultSystem ? "x86_64-linux"
 , ...
 }@inputs:
 let
  lib = pkgs.lib;
  inputs_w_lib = (inputs // { inherit lib; });
  serde = import ./serde.nix inputs_w_lib;
  shellAsDrv = { script, pname }: (pkgs.callPackage
    (
      # just a pattern that we must remember: args to this are children of pkgs.
      { writeShellScriptBin }: writeShellScriptBin pname script
    )
    { });
  trimNull = lib.filterAttrs (name: value: value != null);
  # ssh
  flattenPubkey = lib.mapAttrs (_identity: meta_config: lib.attrByPath [ "metadata" "ssh_pubkey" ] null meta_config);
  getPubkey = config: (lib.pipe config [ flattenPubkey trimNull ]);
  # procedure = 
 in
 {
  # short-hand to create a shell derivation
  # NOTE: this is pure. This means, env vars from devShells might not
  # be accessible unless MAYBE they are `export`ed
  inherit shellAsDrv trimNull flattenPubkey getPubkey;
  ssh = {
    inherit flattenPubkey getPubkey;
  };
  # Configures hosts as nixosConfiguration
  # mkHost = {hostName
  # , nixosBareConfiguration
  # , finalInputs
  # , users ? {}
  # , nixosVersion? nixosDefaultVersion
  # , system? defaultSystem
  # , preset? "base"}:  # base | minimal 
  # let 
  #   hardwareConfig = hostname: import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix";
  # in nixpkgs.lib.nixosSystem (nixosBareConfiguration // {
  #   inherit system;
  #   modules = [
  #     {
  #       system.stateVersion = nixosVersion;
  #       networking.hostName = hostName;
  #       users.users = users;
  #     }
  #     {
  #       _module.args = finalInputs;
  #     }
  #     import "${proj_root.modules.path}/secrets.nix"
  #     import "${proj_root.modules.path}/${preset}.sys.nix"
  #   ] ++ nixosBareConfiguration.modules;
  #   lib = finalInputs.lib;
  # });
  inherit serde;
  inherit (serde) fromYaml fromYamlPath;
 }
--- a/lib/serde.nix
+++ b/lib/serde.nix
@ -1,31 +0,0 @@
 # Takes care of serializing and deserializing to some formats
 # Blame: Pegasust<pegasucksgg@gmail.com>
 # TODO: Add to* formats from pkgs.formats.*
 { pkgs
 , lib
 , ...
 } @ inputs:
 let
  yamlToJsonDrv = yamlContent: outputPath: pkgs.callPackage
    ({ runCommand }:
      # runCommand source: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/trivial-builders.nix#L33
      runCommand outputPath { inherit yamlContent; nativeBuildInputs = [ pkgs.yq ]; }
        # run yq which outputs '.' (no filter) on file at yamlPath
        # note that $out is passed onto the bash/sh script for execution
        ''
          echo "$yamlContent" | yq >$out
        '')
    { };
 in
 {
  # Takes in a yaml string and produces a derivation with translated JSON at $outputPath
  # similar to builtins.fromJSON, turns a YAML string to nix attrset
  fromYaml = yamlContent: builtins.fromJSON (builtins.readFile (yamlToJsonDrv yamlContent "any_output.json"));
  fromYamlPath = yamlPath: builtins.fromJSON (
    builtins.readFile (
      yamlToJsonDrv
        (
          builtins.readFile yamlPath)
        "any-output.json"));
  # TODO: fromToml?
 }
--- a/lib/test.nix
+++ b/lib/test.nix
@ -1 +0,0 @@
 { lib, ... }: { }