just bare minimum for convenience of sops and access to credentials.yml

bare
Hung 2023-02-22 13:18:44 -07:00
parent ac131e1389
commit bdd7ea92d1
5 changed files with 24 additions and 169 deletions

View File

@ -12,13 +12,14 @@
# buildInputs, or packages
buildInputs = [
# shell scripts
(lib.shellAsDrv { script = ''echo "hello world"''; pname = "hello"; })
# TODO: decompose hm-switch.sh with a base version (where HOME_MANAGER_BIN is injected)
# (lib.shellAsDrv {script = builtins.readFile ./scripts/hm-switch.sh; pname = "hm-switch";})
pkgs.rust4cargo
pkgs.sops
];
shellHook = ''
# Since we need late dispatch of ~, we have to put this in shellHook.
export SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt
'';
# env vars
lol = "hello world";
}

View File

@ -61,46 +61,9 @@
# nixosConfigurations.${profile}, devShells.${profile}, packages.${profile}
# and correctly produce
supported_systems = flake-utils.lib.defaultSystems;
cross_platform = config_fn: let
# nixosConfigurations.${profile} -> nixosConfigurations.${system}.${profile}
# pass in: path.to.exports.nixosConfigurations
# get out: nixosConfigurations.${system} = {...}
strat_sandwich = field_name: config_field: system: {
"${field_name}"."${system}" = config_field;
};
# homeConfigurations.${profile} -> packages.${system}.homeConfigurations.${profile}
# pass in: path.to.exports.homeConfigurations
# get: packages.${system}.homeConfigurations
strat_wrap_packages = field_name: config_field: system: {
packages."${system}"."${field_name}" = config_field;
};
strat_noop = field_name: config_field: system: {"${field_name}" = config_field;};
strategyMap = {
nixosConfigurations = strat_sandwich;
templates = strat_noop;
devShells = strat_sandwich;
devShell = strat_sandwich;
formatter = strat_sandwich;
homeConfigurations = strat_wrap_packages;
lib = strat_noop;
proj_root = strat_noop;
unit_tests = strat_noop;
secrets = strat_noop;
debug = strat_noop;
};
# takes in {homeConfigurations = ...; nixosConfigurations = ...}
# -> {packages.$system.homeConfigurations}
mapConfig = config: system: (builtins.foldl'
(acc: confName: (strategyMap."${confName}" confName config."${confName}" system))
{} (builtins.attrNames config));
in builtins.foldl' nixlib.lib.recursiveUpdate {} (
builtins.map (system: (mapConfig (config_fn system) system)) supported_systems
);
in cross_platform (system:
forEachSystem = nixpkgs.lib.genAttrs supported_systems;
in
let
# Context/global stuffs to be passed down
# NOTE: this will only read files that are within git tree
# all secrets should go into secrets.nix and secrets/*.age
proj_root =
let
path = builtins.toString ./.;
@ -115,26 +78,24 @@
hosts.path = "${path}/hosts";
users.path = "${path}/users";
};
overlays = import ./overlays.nix (_inputs // {inherit system;});
pkgs = import nixpkgs {
inherit system overlays;
overlays = forEachSystem (system: import ./overlays.nix (_inputs // { inherit system; }));
pkgs = forEachSystem (system: (import nixpkgs {
inherit system;
overlays = overlays.${system};
config = {
allowUnfree = true;
};
};
# now, this lib is extremely powerful as it also engulfs nixpkgs.lib
# lib = nixpkgs.lib // pkgs.lib;
}));
lib = (builtins.foldl' (lhs: rhs: (nixpkgs.lib.recursiveUpdate lhs rhs)) { } [
nixpkgs.lib
pkgs.lib
(import ./lib {
inherit proj_root pkgs overlays system;
inherit (pkgs) lib;
})
nixlib.lib
]);
inputs_w_lib = (pkgs.lib.recursiveUpdate _inputs {
inherit system proj_root pkgs lib;
});
inputs_w_lib = forEachSystem (
system: lib.recursiveUpdate _inputs {
inherit system lib;
pkgs = pkgs.${system};
}
);
modules = (import ./modules inputs_w_lib);
hosts = (import ./hosts inputs_w_lib);
@ -143,28 +104,15 @@
# {nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat
# ,pkgs, lib (extended), proj_root}
final_inputs = inputs_w_lib;
# Tests: unit + integration
unit_tests = (import ./lib/test.nix final_inputs) //
{
test_example = {
expr = "names must start with 'test'";
expected = "or won't show up";
};
not_show = {
expr = "this will be ignored by lib.runTests";
expected = "for sure";
};
};
secrets = import ./secrets final_inputs;
in
{
inherit (hosts) nixosConfigurations;
inherit (users) homeConfigurations;
inherit lib proj_root;
devShells = import ./dev-shell.nix final_inputs;
templates = import ./templates final_inputs;
devShells = forEachSystem (system:
{default = (import ./dev-shell.nix final_inputs.${system});}
);
templates = forEachSystem (system: import ./templates final_inputs.${system});
secrets = {
pubKeys = {
hosts = hosts.pubKeys;
@ -172,10 +120,9 @@
};
};
# unit_tests = lib.runTests unit_tests;
debug = {
inherit final_inputs hosts users modules lib inputs_w_lib unit_tests pkgs nixpkgs nixlib;
inherit final_inputs hosts users modules lib inputs_w_lib pkgs nixpkgs nixlib;
};
# formatter."${system}" = pkgs.nixpkgs-fmt;
});
};
}

View File

@ -1,61 +0,0 @@
{ pkgs
# ,nixpkgs
, proj_root
# ,agenix
, nixosDefaultVersion ? "22.05"
, defaultSystem ? "x86_64-linux"
, ...
}@inputs:
let
lib = pkgs.lib;
inputs_w_lib = (inputs // { inherit lib; });
serde = import ./serde.nix inputs_w_lib;
shellAsDrv = { script, pname }: (pkgs.callPackage
(
# just a pattern that we must remember: args to this are children of pkgs.
{ writeShellScriptBin }: writeShellScriptBin pname script
)
{ });
trimNull = lib.filterAttrs (name: value: value != null);
# ssh
flattenPubkey = lib.mapAttrs (_identity: meta_config: lib.attrByPath [ "metadata" "ssh_pubkey" ] null meta_config);
getPubkey = config: (lib.pipe config [ flattenPubkey trimNull ]);
# procedure =
in
{
# short-hand to create a shell derivation
# NOTE: this is pure. This means, env vars from devShells might not
# be accessible unless MAYBE they are `export`ed
inherit shellAsDrv trimNull flattenPubkey getPubkey;
ssh = {
inherit flattenPubkey getPubkey;
};
# Configures hosts as nixosConfiguration
# mkHost = {hostName
# , nixosBareConfiguration
# , finalInputs
# , users ? {}
# , nixosVersion? nixosDefaultVersion
# , system? defaultSystem
# , preset? "base"}: # base | minimal
# let
# hardwareConfig = hostname: import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix";
# in nixpkgs.lib.nixosSystem (nixosBareConfiguration // {
# inherit system;
# modules = [
# {
# system.stateVersion = nixosVersion;
# networking.hostName = hostName;
# users.users = users;
# }
# {
# _module.args = finalInputs;
# }
# import "${proj_root.modules.path}/secrets.nix"
# import "${proj_root.modules.path}/${preset}.sys.nix"
# ] ++ nixosBareConfiguration.modules;
# lib = finalInputs.lib;
# });
inherit serde;
inherit (serde) fromYaml fromYamlPath;
}

View File

@ -1,31 +0,0 @@
# Takes care of serializing and deserializing to some formats
# Blame: Pegasust<pegasucksgg@gmail.com>
# TODO: Add to* formats from pkgs.formats.*
{ pkgs
, lib
, ...
} @ inputs:
let
yamlToJsonDrv = yamlContent: outputPath: pkgs.callPackage
({ runCommand }:
# runCommand source: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/trivial-builders.nix#L33
runCommand outputPath { inherit yamlContent; nativeBuildInputs = [ pkgs.yq ]; }
# run yq which outputs '.' (no filter) on file at yamlPath
# note that $out is passed onto the bash/sh script for execution
''
echo "$yamlContent" | yq >$out
'')
{ };
in
{
# Takes in a yaml string and produces a derivation with translated JSON at $outputPath
# similar to builtins.fromJSON, turns a YAML string to nix attrset
fromYaml = yamlContent: builtins.fromJSON (builtins.readFile (yamlToJsonDrv yamlContent "any_output.json"));
fromYamlPath = yamlPath: builtins.fromJSON (
builtins.readFile (
yamlToJsonDrv
(
builtins.readFile yamlPath)
"any-output.json"));
# TODO: fromToml?
}

View File

@ -1 +0,0 @@
{ lib, ... }: { }