just bare minimum for convenience of sops and access to credentials.yml

2023-02-22 13:18:44 -07:00 · 2023-02-22 13:18:44 -07:00 · bdd7ea92d1
parent ac131e1389
commit bdd7ea92d1
5 changed files with 24 additions and 169 deletions
--- a/dev-shell.nix
+++ b/dev-shell.nix
@ -12,13 +12,14 @@
  # buildInputs, or packages
  buildInputs = [
    # shell scripts
-    (lib.shellAsDrv { script = ''echo "hello world"''; pname = "hello"; })
-    # TODO: decompose hm-switch.sh with a base version (where HOME_MANAGER_BIN is injected)
-    # (lib.shellAsDrv {script = builtins.readFile ./scripts/hm-switch.sh; pname = "hm-switch";})
    pkgs.rust4cargo
    pkgs.sops
  ];

+  shellHook = ''
+  # Since we need late dispatch of ~, we have to put this in shellHook.
+  export SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt
+  '';
  # env vars
  lol = "hello world";
 }
--- a/flake.nix
+++ b/flake.nix
@ -61,46 +61,9 @@
      # nixosConfigurations.${profile}, devShells.${profile}, packages.${profile}
      # and correctly produce 
      supported_systems = flake-utils.lib.defaultSystems;
-      cross_platform = config_fn: let 
-        # nixosConfigurations.${profile} -> nixosConfigurations.${system}.${profile}
-        # pass in: path.to.exports.nixosConfigurations
-        # get out: nixosConfigurations.${system} = {...}
-        strat_sandwich = field_name: config_field: system: {
-          "${field_name}"."${system}" = config_field;
-        };
-        # homeConfigurations.${profile} -> packages.${system}.homeConfigurations.${profile}
-        # pass in: path.to.exports.homeConfigurations
-        # get: packages.${system}.homeConfigurations
-        strat_wrap_packages = field_name: config_field: system: {
-          packages."${system}"."${field_name}" = config_field;
-        };
-        strat_noop = field_name: config_field: system: {"${field_name}" = config_field;};
-        strategyMap = {
-          nixosConfigurations = strat_sandwich;
-          templates =           strat_noop;
-          devShells =           strat_sandwich;
-          devShell =            strat_sandwich;
-          formatter =           strat_sandwich;
-          homeConfigurations =  strat_wrap_packages;
-          lib =                 strat_noop;
-          proj_root =           strat_noop;
-          unit_tests =          strat_noop;
-          secrets =             strat_noop;
-          debug =               strat_noop;
-        };
-        # takes in {homeConfigurations = ...; nixosConfigurations = ...}
-        # -> {packages.$system.homeConfigurations}
-        mapConfig = config: system: (builtins.foldl' 
-          (acc: confName: (strategyMap."${confName}" confName config."${confName}" system))
-          {} (builtins.attrNames config));
-      in builtins.foldl' nixlib.lib.recursiveUpdate {} (
-        builtins.map (system: (mapConfig (config_fn system) system)) supported_systems
-      );
-    in cross_platform (system:
+      forEachSystem = nixpkgs.lib.genAttrs supported_systems;
+    in
    let
-      # Context/global stuffs to be passed down
-      # NOTE: this will only read files that are within git tree
-      # all secrets should go into secrets.nix and secrets/*.age
      proj_root =
        let
          path = builtins.toString ./.;
@ -115,26 +78,24 @@
          hosts.path = "${path}/hosts";
          users.path = "${path}/users";
        };
-      overlays = import ./overlays.nix (_inputs // {inherit system;});
-      pkgs = import nixpkgs {
-        inherit system overlays;
+      overlays = forEachSystem (system: import ./overlays.nix (_inputs // { inherit system; }));
+      pkgs = forEachSystem (system: (import nixpkgs {
+        inherit system;
+        overlays = overlays.${system};
        config = {
          allowUnfree = true;
        };
-      };
-      # now, this lib is extremely powerful as it also engulfs nixpkgs.lib
-      # lib = nixpkgs.lib // pkgs.lib;
+      }));
      lib = (builtins.foldl' (lhs: rhs: (nixpkgs.lib.recursiveUpdate lhs rhs)) { } [
        nixpkgs.lib
-        pkgs.lib
-        (import ./lib {
-          inherit proj_root pkgs overlays system;
-          inherit (pkgs) lib;
-        })
+        nixlib.lib
      ]);
-      inputs_w_lib = (pkgs.lib.recursiveUpdate _inputs {
-        inherit system proj_root pkgs lib;
-      });
+      inputs_w_lib = forEachSystem (
+        system: lib.recursiveUpdate _inputs {
+          inherit system lib;
+          pkgs = pkgs.${system};
+        }
+      );

      modules = (import ./modules inputs_w_lib);
      hosts = (import ./hosts inputs_w_lib);
@ -143,28 +104,15 @@
      # {nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat
      # ,pkgs, lib (extended), proj_root}
      final_inputs = inputs_w_lib;
-
-      # Tests: unit + integration
-      unit_tests = (import ./lib/test.nix final_inputs) //
-        {
-          test_example = {
-            expr = "names must start with 'test'";
-            expected = "or won't show up";
-          };
-          not_show = {
-            expr = "this will be ignored by lib.runTests";
-            expected = "for sure";
-          };
-        };
-      secrets = import ./secrets final_inputs;
-
    in
    {
      inherit (hosts) nixosConfigurations;
      inherit (users) homeConfigurations;
      inherit lib proj_root;
-      devShells = import ./dev-shell.nix final_inputs;
-      templates = import ./templates final_inputs;
+      devShells = forEachSystem (system:
+        {default = (import ./dev-shell.nix final_inputs.${system});}
+      );
+      templates = forEachSystem (system: import ./templates final_inputs.${system});
      secrets = {
        pubKeys = {
          hosts = hosts.pubKeys;
@ -172,10 +120,9 @@
        };
      };

-      # unit_tests = lib.runTests unit_tests;
      debug = {
-        inherit final_inputs hosts users modules lib inputs_w_lib unit_tests pkgs nixpkgs nixlib;
+        inherit final_inputs hosts users modules lib inputs_w_lib pkgs nixpkgs nixlib;
      };
      # formatter."${system}" = pkgs.nixpkgs-fmt;
-    });
+    };
 }
--- a/lib/default.nix
+++ b/lib/default.nix
@ -1,61 +0,0 @@
-{ pkgs
-  # ,nixpkgs
-, proj_root
-  # ,agenix
-, nixosDefaultVersion ? "22.05"
-, defaultSystem ? "x86_64-linux"
-, ...
-}@inputs:
-let
-  lib = pkgs.lib;
-  inputs_w_lib = (inputs // { inherit lib; });
-  serde = import ./serde.nix inputs_w_lib;
-  shellAsDrv = { script, pname }: (pkgs.callPackage
-    (
-      # just a pattern that we must remember: args to this are children of pkgs.
-      { writeShellScriptBin }: writeShellScriptBin pname script
-    )
-    { });
-  trimNull = lib.filterAttrs (name: value: value != null);
-  # ssh
-  flattenPubkey = lib.mapAttrs (_identity: meta_config: lib.attrByPath [ "metadata" "ssh_pubkey" ] null meta_config);
-  getPubkey = config: (lib.pipe config [ flattenPubkey trimNull ]);
-  # procedure = 
-in
-{
-  # short-hand to create a shell derivation
-  # NOTE: this is pure. This means, env vars from devShells might not
-  # be accessible unless MAYBE they are `export`ed
-  inherit shellAsDrv trimNull flattenPubkey getPubkey;
-  ssh = {
-    inherit flattenPubkey getPubkey;
-  };
-  # Configures hosts as nixosConfiguration
-  # mkHost = {hostName
-  # , nixosBareConfiguration
-  # , finalInputs
-  # , users ? {}
-  # , nixosVersion? nixosDefaultVersion
-  # , system? defaultSystem
-  # , preset? "base"}:  # base | minimal 
-  # let 
-  #   hardwareConfig = hostname: import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix";
-  # in nixpkgs.lib.nixosSystem (nixosBareConfiguration // {
-  #   inherit system;
-  #   modules = [
-  #     {
-  #       system.stateVersion = nixosVersion;
-  #       networking.hostName = hostName;
-  #       users.users = users;
-  #     }
-  #     {
-  #       _module.args = finalInputs;
-  #     }
-  #     import "${proj_root.modules.path}/secrets.nix"
-  #     import "${proj_root.modules.path}/${preset}.sys.nix"
-  #   ] ++ nixosBareConfiguration.modules;
-  #   lib = finalInputs.lib;
-  # });
-  inherit serde;
-  inherit (serde) fromYaml fromYamlPath;
-}
--- a/lib/serde.nix
+++ b/lib/serde.nix
@ -1,31 +0,0 @@
-# Takes care of serializing and deserializing to some formats
-# Blame: Pegasust<pegasucksgg@gmail.com>
-# TODO: Add to* formats from pkgs.formats.*
-{ pkgs
-, lib
-, ...
-} @ inputs:
-let
-  yamlToJsonDrv = yamlContent: outputPath: pkgs.callPackage
-    ({ runCommand }:
-      # runCommand source: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/trivial-builders.nix#L33
-      runCommand outputPath { inherit yamlContent; nativeBuildInputs = [ pkgs.yq ]; }
-        # run yq which outputs '.' (no filter) on file at yamlPath
-        # note that $out is passed onto the bash/sh script for execution
-        ''
-          echo "$yamlContent" | yq >$out
-        '')
-    { };
-in
-{
-  # Takes in a yaml string and produces a derivation with translated JSON at $outputPath
-  # similar to builtins.fromJSON, turns a YAML string to nix attrset
-  fromYaml = yamlContent: builtins.fromJSON (builtins.readFile (yamlToJsonDrv yamlContent "any_output.json"));
-  fromYamlPath = yamlPath: builtins.fromJSON (
-    builtins.readFile (
-      yamlToJsonDrv
-        (
-          builtins.readFile yamlPath)
-        "any-output.json"));
-  # TODO: fromToml?
-}
--- a/lib/test.nix
+++ b/lib/test.nix
@ -1 +0,0 @@
-{ lib, ... }: { }