Migrate packages to use callPackage pattern
All checks were successful
CI / build (push) Successful in 2m46s
All checks were successful
CI / build (push) Successful in 2m46s
This commit is contained in:
parent
478b8903e0
commit
15ece3585e
11 changed files with 92 additions and 62 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,5 +1,5 @@
|
|||
/configuration.nix
|
||||
/result*
|
||||
result*
|
||||
/host/*/result*
|
||||
*.qcow2
|
||||
/.direnv
|
||||
|
|
2
.vscode/settings.json
vendored
2
.vscode/settings.json
vendored
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"nix.enableLanguageServer": true,
|
||||
"nix.formatterPath": "nixfmt",
|
||||
"nix.formatterPath": "nix fmt",
|
||||
"nix.serverPath": "nixd",
|
||||
}
|
|
@ -9,12 +9,12 @@
|
|||
name = "qois-infrastructure-shell";
|
||||
buildInputs =
|
||||
let
|
||||
vscode-with-extensions = pkgs.vscode-with-extensions.override {
|
||||
vscodium-with-extensions = pkgs.vscode-with-extensions.override {
|
||||
vscodeExtensions = with pkgs.vscode-extensions; [ jnoortheen.nix-ide ];
|
||||
vscode = pkgs.vscodium;
|
||||
};
|
||||
in
|
||||
[ vscode-with-extensions ]
|
||||
[ vscodium-with-extensions ]
|
||||
++ (with self.packages.${system}; [
|
||||
cache
|
||||
deploy-qois
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
{
|
||||
self,
|
||||
system,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with pkgs.lib;
|
||||
let
|
||||
nixosConfigs = mapAttrsToList (n: v: v.config.system.build.toplevel) self.nixosConfigurations;
|
||||
in
|
||||
pkgs.linkFarmFromDrvs "allHosts" (nixosConfigs ++ [ self.packages.${system}.docs ])
|
16
packages/cache.nix → packages/cache/default.nix
vendored
16
packages/cache.nix → packages/cache/default.nix
vendored
|
@ -1,11 +1,17 @@
|
|||
{ pkgs, ... }:
|
||||
pkgs.writeShellApplication {
|
||||
{
|
||||
attic-client,
|
||||
findutils,
|
||||
gnugrep,
|
||||
writeShellApplication,
|
||||
...
|
||||
}:
|
||||
writeShellApplication {
|
||||
name = "cache";
|
||||
meta.description = "Access the infrastructure's attic cache. Mostly used in CI.";
|
||||
runtimeInputs = [
|
||||
pkgs.attic-client
|
||||
pkgs.findutils
|
||||
pkgs.gnugrep
|
||||
attic-client
|
||||
findutils
|
||||
gnugrep
|
||||
];
|
||||
text = ''
|
||||
SERVER="https://attic.qo.is/"
|
|
@ -1,17 +1,37 @@
|
|||
{ system, ... }@inputs:
|
||||
{
|
||||
self,
|
||||
system,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with pkgs.lib;
|
||||
{
|
||||
${system} =
|
||||
let
|
||||
all = import ./all.nix inputs;
|
||||
in
|
||||
packages = pipe (self.lib.foldersWithNix ./.) [
|
||||
(map (name: {
|
||||
inherit name;
|
||||
path = path.append ./. "./${name}/default.nix";
|
||||
}))
|
||||
(map (
|
||||
{ name, path }:
|
||||
{
|
||||
inherit all;
|
||||
default = all;
|
||||
cache = import ./cache.nix inputs;
|
||||
deploy-qois = import ./deploy-qois.nix inputs;
|
||||
docs = import ./docs.nix inputs;
|
||||
sops = import ./sops.nix inputs;
|
||||
sops-config = import ./sops-config.nix inputs;
|
||||
sops-rekey = import ./sops-rekey.nix inputs;
|
||||
inherit name;
|
||||
value = pkgs.callPackage path {
|
||||
inherit self;
|
||||
inherit system;
|
||||
};
|
||||
}
|
||||
))
|
||||
listToAttrs
|
||||
];
|
||||
in
|
||||
packages
|
||||
// {
|
||||
default =
|
||||
let
|
||||
nixosConfigs = mapAttrsToList (n: v: v.config.system.build.toplevel) self.nixosConfigurations;
|
||||
in
|
||||
pkgs.linkFarmFromDrvs "all" (nixosConfigs ++ (attrValues packages));
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
{
|
||||
pkgs,
|
||||
deploy-rs,
|
||||
self,
|
||||
system,
|
||||
writeShellApplication,
|
||||
...
|
||||
}:
|
||||
pkgs.writeShellApplication {
|
||||
writeShellApplication {
|
||||
name = "deploy-qois";
|
||||
meta.description = "Deploy configuration to specificed targets.";
|
||||
runtimeInputs = [ pkgs.deploy-rs ];
|
||||
runtimeInputs = [ deploy-rs ];
|
||||
text = ''
|
||||
deploy --interactive --targets "''${@:-${self}}"
|
||||
'';
|
|
@ -1,16 +1,24 @@
|
|||
{ pkgs, self, ... }:
|
||||
{
|
||||
mdbook-cmdrun,
|
||||
mdbook-plantuml,
|
||||
mdbook,
|
||||
plantuml,
|
||||
self,
|
||||
stdenv,
|
||||
...
|
||||
}:
|
||||
let
|
||||
version = self.rev or self.dirtyRev;
|
||||
in
|
||||
pkgs.stdenv.mkDerivation {
|
||||
stdenv.mkDerivation {
|
||||
inherit version;
|
||||
name = "qois-docs-${version}";
|
||||
buildInputs = with pkgs; [
|
||||
buildInputs = [
|
||||
mdbook
|
||||
mdbook-cmdrun
|
||||
mdbook-plantuml
|
||||
plantuml
|
||||
];
|
||||
src = ../.;
|
||||
src = self;
|
||||
buildPhase = "mdbook build --dest-dir $out";
|
||||
}
|
|
@ -1,19 +1,24 @@
|
|||
{
|
||||
pkgs,
|
||||
gnugrep,
|
||||
gnupg,
|
||||
lib,
|
||||
runCommand,
|
||||
self,
|
||||
system,
|
||||
ssh-to-age,
|
||||
writeText,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
metaHostConfigs = import ../defaults/meta/hosts.nix { inherit pkgs; };
|
||||
metaHostConfigs = import ../../defaults/meta/hosts.nix { };
|
||||
userPgpKeys =
|
||||
let
|
||||
keysFolder = "${self.inputs.private}/sops_keys";
|
||||
gpgFingerprintsFile =
|
||||
pkgs.runCommand "userPgpKeys"
|
||||
runCommand "userPgpKeys"
|
||||
{
|
||||
src = keysFolder;
|
||||
buildInputs = with pkgs; [
|
||||
buildInputs = [
|
||||
gnupg
|
||||
gnugrep
|
||||
];
|
||||
|
@ -36,13 +41,13 @@ let
|
|||
userAgeKeys = [ ];
|
||||
serverAgeKeys =
|
||||
let
|
||||
getHostsWithSshKeys = pkgs.lib.filterAttrs (name: cfg: cfg ? sshKey);
|
||||
mapHostToAgeKey = builtins.mapAttrs (
|
||||
getHostsWithSshKeys = filterAttrs (name: cfg: cfg ? sshKey);
|
||||
mapHostToAgeKey = mapAttrs (
|
||||
name: cfg:
|
||||
pkgs.lib.readFile (
|
||||
pkgs.runCommand "sshToAgeKey"
|
||||
readFile (
|
||||
runCommand "sshToAgeKey"
|
||||
{
|
||||
buildInputs = [ pkgs.ssh-to-age ];
|
||||
buildInputs = [ ssh-to-age ];
|
||||
}
|
||||
''
|
||||
echo "${cfg.sshKey}" | ssh-to-age -o $out
|
||||
|
@ -51,14 +56,14 @@ let
|
|||
);
|
||||
in
|
||||
mapHostToAgeKey (getHostsWithSshKeys metaHostConfigs.qois.meta.hosts);
|
||||
toCommaList = builtins.concatStringsSep ",";
|
||||
toCommaList = concatStringsSep ",";
|
||||
in
|
||||
pkgs.writeText ".sops.yaml" (
|
||||
writeText ".sops.yaml" (
|
||||
''
|
||||
# This file was generated by nix, see packages/sops-config.nix for details.
|
||||
''
|
||||
+ builtins.toJSON {
|
||||
keys = userPgpKeys ++ userAgeKeys ++ builtins.attrValues serverAgeKeys;
|
||||
+ strings.toJSON {
|
||||
keys = userPgpKeys ++ userAgeKeys ++ attrValues serverAgeKeys;
|
||||
creation_rules =
|
||||
[
|
||||
# Secrets for administrators (a.k.a. passwords)
|
||||
|
@ -78,7 +83,7 @@ pkgs.writeText ".sops.yaml" (
|
|||
++
|
||||
|
||||
# Server specific secrets
|
||||
(pkgs.lib.mapAttrsToList (serverName: serverKey: {
|
||||
(mapAttrsToList (serverName: serverKey: {
|
||||
path_regex = "private/nixos-configurations/${serverName}/secrets\.sops\.(yaml|json|env|ini)$";
|
||||
pgp = toCommaList userPgpKeys;
|
||||
age = toCommaList (userAgeKeys ++ [ serverKey ]);
|
|
@ -1,14 +1,15 @@
|
|||
{
|
||||
pkgs,
|
||||
findutils,
|
||||
self,
|
||||
system,
|
||||
writeShellApplication,
|
||||
...
|
||||
}:
|
||||
pkgs.writeShellApplication {
|
||||
writeShellApplication {
|
||||
name = "sops-rekey";
|
||||
meta.description = "Rekey all sops secrets with changed keys";
|
||||
runtimeInputs = [
|
||||
pkgs.findutils
|
||||
findutils
|
||||
self.packages.${system}.sops
|
||||
];
|
||||
text = ''
|
|
@ -1,13 +1,14 @@
|
|||
{
|
||||
pkgs,
|
||||
self,
|
||||
system,
|
||||
gitMinimal,
|
||||
nix,
|
||||
sops,
|
||||
writeShellApplication,
|
||||
...
|
||||
}:
|
||||
pkgs.writeShellApplication {
|
||||
writeShellApplication {
|
||||
name = "sops";
|
||||
meta.description = "Run SOPS with the generated configuration";
|
||||
runtimeInputs = with pkgs; [
|
||||
runtimeInputs = [
|
||||
sops
|
||||
gitMinimal
|
||||
nix
|
Loading…
Reference in a new issue