diff --git a/ci/alejandra.sh b/ci/alejandra.sh new file mode 100644 index 00000000..421309d9 --- /dev/null +++ b/ci/alejandra.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu + +for blacklist_dir in "${NF_NIX_BLACKLIST_DIRS[@]}"; do + set -- --exclude "$blacklist_dir" "$@" +done + +exec alejandra "$@" diff --git a/ci/build.sh b/ci/build.sh new file mode 100644 index 00000000..8baa3898 --- /dev/null +++ b/ci/build.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +ARG_NODE=$1 +shift + +exec nix build --no-link --print-out-paths \ + "${NF_CONFIG_ROOT}#nixosConfigurations.$ARG_NODE.config.system.build.toplevel" \ + --show-trace "$@" diff --git a/ci/deadnix.sh b/ci/deadnix.sh new file mode 100644 index 00000000..aacb45f3 --- /dev/null +++ b/ci/deadnix.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +set -eu + +NF_NIX_BLACKLIST_FILES=( + $(find "${NF_NIX_BLACKLIST_DIRS[@]}" -type f) +) + +exec deadnix "$@" \ + --no-lambda-arg \ + --exclude "${NF_NIX_BLACKLIST_FILES[@]}" diff --git a/ci/deploy.sh b/ci/deploy.sh deleted file mode 100755 index cdda3558..00000000 --- a/ci/deploy.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/env bash -set -eu - -NF_CONFIG_ROOT=${NF_CONFIG_ROOT-.} - -NF_HOST=${NF_HOST-tewi} -NIXOS_TOPLEVEL=nixosConfigurations.$NF_HOST.config.system.build.toplevel -NF_ADDR=${NF_ADDR-${NF_HOST}.local} - -if [[ $NF_ADDR = tewi.local ]]; then - # work around homekit namespace clash - NF_ADDR=tewi.local.gensokyo.zone -fi - -if [[ $# -eq 0 ]]; then - set -- "" -fi - -if [[ $1 = tarball ]]; then - shift - set -- build "$@" - NIXOS_TOPLEVEL=nixosConfigurations.$NF_HOST.config.system.build.tarball -fi - -if [[ $1 = build ]]; then - shift - exec nix build --no-link --print-out-paths \ - $NF_CONFIG_ROOT\#$NIXOS_TOPLEVEL \ - "$@" -elif [[ $1 = switch ]] || [[ $1 = boot ]] || [[ $1 = test ]] || [[ $1 = dry-* ]]; then - METHOD=$1 - shift - exec nixos-rebuild $METHOD \ - --flake $NF_CONFIG_ROOT\#$NF_HOST \ - --no-build-nix \ - --target-host $NF_ADDR --use-remote-sudo \ - "$@" -elif [[ $1 = check ]]; then - EXIT_CODE=0 - DEFAULT=$(nix eval --raw -f $NF_CONFIG_ROOT $NIXOS_TOPLEVEL) - FLAKE=$(nix eval --raw $NF_CONFIG_ROOT\#$NIXOS_TOPLEVEL) - if [[ $DEFAULT != $FLAKE ]]; then - echo default.nix: $DEFAULT - echo flake.nix: $FLAKE - EXIT_CODE=1 - else - echo untrusted ok: $FLAKE - fi - exit $EXIT_CODE -elif [[ $1 = ssh ]]; then - shift - exec ssh $NIX_SSHOPTS $NF_ADDR "$@" -elif [[ $1 = sops-keyscan ]]; then - shift - ssh-keyscan $NIX_SSHOPTS $NF_ADDR | nix run nixpkgs#ssh-to-age -else - echo unknown cmd $1 >&2 - exit 1 -fi diff --git a/ci/fmt-nix.sh b/ci/fmt-nix.sh new file mode 100644 index 00000000..2beeb9fa --- /dev/null +++ b/ci/fmt-nix.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +set -eu + +exec nf-alejandra "${NF_NIX_WHITELIST_FILES[@]}" "$@" diff --git a/ci/fmt-tf.sh b/ci/fmt-tf.sh new file mode 100644 index 00000000..43928304 --- /dev/null +++ b/ci/fmt-tf.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +set -eu + +exec terraform fmt -recursive "$@" diff --git a/ci/generate.sh b/ci/generate.sh new file mode 100644 index 00000000..d375adb5 --- /dev/null +++ b/ci/generate.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +set -eu + +for node in reisen; do + nix eval --json "${NF_CONFIG_ROOT}#lib.generate.$node.users" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/users.json" +done diff --git a/ci/hostname.sh b/ci/hostname.sh new file mode 100644 index 00000000..b3303ab9 --- /dev/null +++ b/ci/hostname.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash +set -eu + +DEPLOY_USER= +if [[ $# -gt 1 ]]; then + ARG_NODE=$1 + ARG_HOSTNAME=$2 + shift 2 +else + ARG_HOSTNAME=$1 + shift + ARG_NODE=${ARG_HOSTNAME%%.*} + if [[ $ARG_HOSTNAME = $ARG_NODE ]]; then + if DEPLOY_HOSTNAME=$(nix eval --raw "${NF_CONFIG_ROOT}#deploy.nodes.$ARG_HOSTNAME.hostname" 2>/dev/null); then + DEPLOY_USER=$(nix eval --raw "${NF_CONFIG_ROOT}#deploy.nodes.$ARG_HOSTNAME.sshUser" 2>/dev/null || true) + ARG_HOSTNAME=$DEPLOY_HOSTNAME + if ! ping -w2 -c1 "$DEPLOY_HOSTNAME" >/dev/null 2>&1; then + ARG_HOSTNAME="$ARG_NODE.local" + fi + else + ARG_HOSTNAME="$ARG_NODE.local" + fi + fi +fi + +if ! ping -w2 -c1 "$ARG_HOSTNAME" >/dev/null 2>&1; then + LOCAL_HOSTNAME=$ARG_NODE.local.gensokyo.zone + TAIL_HOSTNAME=$ARG_NODE.tail.gensokyo.zone + GLOBAL_HOSTNAME=$ARG_NODE.gensokyo.zone + if ping -w2 -c1 "$LOCAL_HOSTNAME" >/dev/null 2>&1; then + ARG_HOSTNAME=$LOCAL_HOSTNAME + elif ping -w2 -c1 "$TAIL_HOSTNAME" >/dev/null 2>&1; then + ARG_HOSTNAME=$TAIL_HOSTNAME + elif ping -w2 -c1 "$GLOBAL_HOSTNAME" >/dev/null 2>&1; then + ARG_HOSTNAME=$GLOBAL_HOSTNAME + fi +fi + +echo "${DEPLOY_USER-}${DEPLOY_USER+@}$ARG_HOSTNAME" diff --git a/ci/lint-nix.sh b/ci/lint-nix.sh new file mode 100644 index 00000000..37ef97ba --- /dev/null +++ b/ci/lint-nix.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +set -eu + +nf-statix check "$@" && + nf-deadnix -f "$@" diff --git a/ci/lint-tf.sh b/ci/lint-tf.sh new file mode 100644 index 00000000..708466e0 --- /dev/null +++ b/ci/lint-tf.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +set -eu + +exec tflint "$@" diff --git a/ci/setup.sh b/ci/setup.sh new file mode 100644 index 00000000..ba6d9de7 --- /dev/null +++ b/ci/setup.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -eu +SETUP_HOSTNAME=''${1-reisen} + +exec ssh root@$SETUP_HOSTNAME env \ + "${NF_SETUP_INPUTS[@]}" \ + "bash -c \"eval \\\"\\\$(base64 -d <<<\\\$INPUT_INFRA_SETUP)\\\"\"" diff --git a/ci/sops-keyscan.sh b/ci/sops-keyscan.sh new file mode 100644 index 00000000..ad307ace --- /dev/null +++ b/ci/sops-keyscan.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -eu +ARG_NODE=$1 +shift +ARG_HOSTNAME=$(nf-hostname "$ARG_NODE") + +ssh-keyscan ''${NIX_SSHOPTS--p62954} "''${ARG_HOSTNAME#*@}" "$@" | ssh-to-age diff --git a/ci/ssh.sh b/ci/ssh.sh new file mode 100644 index 00000000..cea0bf25 --- /dev/null +++ b/ci/ssh.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +ARG_NODE=$1 +shift +ARG_HOSTNAME=$(nf-hostname "$ARG_NODE") +NIX_SSHOPTS=$(nf-sshopts "$ARG_NODE") + +exec ssh $NIX_SSHOPTS "$ARG_HOSTNAME" "$@" diff --git a/ci/sshopts.sh b/ci/sshopts.sh new file mode 100644 index 00000000..7cf46c90 --- /dev/null +++ b/ci/sshopts.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash +set -eu +ARG_HOSTNAME=$1 +ARG_NODE=${ARG_HOSTNAME%%.*} + +if DEPLOY_SSHOPTS=$(nix eval --json "${NF_CONFIG_ROOT}#deploy.nodes.$ARG_HOSTNAME.sshOpts" 2>/dev/null); then + SSHOPTS=($(jq -r '.[]' <<<"$DEPLOY_SSHOPTS")) + echo "${SSHOPTS[*]}" +elif [[ $ARG_NODE = reisen ]]; then + SSHOPTS=() +else + SSHOPTS=(${NIX_SSHOPTS--p62954}) +fi + +if [[ $ARG_NODE = ct || $ARG_NODE = reisen-ct ]]; then + SSHOPTS+=(-oUpdateHostKeys=no -oStrictHostKeyChecking=off) +else + SSHOPTS+=(-oHostKeyAlias=$ARG_NODE.gensokyo.zone) +fi + +echo "${SSHOPTS[*]}" diff --git a/ci/statix.sh b/ci/statix.sh new file mode 100644 index 00000000..b9edaa0a --- /dev/null +++ b/ci/statix.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +set -eu +if [[ $# -eq 0 ]]; then + set -- check +fi + +if [[ ${1-} = check ]]; then + shift + set -- check --config "$NF_CONFIG_ROOT/ci/statix.toml" "$@" +fi + +exec statix "$@" diff --git a/ci/switch.sh b/ci/switch.sh new file mode 100644 index 00000000..2a07c8de --- /dev/null +++ b/ci/switch.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash +set -eu +ARG_NODE=$1 +shift +ARG_HOSTNAME=$(nf-hostname "$ARG_NODE") +NIX_SSHOPTS=$(nf-sshopts "$ARG_NODE") + +if [[ $# -gt 0 ]]; then + ARG_METHOD=$1 + shift +else + ARG_METHOD=switch +fi + +if [[ $ARG_HOSTNAME != root@ ]]; then + set -- --use-remote-sudo "$@" +fi + +exec nixos-rebuild "$ARG_METHOD" \ + --flake "${NF_CONFIG_ROOT}#${ARG_NODE}" \ + --no-build-nix \ + --target-host "$ARG_HOSTNAME" \ + "$@" diff --git a/ci/tarball.sh b/ci/tarball.sh new file mode 100644 index 00000000..5eeab8d8 --- /dev/null +++ b/ci/tarball.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash +set -eu +if [[ $# -gt 0 ]]; then + ARG_NODE=$1 + shift +else + ARG_NODE=ct +fi + +ARG_CONFIG_PATH=nixosConfigurations.$ARG_NODE.config +RESULT=$(nix build --no-link --print-out-paths \ + "${NF_CONFIG_ROOT}#$ARG_CONFIG_PATH.system.build.tarball" \ + --show-trace "$@") + +if [[ $ARG_NODE = ct ]]; then + DATESTAMP=$(nix eval --raw "${NF_CONFIG_ROOT}#lib.inputs.nixpkgs.sourceInfo.lastModifiedDate") + DATENAME=${DATESTAMP:0:4}${DATESTAMP:4:2}${DATESTAMP:6:2} + SYSARCH=$(nix eval --raw "${NF_CONFIG_ROOT}#$ARG_CONFIG_PATH.nixpkgs.system") + TAREXT=$(nix eval --raw "${NF_CONFIG_ROOT}#$ARG_CONFIG_PATH.system.build.tarball.extension") + TARNAME=nixos-system-$SYSARCH.tar$TAREXT + OUTNAME="ct-$DATENAME-$TARNAME" + ln -sf "$RESULT/tarball/$TARNAME" "$OUTNAME" + echo $OUTNAME + ls -l $OUTNAME +else + echo $RESULT +fi diff --git a/devShells.nix b/devShells.nix index c3d2c1b3..52eab5b4 100644 --- a/devShells.nix +++ b/devShells.nix @@ -49,16 +49,20 @@ nf-update nf-tf (mkWrapper {name = "nf-generate";}) - (mkWrapper {name = "nf-deploy";}) (mkWrapper {name = "nf-setup-node";}) (mkWrapper {name = "nf-sops-keyscan";}) (mkWrapper {name = "nf-ssh";}) (mkWrapper {name = "nf-build";}) (mkWrapper {name = "nf-tarball";}) + (mkWrapper {name = "nf-switch";}) (mkWrapper { name = "nf-lint-tf"; subdir = "/tf"; }) + (mkWrapper { + name = "nf-fmt-tf"; + subdir = "/tf"; + }) (mkWrapper { name = "nf-lint-nix"; subdir = ""; diff --git a/packages/default.nix b/packages/default.nix index 58bfb724..ca1af2d6 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -3,11 +3,21 @@ inputs, }: let lib = inputs.self.lib.nixlib; - inherit (lib.meta) getExe; - inherit (inputs.std.lib) string list; + inherit (lib.strings) makeBinPath; + inherit (inputs.std.lib) string list set; packages = inputs.self.packages.${system}; inherit (inputs.self.legacyPackages.${system}) pkgs; fmt = import ../ci/fmt.nix; + exports = '' + export NF_CONFIG_ROOT=''${NF_CONFIG_ROOT-${toString ../.}} + ''; + exportsSsh = '' + export PATH="${makeBinPath [ packages.nf-hostname packages.nf-sshopts ]}:$PATH" + ''; + exportsFmtNix = '' + NF_NIX_BLACKLIST_DIRS=(${string.concatMapSep " " string.escapeShellArg fmt.nix.blacklistDirs}) + NF_NIX_WHITELIST_FILES=(${string.concatMapSep " " string.escapeShellArg fmt.nix.whitelist}) + ''; output = { inherit (pkgs.buildPackages) terraform tflint @@ -16,179 +26,112 @@ ; inherit (inputs.deploy-rs.packages.${system}) deploy-rs; nf-deploy = pkgs.writeShellScriptBin "nf-deploy" '' + ${exports} + ${exportsSsh} exec ${pkgs.runtimeShell} ${../ci/deploy.sh} "$@" ''; nf-setup-node = let reisen = ../systems/reisen; - inherit (inputs.self.nixosConfigurations.hakurei.config.users.users) arc kat; - authorizedKeys = string.intercalate "\n" (arc.openssh.authorizedKeys.keys ++ kat.openssh.authorizedKeys.keys); + inherit (inputs.self.lib.lib) userIs; + inherit (inputs.self.nixosConfigurations.hakurei.config) users; + authorizedKeys = list.concatMap (user: user.openssh.authorizedKeys.keys) ( + list.filter (userIs "wheel") users.users + ); + inputs = { + INPUT_ROOT_SSH_AUTHORIZEDKEYS = pkgs.writeTextFile "root.authorized_keys" ( + string.intercalate "\n" authorizedKeys + ); + INPUT_TF_SSH_AUTHORIZEDKEYS = reisen + "/tf.authorized_keys"; + INPUT_SUBUID = reisen + "/subuid"; + INPUT_SUBGID = reisen + "/subgid"; + INPUT_INFRA_SETUP = reisen + "/setup.sh"; + INPUT_INFRA_PUTFILE64 = reisen + "/bin/putfile64.sh"; + INPUT_INFRA_PVE = reisen + "/bin/pve.sh"; + INPUT_INFRA_MKPAM = reisen + "/bin/mkpam.sh"; + INPUT_INFRA_CT_CONFIG = reisen + "/bin/ct-config.sh"; + }; + inputVars = set.mapToValues (key: path: ''${key}="$(base64 -w0 < ${path})"'') inputs; in pkgs.writeShellScriptBin "nf-setup-node" '' - set -eu - SETUP_HOSTNAME=''${1-reisen} - export INPUT_ROOT_SSH_AUTHORIZEDKEYS=${string.escapeShellArg authorizedKeys} - exec ssh root@$SETUP_HOSTNAME env \ - INPUT_ROOT_SSH_AUTHORIZEDKEYS="$(base64 -w0 <<<"$INPUT_ROOT_SSH_AUTHORIZEDKEYS")" \ - INPUT_TF_SSH_AUTHORIZEDKEYS="$(base64 -w0 < ${reisen + "/tf.authorized_keys"})" \ - INPUT_SUBUID="$(base64 -w0 < ${reisen + "/subuid"})" \ - INPUT_SUBGID="$(base64 -w0 < ${reisen + "/subgid"})" \ - INPUT_INFRA_SETUP="$(base64 -w0 < ${reisen + "/setup.sh"})" \ - INPUT_INFRA_PUTFILE64="$(base64 -w0 < ${reisen + "/bin/putfile64.sh"})" \ - INPUT_INFRA_PVE="$(base64 -w0 < ${reisen + "/bin/pve.sh"})" \ - INPUT_INFRA_MKPAM="$(base64 -w0 < ${reisen + "/bin/mkpam.sh"})" \ - INPUT_INFRA_CT_CONFIG="$(base64 -w0 < ${reisen + "/bin/ct-config.sh"})" \ - "bash -c \"eval \\\"\\\$(base64 -d <<<\\\$INPUT_INFRA_SETUP)\\\"\"" + ${exports} + NF_SETUP_INPUTS=( + ${string.intercalate "\n" inputVars} + ) + source ${../ci/setup.sh} ''; nf-hostname = pkgs.writeShellScriptBin "nf-hostname" '' - set -eu - DEPLOY_USER= - if [[ $# -gt 1 ]]; then - ARG_NODE=$1 - ARG_HOSTNAME=$2 - shift 2 - else - ARG_HOSTNAME=$1 - shift - ARG_NODE=''${ARG_HOSTNAME%%.*} - if [[ $ARG_HOSTNAME = $ARG_NODE ]]; then - if DEPLOY_HOSTNAME=$(nix eval --raw "''${NF_CONFIG_ROOT-${toString ../.}}"#"deploy.nodes.$ARG_HOSTNAME.hostname" 2>/dev/null); then - DEPLOY_USER=$(nix eval --raw "''${NF_CONFIG_ROOT-${toString ../.}}"#"deploy.nodes.$ARG_HOSTNAME.sshUser" 2>/dev/null || true) - ARG_HOSTNAME=$DEPLOY_HOSTNAME - if ! ping -w2 -c1 "$DEPLOY_HOSTNAME" >/dev/null 2>&1; then - ARG_HOSTNAME="$ARG_NODE.local" - fi - else - ARG_HOSTNAME="$ARG_NODE.local" - fi - fi - fi - if ! ping -w2 -c1 "$ARG_HOSTNAME" >/dev/null 2>&1; then - LOCAL_HOSTNAME=$ARG_NODE.local.gensokyo.zone - TAIL_HOSTNAME=$ARG_NODE.tail.gensokyo.zone - GLOBAL_HOSTNAME=$ARG_NODE.gensokyo.zone - if ping -w2 -c1 "$LOCAL_HOSTNAME" >/dev/null 2>&1; then - ARG_HOSTNAME=$LOCAL_HOSTNAME - elif ping -w2 -c1 "$TAIL_HOSTNAME" >/dev/null 2>&1; then - ARG_HOSTNAME=$TAIL_HOSTNAME - elif ping -w2 -c1 "$GLOBAL_HOSTNAME" >/dev/null 2>&1; then - ARG_HOSTNAME=$GLOBAL_HOSTNAME - fi - fi - echo "''${DEPLOY_USER-}''${DEPLOY_USER+@}$ARG_HOSTNAME" + ${exports} + source ${../ci/hostname.sh} ''; nf-sshopts = pkgs.writeShellScriptBin "nf-sshopts" '' - set -eu - ARG_HOSTNAME=$1 - ARG_NODE=''${ARG_HOSTNAME%%.*} - if DEPLOY_SSHOPTS=$(nix eval --json "''${NF_CONFIG_ROOT-${toString ../.}}"#"deploy.nodes.$ARG_HOSTNAME.sshOpts" 2>/dev/null); then - SSHOPTS=($(${getExe packages.jq} -r '.[]' <<<"$DEPLOY_SSHOPTS")) - echo "''${SSHOPTS[*]}" - elif [[ $ARG_NODE = reisen ]]; then - SSHOPTS=() - else - SSHOPTS=(''${NIX_SSHOPTS--p62954}) - fi - if [[ $ARG_NODE = ct || $ARG_NODE = reisen-ct ]]; then - SSHOPTS+=(-oUpdateHostKeys=no -oStrictHostKeyChecking=off) - else - SSHOPTS+=(-oHostKeyAlias=$ARG_NODE.gensokyo.zone) - fi - echo "''${SSHOPTS[*]}" + ${exports} + export PATH="$PATH:${makeBinPath [ pkgs.jq ]}" + source ${../ci/sshopts.sh} ''; nf-sops-keyscan = pkgs.writeShellScriptBin "nf-sops-keyscan" '' - set -eu - ARG_NODE=$1 - shift - ARG_HOSTNAME=$(${getExe packages.nf-hostname} "$ARG_NODE") - ssh-keyscan ''${NIX_SSHOPTS--p62954} "''${ARG_HOSTNAME#*@}" "$@" | ${getExe packages.ssh-to-age} + ${exports} + ${exportsSsh} + export PATH="$PATH:${makeBinPath [ pkgs.ssh-to-age ]}" + source ${../ci/sops-keyscan.sh} ''; nf-ssh = pkgs.writeShellScriptBin "nf-ssh" '' - set -eu - ARG_NODE=$1 - ARG_HOSTNAME=$(${getExe packages.nf-hostname} "$ARG_NODE") - NIX_SSHOPTS=$(${getExe packages.nf-sshopts} "$ARG_NODE") - exec ssh $NIX_SSHOPTS "$ARG_HOSTNAME" + ${exports} + ${exportsSsh} + source ${../ci/ssh.sh} ''; nf-build = pkgs.writeShellScriptBin "nf-build" '' - set -eu - ARG_NODE=$1 - shift - exec nix build --no-link --print-out-paths \ - "''${NF_CONFIG_ROOT-${toString ../.}}#nixosConfigurations.$ARG_NODE.config.system.build.toplevel" \ - --show-trace "$@" + ${exports} + source ${../ci/build.sh} ''; nf-tarball = pkgs.writeShellScriptBin "nf-tarball" '' - set -eu - if [[ $# -gt 0 ]]; then - ARG_NODE=$1 - shift - else - ARG_NODE=ct - fi - ARG_CONFIG_PATH=nixosConfigurations.$ARG_NODE.config - RESULT=$(nix build --no-link --print-out-paths \ - "''${NF_CONFIG_ROOT-${toString ../.}}#$ARG_CONFIG_PATH.system.build.tarball" \ - --show-trace "$@") - if [[ $ARG_NODE = ct ]]; then - DATESTAMP=$(nix eval --raw "''${NF_CONFIG_ROOT-${toString ../.}}#lib.inputs.nixpkgs.sourceInfo.lastModifiedDate") - DATENAME=''${DATESTAMP:0:4}''${DATESTAMP:4:2}''${DATESTAMP:6:2} - SYSARCH=$(nix eval --raw "''${NF_CONFIG_ROOT-${toString ../.}}#$ARG_CONFIG_PATH.nixpkgs.system") - TAREXT=$(nix eval --raw "''${NF_CONFIG_ROOT-${toString ../.}}#$ARG_CONFIG_PATH.system.build.tarball.extension") - TARNAME=nixos-system-$SYSARCH.tar$TAREXT - OUTNAME="ct-$DATENAME-$TARNAME" - ln -sf "$RESULT/tarball/$TARNAME" "$OUTNAME" - echo $OUTNAME - ls -l $OUTNAME - fi + ${exports} + source ${../ci/tarball.sh} + ''; + nf-switch = pkgs.writeShellScriptBin "nf-switch" '' + ${exports} + ${exportsSsh} + source ${../ci/switch.sh} ''; nf-generate = pkgs.writeShellScriptBin "nf-generate" '' - set -eu - - for node in reisen; do - nix eval --json "''${NF_CONFIG_ROOT-${toString ../.}}"#"lib.generate.$node.users" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/users.json" - done + ${exports} + export PATH="$PATH:${makeBinPath [ pkgs.jq ]}" + source ${../ci/generate.sh} ''; nf-statix = pkgs.writeShellScriptBin "nf-statix" '' - set -eu - if [[ $# -eq 0 ]]; then - set -- check - fi - - if [[ ''${1-} = check ]]; then - shift - set -- check --config ${../ci/statix.toml} "$@" - fi - - exec ${getExe packages.statix} "$@" + ${exports} + export PATH="${makeBinPath [ packages.statix ]}:$PATH" + source ${../ci/statix.sh} ''; - nf-deadnix = let - inherit (fmt.nix) blacklistDirs; - excludes = "${getExe pkgs.buildPackages.findutils} ${string.intercalate " " blacklistDirs} -type f"; - in pkgs.writeShellScriptBin "nf-deadnix" '' - exec ${getExe packages.deadnix} "$@" \ - --no-lambda-arg \ - --exclude $(${excludes}) + nf-deadnix = pkgs.writeShellScriptBin "nf-deadnix" '' + ${exports} + ${exportsFmtNix} + export PATH="${makeBinPath [ packages.deadnix pkgs.findutils ]}:$PATH" + source ${../ci/deadnix.sh} ''; - nf-alejandra = let - inherit (fmt.nix) blacklistDirs; - excludes = string.intercalate " " (list.map (dir: "--exclude ${dir}") blacklistDirs); - in pkgs.writeShellScriptBin "nf-alejandra" '' - exec ${getExe packages.alejandra} \ - ${excludes} \ - "$@" + nf-alejandra = pkgs.writeShellScriptBin "nf-alejandra" '' + ${exports} + ${exportsFmtNix} + source ${../ci/alejandra.sh} ''; nf-lint-tf = pkgs.writeShellScriptBin "nf-lint-tf" '' - ${getExe packages.terraform} fmt "$@" && - ${packages.tflint}/bin/tflint + ${exports} + export PATH="$PATH:${makeBinPath [ packages.tflint ]}" + source ${../ci/lint-tf.sh} ''; nf-lint-nix = pkgs.writeShellScriptBin "nf-lint-nix" '' - ${getExe packages.nf-statix} check "$@" && - ${getExe packages.nf-deadnix} -f "$@" + ${exports} + export PATH="${makeBinPath [ packages.nf-statix packages.nf-deadnix ]}:$PATH" + source ${../ci/lint-nix.sh} ''; - nf-fmt-nix = let - inherit (fmt.nix) whitelist; - includes = string.intercalate " " whitelist; - in pkgs.writeShellScriptBin "nf-fmt-nix" '' - exec ${getExe packages.nf-alejandra} ${includes} "$@" + nf-fmt-tf = pkgs.writeShellScriptBin "nf-fmt-tf" '' + ${exports} + export PATH="${makeBinPath [ packages.terraform ]}:$PATH" + source ${../ci/fmt-tf.sh} + ''; + nf-fmt-nix = pkgs.writeShellScriptBin "nf-fmt-nix" '' + ${exports} + ${exportsFmtNix} + export PATH=":{makeBinPath [ packages.nf-alejandra ]}:$PATH" + source ${../ci/fmt-nix.sh} ''; }; in output