gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: clean up flake outputs

Browse source
This commit is contained in:
arcnmx 2024-02-02 11:00:00 -08:00
parent 437c83acc0
commit 7da0924d91
15 changed files with 233 additions and 203 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.envrc
View file

@ -9,4 +9,5 @@ source_env_if_exists .envrc.conf
use flake "${FLAKE_ARGS[@]}" use flake "${FLAKE_ARGS[@]}"
export FLAKE_OPTS=${FLAKE_OPTS:-"${FLAKE_ARGS[*]}"} export FLAKE_OPTS=${FLAKE_OPTS:-"${FLAKE_ARGS[*]}"}
watch_file devShell.nix watch_file outputs.nix
watch_file devShells.nix

18
ci/fmt.nix
View file

@ -1,7 +1,25 @@
{ {
nix = { nix = {
whitelist = [ whitelist = [
"systems/default.nix"
"systems/ct/default.nix"
"systems/ct/nixos.nix"
"systems/hakurei/default.nix"
"systems/kuwubernetes/default.nix"
"systems/kuwubernetes/nixos.nix"
"systems/mediabox/default.nix"
"systems/mediabox/nixos.nix" "systems/mediabox/nixos.nix"
"systems/reimu/default.nix"
"systems/tei/default.nix"
"systems/tei/nixos.nix"
"systems/tei/cloudflared.nix"
"systems/tewi/default.nix"
"systems/tewi/nixos.nix"
"overlays/default.nix"
"devShells.nix"
"shell.nix"
"outputs.nix"
"tree.nix"
]; ];
blacklistDirs = [ blacklistDirs = [
"overlays" "overlays"

116
devShell.nix
View file

@ -1,116 +0,0 @@
{
inputs,
system,
}: let
inherit (inputs.self.legacyPackages.${system}) pkgs;
nf-actions = pkgs.writeShellScriptBin "nf-actions" ''
NF_CONFIG_FILES=($NF_CONFIG_ROOT/ci/{nodes,flake-cron}.nix)
for f in "''${NF_CONFIG_FILES[@]}"; do
echo $f
nix run --argstr config "$f" -f '${inputs.ci}' run.gh-actions-generate
done
'';
nf-actions-test = pkgs.writeShellScriptBin "nf-actions-test" ''
set -eu
for host in hakurei reimu tei mediabox ct; do
nix run --argstr config "$NF_CONFIG_ROOT/ci/nodes.nix" -f '${inputs.ci}' job.$host.test
done
'';
nf-update = pkgs.writeShellScriptBin "nf-update" ''
exec nix flake update "$@"
'';
nf-deploy = pkgs.writeShellScriptBin "nf-deploy" ''
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-deploy" -- "$@"
'';
nf-setup-node = pkgs.writeShellScriptBin "nf-setup-node" ''
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-setup-node" -- "$@"
'';
nf-sops-keyscan = pkgs.writeShellScriptBin "nf-sops-keyscan" ''
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-sops-keyscan" -- "$@"
'';
nf-ssh = pkgs.writeShellScriptBin "nf-ssh" ''
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-ssh" -- "$@"
'';
nf-build = pkgs.writeShellScriptBin "nf-build" ''
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-build" -- "$@"
'';
nf-tarball = pkgs.writeShellScriptBin "nf-tarball" ''
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-tarball" -- "$@"
'';
nf-tf = pkgs.writeShellScriptBin "nf-tf" ''
cd "$NF_CONFIG_ROOT/tf"
if [[ $# -eq 0 ]]; then
exec nix shell ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#terraform" -c bash -c "terraform init && terraform plan"
else
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#terraform" -- "$@"
fi
'';
nf-lint-tf = pkgs.writeShellScriptBin "nf-lint-tf" ''
cd "$NF_CONFIG_ROOT/tf"
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-lint-tf" -- "$@"
'';
nf-lint-nix = pkgs.writeShellScriptBin "nf-lint-nix" ''
cd "$NF_CONFIG_ROOT"
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-lint-nix" -- "$@"
'';
nf-fmt-nix = pkgs.writeShellScriptBin "nf-fmt-nix" ''
cd "$NF_CONFIG_ROOT"
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-fmt-nix" -- "$@"
'';
nf-alejandra = pkgs.writeShellScriptBin "alejandra" ''
cd "$NF_CONFIG_ROOT"
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-alejandra" -- "$@"
'';
nf-statix = pkgs.writeShellScriptBin "statix" ''
cd "$NF_CONFIG_ROOT"
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-statix" -- "$@"
'';
nf-deadnix = pkgs.writeShellScriptBin "deadnix" ''
cd "$NF_CONFIG_ROOT"
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-deadnix" -- "$@"
'';
nf-kustomize = pkgs.writeShellScriptBin "kustomize" ''
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#pkgs.kustomize" -- "$@"
'';
nf-argocd = pkgs.writeShellScriptBin "argocd" ''
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#pkgs.argocd" -- "$@"
'';
nf-deploy-rs = pkgs.writeShellScriptBin "deploy" ''
cd "$NF_CONFIG_ROOT"
exec nix shell ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#deploy-rs" -c deploy "$@"
'';
in
pkgs.mkShell {
nativeBuildInputs = with pkgs; [
inetutils
sops
nf-actions
nf-actions-test
nf-update
nf-deploy
nf-setup-node
nf-sops-keyscan
nf-ssh
nf-build
nf-tarball
nf-tf
nf-lint-tf
nf-lint-nix
nf-fmt-nix
nf-alejandra
nf-statix
nf-deadnix
nf-kustomize
nf-argocd
nf-deploy-rs
];
shellHook = ''
export NIX_BIN_DIR=$(dirname $(readlink -f $(type -P nix)))
export HOME_UID=$(id -u)
export HOME_USER=$(id -un)
export CI_PLATFORM="impure"
export NF_CONFIG_ROOT=''${NF_CONFIG_ROOT-${toString ./.}}
export NIX_PATH="$NIX_PATH:home=$NF_CONFIG_ROOT"
export NIX_SSHOPTS="''${NIX_SSHOPTS--p62954}"
'';
}

98
devShells.nix Normal file
View file

@ -0,0 +1,98 @@
{
inputs,
system,
}: let
inherit (inputs.self.legacyPackages.${system}) pkgs;
inherit (inputs.self.lib.nixlib) optionalString;
mkWrapper = {
name,
attr ? name,
subdir ? null,
}:
pkgs.writeShellScriptBin name ''
${optionalString (subdir != null) ''cd "$NF_CONFIG_ROOT${subdir}"''}
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#${attr}" -- "$@"
'';
nf-actions = pkgs.writeShellScriptBin "nf-actions" ''
NF_CONFIG_FILES=($NF_CONFIG_ROOT/ci/{nodes,flake-cron}.nix)
for f in "''${NF_CONFIG_FILES[@]}"; do
echo $f
nix run --argstr config "$f" -f '${inputs.ci}' run.gh-actions-generate
done
'';
nf-actions-test = pkgs.writeShellScriptBin "nf-actions-test" ''
set -eu
for host in hakurei reimu tei mediabox ct; do
nix run --argstr config "$NF_CONFIG_ROOT/ci/nodes.nix" -f '${inputs.ci}' job.$host.test
done
'';
nf-update = pkgs.writeShellScriptBin "nf-update" ''
exec nix flake update "$@"
'';
nf-tf = pkgs.writeShellScriptBin "nf-tf" ''
cd "$NF_CONFIG_ROOT/tf"
if [[ $# -eq 0 ]]; then
exec nix shell ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#terraform" -c bash -c "terraform init && terraform plan"
else
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#terraform" -- "$@"
fi
'';
default = pkgs.mkShell {
nativeBuildInputs = with pkgs; [
inetutils
sops
nf-actions
nf-actions-test
nf-update
nf-tf
(mkWrapper {name = "nf-deploy";})
(mkWrapper {name = "nf-setup-node";})
(mkWrapper {name = "nf-sops-keyscan";})
(mkWrapper {name = "nf-ssh";})
(mkWrapper {name = "nf-build";})
(mkWrapper {name = "nf-tarball";})
(mkWrapper {
name = "nf-lint-tf";
subdir = "/tf";
})
(mkWrapper {
name = "nf-lint-nix";
subdir = "";
})
(mkWrapper {
name = "nf-fmt-nix";
subdir = "";
})
(mkWrapper {name = "nf-alejandra";})
(mkWrapper {
name = "statix";
attr = "nf-statix";
})
(mkWrapper {
name = "deadnix";
attr = "nf-deadnix";
})
(mkWrapper {
name = "kustomize";
attr = "pkgs.kustomize";
})
(mkWrapper {
name = "argocd";
attr = "pkgs.argocd";
})
(mkWrapper {
name = "deploy";
attr = "deploy-rs";
})
];
shellHook = ''
export NIX_BIN_DIR=$(dirname $(readlink -f $(type -P nix)))
export HOME_UID=$(id -u)
export HOME_USER=$(id -un)
export CI_PLATFORM="impure"
export NF_CONFIG_ROOT=''${NF_CONFIG_ROOT-${toString ./.}}
'';
};
in {
inherit default;
}

13
flake.lock generated
View file

@ -152,6 +152,18 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-patch-k8s-pki": {
"flake": false,
"locked": {
"narHash": "sha256-Qz3TV1Z/pdKxLqOoV/bmprlmlAfJpTsHUCiWXVgoukw=",
"type": "file",
"url": "https://github.com/NixOS/nixpkgs/pull/275896/commits/9c870ac78f6157260ba1f96f9ce077ce84478532.patch"
},
"original": {
"type": "file",
"url": "https://github.com/NixOS/nixpkgs/pull/275896/commits/9c870ac78f6157260ba1f96f9ce077ce84478532.patch"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1705957679, "lastModified": 1705957679,
@ -193,6 +205,7 @@
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"flakelib": "flakelib", "flakelib": "flakelib",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-patch-k8s-pki": "nixpkgs-patch-k8s-pki",
"nur": "nur", "nur": "nur",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"std": "std", "std": "std",

5
flake.nix
View file

@ -2,6 +2,11 @@
description = "kat's nixfiles"; description = "kat's nixfiles";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-patch-k8s-pki = {
# https://github.com/NixOS/nixpkgs/pull/275896
url = "https://github.com/NixOS/nixpkgs/pull/275896/commits/9c870ac78f6157260ba1f96f9ce077ce84478532.patch";
flake = false;
};
arcexprs = { arcexprs = {
url = "github:arcnmx/nixexprs/master"; url = "github:arcnmx/nixexprs/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

10
inputs.nix
View file

@ -1,10 +0,0 @@
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
flakeCompat = fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash;
};
nixfiles = import flakeCompat {
src = ./.;
};
in nixfiles.defaultNix.inputs

17
nixos/k8s.nix
View file

@ -1,4 +1,6 @@
{ {
inputs,
system,
config, config,
pkgs, pkgs,
lib, lib,
@ -10,6 +12,21 @@
kubeMasterHostname = "k8s.gensokyo.zone"; kubeMasterHostname = "k8s.gensokyo.zone";
kubeMasterAPIServerPort = 6443; kubeMasterAPIServerPort = 6443;
in { in {
# apply fix: https://github.com/NixOS/nixpkgs/pull/275896
imports = let
pkiModulePath = "services/cluster/kubernetes/pki.nix";
inherit (inputs.self.legacyPackages.${system}) patchedNixpkgs;
in [
(_: {
imports = [
(patchedNixpkgs + "/nixos/modules/${pkiModulePath}")
];
disabledModules = [
pkiModulePath
];
})
];
# packages for administration tasks # packages for administration tasks
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
kompose kompose

72
outputs.nix
View file

@ -1,34 +1,58 @@
{inputs}: let {inputs}: let
patchedInputs = import ./patchedInputs.nix {inherit inputs;};
inherit
(import ./overlays {
inputs = patchedInputs;
})
pkgs
;
inherit (inputs.nixpkgs) lib;
tree = import ./tree.nix { tree = import ./tree.nix {
inherit pkgs; inherit inputs;
inputs = patchedInputs;
}; };
systems = import ./systems { systems = import ./systems {
inherit inputs lib std pkgs; inherit inputs;
tree = tree.impure; tree = tree.impure;
}; };
outputs = outputs =
inputs.flake-utils.lib.eachDefaultSystem inputs.flake-utils.lib.eachDefaultSystem
(system: rec { (system: let
devShells.default = import ./devShell.nix {inherit system inputs;}; legacyPackages = inputs.self.legacyPackages.${system};
packages = import ./packages {inherit system inputs lib;}; inherit (legacyPackages) pkgs;
legacyPackages.pkgs = pkgs.${system}; in {
devShells = import ./devShells.nix {inherit system inputs;};
packages = import ./packages {inherit system inputs;};
legacyPackages = {
inherit (import ./overlays {inherit system inputs;}) pkgs;
patchedNixpkgs = pkgs.applyPatches {
name = "nixpkgs";
src = inputs.nixpkgs;
patches = [
inputs.nixpkgs-patch-k8s-pki
];
};
deploy-rs = let
deployLib =
inputs.deploy-rs.lib.${system}
or rec {
activate = throw "deploy-rs.lib.${system} unsupported";
setActivate = activate;
deployChecks = _: {};
};
deploy-rs =
inputs.deploy-rs.packages.${system}.default
or pkgs.${system}.deploy-rs.deploy-rs
or pkgs.${system}.deploy-rs
or {
name = "deploy-rs";
outPath = throw "deploy-rs.packages.${system} unsupported";
meta = {};
};
in {
inherit (deploy-rs) name outPath meta;
inherit (deployLib) activate setActivate deployChecks;
};
};
checks = legacyPackages.deploy-rs.deployChecks inputs.self.deploy;
}); });
in {
inherit (outputs) devShells legacyPackages packages checks;
inherit (systems) deploy nixosConfigurations;
lib = {
std = import ./std.nix {inherit inputs;}; std = import ./std.nix {inherit inputs;};
inherit (std) set; nixlib = inputs.nixpkgs.lib;
checks = set.map (_: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib; inherit tree;
in };
{ }
inherit tree std lib checks;
inputs = patchedInputs;
}
// systems
// outputs

5
overlays/default.nix
View file

@ -1,5 +1,4 @@
{inputs, ...} @ args: {inputs, system}: {
inputs.flake-utils.lib.eachDefaultSystem (system: {
pkgs = import inputs.nixpkgs { pkgs = import inputs.nixpkgs {
inherit system; inherit system;
overlays = overlays =
@ -27,4 +26,4 @@ inputs.flake-utils.lib.eachDefaultSystem (system: {
]; ];
}; };
}; };
}) }

2
packages/default.nix
View file

@ -1,8 +1,8 @@
{ {
system, system,
inputs, inputs,
lib,
}: let }: let
lib = inputs.self.lib.nixlib;
inherit (lib.meta) getExe; inherit (lib.meta) getExe;
inherit (inputs.std.lib) string list; inherit (inputs.std.lib) string list;
packages = inputs.self.packages.${system}; packages = inputs.self.packages.${system};

26
patchedInputs.nix
View file

@ -1,26 +0,0 @@
{
inputs,
system ? builtins.currentSystem or "x86_64-linux",
...
}: let
pkgs = import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;
};
in
inputs
// {
nixpkgs = pkgs.applyPatches {
name = "nixpkgs";
src = inputs.nixpkgs;
patches = [
# https://github.com/NixOS/nixpkgs/pull/275896
(pkgs.fetchpatch {
url = "https://github.com/NixOS/nixpkgs/pull/275896.patch";
sha256 = "sha256-boJLCdgamzX0fhLifdsxsFF/f7oXZwWJ7+WAkcA2GBg=";
})
];
} // {
inherit (inputs.nixpkgs) sourceInfo;
};
}

2
shell.nix
View file

@ -1 +1 @@
import ./devShell.nix { inputs = import ./inputs.nix; system = builtins.currentSystem; } (import ./.).devShells.${builtins.currentSystem or "x86_64-linux"}.default

27
systems/default.nix
View file

@ -1,15 +1,12 @@
{ {
inputs, inputs,
tree, tree,
pkgs,
lib,
std,
system ? builtins.currentSystem or "x86_64-linux",
...
}: let }: let
# The purpose of this file is to set up the host module which allows assigning of the system, e.g. aarch64-linux and the builder used with less pain. # The purpose of this file is to set up the host module which allows assigning of the system, e.g. aarch64-linux and the builder used with less pain.
lib = inputs.self.lib.nixlib;
inherit (lib.modules) evalModules mkOptionDefault; inherit (lib.modules) evalModules mkOptionDefault;
inherit (std) string types optional set list; inherit (inputs.self.lib) std;
inherit (std) string set;
defaultSpecialArgs = { defaultSpecialArgs = {
inherit inputs std; inherit inputs std;
meta = tree; meta = tree;
@ -21,7 +18,7 @@
}: { }: {
options = let options = let
inherit (lib.types) str listOf attrs unspecified attrsOf nullOr; inherit (lib.types) str listOf attrs unspecified attrsOf nullOr;
jsonType = (pkgs.${system}.formats.json {}).type; jsonAttrsType = inputs.arcexprs.lib.json.types.attrs;
inherit (lib.options) mkOption; inherit (lib.options) mkOption;
in { in {
arch = mkOption { arch = mkOption {
@ -54,21 +51,26 @@
internal = true; internal = true;
}; };
deploy = mkOption { deploy = mkOption {
type = nullOr jsonType; type = nullOr jsonAttrsType;
}; };
}; };
config = { config = {
deploy = { deploy = let
nixos = inputs.self.nixosConfigurations.${machine};
in {
sshUser = mkOptionDefault "root"; sshUser = mkOptionDefault "root";
user = mkOptionDefault "root"; user = mkOptionDefault "root";
sshOpts = mkOptionDefault ["-p" "${builtins.toString (builtins.head inputs.self.nixosConfigurations.${machine}.config.services.openssh.ports)}"]; sshOpts = mkOptionDefault ["-p" "${builtins.toString (builtins.head nixos.config.services.openssh.ports)}"];
autoRollback = mkOptionDefault true; autoRollback = mkOptionDefault true;
magicRollback = mkOptionDefault true; magicRollback = mkOptionDefault true;
fastConnection = mkOptionDefault false; fastConnection = mkOptionDefault false;
hostname = mkOptionDefault "${machine}.local.gensokyo.zone"; hostname = mkOptionDefault "${machine}.local.gensokyo.zone";
profiles.system = { profiles.system = {
user = "root"; user = "root";
path = inputs.deploy-rs.lib.${system}.activate.nixos inputs.self.nixosConfigurations.${machine}; path = let
inherit (inputs.self.legacyPackages.${config.system}.deploy-rs) activate;
in
activate.nixos nixos;
}; };
}; };
system = let system = let
@ -141,7 +143,8 @@
(set.map (_: c: c) tree.systems); (set.map (_: c: c) tree.systems);
processHost = name: cfg: let processHost = name: cfg: let
host = cfg.config; host = cfg.config;
in set.optional (host.type != null) { in
set.optional (host.type != null) {
deploy.nodes.${name} = host.deploy; deploy.nodes.${name} = host.deploy;
"${host.folder}Configurations".${name} = host.builder { "${host.folder}Configurations".${name} = host.builder {

12
tree.nix
View file

@ -1,20 +1,24 @@
{inputs, ...}: (inputs.tree.tree { {inputs}: (inputs.tree.tree {
inherit inputs; inherit inputs;
folder = ./.; folder = ./.;
config = { config = {
"/" = { "/" = {
excludes = [ excludes = [
"tf" "tf"
"inputs"
"default" "default"
"patchedInputs" "devShells"
"outputs" "outputs"
"tree" "tree"
"flake" "flake"
"meta" "std"
"inputs" "inputs"
]; ];
}; };
packages = {
excludes = [
"default"
];
};
systems = { systems = {
excludes = [ excludes = [
"default" "default"