gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

meta: Avoid building rbw-bitw for all hosts

Browse source
This commit is contained in:
kat witch 2021-09-04 19:34:09 +01:00
parent a23c94f597
commit b154039b72
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
5 changed files with 28 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

5
config/modules/meta/secrets.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, ... }: with lib; {
options.kw.secrets.command = mkOption {
type = types.str;
};
}

8
config/modules/nixos/secrets.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, lib, meta, ... }:
with lib; with lib;
@ -22,14 +22,12 @@ let
}; };
}; };
}); });
mcfg = meta.kw.secrets;
cfg = config.kw.secrets; cfg = config.kw.secrets;
in in
{ {
options.kw = { options.kw = {
secrets = { secrets = {
command = mkOption {
type = types.str;
};
variables = mkOption { variables = mkOption {
type = types.attrsOf secretType; type = types.attrsOf secretType;
default = { }; default = { };
@ -48,7 +46,7 @@ in
deploy.tf.variables = mapAttrs' deploy.tf.variables = mapAttrs'
(name: content: (name: content:
nameValuePair name ({ nameValuePair name ({
value.shellCommand = "${cfg.command} ${content.path}" + optionalString (content.field != "") " -f ${content.field}"; value.shellCommand = "${mcfg.command} ${content.path}" + optionalString (content.field != "") " -f ${content.field}";
type = "string"; type = "string";
sensitive = true; sensitive = true;
}) })

6
config/profiles/base/secrets.nix
View file

@ -8,10 +8,4 @@
persistentRoot = "/var/lib/kat/secrets"; persistentRoot = "/var/lib/kat/secrets";
external = true; external = true;
}; };
kw.secrets.command =
let
bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.kw.secrets.repo.bitw.source} "$@"'';
in
"${bitw}/bin/bitw get";
} }

46
default.nix
View file

@ -22,40 +22,14 @@ let
all = attrValues local ++ attrValues hexchen; all = attrValues local ++ attrValues hexchen;
allStr = toString all; allStr = toString all;
}; };
# This is used for the base path for nodeImport.
root = ./.; root = ./.;
/*
This is used to generate specialArgs + the like. It works as such:
* A <xargName> can exist at config/<subconfigName>.
* A <xargName> can exist at config/trusted/<subconfigName>.
If only one exists, the path for that one is returned.
Otherwise a module is generated which contains both import paths.
*/
xarg = lib.recursiveMod { folder = ./config; inherit sources lib; }; xarg = lib.recursiveMod { folder = ./config; inherit sources lib; };
/*
We provide the runners with this file this way. We also provide our nix args here.
This is also where pkgs are passed through to the meta config.
*/
metaConfig = {
config = {
runners = {
lazy = {
file = root;
args = [ "--show-trace" ];
};
};
_module.args = {
pkgs = lib.mkDefault pkgs;
};
deploy.targets.dummy.enable = false; metaBase = import ./meta.nix { inherit config lib pkgs root; };
};
};
# This is where the meta config is evaluated.
eval = lib.evalModules { eval = lib.evalModules {
modules = lib.singleton metaConfig modules = lib.singleton metaBase
++ lib.singleton xarg.modules.meta ++ lib.singleton xarg.modules.meta
++ lib.attrValues (removeAttrs xarg.targets [ "common" ]) ++ lib.attrValues (removeAttrs xarg.targets [ "common" ])
++ (map ++ (map
@ -75,22 +49,8 @@ let
} // xarg; } // xarg;
}; };
# The evaluated meta config.
inherit (eval) config; inherit (eval) config;
/*
Please note all specialArg generated specifications use the folder common to both import paths.
Those import paths are as mentioned above next to `xargNames`.
This provides us with a ./. that contains (most relevantly):
* deploy.targets -> a mapping of target name to host names
* network.nodes -> host names to host NixOS + home-manager configs
* profiles -> the specialArg generated from profiles/
* users -> the specialArg generated from users/
* targets -> the specialArg generated from targets/
* do not use common, it is tf-nix specific config ingested at line 66 of config/modules/meta/deploy.nix for every target.
* services -> the specialArg generated from services/
*/
self = config // { inherit pkgs lib sourceCache sources; } // xarg; self = config // { inherit pkgs lib sourceCache sources; } // xarg;
in in
self self

17
meta.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, pkgs, lib, root, ... }: {
runners = {
lazy = {
file = root;
args = [ "--show-trace" ];
};
};
kw.secrets.command =
let
bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"'';
in
"${bitw}/bin/bitw get";
deploy.targets.dummy.enable = false;
_module.args.pkgs = lib.mkDefault pkgs;
}