gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/packages/default.nix

187 lines
6.1 KiB
Nix
Raw Blame History

{
system,
inputs,
}: let
lib = inputs.self.lib.nixlib;
inherit (lib.strings) makeBinPath;
inherit (inputs.self.lib.std) string list set;
packages = inputs.self.packages.${system};
inherit (inputs.self.legacyPackages.${system}) pkgs;
fmt = import ../ci/fmt.nix;
inherit (import ../ci/nix.nix) ci;
exports = ''
export NF_CONFIG_ROOT=''${NF_CONFIG_ROOT-${toString ../.}}
'';
exportsSsh = ''
export PATH="${makeBinPath [packages.nf-hostname packages.nf-sshopts]}:$PATH"
'';
exportsFmtNix = ''
NF_NIX_BLACKLIST_DIRS=(${string.concatMapSep " " string.escapeShellArg fmt.nix.blacklistDirs})
NF_NIX_WHITELIST_DIRS=(${string.concatMapSep " " string.escapeShellArg fmt.nix.whitelistDirs})
NF_NIX_WHITELIST_FILES=(${string.concatMapSep " " string.escapeShellArg fmt.nix.whitelist})
'';
exportsSystems = let
inherit (inputs.self.lib) systems;
nixosSystems = set.filter (_: system: system.config.ci.enable) systems;
warnSystems = set.filter (_: system: system.config.ci.allowFailure) nixosSystems;
toSystems = systems: string.concatMapSep " " string.escapeShellArg (set.keys systems);
in ''
NF_NIX_SYSTEMS=(${toSystems nixosSystems})
NF_NIX_SYSTEMS_WARN=(${toSystems warnSystems})
'';
output = {
inherit
(pkgs.buildPackages)
terraform
tflint
alejandra
deadnix
statix
ssh-to-age
jq
;
inherit (inputs.deploy-rs.packages.${system}) deploy-rs;
inherit
(pkgs)
freeipa-ipasam
samba-ldap
samba-ipa
krb5-ldap
nfs-utils-ldap
barcodebuddy
barcodebuddy-scanner
barcodebuddy-scanner-python
openwebrxplus
systemd2mqtt
;
nf-setup-node = let
reisen = ../systems/reisen;
inherit (inputs.self.lib.lib) userIs;
inherit (inputs.self.nixosConfigurations.hakurei.config) users;
authorizedKeys = list.concatMap (user: user.openssh.authorizedKeys.keys) (
list.filter (userIs "wheel") (set.values users.users)
);
inputAttrs = {
INPUT_ROOT_SSH_AUTHORIZEDKEYS = pkgs.writeText "root.authorized_keys" (
string.intercalate "\n" authorizedKeys
);
INPUT_TF_SSH_AUTHORIZEDKEYS = reisen + "/tf.authorized_keys";
INPUT_SUBUID = reisen + "/subuid";
INPUT_SUBGID = reisen + "/subgid";
INPUT_INFRA_SETUP = reisen + "/setup.sh";
INPUT_INFRA_PUTFILE64 = reisen + "/bin/putfile64.sh";
INPUT_INFRA_PVE = reisen + "/bin/pve.sh";
INPUT_INFRA_MKPAM = reisen + "/bin/mkpam.sh";
INPUT_INFRA_CT_CONFIG = reisen + "/bin/ct-config.sh";
INPUT_AUTHRPCGSS_OVERRIDES = reisen + "/net.auth-rpcgss-module.service.overrides";
};
inputVars = set.mapToValues (key: path: ''${key}="$(base64 -w0 < ${path})"'') inputAttrs;
in
pkgs.writeShellScriptBin "nf-setup-node" ''
${exports}
NF_SETUP_INPUTS=(
${string.intercalate "\n" inputVars}
)
source ${../ci/setup.sh}
'';
nf-actions-test = pkgs.writeShellScriptBin "nf-actions-test" ''
${exports}
${exportsSystems}
source ${../ci/actions-test.sh}
'';
nf-update = pkgs.writeShellScriptBin "nf-update" ''
${exports}
export PATH="${makeBinPath [packages.nf-actions-test pkgs.cachix]}:$PATH"
source ${../ci/update.sh}
'';
nf-hostname = pkgs.writeShellScriptBin "nf-hostname" ''
${exports}
source ${../ci/hostname.sh}
'';
nf-sshopts = pkgs.writeShellScriptBin "nf-sshopts" ''
${exports}
export PATH="$PATH:${makeBinPath [pkgs.jq]}"
source ${../ci/sshopts.sh}
'';
nf-sops-keyscan = pkgs.writeShellScriptBin "nf-sops-keyscan" ''
${exports}
${exportsSsh}
export PATH="$PATH:${makeBinPath [pkgs.ssh-to-age]}"
source ${../ci/sops-keyscan.sh}
'';
nf-ssh = pkgs.writeShellScriptBin "nf-ssh" ''
${exports}
${exportsSsh}
source ${../ci/ssh.sh}
'';
nf-build = pkgs.writeShellScriptBin "nf-build" ''
${exports}
source ${../ci/build.sh}
'';
nf-tarball = pkgs.writeShellScriptBin "nf-tarball" ''
${exports}
source ${../ci/tarball.sh}
'';
nf-switch = pkgs.writeShellScriptBin "nf-switch" ''
${exports}
${exportsSsh}
source ${../ci/switch.sh}
'';
nf-generate = pkgs.writeShellScriptBin "nf-generate" ''
${exports}
export PATH="$PATH:${makeBinPath [pkgs.jq]}"
NF_INPUT_CI=${string.escapeShellArg inputs.ci}
NF_CONFIG_FILES=(${string.concatMapSep " " string.escapeShellArg ci.workflowConfigs})
source ${../ci/generate.sh}
'';
nf-statix = pkgs.writeShellScriptBin "nf-statix" ''
${exports}
export PATH="${makeBinPath [packages.statix]}:$PATH"
source ${../ci/statix.sh}
'';
nf-deadnix = pkgs.writeShellScriptBin "nf-deadnix" ''
${exports}
${exportsFmtNix}
export PATH="${makeBinPath [packages.deadnix pkgs.findutils]}:$PATH"
source ${../ci/deadnix.sh}
'';
nf-alejandra = pkgs.writeShellScriptBin "nf-alejandra" ''
${exports}
${exportsFmtNix}
export PATH="${makeBinPath [packages.alejandra]}:$PATH"
source ${../ci/alejandra.sh}
'';
nf-lint-tf = pkgs.writeShellScriptBin "nf-lint-tf" ''
${exports}
export PATH="$PATH:${makeBinPath [packages.tflint]}"
source ${../ci/lint-tf.sh}
'';
nf-lint-nix = pkgs.writeShellScriptBin "nf-lint-nix" ''
${exports}
export PATH="${makeBinPath [packages.nf-statix packages.nf-deadnix]}:$PATH"
source ${../ci/lint-nix.sh}
'';
nf-fmt-tf = pkgs.writeShellScriptBin "nf-fmt-tf" ''
${exports}
export PATH="${makeBinPath [packages.terraform]}:$PATH"
source ${../ci/fmt-tf.sh}
'';
nf-fmt-nix = pkgs.writeShellScriptBin "nf-fmt-nix" ''
${exports}
${exportsFmtNix}
export PATH=":{makeBinPath [ packages.nf-alejandra ]}:$PATH"
source ${../ci/fmt-nix.sh}
'';
nf-docs = pkgs.writeShellScriptBin "nf-docs" ''
${exports}
export NF_DOCS_PATH=${packages.docs}
source ${../ci/docs.sh}
'';
docs = pkgs.callPackage ../docs/derivation.nix {
inherit (inputs) self;
};
};
in
output
Reference in a new issue View git blame Copy permalink