Merge pull request 'fixes for sops, buildClan, clanCore module, machines api' (#234) from DavHau-api-config into main
This commit is contained in:
clan-bot
@@ -5,9 +5,13 @@
|
|||||||
check-clan-template = pkgs.writeShellScriptBin "check-clan-template" ''
|
check-clan-template = pkgs.writeShellScriptBin "check-clan-template" ''
|
||||||
#!${pkgs.bash}/bin/bash
|
#!${pkgs.bash}/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
export TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
|
export TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
|
||||||
trap "${pkgs.coreutils}/bin/chmod -R +w '$TMPDIR'; ${pkgs.coreutils}/bin/rm -rf '$TMPDIR'" EXIT
|
trap "${pkgs.coreutils}/bin/chmod -R +w '$TMPDIR'; ${pkgs.coreutils}/bin/rm -rf '$TMPDIR'" EXIT
|
||||||
|
|
||||||
export PATH="${lib.makeBinPath [
|
export PATH="${lib.makeBinPath [
|
||||||
|
pkgs.coreutils
|
||||||
|
pkgs.curl
|
||||||
pkgs.gitMinimal
|
pkgs.gitMinimal
|
||||||
pkgs.gnugrep
|
pkgs.gnugrep
|
||||||
pkgs.jq
|
pkgs.jq
|
||||||
@@ -35,6 +39,9 @@
|
|||||||
|
|
||||||
echo check machine1 appears in nixosConfigurations
|
echo check machine1 appears in nixosConfigurations
|
||||||
nix flake show --json | jq '.nixosConfigurations' | grep -q machine1
|
nix flake show --json | jq '.nixosConfigurations' | grep -q machine1
|
||||||
|
|
||||||
|
echo check machine1 jsonschema can be evaluated
|
||||||
|
nix eval .#nixosConfigurations.machine1.config.clanSchema
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
{ nixpkgs, clan, lib }:
|
{ nixpkgs, self, lib }:
|
||||||
{ directory # The directory containing the machines subdirectory
|
{ directory # The directory containing the machines subdirectory
|
||||||
, specialArgs ? { } # Extra arguments to pass to nixosSystem i.e. useful to make self available
|
, specialArgs ? { } # Extra arguments to pass to nixosSystem i.e. useful to make self available
|
||||||
, machines ? { } # allows to include machine-specific modules i.e. machines.${name} = { ... }
|
, machines ? { } # allows to include machine-specific modules i.e. machines.${name} = { ... }
|
||||||
@@ -18,9 +18,12 @@ let
|
|||||||
(name: _:
|
(name: _:
|
||||||
nixpkgs.lib.nixosSystem {
|
nixpkgs.lib.nixosSystem {
|
||||||
modules = [
|
modules = [
|
||||||
clan.nixosModules.clanCore
|
self.nixosModules.clanCore
|
||||||
(machineSettings name)
|
(machineSettings name)
|
||||||
(machines.${name} or { })
|
(machines.${name} or { })
|
||||||
|
{ clanCore.clanDir = directory; }
|
||||||
|
# TODO: remove this once we have a hardware-config mechanism
|
||||||
|
{ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; }
|
||||||
];
|
];
|
||||||
specialArgs = specialArgs;
|
specialArgs = specialArgs;
|
||||||
})
|
})
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
{ lib, clan, nixpkgs, ... }:
|
{ lib, self, nixpkgs, ... }:
|
||||||
{
|
{
|
||||||
findNixFiles = folder:
|
findNixFiles = folder:
|
||||||
lib.mapAttrs'
|
lib.mapAttrs'
|
||||||
@@ -14,5 +14,5 @@
|
|||||||
|
|
||||||
jsonschema = import ./jsonschema { inherit lib; };
|
jsonschema = import ./jsonschema { inherit lib; };
|
||||||
|
|
||||||
buildClan = import ./build-clan { inherit lib clan nixpkgs; };
|
buildClan = import ./build-clan { inherit lib self nixpkgs; };
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
{ lib
|
{ lib
|
||||||
, inputs
|
, inputs
|
||||||
|
, self
|
||||||
, ...
|
, ...
|
||||||
}: {
|
}: {
|
||||||
imports = [
|
imports = [
|
||||||
@@ -7,6 +8,7 @@
|
|||||||
];
|
];
|
||||||
flake.lib = import ./default.nix {
|
flake.lib = import ./default.nix {
|
||||||
inherit lib;
|
inherit lib;
|
||||||
inherit (inputs) nixpkgs clan;
|
inherit self;
|
||||||
|
inherit (inputs) nixpkgs;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,8 +1,18 @@
|
|||||||
{ self, inputs, lib, ... }: {
|
{ self, inputs, lib, ... }: {
|
||||||
flake.nixosModules.clanCore = { pkgs, ... }: {
|
flake.nixosModules.clanCore = { pkgs, options, ... }: {
|
||||||
|
imports = [
|
||||||
|
./secrets
|
||||||
|
./zerotier.nix
|
||||||
|
inputs.sops-nix.nixosModules.sops
|
||||||
|
];
|
||||||
|
options.clanSchema = lib.mkOption {
|
||||||
|
type = lib.types.attrs;
|
||||||
|
description = "The json schema for the .clan options namespace";
|
||||||
|
default = self.lib.jsonschema.parseOptions options.clan;
|
||||||
|
};
|
||||||
options.clanCore = {
|
options.clanCore = {
|
||||||
clanDir = lib.mkOption {
|
clanDir = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.either lib.types.path lib.types.str;
|
||||||
description = ''
|
description = ''
|
||||||
the location of the flake repo, used to calculate the location of facts and secrets
|
the location of the flake repo, used to calculate the location of facts and secrets
|
||||||
'';
|
'';
|
||||||
@@ -23,10 +33,5 @@
|
|||||||
utility outputs for clan management of this machine
|
utility outputs for clan management of this machine
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
imports = [
|
|
||||||
./secrets
|
|
||||||
./zerotier.nix
|
|
||||||
inputs.sops-nix.nixosModules.sops
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -45,13 +45,17 @@
|
|||||||
'';
|
'';
|
||||||
sops.secrets =
|
sops.secrets =
|
||||||
let
|
let
|
||||||
|
secretsDir = config.clanCore.clanDir + "/sops/secrets";
|
||||||
encryptedForThisMachine = name: type:
|
encryptedForThisMachine = name: type:
|
||||||
let
|
let
|
||||||
symlink = config.clanCore.clanDir + "/sops/secrets/${name}/machines/${config.clanCore.machineName}";
|
symlink = secretsDir + "/${name}/machines/${config.clanCore.machineName}";
|
||||||
in
|
in
|
||||||
# WTF, nix bug, my symlink is in the nixos module detected as a directory also it works in the repl
|
# WTF, nix bug, my symlink is in the nixos module detected as a directory also it works in the repl
|
||||||
type == "directory" && (builtins.readFileType symlink == "directory" || builtins.readFileType symlink == "symlink");
|
type == "directory" && (builtins.readFileType symlink == "directory" || builtins.readFileType symlink == "symlink");
|
||||||
secrets = lib.filterAttrs encryptedForThisMachine (builtins.readDir (config.clanCore.clanDir + "/sops/secrets"));
|
secrets =
|
||||||
|
if !builtins.pathExists secretsDir
|
||||||
|
then { }
|
||||||
|
else lib.filterAttrs encryptedForThisMachine (builtins.readDir secretsDir);
|
||||||
in
|
in
|
||||||
builtins.mapAttrs
|
builtins.mapAttrs
|
||||||
(name: _: {
|
(name: _: {
|
||||||
|
|||||||
@@ -6,6 +6,9 @@ from .folders import machine_folder
|
|||||||
def create_machine(name: str) -> None:
|
def create_machine(name: str) -> None:
|
||||||
folder = machine_folder(name)
|
folder = machine_folder(name)
|
||||||
folder.mkdir(parents=True, exist_ok=True)
|
folder.mkdir(parents=True, exist_ok=True)
|
||||||
|
# create empty settings.json file inside the folder
|
||||||
|
with open(folder / "settings.json", "w") as f:
|
||||||
|
f.write("{}")
|
||||||
|
|
||||||
|
|
||||||
def create_command(args: argparse.Namespace) -> None:
|
def create_command(args: argparse.Namespace) -> None:
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
import argparse
|
import argparse
|
||||||
|
import shutil
|
||||||
|
|
||||||
from ..errors import ClanError
|
from ..errors import ClanError
|
||||||
from .folders import machine_folder
|
from .folders import machine_folder
|
||||||
@@ -7,7 +8,7 @@ from .folders import machine_folder
|
|||||||
def delete_command(args: argparse.Namespace) -> None:
|
def delete_command(args: argparse.Namespace) -> None:
|
||||||
folder = machine_folder(args.host)
|
folder = machine_folder(args.host)
|
||||||
if folder.exists():
|
if folder.exists():
|
||||||
folder.rmdir()
|
shutil.rmtree(folder)
|
||||||
else:
|
else:
|
||||||
raise ClanError(f"Machine {args.host} does not exist")
|
raise ClanError(f"Machine {args.host} does not exist")
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user