diff --git a/flake.nix b/flake.nix index 78a7ae3..a7edbdf 100644 --- a/flake.nix +++ b/flake.nix @@ -13,8 +13,7 @@ in rec { lib = - import ./nix/lib { inherit nixpkgs; } - ); + import ./nix/lib { inherit nixpkgs; }; packages = forAllSystems (system: { test_vm = nixpkgs.legacyPackages.${system}.runCommandLocal "test_vm" { diff --git a/nix/lib/config/salt-support/load-yaml.nix b/nix/lib/config/salt-support/load-yaml.nix index be24111..5d2e83d 100644 --- a/nix/lib/config/salt-support/load-yaml.nix +++ b/nix/lib/config/salt-support/load-yaml.nix @@ -1,21 +1,15 @@ { pkgs ? import {} -, gpgKeyFile ? ../../salt-gpg.asc }: path: let json = pkgs.runCommandLocal "desalinated-${builtins.baseNameOf path}" { nativeBuildInputs = with pkgs; [ - gnupg pythonPackages.j2cli ruby yaml2json ]; } '' - export GNUPGHOME=$(mktemp -d) - gpg --import ${gpgKeyFile} - j2 ${path} > expanded.yaml - ruby ${./yaml-gpg.rb} expanded.yaml > decrypted.yaml - yaml2json < decrypted.yaml > $out + yaml2json < expanded.yaml > $out ''; in builtins.fromJSON ( diff --git a/nix/lib/config/salt-support/yaml-gpg.rb b/nix/lib/config/salt-support/yaml-gpg.rb deleted file mode 100644 index b141398..000000000 --- a/nix/lib/config/salt-support/yaml-gpg.rb +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env ruby - -require 'yaml' - -def expand_gpg yaml - if yaml.is_a? Hash - yaml.transform_values { |value| expand_gpg value } - elsif yaml.is_a? Array - yaml.map { |value| expand_gpg value } - elsif yaml.is_a? String - if yaml =~ /^-----BEGIN PGP MESSAGE-----.+-----END PGP MESSAGE-----$/m - IO::popen("gpg --decrypt", "r+") do |gpg| - gpg.puts yaml - gpg.close_write - gpg.readlines.join "\n" - end - else - yaml - end - else - yaml - end -end - -ARGV.each do |filename| - yaml = YAML::load File::read(filename) - yaml = expand_gpg yaml - puts YAML::dump(yaml) -end diff --git a/nix/lib/default.nix b/nix/lib/default.nix index 5fbe133..8f16450 100644 --- a/nix/lib/default.nix +++ b/nix/lib/default.nix @@ -1,11 +1,13 @@ -{ nixpkgs, system }: +{ nixpkgs }: let - pkgs = nixpkgs.legacyPackages.${system}; + pkgs = nixpkgs.legacyPackages.x86_64-linux; in { config = import ./config { inherit pkgs; }; + expandSaltTemplate = import ./config/salt-support/expand-template.nix { inherit pkgs; }; + netmasks = import ./netmasks.nix; subnet = import ./subnet { inherit pkgs; }; diff --git a/nix/pkgs/device-templates.nix b/nix/pkgs/device-templates.nix index 3186364..3ae25cf 100644 --- a/nix/pkgs/device-templates.nix +++ b/nix/pkgs/device-templates.nix @@ -2,11 +2,11 @@ with nixpkgs.lib; let pkgs = nixpkgs.legacyPackages.${system}; - config = self.lib.${system}.config; + config = self.lib.config; templates = role: { - ap = _: ../salt/cpe/ap.sh; - switch = model: ../salt/switches + "/${model}.expect"; + ap = _: ../../salt/cpe/ap.sh; + switch = model: ../../salt/switches + "/${model}.expect"; }.${role}; replaceNetmasks = template: builtins.toFile (builtins.baseNameOf template) ( @@ -15,16 +15,14 @@ let ) ); expandTemplate = name: template: data: - import ./salt-support/expand-template.nix { - inherit pkgs; - } name (replaceNetmasks template) data; + self.lib.expandSaltTemplate name (replaceNetmasks template) data; device-scripts = builtins.mapAttrs (hostname: { role, model, ... }: expandTemplate "${hostname}.sh" (templates role model) ({ inherit hostname; pillar = config.salt-pillar; - netmasks = import ./netmasks.nix; + netmasks = self.lib.netmasks; logging = config.salt-pillar.hosts-inet.mgmt.logging; } // optionalAttrs (config.salt-pillar.switches ? ${hostname}) { switch = config.salt-pillar.switches.${hostname};