forked from zentralwerk/network
config: remove yaml-gpg.rb again
this approach required the gpg privkey all time
This commit is contained in:
parent
f15bb721d2
commit
1e0201b429
|
@ -13,8 +13,7 @@
|
||||||
in
|
in
|
||||||
rec {
|
rec {
|
||||||
lib =
|
lib =
|
||||||
import ./nix/lib { inherit nixpkgs; }
|
import ./nix/lib { inherit nixpkgs; };
|
||||||
);
|
|
||||||
|
|
||||||
packages = forAllSystems (system: {
|
packages = forAllSystems (system: {
|
||||||
test_vm = nixpkgs.legacyPackages.${system}.runCommandLocal "test_vm" {
|
test_vm = nixpkgs.legacyPackages.${system}.runCommandLocal "test_vm" {
|
||||||
|
|
|
@ -1,21 +1,15 @@
|
||||||
{ pkgs ? import <nixpkgs> {}
|
{ pkgs ? import <nixpkgs> {}
|
||||||
, gpgKeyFile ? ../../salt-gpg.asc
|
|
||||||
}:
|
}:
|
||||||
|
|
||||||
path:
|
path:
|
||||||
let
|
let
|
||||||
json = pkgs.runCommandLocal "desalinated-${builtins.baseNameOf path}" {
|
json = pkgs.runCommandLocal "desalinated-${builtins.baseNameOf path}" {
|
||||||
nativeBuildInputs = with pkgs; [
|
nativeBuildInputs = with pkgs; [
|
||||||
gnupg
|
|
||||||
pythonPackages.j2cli ruby yaml2json
|
pythonPackages.j2cli ruby yaml2json
|
||||||
];
|
];
|
||||||
} ''
|
} ''
|
||||||
export GNUPGHOME=$(mktemp -d)
|
|
||||||
gpg --import ${gpgKeyFile}
|
|
||||||
|
|
||||||
j2 ${path} > expanded.yaml
|
j2 ${path} > expanded.yaml
|
||||||
ruby ${./yaml-gpg.rb} expanded.yaml > decrypted.yaml
|
yaml2json < expanded.yaml > $out
|
||||||
yaml2json < decrypted.yaml > $out
|
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
builtins.fromJSON (
|
builtins.fromJSON (
|
||||||
|
|
|
@ -1,29 +0,0 @@
|
||||||
#!/usr/bin/env ruby
|
|
||||||
|
|
||||||
require 'yaml'
|
|
||||||
|
|
||||||
def expand_gpg yaml
|
|
||||||
if yaml.is_a? Hash
|
|
||||||
yaml.transform_values { |value| expand_gpg value }
|
|
||||||
elsif yaml.is_a? Array
|
|
||||||
yaml.map { |value| expand_gpg value }
|
|
||||||
elsif yaml.is_a? String
|
|
||||||
if yaml =~ /^-----BEGIN PGP MESSAGE-----.+-----END PGP MESSAGE-----$/m
|
|
||||||
IO::popen("gpg --decrypt", "r+") do |gpg|
|
|
||||||
gpg.puts yaml
|
|
||||||
gpg.close_write
|
|
||||||
gpg.readlines.join "\n"
|
|
||||||
end
|
|
||||||
else
|
|
||||||
yaml
|
|
||||||
end
|
|
||||||
else
|
|
||||||
yaml
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
ARGV.each do |filename|
|
|
||||||
yaml = YAML::load File::read(filename)
|
|
||||||
yaml = expand_gpg yaml
|
|
||||||
puts YAML::dump(yaml)
|
|
||||||
end
|
|
|
@ -1,11 +1,13 @@
|
||||||
{ nixpkgs, system }:
|
{ nixpkgs }:
|
||||||
|
|
||||||
let
|
let
|
||||||
pkgs = nixpkgs.legacyPackages.${system};
|
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = import ./config { inherit pkgs; };
|
config = import ./config { inherit pkgs; };
|
||||||
|
|
||||||
|
expandSaltTemplate = import ./config/salt-support/expand-template.nix { inherit pkgs; };
|
||||||
|
|
||||||
netmasks = import ./netmasks.nix;
|
netmasks = import ./netmasks.nix;
|
||||||
|
|
||||||
subnet = import ./subnet { inherit pkgs; };
|
subnet = import ./subnet { inherit pkgs; };
|
||||||
|
|
|
@ -2,11 +2,11 @@
|
||||||
with nixpkgs.lib;
|
with nixpkgs.lib;
|
||||||
let
|
let
|
||||||
pkgs = nixpkgs.legacyPackages.${system};
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
config = self.lib.${system}.config;
|
config = self.lib.config;
|
||||||
|
|
||||||
templates = role: {
|
templates = role: {
|
||||||
ap = _: ../salt/cpe/ap.sh;
|
ap = _: ../../salt/cpe/ap.sh;
|
||||||
switch = model: ../salt/switches + "/${model}.expect";
|
switch = model: ../../salt/switches + "/${model}.expect";
|
||||||
}.${role};
|
}.${role};
|
||||||
replaceNetmasks = template:
|
replaceNetmasks = template:
|
||||||
builtins.toFile (builtins.baseNameOf template) (
|
builtins.toFile (builtins.baseNameOf template) (
|
||||||
|
@ -15,16 +15,14 @@ let
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
expandTemplate = name: template: data:
|
expandTemplate = name: template: data:
|
||||||
import ./salt-support/expand-template.nix {
|
self.lib.expandSaltTemplate name (replaceNetmasks template) data;
|
||||||
inherit pkgs;
|
|
||||||
} name (replaceNetmasks template) data;
|
|
||||||
|
|
||||||
device-scripts =
|
device-scripts =
|
||||||
builtins.mapAttrs (hostname: { role, model, ... }:
|
builtins.mapAttrs (hostname: { role, model, ... }:
|
||||||
expandTemplate "${hostname}.sh" (templates role model) ({
|
expandTemplate "${hostname}.sh" (templates role model) ({
|
||||||
inherit hostname;
|
inherit hostname;
|
||||||
pillar = config.salt-pillar;
|
pillar = config.salt-pillar;
|
||||||
netmasks = import ./netmasks.nix;
|
netmasks = self.lib.netmasks;
|
||||||
logging = config.salt-pillar.hosts-inet.mgmt.logging;
|
logging = config.salt-pillar.hosts-inet.mgmt.logging;
|
||||||
} // optionalAttrs (config.salt-pillar.switches ? ${hostname}) {
|
} // optionalAttrs (config.salt-pillar.switches ? ${hostname}) {
|
||||||
switch = config.salt-pillar.switches.${hostname};
|
switch = config.salt-pillar.switches.${hostname};
|
||||||
|
|
Loading…
Reference in New Issue