nix/lib/salt-support: implement saltPillarFor by hostName

2021-03-20 01:00:18 +01:00 · 2021-03-20 01:00:18 +01:00 · 3aedafe119
parent 171b213603
commit 3aedafe119
9 changed files with 105 additions and 20 deletions
--- a/flake.nix
+++ b/flake.nix
@ -15,7 +15,7 @@
    rec {
      lib =
        import ./nix/lib {
-          inherit nixpkgs;
+          inherit self nixpkgs;
          inherit (zentralwerk-network-key.lib) gpgKey;
        };

--- a/nix/lib/config/default.nix
+++ b/nix/lib/config/default.nix
@ -1,10 +1,13 @@
-{ pkgs ? import <nixpkgs> {}
+{ self
+, pkgs ? import <nixpkgs> {}
 , gpgKey
 }:

 let
  result = pkgs.lib.evalModules {
-    args.pkgs = pkgs;
+    args = {
+      inherit self pkgs;
+    };
    modules = [
      ./options.nix
      ./legacy.nix
--- a/nix/lib/config/legacy.nix
+++ b/nix/lib/config/legacy.nix
@ -1,10 +1,8 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, self, ... }:

 let
-  pillar = import ./salt-support/salt-pillar.nix {
-    inherit pkgs;
-    inherit (config) gpgKey;
-  };
+  mainServer = "server1";
+  pillar = self.lib.saltPillarFor mainServer;
 in
 {
  options.salt-pillar = lib.mkOption {};
@ -22,7 +20,7 @@ in
  config.site.hosts = lib.mkMerge (
    [
      {
-        server1.role = "server";
+        "${mainServer}".role = "server";
      }

      (builtins.mapAttrs (_: switch: {
@ -37,7 +35,7 @@ in

      (builtins.mapAttrs (_: container: {
        role = "container";
-        location = "server1";
+        location = mainServer;
      }) pillar.containers)
    ] ++

--- a/nix/lib/default.nix
+++ b/nix/lib/default.nix
@ -1,12 +1,16 @@
-{ nixpkgs, gpgKey }:
+{ self, nixpkgs, gpgKey }:

 let
  pkgs = nixpkgs.legacyPackages.x86_64-linux;
 in
 {
-  config = import ./config { inherit pkgs gpgKey; };
+  config = import ./config { inherit self pkgs gpgKey; };

-  expandSaltTemplate = import ./config/salt-support/expand-template.nix { inherit pkgs; };
+  expandSaltTemplate = import ./salt-support/expand-template.nix { inherit pkgs; };
+
+  saltPillarFor = import ./salt-support/salt-pillar.nix {
+    inherit pkgs gpgKey;
+  };

  netmasks = import ./netmasks.nix;

--- a/nix/lib/config/salt-support/expand-template.nix
+++ b/nix/lib/config/salt-support/expand-template.nix
--- a/nix/lib/config/salt-support/salt-pillar.nix
+++ b/nix/lib/config/salt-support/salt-pillar.nix
@ -33,9 +33,15 @@ let
    then builtins.mapAttrs (_: decrypt) x
    else x;

+  loadSls = files:
+    decrypt (
+      builtins.foldl' (result: filename:
+        recursiveUpdate result (loadYaml filename)
+      ) {} files
+    );
 in
-decrypt (
-  builtins.foldl' (result: filename:
-    recursiveUpdate result (loadYaml filename)
-  ) {} (filesystem.listFilesRecursive ../../../../salt-pillar)
-)
+
+files:
+if builtins.isList files
+then loadSls files
+else loadSls [ files ]
--- a/nix/lib/config/salt-support/load-yaml.nix
+++ b/nix/lib/config/salt-support/load-yaml.nix
--- a/nix/lib/salt-support/salt-pillar.nix
+++ b/nix/lib/salt-support/salt-pillar.nix
@ -0,0 +1,62 @@
+{ pkgs ? import <nixpkgs> {}
+, ...
+}@args:
+
+hostName:
+
+let
+  loadSls = import ./load-sls.nix args;
+
+  pillarBase = (loadSls ../../../salt-pillar/top.sls).base;
+
+  globToRegex = builtins.replaceStrings ["*"] [".*"];
+
+  baseMatches =
+    builtins.filter (patterns:
+      pkgs.lib.any (pattern:
+        builtins.match (globToRegex pattern) hostName != null
+      ) (
+        builtins.filter builtins.isString (
+          builtins.split " or " patterns
+        )
+      )
+    ) (builtins.attrNames pillarBase);
+
+  fileIds = builtins.foldl' (result: matchName:
+    result ++ pillarBase.${matchName}
+  ) [] baseMatches;
+
+  allFilePaths = pkgs.lib.filesystem.listFilesRecursive ../../../salt-pillar;
+
+  files = map (fileId:
+    let
+      parts = builtins.filter builtins.isString (
+        builtins.split "\\." fileId
+      );
+      matches = builtins.filter (filePath:
+        let
+          suffix1 = builtins.concatStringsSep "/" (parts ++ [ "init.sls" ]);
+          suffix2 = (builtins.concatStringsSep "/" parts) + ".sls";
+          check = suffix:
+            endsWith suffix (builtins.toString filePath);
+        in
+          check suffix1 || check suffix2
+      ) allFilePaths;
+      matchesLength = builtins.length matches;
+    in
+      if matchesLength == 0
+      then throw "No pillar file for ${fileId}"
+      else if matchesLength > 1
+      then throw "Ambiguous choice of files for ${fileId}"
+      else builtins.head matches
+  ) fileIds;
+
+  endsWith = suffix: s:
+    let
+      suffixLen = builtins.stringLength suffix;
+      sLen = builtins.stringLength s;
+    in
+    builtins.substring (sLen - suffixLen) suffixLen s == suffix;
+
+in
+loadSls files
--- a/nix/pkgs/default.nix
+++ b/nix/pkgs/default.nix
@ -6,11 +6,23 @@ let
  export-config-file = builtins.toFile "config.nix" (
    nixpkgs.lib.generators.toPretty {} config
  );
-  # Debug dump aid
  export-config = nixpkgs.legacyPackages.${system}.runCommandLocal "config.nix" {} ''
    cp ${export-config-file} $out
  '';

+  salt-pillar-file = hostName: builtins.toFile "${hostName}.yaml" (
+    nixpkgs.lib.generators.toPretty {} (self.lib.saltPillarFor hostName)
+  );
+  salt-pillars = builtins.foldl' (result: hostName: result // {
+    "${hostName}-pillar" = nixpkgs.legacyPackages.${system}.runCommandLocal "${hostName}-pillar.nix" {} ''
+      cp ${salt-pillar-file hostName} $out
+    '';
+  }) {} (
+    builtins.filter (hostName:
+      builtins.elem config.site.hosts.${hostName}.role [ "server" "container" ]
+    ) (builtins.attrNames config.site.hosts)
+  );
+
  test_vm = nixpkgs.legacyPackages.${system}.runCommandLocal "test_vm" {
    src = self.nixosConfigurations.test_vm.config.system.build.toplevel;
  } ''
@ -25,6 +37,6 @@ let
  };

 in
-device-templates // {
+salt-pillars // device-templates // {
  inherit export-config test_vm;
 }