nix/lib/salt-support: implement saltPillarFor by hostName
This commit is contained in:
parent
171b213603
commit
3aedafe119
|
@ -15,7 +15,7 @@
|
|||
rec {
|
||||
lib =
|
||||
import ./nix/lib {
|
||||
inherit nixpkgs;
|
||||
inherit self nixpkgs;
|
||||
inherit (zentralwerk-network-key.lib) gpgKey;
|
||||
};
|
||||
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
{ pkgs ? import <nixpkgs> {}
|
||||
{ self
|
||||
, pkgs ? import <nixpkgs> {}
|
||||
, gpgKey
|
||||
}:
|
||||
|
||||
let
|
||||
result = pkgs.lib.evalModules {
|
||||
args.pkgs = pkgs;
|
||||
args = {
|
||||
inherit self pkgs;
|
||||
};
|
||||
modules = [
|
||||
./options.nix
|
||||
./legacy.nix
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, self, ... }:
|
||||
|
||||
let
|
||||
pillar = import ./salt-support/salt-pillar.nix {
|
||||
inherit pkgs;
|
||||
inherit (config) gpgKey;
|
||||
};
|
||||
mainServer = "server1";
|
||||
pillar = self.lib.saltPillarFor mainServer;
|
||||
in
|
||||
{
|
||||
options.salt-pillar = lib.mkOption {};
|
||||
|
@ -22,7 +20,7 @@ in
|
|||
config.site.hosts = lib.mkMerge (
|
||||
[
|
||||
{
|
||||
server1.role = "server";
|
||||
"${mainServer}".role = "server";
|
||||
}
|
||||
|
||||
(builtins.mapAttrs (_: switch: {
|
||||
|
@ -37,7 +35,7 @@ in
|
|||
|
||||
(builtins.mapAttrs (_: container: {
|
||||
role = "container";
|
||||
location = "server1";
|
||||
location = mainServer;
|
||||
}) pillar.containers)
|
||||
] ++
|
||||
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
{ nixpkgs, gpgKey }:
|
||||
{ self, nixpkgs, gpgKey }:
|
||||
|
||||
let
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
in
|
||||
{
|
||||
config = import ./config { inherit pkgs gpgKey; };
|
||||
config = import ./config { inherit self pkgs gpgKey; };
|
||||
|
||||
expandSaltTemplate = import ./config/salt-support/expand-template.nix { inherit pkgs; };
|
||||
expandSaltTemplate = import ./salt-support/expand-template.nix { inherit pkgs; };
|
||||
|
||||
saltPillarFor = import ./salt-support/salt-pillar.nix {
|
||||
inherit pkgs gpgKey;
|
||||
};
|
||||
|
||||
netmasks = import ./netmasks.nix;
|
||||
|
||||
|
|
|
@ -33,9 +33,15 @@ let
|
|||
then builtins.mapAttrs (_: decrypt) x
|
||||
else x;
|
||||
|
||||
loadSls = files:
|
||||
decrypt (
|
||||
builtins.foldl' (result: filename:
|
||||
recursiveUpdate result (loadYaml filename)
|
||||
) {} files
|
||||
);
|
||||
in
|
||||
decrypt (
|
||||
builtins.foldl' (result: filename:
|
||||
recursiveUpdate result (loadYaml filename)
|
||||
) {} (filesystem.listFilesRecursive ../../../../salt-pillar)
|
||||
)
|
||||
|
||||
files:
|
||||
if builtins.isList files
|
||||
then loadSls files
|
||||
else loadSls [ files ]
|
|
@ -0,0 +1,62 @@
|
|||
{ pkgs ? import <nixpkgs> {}
|
||||
, ...
|
||||
}@args:
|
||||
|
||||
hostName:
|
||||
|
||||
let
|
||||
loadSls = import ./load-sls.nix args;
|
||||
|
||||
pillarBase = (loadSls ../../../salt-pillar/top.sls).base;
|
||||
|
||||
globToRegex = builtins.replaceStrings ["*"] [".*"];
|
||||
|
||||
baseMatches =
|
||||
builtins.filter (patterns:
|
||||
pkgs.lib.any (pattern:
|
||||
builtins.match (globToRegex pattern) hostName != null
|
||||
) (
|
||||
builtins.filter builtins.isString (
|
||||
builtins.split " or " patterns
|
||||
)
|
||||
)
|
||||
) (builtins.attrNames pillarBase);
|
||||
|
||||
fileIds = builtins.foldl' (result: matchName:
|
||||
result ++ pillarBase.${matchName}
|
||||
) [] baseMatches;
|
||||
|
||||
allFilePaths = pkgs.lib.filesystem.listFilesRecursive ../../../salt-pillar;
|
||||
|
||||
files = map (fileId:
|
||||
let
|
||||
parts = builtins.filter builtins.isString (
|
||||
builtins.split "\\." fileId
|
||||
);
|
||||
matches = builtins.filter (filePath:
|
||||
let
|
||||
suffix1 = builtins.concatStringsSep "/" (parts ++ [ "init.sls" ]);
|
||||
suffix2 = (builtins.concatStringsSep "/" parts) + ".sls";
|
||||
check = suffix:
|
||||
endsWith suffix (builtins.toString filePath);
|
||||
in
|
||||
check suffix1 || check suffix2
|
||||
) allFilePaths;
|
||||
matchesLength = builtins.length matches;
|
||||
in
|
||||
if matchesLength == 0
|
||||
then throw "No pillar file for ${fileId}"
|
||||
else if matchesLength > 1
|
||||
then throw "Ambiguous choice of files for ${fileId}"
|
||||
else builtins.head matches
|
||||
) fileIds;
|
||||
|
||||
endsWith = suffix: s:
|
||||
let
|
||||
suffixLen = builtins.stringLength suffix;
|
||||
sLen = builtins.stringLength s;
|
||||
in
|
||||
builtins.substring (sLen - suffixLen) suffixLen s == suffix;
|
||||
|
||||
in
|
||||
loadSls files
|
|
@ -6,11 +6,23 @@ let
|
|||
export-config-file = builtins.toFile "config.nix" (
|
||||
nixpkgs.lib.generators.toPretty {} config
|
||||
);
|
||||
# Debug dump aid
|
||||
export-config = nixpkgs.legacyPackages.${system}.runCommandLocal "config.nix" {} ''
|
||||
cp ${export-config-file} $out
|
||||
'';
|
||||
|
||||
salt-pillar-file = hostName: builtins.toFile "${hostName}.yaml" (
|
||||
nixpkgs.lib.generators.toPretty {} (self.lib.saltPillarFor hostName)
|
||||
);
|
||||
salt-pillars = builtins.foldl' (result: hostName: result // {
|
||||
"${hostName}-pillar" = nixpkgs.legacyPackages.${system}.runCommandLocal "${hostName}-pillar.nix" {} ''
|
||||
cp ${salt-pillar-file hostName} $out
|
||||
'';
|
||||
}) {} (
|
||||
builtins.filter (hostName:
|
||||
builtins.elem config.site.hosts.${hostName}.role [ "server" "container" ]
|
||||
) (builtins.attrNames config.site.hosts)
|
||||
);
|
||||
|
||||
test_vm = nixpkgs.legacyPackages.${system}.runCommandLocal "test_vm" {
|
||||
src = self.nixosConfigurations.test_vm.config.system.build.toplevel;
|
||||
} ''
|
||||
|
@ -25,6 +37,6 @@ let
|
|||
};
|
||||
|
||||
in
|
||||
device-templates // {
|
||||
salt-pillars // device-templates // {
|
||||
inherit export-config test_vm;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue