diff --git a/flake.nix b/flake.nix index 9cc3399..e860b42 100644 --- a/flake.nix +++ b/flake.nix @@ -15,7 +15,7 @@ rec { lib = import ./nix/lib { - inherit nixpkgs; + inherit self nixpkgs; inherit (zentralwerk-network-key.lib) gpgKey; }; diff --git a/nix/lib/config/default.nix b/nix/lib/config/default.nix index c08cd7b..cacdf3b 100644 --- a/nix/lib/config/default.nix +++ b/nix/lib/config/default.nix @@ -1,10 +1,13 @@ -{ pkgs ? import {} +{ self +, pkgs ? import {} , gpgKey }: let result = pkgs.lib.evalModules { - args.pkgs = pkgs; + args = { + inherit self pkgs; + }; modules = [ ./options.nix ./legacy.nix diff --git a/nix/lib/config/legacy.nix b/nix/lib/config/legacy.nix index a80b220..1c8ba17 100644 --- a/nix/lib/config/legacy.nix +++ b/nix/lib/config/legacy.nix @@ -1,10 +1,8 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, self, ... }: let - pillar = import ./salt-support/salt-pillar.nix { - inherit pkgs; - inherit (config) gpgKey; - }; + mainServer = "server1"; + pillar = self.lib.saltPillarFor mainServer; in { options.salt-pillar = lib.mkOption {}; @@ -22,7 +20,7 @@ in config.site.hosts = lib.mkMerge ( [ { - server1.role = "server"; + "${mainServer}".role = "server"; } (builtins.mapAttrs (_: switch: { @@ -37,7 +35,7 @@ in (builtins.mapAttrs (_: container: { role = "container"; - location = "server1"; + location = mainServer; }) pillar.containers) ] ++ diff --git a/nix/lib/default.nix b/nix/lib/default.nix index d43b0e1..f5419dc 100644 --- a/nix/lib/default.nix +++ b/nix/lib/default.nix @@ -1,12 +1,16 @@ -{ nixpkgs, gpgKey }: +{ self, nixpkgs, gpgKey }: let pkgs = nixpkgs.legacyPackages.x86_64-linux; in { - config = import ./config { inherit pkgs gpgKey; }; + config = import ./config { inherit self pkgs gpgKey; }; - expandSaltTemplate = import ./config/salt-support/expand-template.nix { inherit pkgs; }; + expandSaltTemplate = import ./salt-support/expand-template.nix { inherit pkgs; }; + + saltPillarFor = import ./salt-support/salt-pillar.nix { + inherit pkgs gpgKey; + }; netmasks = import ./netmasks.nix; diff --git a/nix/lib/config/salt-support/expand-template.nix b/nix/lib/salt-support/expand-template.nix similarity index 100% rename from nix/lib/config/salt-support/expand-template.nix rename to nix/lib/salt-support/expand-template.nix diff --git a/nix/lib/config/salt-support/salt-pillar.nix b/nix/lib/salt-support/load-sls.nix similarity index 77% rename from nix/lib/config/salt-support/salt-pillar.nix rename to nix/lib/salt-support/load-sls.nix index a201744..3cd4daf 100644 --- a/nix/lib/config/salt-support/salt-pillar.nix +++ b/nix/lib/salt-support/load-sls.nix @@ -33,9 +33,15 @@ let then builtins.mapAttrs (_: decrypt) x else x; + loadSls = files: + decrypt ( + builtins.foldl' (result: filename: + recursiveUpdate result (loadYaml filename) + ) {} files + ); in -decrypt ( - builtins.foldl' (result: filename: - recursiveUpdate result (loadYaml filename) - ) {} (filesystem.listFilesRecursive ../../../../salt-pillar) -) + +files: +if builtins.isList files +then loadSls files +else loadSls [ files ] diff --git a/nix/lib/config/salt-support/load-yaml.nix b/nix/lib/salt-support/load-yaml.nix similarity index 100% rename from nix/lib/config/salt-support/load-yaml.nix rename to nix/lib/salt-support/load-yaml.nix diff --git a/nix/lib/salt-support/salt-pillar.nix b/nix/lib/salt-support/salt-pillar.nix new file mode 100644 index 000000000..10c0988 --- /dev/null +++ b/nix/lib/salt-support/salt-pillar.nix @@ -0,0 +1,62 @@ +{ pkgs ? import {} +, ... +}@args: + +hostName: + +let + loadSls = import ./load-sls.nix args; + + pillarBase = (loadSls ../../../salt-pillar/top.sls).base; + + globToRegex = builtins.replaceStrings ["*"] [".*"]; + + baseMatches = + builtins.filter (patterns: + pkgs.lib.any (pattern: + builtins.match (globToRegex pattern) hostName != null + ) ( + builtins.filter builtins.isString ( + builtins.split " or " patterns + ) + ) + ) (builtins.attrNames pillarBase); + + fileIds = builtins.foldl' (result: matchName: + result ++ pillarBase.${matchName} + ) [] baseMatches; + + allFilePaths = pkgs.lib.filesystem.listFilesRecursive ../../../salt-pillar; + + files = map (fileId: + let + parts = builtins.filter builtins.isString ( + builtins.split "\\." fileId + ); + matches = builtins.filter (filePath: + let + suffix1 = builtins.concatStringsSep "/" (parts ++ [ "init.sls" ]); + suffix2 = (builtins.concatStringsSep "/" parts) + ".sls"; + check = suffix: + endsWith suffix (builtins.toString filePath); + in + check suffix1 || check suffix2 + ) allFilePaths; + matchesLength = builtins.length matches; + in + if matchesLength == 0 + then throw "No pillar file for ${fileId}" + else if matchesLength > 1 + then throw "Ambiguous choice of files for ${fileId}" + else builtins.head matches + ) fileIds; + + endsWith = suffix: s: + let + suffixLen = builtins.stringLength suffix; + sLen = builtins.stringLength s; + in + builtins.substring (sLen - suffixLen) suffixLen s == suffix; + +in +loadSls files diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix index e90070e..29b8511 100644 --- a/nix/pkgs/default.nix +++ b/nix/pkgs/default.nix @@ -6,11 +6,23 @@ let export-config-file = builtins.toFile "config.nix" ( nixpkgs.lib.generators.toPretty {} config ); - # Debug dump aid export-config = nixpkgs.legacyPackages.${system}.runCommandLocal "config.nix" {} '' cp ${export-config-file} $out ''; + salt-pillar-file = hostName: builtins.toFile "${hostName}.yaml" ( + nixpkgs.lib.generators.toPretty {} (self.lib.saltPillarFor hostName) + ); + salt-pillars = builtins.foldl' (result: hostName: result // { + "${hostName}-pillar" = nixpkgs.legacyPackages.${system}.runCommandLocal "${hostName}-pillar.nix" {} '' + cp ${salt-pillar-file hostName} $out + ''; + }) {} ( + builtins.filter (hostName: + builtins.elem config.site.hosts.${hostName}.role [ "server" "container" ] + ) (builtins.attrNames config.site.hosts) + ); + test_vm = nixpkgs.legacyPackages.${system}.runCommandLocal "test_vm" { src = self.nixosConfigurations.test_vm.config.system.build.toplevel; } '' @@ -25,6 +37,6 @@ let }; in -device-templates // { +salt-pillars // device-templates // { inherit export-config test_vm; }