nix/lib/salt-support: implement saltPillarFor by hostName
This commit is contained in:
parent
171b213603
commit
3aedafe119
|
@ -15,7 +15,7 @@
|
||||||
rec {
|
rec {
|
||||||
lib =
|
lib =
|
||||||
import ./nix/lib {
|
import ./nix/lib {
|
||||||
inherit nixpkgs;
|
inherit self nixpkgs;
|
||||||
inherit (zentralwerk-network-key.lib) gpgKey;
|
inherit (zentralwerk-network-key.lib) gpgKey;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,13 @@
|
||||||
{ pkgs ? import <nixpkgs> {}
|
{ self
|
||||||
|
, pkgs ? import <nixpkgs> {}
|
||||||
, gpgKey
|
, gpgKey
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
result = pkgs.lib.evalModules {
|
result = pkgs.lib.evalModules {
|
||||||
args.pkgs = pkgs;
|
args = {
|
||||||
|
inherit self pkgs;
|
||||||
|
};
|
||||||
modules = [
|
modules = [
|
||||||
./options.nix
|
./options.nix
|
||||||
./legacy.nix
|
./legacy.nix
|
||||||
|
|
|
@ -1,10 +1,8 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, self, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
pillar = import ./salt-support/salt-pillar.nix {
|
mainServer = "server1";
|
||||||
inherit pkgs;
|
pillar = self.lib.saltPillarFor mainServer;
|
||||||
inherit (config) gpgKey;
|
|
||||||
};
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.salt-pillar = lib.mkOption {};
|
options.salt-pillar = lib.mkOption {};
|
||||||
|
@ -22,7 +20,7 @@ in
|
||||||
config.site.hosts = lib.mkMerge (
|
config.site.hosts = lib.mkMerge (
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
server1.role = "server";
|
"${mainServer}".role = "server";
|
||||||
}
|
}
|
||||||
|
|
||||||
(builtins.mapAttrs (_: switch: {
|
(builtins.mapAttrs (_: switch: {
|
||||||
|
@ -37,7 +35,7 @@ in
|
||||||
|
|
||||||
(builtins.mapAttrs (_: container: {
|
(builtins.mapAttrs (_: container: {
|
||||||
role = "container";
|
role = "container";
|
||||||
location = "server1";
|
location = mainServer;
|
||||||
}) pillar.containers)
|
}) pillar.containers)
|
||||||
] ++
|
] ++
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,16 @@
|
||||||
{ nixpkgs, gpgKey }:
|
{ self, nixpkgs, gpgKey }:
|
||||||
|
|
||||||
let
|
let
|
||||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = import ./config { inherit pkgs gpgKey; };
|
config = import ./config { inherit self pkgs gpgKey; };
|
||||||
|
|
||||||
expandSaltTemplate = import ./config/salt-support/expand-template.nix { inherit pkgs; };
|
expandSaltTemplate = import ./salt-support/expand-template.nix { inherit pkgs; };
|
||||||
|
|
||||||
|
saltPillarFor = import ./salt-support/salt-pillar.nix {
|
||||||
|
inherit pkgs gpgKey;
|
||||||
|
};
|
||||||
|
|
||||||
netmasks = import ./netmasks.nix;
|
netmasks = import ./netmasks.nix;
|
||||||
|
|
||||||
|
|
|
@ -33,9 +33,15 @@ let
|
||||||
then builtins.mapAttrs (_: decrypt) x
|
then builtins.mapAttrs (_: decrypt) x
|
||||||
else x;
|
else x;
|
||||||
|
|
||||||
in
|
loadSls = files:
|
||||||
decrypt (
|
decrypt (
|
||||||
builtins.foldl' (result: filename:
|
builtins.foldl' (result: filename:
|
||||||
recursiveUpdate result (loadYaml filename)
|
recursiveUpdate result (loadYaml filename)
|
||||||
) {} (filesystem.listFilesRecursive ../../../../salt-pillar)
|
) {} files
|
||||||
)
|
);
|
||||||
|
in
|
||||||
|
|
||||||
|
files:
|
||||||
|
if builtins.isList files
|
||||||
|
then loadSls files
|
||||||
|
else loadSls [ files ]
|
|
@ -0,0 +1,62 @@
|
||||||
|
{ pkgs ? import <nixpkgs> {}
|
||||||
|
, ...
|
||||||
|
}@args:
|
||||||
|
|
||||||
|
hostName:
|
||||||
|
|
||||||
|
let
|
||||||
|
loadSls = import ./load-sls.nix args;
|
||||||
|
|
||||||
|
pillarBase = (loadSls ../../../salt-pillar/top.sls).base;
|
||||||
|
|
||||||
|
globToRegex = builtins.replaceStrings ["*"] [".*"];
|
||||||
|
|
||||||
|
baseMatches =
|
||||||
|
builtins.filter (patterns:
|
||||||
|
pkgs.lib.any (pattern:
|
||||||
|
builtins.match (globToRegex pattern) hostName != null
|
||||||
|
) (
|
||||||
|
builtins.filter builtins.isString (
|
||||||
|
builtins.split " or " patterns
|
||||||
|
)
|
||||||
|
)
|
||||||
|
) (builtins.attrNames pillarBase);
|
||||||
|
|
||||||
|
fileIds = builtins.foldl' (result: matchName:
|
||||||
|
result ++ pillarBase.${matchName}
|
||||||
|
) [] baseMatches;
|
||||||
|
|
||||||
|
allFilePaths = pkgs.lib.filesystem.listFilesRecursive ../../../salt-pillar;
|
||||||
|
|
||||||
|
files = map (fileId:
|
||||||
|
let
|
||||||
|
parts = builtins.filter builtins.isString (
|
||||||
|
builtins.split "\\." fileId
|
||||||
|
);
|
||||||
|
matches = builtins.filter (filePath:
|
||||||
|
let
|
||||||
|
suffix1 = builtins.concatStringsSep "/" (parts ++ [ "init.sls" ]);
|
||||||
|
suffix2 = (builtins.concatStringsSep "/" parts) + ".sls";
|
||||||
|
check = suffix:
|
||||||
|
endsWith suffix (builtins.toString filePath);
|
||||||
|
in
|
||||||
|
check suffix1 || check suffix2
|
||||||
|
) allFilePaths;
|
||||||
|
matchesLength = builtins.length matches;
|
||||||
|
in
|
||||||
|
if matchesLength == 0
|
||||||
|
then throw "No pillar file for ${fileId}"
|
||||||
|
else if matchesLength > 1
|
||||||
|
then throw "Ambiguous choice of files for ${fileId}"
|
||||||
|
else builtins.head matches
|
||||||
|
) fileIds;
|
||||||
|
|
||||||
|
endsWith = suffix: s:
|
||||||
|
let
|
||||||
|
suffixLen = builtins.stringLength suffix;
|
||||||
|
sLen = builtins.stringLength s;
|
||||||
|
in
|
||||||
|
builtins.substring (sLen - suffixLen) suffixLen s == suffix;
|
||||||
|
|
||||||
|
in
|
||||||
|
loadSls files
|
|
@ -6,11 +6,23 @@ let
|
||||||
export-config-file = builtins.toFile "config.nix" (
|
export-config-file = builtins.toFile "config.nix" (
|
||||||
nixpkgs.lib.generators.toPretty {} config
|
nixpkgs.lib.generators.toPretty {} config
|
||||||
);
|
);
|
||||||
# Debug dump aid
|
|
||||||
export-config = nixpkgs.legacyPackages.${system}.runCommandLocal "config.nix" {} ''
|
export-config = nixpkgs.legacyPackages.${system}.runCommandLocal "config.nix" {} ''
|
||||||
cp ${export-config-file} $out
|
cp ${export-config-file} $out
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
salt-pillar-file = hostName: builtins.toFile "${hostName}.yaml" (
|
||||||
|
nixpkgs.lib.generators.toPretty {} (self.lib.saltPillarFor hostName)
|
||||||
|
);
|
||||||
|
salt-pillars = builtins.foldl' (result: hostName: result // {
|
||||||
|
"${hostName}-pillar" = nixpkgs.legacyPackages.${system}.runCommandLocal "${hostName}-pillar.nix" {} ''
|
||||||
|
cp ${salt-pillar-file hostName} $out
|
||||||
|
'';
|
||||||
|
}) {} (
|
||||||
|
builtins.filter (hostName:
|
||||||
|
builtins.elem config.site.hosts.${hostName}.role [ "server" "container" ]
|
||||||
|
) (builtins.attrNames config.site.hosts)
|
||||||
|
);
|
||||||
|
|
||||||
test_vm = nixpkgs.legacyPackages.${system}.runCommandLocal "test_vm" {
|
test_vm = nixpkgs.legacyPackages.${system}.runCommandLocal "test_vm" {
|
||||||
src = self.nixosConfigurations.test_vm.config.system.build.toplevel;
|
src = self.nixosConfigurations.test_vm.config.system.build.toplevel;
|
||||||
} ''
|
} ''
|
||||||
|
@ -25,6 +37,6 @@ let
|
||||||
};
|
};
|
||||||
|
|
||||||
in
|
in
|
||||||
device-templates // {
|
salt-pillars // device-templates // {
|
||||||
inherit export-config test_vm;
|
inherit export-config test_vm;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue