nix/lib/salt-support: implement saltPillarFor by hostName

flake.nix

@@ -15,7 +15,7 @@
     rec {
       lib =
         import ./nix/lib {
-          inherit nixpkgs;
+          inherit self nixpkgs;
           inherit (zentralwerk-network-key.lib) gpgKey;
         };
 

nix/lib/config/default.nix

@@ -1,10 +1,13 @@
-{ pkgs ? import <nixpkgs> {}
+{ self
+, pkgs ? import <nixpkgs> {}
 , gpgKey
 }:
 
 let
   result = pkgs.lib.evalModules {
-    args.pkgs = pkgs;
+    args = {
+      inherit self pkgs;
+    };
     modules = [
       ./options.nix
       ./legacy.nix

nix/lib/config/legacy.nix

@@ -1,10 +1,8 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, self, ... }:
 
 let
-  pillar = import ./salt-support/salt-pillar.nix {
+  mainServer = "server1";
-    inherit pkgs;
+  pillar = self.lib.saltPillarFor mainServer;
-    inherit (config) gpgKey;
-  };
 in
 {
   options.salt-pillar = lib.mkOption {};
@@ -22,7 +20,7 @@ in
   config.site.hosts = lib.mkMerge (
     [
       {
-        server1.role = "server";
+        "${mainServer}".role = "server";
       }
 
       (builtins.mapAttrs (_: switch: {
@@ -37,7 +35,7 @@ in
 
       (builtins.mapAttrs (_: container: {
         role = "container";
-        location = "server1";
+        location = mainServer;
       }) pillar.containers)
     ] ++
 

nix/lib/default.nix

@@ -1,12 +1,16 @@
-{ nixpkgs, gpgKey }:
+{ self, nixpkgs, gpgKey }:
 
 let
   pkgs = nixpkgs.legacyPackages.x86_64-linux;
 in
 {
-  config = import ./config { inherit pkgs gpgKey; };
+  config = import ./config { inherit self pkgs gpgKey; };
 
-  expandSaltTemplate = import ./config/salt-support/expand-template.nix { inherit pkgs; };
+  expandSaltTemplate = import ./salt-support/expand-template.nix { inherit pkgs; };
+
+  saltPillarFor = import ./salt-support/salt-pillar.nix {
+    inherit pkgs gpgKey;
+  };
 
   netmasks = import ./netmasks.nix;
 

nix/lib/salt-support/load-sls.nix

@@ -33,9 +33,15 @@ let
     then builtins.mapAttrs (_: decrypt) x
     else x;
 
+  loadSls = files:
+    decrypt (
+      builtins.foldl' (result: filename:
+        recursiveUpdate result (loadYaml filename)
+      ) {} files
+    );
 in
-decrypt (
+
-  builtins.foldl' (result: filename:
+files:
-    recursiveUpdate result (loadYaml filename)
+if builtins.isList files
-  ) {} (filesystem.listFilesRecursive ../../../../salt-pillar)
+then loadSls files
-)
+else loadSls [ files ]

nix/lib/salt-support/salt-pillar.nix

@@ -0,0 +1,62 @@
+{ pkgs ? import <nixpkgs> {}
+, ...
+}@args:
+
+hostName:
+
+let
+  loadSls = import ./load-sls.nix args;
+
+  pillarBase = (loadSls ../../../salt-pillar/top.sls).base;
+
+  globToRegex = builtins.replaceStrings ["*"] [".*"];
+
+  baseMatches =
+    builtins.filter (patterns:
+      pkgs.lib.any (pattern:
+        builtins.match (globToRegex pattern) hostName != null
+      ) (
+        builtins.filter builtins.isString (
+          builtins.split " or " patterns
+        )
+      )
+    ) (builtins.attrNames pillarBase);
+
+  fileIds = builtins.foldl' (result: matchName:
+    result ++ pillarBase.${matchName}
+  ) [] baseMatches;
+
+  allFilePaths = pkgs.lib.filesystem.listFilesRecursive ../../../salt-pillar;
+
+  files = map (fileId:
+    let
+      parts = builtins.filter builtins.isString (
+        builtins.split "\\." fileId
+      );
+      matches = builtins.filter (filePath:
+        let
+          suffix1 = builtins.concatStringsSep "/" (parts ++ [ "init.sls" ]);
+          suffix2 = (builtins.concatStringsSep "/" parts) + ".sls";
+          check = suffix:
+            endsWith suffix (builtins.toString filePath);
+        in
+          check suffix1 || check suffix2
+      ) allFilePaths;
+      matchesLength = builtins.length matches;
+    in
+      if matchesLength == 0
+      then throw "No pillar file for ${fileId}"
+      else if matchesLength > 1
+      then throw "Ambiguous choice of files for ${fileId}"
+      else builtins.head matches
+  ) fileIds;
+
+  endsWith = suffix: s:
+    let
+      suffixLen = builtins.stringLength suffix;
+      sLen = builtins.stringLength s;
+    in
+    builtins.substring (sLen - suffixLen) suffixLen s == suffix;
+
+in
+loadSls files

nix/pkgs/default.nix

@@ -6,11 +6,23 @@ let
   export-config-file = builtins.toFile "config.nix" (
     nixpkgs.lib.generators.toPretty {} config
   );
-  # Debug dump aid
   export-config = nixpkgs.legacyPackages.${system}.runCommandLocal "config.nix" {} ''
     cp ${export-config-file} $out
   '';
 
+  salt-pillar-file = hostName: builtins.toFile "${hostName}.yaml" (
+    nixpkgs.lib.generators.toPretty {} (self.lib.saltPillarFor hostName)
+  );
+  salt-pillars = builtins.foldl' (result: hostName: result // {
+    "${hostName}-pillar" = nixpkgs.legacyPackages.${system}.runCommandLocal "${hostName}-pillar.nix" {} ''
+      cp ${salt-pillar-file hostName} $out
+    '';
+  }) {} (
+    builtins.filter (hostName:
+      builtins.elem config.site.hosts.${hostName}.role [ "server" "container" ]
+    ) (builtins.attrNames config.site.hosts)
+  );
+
   test_vm = nixpkgs.legacyPackages.${system}.runCommandLocal "test_vm" {
     src = self.nixosConfigurations.test_vm.config.system.build.toplevel;
   } ''
@@ -25,6 +37,6 @@ let
   };
 
 in
-device-templates // {
+salt-pillars // device-templates // {
   inherit export-config test_vm;
 }