git.delta.rocks / jrsonnet / refs/commits / 2a9ff813e781

difftreelog

refactor move app-specific generators out of tree

Yaroslav Bolyukin2024-07-06parent: #f17a60a.patch.diff
in: trunk

1 file changed

modifiedlib/fleetLib.nixdiffbeforeafterboth
before · lib/fleetLib.nix
1# Shared functions for fleet configuration, available as `fleet` module argument2{3  nixpkgs,4  hostNames,5}:6with nixpkgs.lib; rec {7  hostsToAttrs = f:8    listToAttrs (9      map (name: {10        inherit name;11        value = f name;12      })13      hostNames14    );15  hostsCartesian = remove null (16    unique (17      crossLists18      (19        a: b:20          if a == b21          then null22          else hostsPair a b23      ) [hostNames hostNames]24    )25  );26  hostsPair = this: other: let27    sorted = sort (a: b: a < b) [this other];28  in {29    a = elemAt sorted 0;30    b = elemAt sorted 1;31  };32  hostPairName = this: other:33    if this < other34    then "${this}-${other}"35    else "${other}-${this}";3637  # mkDefault = mkOverride 100038  # For places, where fleet knows better than nixpkgs defaults.39  mkFleetDefault = mkOverride 999;40  # Some generators use mkDefault, but optionDefault is set by nixpkgs.41  mkFleetGeneratorDefault = mkOverride 1001;4243  mkPassword = {size ? 32}: {44    coreutils,45    mkSecretGenerator,46    ...47  }:48    mkSecretGenerator {49      script = ''50        mkdir $out51        gh generate password -o $out/secret --size ${toString size}52      '';53    };5455  mkEd25519 = {56    noEmbedPublic ? false,57    encoding ? null,58  }: {mkSecretGenerator, ...}:59    mkSecretGenerator {60      script = ''61        mkdir $out62        gh generate ed25519 -p $out/public -s $out/secret \63          ${optionalString noEmbedPublic "--no-embed-public"} \64          ${optionalString (encoding != null) "--encoding=${encoding}"}65      '';66    };6768  mkGarage = {}: {mkSecretGenerator, ...}: mkSecretGenerator {69    script = ''70      mkdir $out71      gh generate ed25519 -p $out/public -s $out/secret72      gh decode -i $out/public | gh public -e hex -o $out/node_id73    '';74  };7576  mkX25519 = {encoding ? null}: {mkSecretGenerator, ...}:77    mkSecretGenerator {78      script = ''79        mkdir $out80        gh generate x25519 -p $out/public -s $out/secret \81          ${optionalString (encoding != null) "--encoding=${encoding}"}82      '';83    };8485  mkWireguard = {}: mkX25519 {encoding = "base64";};8687  mkRsa = {size ? 4096}: {88    openssl,89    mkSecretGenerator,90    ...91  }:92    mkSecretGenerator {93      script = ''94        mkdir $out9596        ${openssl}/bin/openssl genrsa -out rsa_private.key ${toString size}97        ${openssl}/bin/openssl rsa -in rsa_private.key -pubout -out rsa_public.key9899        cat rsa_private.key | gh private -o $out/secret100        cat rsa_public.key | gh public -o $out/public101      '';102    };103}
after · lib/fleetLib.nix
1# Shared functions for fleet configuration, available as `fleet` module argument2{3  nixpkgs,4  hostNames,5}:6with nixpkgs.lib; rec {7  hostsToAttrs = f:8    listToAttrs (9      map (name: {10        inherit name;11        value = f name;12      })13      hostNames14    );15  hostsCartesian = remove null (16    unique (17      crossLists18      (19        a: b:20          if a == b21          then null22          else hostsPair a b23      ) [hostNames hostNames]24    )25  );26  hostsPair = this: other: let27    sorted = sort (a: b: a < b) [this other];28  in {29    a = elemAt sorted 0;30    b = elemAt sorted 1;31  };32  hostPairName = this: other:33    if this < other34    then "${this}-${other}"35    else "${other}-${this}";3637  # mkDefault = mkOverride 100038  # For places, where fleet knows better than nixpkgs defaults.39  mkFleetDefault = mkOverride 999;40  # Some generators use mkDefault, but optionDefault is set by nixpkgs.41  mkFleetGeneratorDefault = mkOverride 1001;4243  mkPassword = {size ? 32}: {44    coreutils,45    mkSecretGenerator,46    ...47  }:48    mkSecretGenerator {49      script = ''50        mkdir $out51        gh generate password -o $out/secret --size ${toString size}52      '';53    };5455  mkEd25519 = {56    noEmbedPublic ? false,57    encoding ? null,58  }: {mkSecretGenerator, ...}:59    mkSecretGenerator {60      script = ''61        mkdir $out62        gh generate ed25519 -p $out/public -s $out/secret \63          ${optionalString noEmbedPublic "--no-embed-public"} \64          ${optionalString (encoding != null) "--encoding=${encoding}"}65      '';66    };6768  mkX25519 = {encoding ? null}: {mkSecretGenerator, ...}:69    mkSecretGenerator {70      script = ''71        mkdir $out72        gh generate x25519 -p $out/public -s $out/secret \73          ${optionalString (encoding != null) "--encoding=${encoding}"}74      '';75    };7677  mkRsa = {size ? 4096}: {78    openssl,79    mkSecretGenerator,80    ...81  }:82    mkSecretGenerator {83      script = ''84        mkdir $out8586        ${openssl}/bin/openssl genrsa -out rsa_private.key ${toString size}87        ${openssl}/bin/openssl rsa -in rsa_private.key -pubout -out rsa_public.key8889        cat rsa_private.key | gh private -o $out/secret90        cat rsa_public.key | gh public -o $out/public91      '';92    };9394  mkBytes = {95    count ? 32,96    encoding,97    noNuls ? false,98  }: {mkSecretGenerator, ...}:99    mkSecretGenerator {100      script = ''101        mkdir $out102        gh generate bytes --count=${toString count} --encoding=${encoding} -s $out/secret \103          ${optionalString noNuls "--no-nuls"}104      '';105    };106  mkHexBytes = {count ? 32}:107    mkBytes {108      inherit count;109      encoding = "hex";110    };111  mkBase64Bytes = {count ? 32}:112    mkBytes {113      inherit count;114      encoding = "base64";115    };116117  # Wireguard118  # mkWireguard = {}: mkX25519 {encoding = "base64";};119  # mkWireguardPsk = {}: mkBase64Bytes {count = 32;};120}