git.delta.rocks / jrsonnet / refs/commits / c02ef189daa2

difftreelog

refactor recurse less

Yaroslav Bolyukin2021-07-10parent: #c6d77aa.patch.diff
in: trunk

5 files changed

modifiedlib/default.nixdiffbeforeafterboth
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,29 +1,31 @@
 {
-  fleetConfiguration = { common ? { modules = []; }, hosts, nixpkgs }@args:
+  fleetConfiguration = { nixpkgs, hosts, ... }@allConfig:
+    let
+      config = builtins.removeAttrs allConfig [ "nixpkgs" ];
+    in
     rec {
       root = nixpkgs.lib.evalModules {
-        modules = [
-          (
-            { ... }: {
-              config = {
-                inherit hosts;
-                # Secret data is available only via fleet build-systems
-                secrets = if builtins?getEnv then
-                  let
-                    stringData = builtins.getEnv "SECRET_DATA";
-                  in
-                    if stringData != "" then (builtins.fromJSON stringData) else {}
-                else {};
-              };
-
-            }
-          )
-        ] ++ common.modules ++ import ../modules/modules.nix {
-          pkgs = nixpkgs;
-          lib = nixpkgs.lib;
-        };
-
+        modules =
+          (import ../modules/modules.nix) ++ [
+            config
+            (
+              { ... }: {
+                options = { };
+                config = {
+                  # Secret data is available only via fleet build-systems
+                  secrets =
+                    if builtins?getEnv then
+                      let
+                        stringData = builtins.getEnv "SECRET_DATA";
+                      in
+                      if stringData != "" then (builtins.fromJSON stringData) else { }
+                    else { };
+                };
+              }
+            )
+          ];
         specialArgs = {
+          inherit nixpkgs;
           fleet = import ./fleetLib.nix {
             inherit nixpkgs hosts;
           };
@@ -32,14 +34,16 @@
       configuredHosts = root.config.hosts;
       configuredSecrets = root.config.secrets;
       configuredSystems = nixpkgs.lib.listToAttrs (
-        map (
-          name: {
-            inherit name; value = nixpkgs.lib.nixosSystem {
-            system = configuredHosts.${name}.system;
-            modules = configuredHosts.${name}.modules;
-          };
-          }
-        ) (builtins.attrNames hosts)
+        map
+          (
+            name: {
+              inherit name; value = nixpkgs.lib.nixosSystem {
+              system = configuredHosts.${name}.system;
+              modules = configuredHosts.${name}.modules;
+            };
+            }
+          )
+          (builtins.attrNames root.config.hosts)
       ); #nixpkgs.lib.nixosSystem {}
     };
 }
modifiedlib/fleetLib.nixdiffbeforeafterboth
--- a/lib/fleetLib.nix
+++ b/lib/fleetLib.nix
@@ -1,32 +1,34 @@
 # Shared functions for fleet configuration, available as `fleet` module argument
 { nixpkgs, hosts }: with nixpkgs.lib; rec {
-  mkSecret = let
-    system = builtins.currentSystem;
-    pkgs = import nixpkgs { inherit system; };
-    keys = builtins.getEnv "RAGE_KEYS";
-    encryptCmd = "rage ${keys} -a";
-    impuritySource = builtins.getEnv "IMPURITY_SOURCE";
-  in
-    f: let
+  mkSecret =
+    let
+      system = builtins.currentSystem;
+      pkgs = import nixpkgs { inherit system; };
+      keys = builtins.getEnv "RAGE_KEYS";
+      encryptCmd = "rage ${keys} -a";
+      impuritySource = builtins.getEnv "IMPURITY_SOURCE";
+    in
+    f:
+    let
       data = f { inherit pkgs encryptCmd; };
     in
-      builtins.derivation {
-        inherit system;
-        name = "secret";
+    builtins.derivation {
+      inherit system;
+      name = "secret";
 
-        builder = "${pkgs.bash}/bin/bash";
-        args = [
-          (
-            pkgs.writeTextFile {
-              name = "./build-${impuritySource}.sh";
-              text = data.script;
-              executable = true;
-            }
-          )
-        ];
+      builder = "${pkgs.bash}/bin/bash";
+      args = [
+        (
+          pkgs.writeTextFile {
+            name = "./build-${impuritySource}.sh";
+            text = data.script;
+            executable = true;
+          }
+        )
+      ];
 
-        PATH = "${pkgs.coreutils}/bin:${pkgs.rage}/bin${builtins.concatStringsSep "" (builtins.map (n: ":${n}/bin") data.utils)}";
-      };
+      PATH = "${pkgs.coreutils}/bin:${pkgs.rage}/bin${builtins.concatStringsSep "" (builtins.map (n: ":${n}/bin") data.utils)}";
+    };
   # Modules can't register hosts because of infinite recursion
   hostNames = attrNames hosts;
   hostsToAttrs = f: listToAttrs (
@@ -34,17 +36,20 @@
   );
   hostsCartesian = remove null (
     unique (
-      crossLists (
-        a: b: if a == b then
-          null
-        else
-          hostsPair a b
-      ) [ hostNames hostNames ]
+      crossLists
+        (
+          a: b:
+            if a == b then
+              null
+            else
+              hostsPair a b
+        ) [ hostNames hostNames ]
     )
   );
-  hostsPair = this: other: let
-    sorted = sort (a: b: a < b) [ this other ];
-  in
+  hostsPair = this: other:
+    let
+      sorted = sort (a: b: a < b) [ this other ];
+    in
     {
       a = elemAt sorted 0;
       b = elemAt sorted 1;
modifiedmodules/modules.nixdiffbeforeafterboth
--- a/modules/modules.nix
+++ b/modules/modules.nix
@@ -1,8 +1,4 @@
-{ pkgs
-, lib
-, check ? true
-}:
-with lib; [
+[
   ./networking/wireguard
   ./root.nix
 ]
modifiedmodules/networking/wireguard/default.nixdiffbeforeafterboth
--- a/modules/networking/wireguard/default.nix
+++ b/modules/networking/wireguard/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, nixpkgs, fleet, ... }: with lib; with fleet; let
+{ config, lib, fleet, ... }: with lib; with fleet; let
   cfg = config.networking.wireguard;
   genWgKey = { owners }: {
     inherit owners;
@@ -32,25 +32,27 @@
   };
 
   hostKeys = listToAttrs (
-    map (
-      hostName: {
-        name = "wg-key-${hostName}";
-        value = genWgKey {
-          owners = [ hostName ];
-        };
-      }
-    )
+    map
+      (
+        hostName: {
+          name = "wg-key-${hostName}";
+          value = genWgKey {
+            owners = [ hostName ];
+          };
+        }
+      )
       hostNames
   );
   psks = listToAttrs (
-    map (
-      { a, b }: {
-        name = "wg-psk-${a}-${b}";
-        value = genWgPsk {
-          owners = [ a b ];
-        };
-      }
-    )
+    map
+      (
+        { a, b }: {
+          name = "wg-psk-${a}-${b}";
+          value = genWgPsk {
+            owners = [ a b ];
+          };
+        }
+      )
       hostsCartesian
   );
 in
@@ -82,16 +84,19 @@
             networking.wireguard.enable = true;
             networking.wireguard.interfaces.fleetwg = {
               privateKeyFile = "/run/secrets/wg-key-${hostName}";
-              peers = map (
-                peer: let
-                  pair = hostsPair hostName peer;
-                in
+              peers = map
+                (
+                  peer:
+                  let
+                    pair = hostsPair hostName peer;
+                  in
                   {
                     publicKey = config.secrets."wg-key-${peer}".data.key;
                     presharedKey = "/run/secrets/wg-psk-${pair.a}-${pair.b}";
                     allowedIPs = cfg.allowedIPs.${peer};
                   }
-              ) hostNames;
+                )
+                hostNames;
             };
           }
         ];
modifiedmodules/root.nixdiffbeforeafterboth
after · modules/root.nix
1{ lib, ... }: with lib;2let3  secret = with types; {4    options = {5      owners = mkOption {6        type = listOf str;7        description = ''8          List of hosts to encrypt secret for910          Secrets would be decrypted and stored to /run/secrets/$\{name} on owners11        '';12      };13      generator = mkOption {14        type = types.package;15        description = "Derivation to execute for secret generation";16      };17      expireIn = mkOption {18        type = nullOr int;19        description = "Time in hours, in which this secret should be regenerated";20        default = null;21      };22      data = mkOption {23        type = attrsOf anything;24        description = "Generated secret data, do not set it yourself";25        default = { };26      };27    };28  };29  host = with types; {30    options = {31      modules = mkOption {32        type = listOf anything;33        description = "List of nixos modules";34        default = [ ];35      };36      network = mkOption {37        type = submodule {38          options = {39            fleetIp = {40              type = str;41              description = "Ip which is available to all hosts in fleet";42            };43          };44        };45        description = "Network definition of host";46      };47      system = mkOption {48        type = str;49        description = "Type of system";50      };51    };52  };53in54{55  options = with types; {56    hosts = mkOption {57      type = attrsOf (submodule host);58      default = { };59      description = "Configurations of individual hosts";60    };61    secrets = mkOption {62      type = attrsOf (submodule secret);63      default = { };64      description = "Secrets";65    };66  };67  config = {68    secrets =69      if builtins?getEnv then70        let71          stringData = builtins.getEnv "SECRET_DATA";72        in73        if stringData != "" then (builtins.fromJSON stringData) else { }74      else { };75  };76}