`d9fb30d36ead`

source

lib/fleetLib.nix3.5 KiBsource history
1# Shared functions for fleet configuration, available as `fleet` module argument2{3  nixpkgs,4  hostNames,5}: let6  inherit (nixpkgs) lib;7  inherit (lib) listToAttrs remove unique crossLists sort elemAt mkOptionType mkOverride optionalString;8  inherit (lib.types) listOf coercedTo oneOf submodule;9in rec {10  hostsToAttrs = f:11    listToAttrs (12      map (name: {13        inherit name;14        value = f name;15      })16      hostNames17    );18  hostsCartesian = remove null (19    unique (20      crossLists21      (22        a: b:23          if a == b24          then null25          else hostsPair a b26      ) [hostNames hostNames]27    )28  );29  hostsPair = this: other: let30    sorted = sort (a: b: a < b) [this other];31  in {32    a = elemAt sorted 0;33    b = elemAt sorted 1;34  };35  hostPairName = this: other:36    if this < other37    then "${this}-${other}"38    else "${other}-${this}";3940  types = rec {41    anyModule = mkOptionType {42      name = "submodule";43      inherit (submodule {}) check;44      merge = lib.options.mergeOneOption;45      description = "Nixos module";46    };47    listOfAnyModuleStrict =48      listOf anyModule;49    listOfAnyModule =50      coercedTo (oneOf [listOfAnyModuleStrict anyModule]) (51        v:52          if builtins.isAttrs v53          then [v]54          else if builtins.isFunction v55          then [v]56          else v57      )58      listOfAnyModuleStrict;59  };6061  # mkDefault = mkOverride 100062  # For places, where fleet knows better than nixpkgs defaults.63  mkFleetDefault = mkOverride 999;64  # Some generators use mkDefault, but optionDefault is set by nixpkgs.65  mkFleetGeneratorDefault = mkOverride 1001;6667  mkPassword = {size ? 32}: {68    coreutils,69    mkSecretGenerator,70    ...71  }:72    mkSecretGenerator {73      script = ''74        mkdir $out75        gh generate password -o $out/secret --size ${toString size}76      '';77    };7879  mkEd25519 = {80    noEmbedPublic ? false,81    encoding ? null,82  }: {mkSecretGenerator, ...}:83    mkSecretGenerator {84      script = ''85        mkdir $out86        gh generate ed25519 -p $out/public -s $out/secret \87          ${optionalString noEmbedPublic "--no-embed-public"} \88          ${optionalString (encoding != null) "--encoding=${encoding}"}89      '';90    };9192  mkX25519 = {encoding ? null}: {mkSecretGenerator, ...}:93    mkSecretGenerator {94      script = ''95        mkdir $out96        gh generate x25519 -p $out/public -s $out/secret \97          ${optionalString (encoding != null) "--encoding=${encoding}"}98      '';99    };100101  mkRsa = {size ? 4096}: {102    openssl,103    mkSecretGenerator,104    ...105  }:106    mkSecretGenerator {107      script = ''108        mkdir $out109110        ${openssl}/bin/openssl genrsa -out rsa_private.key ${toString size}111        ${openssl}/bin/openssl rsa -in rsa_private.key -pubout -out rsa_public.key112113        cat rsa_private.key | gh private -o $out/secret114        cat rsa_public.key | gh public -o $out/public115      '';116    };117118  mkBytes = {119    count ? 32,120    encoding,121    noNuls ? false,122  }: {mkSecretGenerator, ...}:123    mkSecretGenerator {124      script = ''125        mkdir $out126        gh generate bytes --count=${toString count} --encoding=${encoding} -o $out/secret \127          ${optionalString noNuls "--no-nuls"}128      '';129    };130  mkHexBytes = {count ? 32}:131    mkBytes {132      inherit count;133      encoding = "hex";134    };135  mkBase64Bytes = {count ? 32}:136    mkBytes {137      inherit count;138      encoding = "base64";139    };140141  # Wireguard142  # mkWireguard = {}: mkX25519 {encoding = "base64";};143  # mkWireguardPsk = {}: mkBase64Bytes {count = 32;};144}