Treat modules correctlier

flake.nix

@@ -8,6 +8,7 @@
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
     utils.url = "github:numtide/flake-utils";
     bitte-cli.url = "github:input-output-hk/bitte-cli";
+    hydra-provisioner.url = "github:input-output-hk/hydra-provisioner";
     nix.url = "github:NixOS/nix?rev=b19aec7eeb8353be6c59b2967a511a5072612d99";
     ops-lib = {
       url = "github:input-output-hk/ops-lib";
@@ -28,7 +29,7 @@
     };
   };
 
-  outputs = { self, nixpkgs, utils, bitte-cli, ... }@inputs:
+  outputs = { self, hydra-provisioner, nixpkgs, utils, bitte-cli, ... }@inputs:
     let overlay = import ./overlay.nix inputs;
     in (utils.lib.eachSystem [ "x86_64-linux" ] (system: rec {
 
@@ -38,7 +39,7 @@
         overlays = [ overlay ];
       };
 
-      inherit (legacyPackages) devShell nixosModules;
+      inherit (legacyPackages) devShell;
 
       packages = {
         inherit (legacyPackages)
@@ -53,7 +54,13 @@
       apps.bitte = utils.lib.mkApp { drv = legacyPackages.bitte; };
 
     })) // {
+      lib = import ./lib { inherit (nixpkgs) lib; };
       inherit overlay;
       mkHashiStack = import ./lib/mk-hashi-stack.nix;
+
+      nixosModules = let
+        modules = self.lib.mkModules ./modules;
+        default.imports = [ builtins.attrValues modules ];
+      in modules // { inherit default; };
     };
-}
+  }

lib/default.nix

@@ -0,0 +1,7 @@
+{ lib }: rec {
+  recImport = import ./rec-import.nix { inherit lib; };
+  sanitize = import ./sanitize.nix { inherit lib snakeCase; };
+  snakeCase = import ./snake-case.nix { inherit lib; };
+  mkModules = import ./make-modules.nix { inherit lib; };
+}
+

lib/make-modules.nix

@@ -0,0 +1,38 @@
+{ lib }: dir:
+
+let
+  join = a: b: if a == "" then b else "${a}-${b}";
+
+  inherit (builtins) readDir mapAttrs attrValues foldl' elemAt typeOf substring stringLength listToAttrs;
+
+  convert = prefix: d:
+    let
+      entries = readDir d;
+      expanded = mapAttrs (name: type:
+        if type == "regular" then [
+          (join prefix name)
+          (d + "/${name}")
+        ] else if type == "directory" then [
+          (join prefix name)
+          (convert (join prefix name) (d + "/${name}"))
+        ] else
+          null) entries;
+    in attrValues expanded;
+
+  tree = convert "" dir;
+
+  result = sum: input:
+    foldl' (s: elems:
+      let
+        cat = elemAt elems 0;
+        car = elemAt elems 1;
+      in if typeOf car == "list" then
+        (result s car)
+      else
+        s ++ [{
+          name = substring 0 ((stringLength cat) - 4) cat;
+          value = import car;
+        }]) sum input;
+
+  folded = result [ ] tree;
+in listToAttrs folded

lib/rec-import.nix

@@ -1,21 +1,24 @@
 { lib }:
 let
   inherit (builtins) attrNames readDir;
-  inherit (lib) filterAttrs hasSuffix mapAttrs' nameValuePair;
+  inherit (lib) filterAttrs hasSuffix removeSuffix mapAttrs' nameValuePair;
 
   # mapFilterAttrs ::
   #   (name -> value -> bool )
   #   (name -> value -> { name = any; value = any; })
   #   attrs
   mapFilterAttrs = sieve: f: attrs: filterAttrs sieve (mapAttrs' f attrs);
 
-in { dir, _import ? base: import "${dir}/${base}.nix" }:
-mapFilterAttrs (_: v: v != null) (n: v:
+  recImport = { dir, _import ? base: builtins.trace "importing ${toString dir} ${base}" (import (dir + "/${base}.nix")) }:
+  mapFilterAttrs (_: v: v != null) (n: v:
   if n != "default.nix"
-  && ((hasSuffix ".nix" n && v == "regular" && false) || v == "directory")
+  && ((hasSuffix ".nix" n && v == "regular") || v == "directory")
 
-  then
-    let name = n; in nameValuePair (name) (_import name)
+  then let
+    baseName = removeSuffix ".nix" n;
+  in nameValuePair (baseName) (if v == "regular" then _import baseName else recImport { dir = dir + "/${baseName}"; })
+
+  else nameValuePair ("") (null)) (readDir dir);
+
+in recImport
 
-  else
-    nameValuePair ("") (null)) (readDir dir)

lib/sanitize.nix

@@ -1,7 +1,6 @@
-{ pkgs }:
+{ lib, snakeCase }:
 let
   inherit (builtins) typeOf;
-  inherit (pkgs) lib snakeCase;
   inherit (lib) length attrNames pipe filterAttrs nameValuePair mapAttrs';
 
   sanitize = obj:

lib/snake-case.nix

@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib }:
 lib.flip lib.pipe [
   (builtins.split "([^a-z])")
   (lib.concatMapStrings (s: if builtins.isList s then "_${toString s}" else s))

modules/disabled-modules.nix

@@ -0,0 +1,9 @@
+{ ... }: {
+  # NOTE Shouldn't these just go inside their respective modules?
+  disabledModules = [
+    "services/databases/victoriametrics.nix"
+    "services/monitoring/telegraf.nix"
+    "services/networking/consul.nix"
+    "services/security/vault.nix"
+  ];
+}

modules/hydra/declarative/options.nix → modules/hydra-declarative.nix

@@ -36,7 +36,7 @@ let
       };
 
       owner = mkOption {
-        type = enum (lib.attrNames config.services.hydra.users);
+        type = enum (attrNames config.services.hydra.users);
       };
 
       declfile = mkOption {
@@ -114,4 +114,51 @@ in {
       default = {};
     };
   };
+
+  config = mkIf cfg.enable {
+    systemd.services.hydra-declarative = {
+      description = "Hydra declarative projects and users";
+      wantedBy    = [ "multi-user.target" ];
+      requires    = [ "hydra-init.service" "postgresql.service" ];
+      after       = [ "hydra-init.service" "postgresql.service" ];
+
+      path = [ config.services.postgresql.package ];
+
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+        User = "hydra";
+      };
+
+      script = ''
+        cat <<EOF | psql
+        BEGIN;
+
+        DELETE FROM users WHERE username not in (${concatMapStringsSep "," (username: "'${username}'") (attrNames cfg.users)});
+        DELETE FROM userroles;
+        UPDATE projects SET enabled = 0;
+
+        ${concatMapStringsSep "\n" (username: with cfg.users.${username}; let
+          cols = "(username,fullname,emailaddress,password,emailonerror,type,publicdashboard)";
+          vals = "('${email}','${fullName}','${email}','!',${emailOnError},'google','${publicDashboard}')";
+        in  ''
+          INSERT INTO users ${cols} VALUES ${vals} ON CONFLICT (username) DO UPDATE SET ${cols} = ${vals};
+
+          ${concatMapStringsSep "\n" (role: ''
+            INSERT INTO userroles (username,role) VALUES ('${username}','${role}');
+          '') roles}
+        '') (attrNames cfg.users)}
+
+        ${concatMapStringsSep "\n" (projectName: with cfg.projects.${projectName}; let
+          cols = "(name,declfile,decltype,declvalue,displayname,description,homepage,owner,enabled,hidden)";
+          vals = "('${projectName}','${declfile}','${decltype}','${declvalue}','${displayName}','${description}','${homepage}','${owner}',${enable},${hidden})";
+        in  ''
+          INSERT INTO projects ${cols} VALUES ${vals} ON CONFLICT (name) DO UPDATE SET ${cols} = ${vals};
+        '') (attrNames cfg.projects)}
+
+        COMMIT;
+        EOF
+      '';
+    };
+  };
 }

modules/hydra-provisioner.nix

@@ -0,0 +1,3 @@
+{ self, ... }: {
+  imports = [ self.inputs.hydra-provisioner.nixosModules.hydra-provisioner ];
+}