-
Notifications
You must be signed in to change notification settings - Fork 0
/
flake.nix
103 lines (102 loc) · 3.92 KB
/
flake.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = {
self,
nixpkgs,
flake-utils,
...
}:
{
overlays.default = final: prev: {
tanka = prev.tanka.overrideAttrs (attrs: {
nativeBuildInputs = attrs.nativeBuildInputs ++ [final.makeWrapper];
postInstall =
attrs.postInstall
+ ''
wrapProgram $out/bin/tk \
--prefix PATH : ${final.lib.makeBinPath [
final.kustomize
final.kubernetes-helm
]}
'';
});
};
}
// flake-utils.lib.eachDefaultSystem (system: let
pkgs = import nixpkgs {
inherit system;
overlays = [self.overlays.default];
};
inherit (nixpkgs) lib;
tankaSopsCmd = extraCfgFile: verb: ''
set -e
export SOPS_AGE_KEY_FILE=''${SOPS_AGE_KEY_FILE:-/plugin-secret/sops_age}
export ARGOCD_ENV_TK_ENV=''${ARGOCD_ENV_TK_ENV:-''${TK_ENV:-default}}
export COMMIT_HASH=''${ARGOCD_APP_REVISION:-$(git rev-parse @)}
${pkgs.jsonnet-bundler}/bin/jb install
${pkgs.tanka}/bin/tk tool charts vendor || true
${pkgs.sops}/bin/sops -d "environments/$ARGOCD_ENV_TK_ENV/secrets.sops.yaml" | \
${pkgs.tanka}/bin/tk ${verb} \
--tla-code "secrets_yaml=importstr '/dev/stdin'" \
${lib.optionalString (extraCfgFile != null) ''--ext-code "extra_cfg=import '${extraCfgFile}'"''} \
--ext-str "commit_hash=$COMMIT_HASH" \
${lib.optionalString (verb == "show") "--dangerous-allow-redirect"} \
"environments/$ARGOCD_ENV_TK_ENV"
'';
in {
lib.tankaAppBuilders = lib.genAttrs [ "show" "eval" ]
(verb: extraCfgFile: flake-utils.lib.mkApp {
drv = pkgs.writers.writeBashBin "sops-tanka-${verb}" (tankaSopsCmd extraCfgFile verb);
});
formatter = pkgs.alejandra;
apps.generatePatchManifests = flake-utils.lib.mkApp {
drv = pkgs.writers.writeBashBin "tanka-generate" ''
set -e
${pkgs.jsonnet-bundler}/bin/jb install
${pkgs.tanka}/bin/tk show environments/default --dangerous-allow-redirect \
--ext-str "commit_hash=$(git rev-parse @)" \
-t configmap/.\* > manifests/configmap-cmp-plugin.yaml
${pkgs.tanka}/bin/tk show environments/default --dangerous-allow-redirect \
--ext-str "commit_hash=$(git rev-parse @)" \
-t deployment/.\* > manifests/deployment-argocd-repo-server.yaml
'';
};
apps.showPatchManifests = flake-utils.lib.mkApp {
drv = pkgs.writers.writeBashBin "tanka-show" ''
set -e
${pkgs.jsonnet-bundler}/bin/jb install
${pkgs.tanka}/bin/tk show environments/default --dangerous-allow-redirect \
--ext-str "commit_hash=$(git rev-parse @)"
'';
};
apps.showClusterInstallManifests = flake-utils.lib.mkApp {
drv = pkgs.writers.writeBashBin "tanka-show" ''
set -e
${pkgs.jsonnet-bundler}/bin/jb install
${pkgs.tanka}/bin/tk show environments/argocd-cluster-install --dangerous-allow-redirect \
--ext-str "commit_hash=$(git rev-parse @)"
'';
};
apps.showKustomizeExample = flake-utils.lib.mkApp {
drv = pkgs.writers.writeBashBin "kustomize-generate" ''
${pkgs.kubectl}/bin/kubectl kustomize example
'';
};
apps.tankaShow = self.lib.${system}.tankaAppBuilders.show null;
apps.tankaEval = self.lib.${system}.tankaAppBuilders.eval null;
apps.argoGenerate = self.apps.${system}.tankaShow;
devShells.default = pkgs.mkShell {
name = "argocd-nix-flakes-plugin";
packages = with pkgs; [
jsonnet
jsonnet-bundler
tanka
kustomize
];
JSONNET_PATH = "lib:vendor";
};
});
}