diff --git a/.envrc b/.envrc index 509d351..909b794 100644 --- a/.envrc +++ b/.envrc @@ -1,13 +1,22 @@ #!/bin/env sh -if [ -z "${NIX_ENV_LOADED}" ]; then - printf "entering environment..." - NIX_ENV_LOADED="$(pwd)" - export NIX_ENV_LOADED +cleanup() { + echo "Cleaning Up..." - nix flake update --extra-experimental-features nix-command --extra-experimental-features flakes; - echo "nix store is using $(du -hs /nix/store)" + echo 'Getting Nix Usage...' + echo "Nix store is using $(du -hs /nix/store)" + echo 'Archiving Nix Profile...' + nix develop --profile /tmp/terraform-aws-access-nix-env --extra-experimental-features nix-command --extra-experimental-features flakes --command bash -c "echo done" +} + +if ! which "$0" | grep -q nix; then + print 'Entering Environment...' + + print 'Updating Nix Cache...' + nix flake update --extra-experimental-features nix-command --extra-experimental-features flakes + + print 'Starting...' nix develop \ --ignore-environment \ --extra-experimental-features nix-command \ @@ -23,12 +32,14 @@ if [ -z "${NIX_ENV_LOADED}" ]; then --keep AWS_SESSION_TOKEN \ --keep TERM \ --keep XDG_DATA_DIRS \ - --keep NIX_ENV_LOADED \ - "$(pwd)" || unset NIX_ENV_LOADED; + /tmp/terraform-aws-access-nix-env \ + --command bash -c "bash --rcfile .envrc" + print 'Exiting Dev Environment...' + cleanup else - printf "setting up dev environment...\n" - unset NIX_ENV_LOADED + # this is run inside the dev environment so we can make assumptions about what is available + echo 'Setting up dev environment...' . .functions . .variables @@ -37,15 +48,9 @@ else if [ -z "$SSH_AUTH_SOCK" ]; then eval "$(ssh-agent -s)"; ssh-add; fi - if [ "" = "$(env | grep 'AWS')" ]; then - printf "Unable to find AWS authentication information in the environment, \ - please make sure you authenticate with AWS. \ - Try using the 'aws' cli included in the environment.\n"; - fi - if env | grep -q 'GITHUB_TOKEN'; then - printf "Unable to find GITHUB authentication information in the environment, \ - please make sure you authenticate with GITHUB. \ - Try using the 'gh' cli included in the environment.\n"; + + if ! env | grep -q 'AWS'; then + echo 'Unable to find AWS authentication information in the environment, please make sure you authenticate with AWS.' + echo 'Try using the "aws" cli included in the environment.' fi fi -unset NIX_ENV_LOADED \ No newline at end of file diff --git a/flake.lock b/flake.lock index 69813e5..ac53b56 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1713284584, - "narHash": "sha256-rRuPBJD9+yjz7tY3xC/BvFUwloutynR9piiVE6fhGqo=", + "lastModified": 1714656196, + "narHash": "sha256-kjQkA98lMcsom6Gbhw8SYzmwrSo+2nruiTcTZp5jK7o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2b6ee326ad047870526d9a3ae88dfd0197da898d", + "rev": "94035b482d181af0a0f8f77823a790b256b7c3cc", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f916711..61e695d 100644 --- a/flake.nix +++ b/flake.nix @@ -1,133 +1,99 @@ { - # validate a flake with 'nix flake check .' - # alias the use of flakes with: "alias nix='nix --extra-experimental-features nix-command --extra-experimental-features flakes'" - - # WARNING! this is linux/mac only! description = "A reliable testing environment"; - # https://status.nixos.org/ has the latest channels, it is recommended to use a commit hash - # https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html - # to find: go to github/NixOS/nixpkgs repo - - # select a commit hash or "revision" - #inputs.nixpkgs.url = "nixpkgs/92fe622fdfe477a85662bb77678e39fa70373f13"; - - # select a tag - #inputs.nixpkgs.url = "github:NixOS/nixpkgs/21.11"; - - # select packages from another flake - #inputs.nixpkgs.follows = "nixpkgs/0228346f7b58f1a284fdb1b72df6298b06677495"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; flake-utils.url = "github:numtide/flake-utils"; }; + outputs = { self, nixpkgs, flake-utils, ... }: - flake-utils.lib.eachDefaultSystem (system: - # 'legacy' is not bad, it looks for previously imported nixpkgs - # this allows idempotent loading of nixpkgs in dependent flakes - # https://discourse.nixos.org/t/using-nixpkgs-legacypackages-system-vs-import/17462/8 - let - pkgs = nixpkgs.legacyPackages.${system}; + flake-utils.lib.eachSystem [ "x86_64-darwin" "aarch64-darwin" "x86_64-linux" ] + (system: + let + pkgs = nixpkgs.legacyPackages.${system}; - # get "updatecli" tar from release, unpack it, and add it to shell - updatecli-version = { - "selected" = "v0.66.0"; - }; - updatecli-prep = { - "x86_64-darwin" = { - "url" = "https://github.com/updatecli/updatecli/releases/download/${updatecli-version.selected}/updatecli_Darwin_x86_64.tar.gz"; - "sha" = "sha256-AkYYaCp/a4KkZ4zcYc3GepllyPE6bHb7x7K25JSyljY="; + leftovers-version = { + "selected" = "v0.70.0"; }; - "aarch64-darwin" = { - "url" = "https://github.com/updatecli/updatecli/releases/download/${updatecli-version.selected}/updatecli_Darwin_arm64.tar.gz"; - "sha" = "sha256-5ctfz4DcHRmjImYzL9hgOaC9pyeYKQxkpdIAr3J1a6g="; + leftovers-prep = { + "x86_64-darwin" = { + "url" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-darwin-amd64"; + "sha" = "sha256-HV12kHqB14lGDm1rh9nD1n7Jvw0rCnxmjC9gusw7jfo="; + }; + "aarch64-darwin" = { + "url" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-darwin-arm64"; + "sha" = "sha256-Tw7G538RYZrwIauN7kI68u6aKS4d/0Efh+dirL/kzoM="; + }; + "x86_64-linux" = { + "url" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-linux-amd64"; + "sha" = "sha256-D2OPjLlV5xR3f+dVHu0ld6bQajD5Rv9GLCMCk9hXlu8="; + }; }; - "x86_64-linux" = { - "url" = "https://github.com/updatecli/updatecli/releases/download/${updatecli-version.selected}/updatecli_Linux_x86_64.tar.gz"; - "sha" = "sha256-tmboI0ew+LApo3uLVqebaa8VA/6rgonGJH2onQEbSyk="; + leftovers = pkgs.stdenv.mkDerivation { + name = "leftovers-${leftovers-version.selected}"; + src = pkgs.fetchurl { + url = leftovers-prep."${system}".url; + sha256 = leftovers-prep."${system}".sha; + }; + phases = [ "installPhase" ]; + installPhase = '' + mkdir -p $out/bin + cp $src $out/bin/leftovers + chmod +x $out/bin/leftovers + ''; }; - }; - updatecli = pkgs.runCommand "updatecli-${updatecli-version.selected}" {} '' - cp ${pkgs.fetchzip { # when fetching archives use fetchzip instead of fetchurl to automatically unpack - url = updatecli-prep."${system}".url; - sha256 = updatecli-prep."${system}".sha; - stripRoot = false; - }}/updatecli $out - chmod +x $out - ''; - updatecli-wrapper = pkgs.writeShellScriptBin "updatecli" '' - exec ${updatecli} "$@" - ''; + aspellWithDicts = pkgs.aspellWithDicts (d: [d.en d.en-computers]); - # get "leftovers" bin from release and add it to shell - leftovers-version = { - # remember when updating the version to also update the shas - # to get the sha, download the file and run 'nix hash file ' - "selected" = "v0.70.0"; - }; - leftovers-prep = { - "x86_64-darwin" = { - "url" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-darwin-amd64"; - "sha" = "sha256-HV12kHqB14lGDm1rh9nD1n7Jvw0rCnxmjC9gusw7jfo="; - }; - "aarch64-darwin" = { - "url" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-darwin-arm64"; - "sha" = "sha256-Tw7G538RYZrwIauN7kI68u6aKS4d/0Efh+dirL/kzoM="; + devShellPackage = pkgs.symlinkJoin { + name = "dev-shell-package"; + paths = with pkgs; [ + act + actionlint + age + aspellWithDicts + awscli + bashInteractive + curl + dig + docker + gh + git + gitleaks + gnupg + go + gotestfmt + gotestsum + jq + kubectl + leftovers + less + ncurses + openssh_hpn + shellcheck + tflint + tfsec + tfswitch + updatecli + vim + which + xterm + ]; }; - "x86_64-linux" = { - "url" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-linux-amd64"; - "sha" = "sha256-D2OPjLlV5xR3f+dVHu0ld6bQajD5Rv9GLCMCk9hXlu8="; + + in + { + packages.default = devShellPackage; + + devShells.default = pkgs.mkShell { + buildInputs = [ devShellPackage ]; + shellHook = '' + homebin=$HOME/bin; + install -d $homebin; + tfswitch -b $homebin/terraform 1.5.7 &>/dev/null; + export PATH="$homebin:$PATH"; + export PS1="nix:# "; + ''; }; - }; - leftovers = pkgs.runCommand "leftovers-${leftovers-version.selected}" {} '' - cp ${pkgs.fetchurl { - url = leftovers-prep."${system}".url; - sha256 = leftovers-prep."${system}".sha; - }} $out - chmod +x $out - ''; - leftovers-wrapper = pkgs.writeShellScriptBin "leftovers" '' - exec ${leftovers} "$@" - ''; - aspellWithDicts = pkgs.aspellWithDicts (d: [d.en d.en-computers]); - in - { - devShells.default = pkgs.mkShell { - buildInputs = with pkgs; [ - act # run workflows locally with Docker - actionlint - age - aspellWithDicts - bashInteractive - curl - dig - docker - gh - git - gitleaks - gnupg - go - jq - kubectl - lego - less - ncurses - vim # for easily editing files that are not in this directory structure - openssh_hpn - shellcheck - tflint - tfswitch - tree # for easily finding files in this directory structure and helping generate docs - xterm - ]; - shellHook = '' - homebin=$HOME/bin; - install -d $homebin; - tfswitch -b $homebin/terraform 1.5.7 &>/dev/null; - export PATH="${updatecli-wrapper}/bin:${leftovers-wrapper}/bin:$homebin:$PATH"; - export PS1="nix:# "; - ''; - }; - } - ); + } + ); } diff --git a/main.tf b/main.tf index 9d4eaea..68cfb2f 100644 --- a/main.tf +++ b/main.tf @@ -47,7 +47,7 @@ locals { vpc_cidr = (var.vpc_cidr == "" ? "10.0.255.0/24" : var.vpc_cidr) # subnet - subnets = var.subnets + subnets = (local.subnet_mod == 1 ? var.subnets : {}) subnet_names = keys(local.subnets) subnet_count = length(local.subnets) newbits = (local.subnet_count > 1 ? ceil(log(local.subnet_count, 2)) : 1) @@ -86,7 +86,7 @@ module "subnet" { depends_on = [ module.vpc, ] - for_each = (local.subnet_mod == 1 ? local.subnets : {}) + for_each = local.subnets source = "./modules/subnet" use = local.subnet_use_strategy vpc_id = module.vpc[0].id