rancher · matttrach · May 3, 2024 · May 3, 2024 · May 3, 2024 · May 3, 2024
@@ -1,13 +1,22 @@
 #!/bin/env sh
 
-if [ -z "${NIX_ENV_LOADED}" ]; then
-	printf "entering environment..."
-  NIX_ENV_LOADED="$(pwd)"
-  export NIX_ENV_LOADED
+cleanup() {
+  echo "Cleaning Up..."
 
-  nix flake update --extra-experimental-features nix-command --extra-experimental-features flakes;
-  echo "nix store is using $(du -hs /nix/store)"
+  echo 'Getting Nix Usage...'
+  echo "Nix store is using $(du -hs /nix/store)"
 
+  echo 'Archiving Nix Profile...'
+  nix develop --profile /tmp/terraform-aws-access-nix-env --extra-experimental-features nix-command --extra-experimental-features flakes --command bash -c "echo done"
+}
+
+if ! which "$0" | grep -q nix; then
+	print 'Entering Environment...'
+
+  print 'Updating Nix Cache...'
+  nix flake update --extra-experimental-features nix-command --extra-experimental-features flakes
+
+  print 'Starting...'
   nix develop \
     --ignore-environment \
     --extra-experimental-features nix-command \
@@ -23,12 +32,14 @@ if [ -z "${NIX_ENV_LOADED}" ]; then
     --keep AWS_SESSION_TOKEN \
     --keep TERM \
     --keep XDG_DATA_DIRS \
-    --keep NIX_ENV_LOADED \
-    "$(pwd)" || unset NIX_ENV_LOADED;
+    /tmp/terraform-aws-access-nix-env \
+    --command bash -c "bash --rcfile .envrc"
 
+  print 'Exiting Dev Environment...'
+  cleanup
 else
-	printf "setting up dev environment...\n"
-  unset NIX_ENV_LOADED
+  # this is run inside the dev environment so we can make assumptions about what is available
+	echo 'Setting up dev environment...'
 
 	. .functions
 	. .variables
@@ -37,15 +48,9 @@ else
 
 
 	if [ -z "$SSH_AUTH_SOCK" ]; then eval "$(ssh-agent -s)"; ssh-add; fi
-	if [ "" = "$(env | grep 'AWS')" ]; then
-		printf "Unable to find AWS authentication information in the environment, \
-      please make sure you authenticate with AWS. \
-      Try using the 'aws' cli included in the environment.\n";
-	fi
-	if env | grep -q 'GITHUB_TOKEN'; then
-		printf "Unable to find GITHUB authentication information in the environment, \
-      please make sure you authenticate with GITHUB. \
-      Try using the 'gh' cli included in the environment.\n";
+
+	if ! env | grep -q 'AWS'; then
+		echo 'Unable to find AWS authentication information in the environment, please make sure you authenticate with AWS.'
+    echo 'Try using the "aws" cli included in the environment.'
 	fi
 fi
-unset NIX_ENV_LOADED
@@ -1,133 +1,99 @@
 {
-  # validate a flake with 'nix flake check .'
-  # alias the use of flakes with: "alias nix='nix --extra-experimental-features nix-command --extra-experimental-features flakes'"
-
-  # WARNING! this is linux/mac only!
   description = "A reliable testing environment";
 
-  # https://status.nixos.org/ has the latest channels, it is recommended to use a commit hash
-  # https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html
-  # to find: go to github/NixOS/nixpkgs repo
-
-  # select a commit hash or "revision"
-  #inputs.nixpkgs.url = "nixpkgs/92fe622fdfe477a85662bb77678e39fa70373f13";
-
-  # select a tag
-  #inputs.nixpkgs.url = "github:NixOS/nixpkgs/21.11";
-
-  # select packages from another flake
-  #inputs.nixpkgs.follows = "nixpkgs/0228346f7b58f1a284fdb1b72df6298b06677495";
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
     flake-utils.url = "github:numtide/flake-utils";
   };
+
   outputs = { self, nixpkgs, flake-utils, ... }:
-    flake-utils.lib.eachDefaultSystem (system:
-      # 'legacy' is not bad, it looks for previously imported nixpkgs
-      #  this allows idempotent loading of nixpkgs in dependent flakes
-      # https://discourse.nixos.org/t/using-nixpkgs-legacypackages-system-vs-import/17462/8
-      let
-        pkgs = nixpkgs.legacyPackages.${system};
+    flake-utils.lib.eachSystem [ "x86_64-darwin" "aarch64-darwin" "x86_64-linux" ]
+      (system:
+        let
+          pkgs = nixpkgs.legacyPackages.${system};
 
-        # get "updatecli" tar from release, unpack it, and add it to shell
-        updatecli-version = {
-          "selected" = "v0.66.0";
-        };
-        updatecli-prep = {
-          "x86_64-darwin"   = {
-            "url" = "https://github.com/updatecli/updatecli/releases/download/${updatecli-version.selected}/updatecli_Darwin_x86_64.tar.gz";
-            "sha" = "sha256-AkYYaCp/a4KkZ4zcYc3GepllyPE6bHb7x7K25JSyljY=";
+          leftovers-version = {
+            "selected" = "v0.70.0";
           };
-          "aarch64-darwin"  = {
-            "url" = "https://github.com/updatecli/updatecli/releases/download/${updatecli-version.selected}/updatecli_Darwin_arm64.tar.gz";
-            "sha" = "sha256-5ctfz4DcHRmjImYzL9hgOaC9pyeYKQxkpdIAr3J1a6g=";
+          leftovers-prep = {
+            "x86_64-darwin" = {
+              "url" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-darwin-amd64";
+              "sha" = "sha256-HV12kHqB14lGDm1rh9nD1n7Jvw0rCnxmjC9gusw7jfo=";
+            };
+            "aarch64-darwin" = {
+              "url" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-darwin-arm64";
+              "sha" = "sha256-Tw7G538RYZrwIauN7kI68u6aKS4d/0Efh+dirL/kzoM=";
+            };
+            "x86_64-linux" = {
+              "url" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-linux-amd64";
+              "sha" = "sha256-D2OPjLlV5xR3f+dVHu0ld6bQajD5Rv9GLCMCk9hXlu8=";
+            };
           };
-          "x86_64-linux"    = {
-            "url" = "https://github.com/updatecli/updatecli/releases/download/${updatecli-version.selected}/updatecli_Linux_x86_64.tar.gz";
-            "sha" = "sha256-tmboI0ew+LApo3uLVqebaa8VA/6rgonGJH2onQEbSyk=";
+          leftovers = pkgs.stdenv.mkDerivation {
+            name = "leftovers-${leftovers-version.selected}";
+            src = pkgs.fetchurl {
+              url = leftovers-prep."${system}".url;
+              sha256 = leftovers-prep."${system}".sha;
+            };
+            phases = [ "installPhase" ];
+            installPhase = ''
+              mkdir -p $out/bin
+              cp $src $out/bin/leftovers
+              chmod +x $out/bin/leftovers
+            '';
           };
-        };
-        updatecli = pkgs.runCommand "updatecli-${updatecli-version.selected}" {} ''
-          cp ${pkgs.fetchzip { # when fetching archives use fetchzip instead of fetchurl to automatically unpack
-            url = updatecli-prep."${system}".url;
-            sha256 = updatecli-prep."${system}".sha;
-            stripRoot = false;
-          }}/updatecli $out
-          chmod +x $out
-        '';
-        updatecli-wrapper = pkgs.writeShellScriptBin "updatecli" ''
-          exec ${updatecli} "$@"
-        '';
+          aspellWithDicts = pkgs.aspellWithDicts (d: [d.en d.en-computers]);
 
-        # get "leftovers" bin from release and add it to shell
-        leftovers-version = {
-          # remember when updating the version to also update the shas
-          # to get the sha, download the file and run 'nix hash file <file>'
-          "selected" = "v0.70.0";
-        };
-        leftovers-prep = {
-          "x86_64-darwin"   = {
-            "url" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-darwin-amd64";
-            "sha" = "sha256-HV12kHqB14lGDm1rh9nD1n7Jvw0rCnxmjC9gusw7jfo=";
-          };
-          "aarch64-darwin"  = {
-            "url" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-darwin-arm64";
-            "sha" = "sha256-Tw7G538RYZrwIauN7kI68u6aKS4d/0Efh+dirL/kzoM=";
+          devShellPackage = pkgs.symlinkJoin {
+            name = "dev-shell-package";
+            paths = with pkgs; [
+              act
+              actionlint
+              age
+              aspellWithDicts
+              awscli
+              bashInteractive
+              curl
+              dig
+              docker
+              gh
+              git
+              gitleaks
+              gnupg
+              go
+              gotestfmt
+              gotestsum
+              jq
+              kubectl
+              leftovers
+              less
+              ncurses
+              openssh_hpn
+              shellcheck
+              tflint
+              tfsec
+              tfswitch
+              updatecli
+              vim
+              which
+              xterm
+            ];
           };
-          "x86_64-linux"    = {
-            "url" = "https://github.com/genevieve/leftovers/releases/download/${leftovers-version.selected}/leftovers-${leftovers-version.selected}-linux-amd64";
-            "sha" = "sha256-D2OPjLlV5xR3f+dVHu0ld6bQajD5Rv9GLCMCk9hXlu8=";
+
+        in
+        {
+          packages.default = devShellPackage;
+
+          devShells.default = pkgs.mkShell {
+            buildInputs = [ devShellPackage ];
+            shellHook = ''
+              homebin=$HOME/bin;
+              install -d $homebin;
+              tfswitch -b $homebin/terraform 1.5.7 &>/dev/null;
+              export PATH="$homebin:$PATH";
+              export PS1="nix:# ";
+            '';
           };
-        };
-        leftovers = pkgs.runCommand "leftovers-${leftovers-version.selected}" {} ''
-          cp ${pkgs.fetchurl {
-            url = leftovers-prep."${system}".url;
-            sha256 = leftovers-prep."${system}".sha;
-          }} $out
-          chmod +x $out
-        '';
-        leftovers-wrapper = pkgs.writeShellScriptBin "leftovers" ''
-          exec ${leftovers} "$@"
-        '';
-        aspellWithDicts = pkgs.aspellWithDicts (d: [d.en d.en-computers]);
-      in
-      {
-        devShells.default = pkgs.mkShell {
-          buildInputs = with pkgs; [
-            act # run workflows locally with Docker
-            actionlint
-            age
-            aspellWithDicts
-            bashInteractive
-            curl
-            dig
-            docker
-            gh
-            git
-            gitleaks
-            gnupg
-            go
-            jq
-            kubectl
-            lego
-            less
-            ncurses
-            vim # for easily editing files that are not in this directory structure
-            openssh_hpn
-            shellcheck
-            tflint
-            tfswitch
-            tree # for easily finding files in this directory structure and helping generate docs
-            xterm
-          ];
-          shellHook = ''
-            homebin=$HOME/bin;
-            install -d $homebin;
-            tfswitch -b $homebin/terraform 1.5.7 &>/dev/null;
-            export PATH="${updatecli-wrapper}/bin:${leftovers-wrapper}/bin:$homebin:$PATH";
-            export PS1="nix:# ";
-          '';
-        };
-      }
-    );
+        }
+      );
 }
@@ -47,7 +47,7 @@ locals {
   vpc_cidr = (var.vpc_cidr == "" ? "10.0.255.0/24" : var.vpc_cidr)
 
   # subnet
-  subnets                    = var.subnets
+  subnets                    = (local.subnet_mod == 1 ? var.subnets : {})
   subnet_names               = keys(local.subnets)
   subnet_count               = length(local.subnets)
   newbits                    = (local.subnet_count > 1 ? ceil(log(local.subnet_count, 2)) : 1)
@@ -86,7 +86,7 @@ module "subnet" {
   depends_on = [
     module.vpc,
   ]
-  for_each          = (local.subnet_mod == 1 ? local.subnets : {})
+  for_each          = local.subnets
   source            = "./modules/subnet"
   use               = local.subnet_use_strategy
   vpc_id            = module.vpc[0].id