feat: disable flakes, use normal nix shell

2024-12-04 15:15:31 +01:00
parent 1feb953dc4
commit 6ba97b006b
8 changed files with 237 additions and 8 deletions
@@ -1 +1 @@
-use flake
+use nix
@@ -0,0 +1,33 @@
+let
+  sources = import ./nix;
+  system = builtins.currentSystem;
+  pkgs = import sources.nixpkgs {
+    inherit system;
+    config = { };
+    overlays = [ ];
+  };
+  nixpkgs = sources.nixpkgs;
+  nixhelm = sources.nixhelm;
+  nixidy = import sources.nixidy { inherit nixpkgs; };
+  kube = pkgs.callPackage "${sources.nix-kube-gen}/lib/default.nix" { inherit pkgs; };
+in
+nixidy.lib.mkEnvs {
+  libOverlay = self: super: {
+    apps = import ./modules/lib.nix { inherit pkgs kube; };
+  };
+  modules = [
+    (
+      { lib, ... }:
+      {
+        nixidy.charts = lib.helm.mkChartAttrs "${nixhelm}/charts";
+      }
+    )
+    ./modules
+    ./apps
+    ./policies
+  ];
+  envs = {
+    prod.modules = [ ./envs/prod.nix ];
+    staging.modules = [ ./envs/staging.nix ];
+  };
+}
@@ -325,16 +325,16 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1728908720,
-        "narHash": "sha256-0fNVuZdg7vNn47NBcStHzVzWfpSM2cdh7k2kiTcUal8=",
-        "owner": "juselius",
+        "lastModified": 1728815994,
+        "narHash": "sha256-uF6HAoDMAX0cZbKH27k/0UpIteQMhyLkP1rYKUfj5ys=",
+        "owner": "arnarg",
        "repo": "nixidy",
-        "rev": "21cee93f73c29eff44c37dbc90ba68d217258b9d",
+        "rev": "6e20193c95a0aaca444289d7c69f4eb329d25234",
        "type": "github"
      },
      "original": {
-        "owner": "juselius",
-        "ref": "special-args",
+        "owner": "arnarg",
+        "ref": "HEAD",
        "repo": "nixidy",
        "type": "github"
      }
@@ -6,7 +6,8 @@
    flake-utils.url = "github:numtide/flake-utils";

    nixidy = {
-      url = "github:juselius/nixidy?ref=special-args";
+      url = "github:juselius/nixidy?ref=HEAD";
+      # url = "github:juselius/nixidy?ref=special-args";
      # url = "/home/jonas/src/OceanBox/nixidy";
      # inputs.nixpkgs.follows = "nixpkgs";
    };
@@ -0,0 +1,44 @@
+let
+  sources = import ./nix;
+  system = builtins.currentSystem;
+  pkgs = import sources.nixpkgs {
+    inherit system;
+    config = { };
+    overlays = [ ];
+  };
+  nixpkgs = sources.nixpkgs;
+  nixidy = import sources.nixidy { inherit nixpkgs; };
+in
+{
+  cilium = nixidy.generators.fromCRD {
+    name = "cilium";
+    src = pkgs.fetchFromGitHub {
+      owner = "cilium";
+      repo = "cilium";
+      rev = "v1.16.0";
+      hash = "sha256-LJrNGHF52hdKCuVwjvGifqsH+8hxkf/A3LZNpCHeR7E=";
+    };
+    crds = [
+      "pkg/k8s/apis/cilium.io/client/crds/v2/ciliumnetworkpolicies.yaml"
+      "pkg/k8s/apis/cilium.io/client/crds/v2/ciliumclusterwidenetworkpolicies.yaml"
+    ];
+  };
+  kyverno = nixidy.generators.fromCRD {
+    name = "kyverno";
+    src = pkgs.fetchFromGitHub {
+      owner = "kyverno";
+      repo = "kyverno";
+      rev = "v1.12.6";
+      hash = "sha256-FwVB1okxhWTzWlZljGEEH9KuSsJl9GmwnX7bn4iDx/M=";
+    };
+    crds = [
+      "config/crds/kyverno/kyverno.io_cleanuppolicies.yaml"
+      "config/crds/kyverno/kyverno.io_clustercleanuppolicies.yaml"
+      "config/crds/kyverno/kyverno.io_clusterpolicies.yaml"
+      "config/crds/kyverno/kyverno.io_globalcontextentries.yaml"
+      "config/crds/kyverno/kyverno.io_policies.yaml"
+      "config/crds/kyverno/kyverno.io_policyexceptions.yaml"
+      "config/crds/kyverno/kyverno.io_updaterequests.yaml"
+    ];
+  };
+}
@@ -0,0 +1,80 @@
+# Generated by npins. Do not modify; will be overwritten regularly
+let
+  data = builtins.fromJSON (builtins.readFile ./sources.json);
+  version = data.version;
+
+  mkSource =
+    spec:
+    assert spec ? type;
+    let
+      path =
+        if spec.type == "Git" then
+          mkGitSource spec
+        else if spec.type == "GitRelease" then
+          mkGitSource spec
+        else if spec.type == "PyPi" then
+          mkPyPiSource spec
+        else if spec.type == "Channel" then
+          mkChannelSource spec
+        else
+          builtins.throw "Unknown source type ${spec.type}";
+    in
+    spec // { outPath = path; };
+
+  mkGitSource =
+    {
+      repository,
+      revision,
+      url ? null,
+      hash,
+      branch ? null,
+      ...
+    }:
+    assert repository ? type;
+    # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
+    # In the latter case, there we will always be an url to the tarball
+    if url != null then
+      (builtins.fetchTarball {
+        inherit url;
+        sha256 = hash; # FIXME: check nix version & use SRI hashes
+      })
+    else
+      assert repository.type == "Git";
+      let
+        urlToName =
+          url: rev:
+          let
+            matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
+
+            short = builtins.substring 0 7 rev;
+
+            appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
+          in
+          "${if matched == null then "source" else builtins.head matched}${appendShort}";
+        name = urlToName repository.url revision;
+      in
+      builtins.fetchGit {
+        url = repository.url;
+        rev = revision;
+        inherit name;
+        # hash = hash;
+      };
+
+  mkPyPiSource =
+    { url, hash, ... }:
+    builtins.fetchurl {
+      inherit url;
+      sha256 = hash;
+    };
+
+  mkChannelSource =
+    { url, hash, ... }:
+    builtins.fetchTarball {
+      inherit url;
+      sha256 = hash;
+    };
+in
+if version == 3 then
+  builtins.mapAttrs (_: mkSource) data.pins
+else
+  throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
@@ -0,0 +1,47 @@
+{
+  "pins": {
+    "nix-kube-gen": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "farcaller",
+        "repo": "nix-kube-generators"
+      },
+      "branch": "master",
+      "revision": "2be4f3cb99e179d9f94e6c8723862421437f8efb",
+      "url": "https://github.com/farcaller/nix-kube-generators/archive/2be4f3cb99e179d9f94e6c8723862421437f8efb.tar.gz",
+      "hash": "0pgpr0szig7plmj7i4hjfkpcm4vgy0ingqr115wqjzbx5yjc6c7j"
+    },
+    "nixhelm": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "farcaller",
+        "repo": "nixhelm"
+      },
+      "branch": "master",
+      "revision": "cafa44fc8c2ad34baf6e5f1bdea3eb3a587a1f6d",
+      "url": "https://github.com/farcaller/nixhelm/archive/cafa44fc8c2ad34baf6e5f1bdea3eb3a587a1f6d.tar.gz",
+      "hash": "1waplza2c0wgq23v41ladfgqdq2wrbw889c973cm439940zj4mj1"
+    },
+    "nixidy": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "arnarg",
+        "repo": "nixidy"
+      },
+      "branch": "main",
+      "revision": "d28f45aea4d7b93928f1ea94f22a03a3f6dc25f6",
+      "url": "https://github.com/arnarg/nixidy/archive/d28f45aea4d7b93928f1ea94f22a03a3f6dc25f6.tar.gz",
+      "hash": "0ijxdh2432wvwyff1f5yfrjn93lzayrswi1bkasjpwaps9v6ld4r"
+    },
+    "nixpkgs": {
+      "type": "Channel",
+      "name": "nixpkgs-unstable",
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre699031.2d2a9ddbe3f2/nixexprs.tar.xz",
+      "hash": "1vx044c8gdg1c8zmabzbi9xrgjgaz2bfqbl47xsgh517f580bycx"
+    }
+  },
+  "version": 3
+}
@@ -0,0 +1,24 @@
+let
+  sources = import ./nix;
+  system = builtins.currentSystem;
+  pkgs = import sources.nixpkgs {
+    inherit system;
+    config = { };
+    overlays = [ ];
+  };
+  nixpkgs = sources.nixpkgs;
+  nixidy = import sources.nixidy { inherit nixpkgs; };
+in
+{
+  shell = pkgs.mkShellNoCC {
+    name = "clstr";
+    nativeBuildInputs = with pkgs; [
+      nixidy.nixidy
+      npins
+      nixfmt-rfc-style
+      just
+      fzf
+    ];
+    NPINS_DIRECTORY = "nix";
+  };
+}