wip: figuring out how to do multiple envs and stuff

2024-10-14 07:51:07 +02:00
parent 768cb1ddef
commit 91b56423f2
10 changed files with 131 additions and 37 deletions
@@ -1,9 +1,9 @@
 { lib, config, ... }:
 let
-  cfg = config.services.atlantis;
+  cfg = config.apps.atlantis;
 in
 {
-  options.services.atlantis = {
+  options.apps.atlantis = {
    enable = lib.mkOption {
      type = lib.types.bool;
      default = true;
@@ -4,22 +4,4 @@
    ./atlantis.nix
    ./openfga.nix
  ];
-
-  config = {
-    services = {
-
-      atlantis = {
-        enable = true;
-        autoSync = true;
-        prune = false;
-      };
-
-      openfga = {
-        enable = true;
-        autoSync = true;
-        prune = false;
-      };
-
-    };
-  };
 }
@@ -1,18 +1,31 @@
 { lib, applib, config, ... }:
 let
-  cfg = config.services.openfga;
+  cfg = config.apps.openfga;

+  env = config.apps.env;
  namespace = "${env}-openfga";
-  env = "prod";
  project = "aux";
  cluster = "https://kubernetes.default.svc";
+  vs = ../values/openfga;
+
+  # values = applib.appValues ../values/openfga {};
+
+  values = with lib;
+    attrsets.mergeAttrsList (lists.flatten [
+      (kube.fromYAML (builtins.readFile "${vs}/values.yaml"))
+      (kube.fromYAML (builtins.readFile "${vs}/values-${env}.yaml"))
+      [ cfg.values ]
+  ]);
+  kustomize = r:
+    if r.kind == "Job" then
+      lib.attrsets.recursiveUpdate r { spec.backoffLimit = 2; }
+    else r;

-  values = lib.attrsets.recursiveUpdate {} cfg.values;
 in
  {
-    options.services.openfga = applib.appOptions {};
+    options.apps.openfga = applib.appOptions {};

-    config = applib.appConfig cfg "${cfg.env}-openfga" {
+    config = applib.appConfig cfg "${env}-openfga" {
        inherit namespace;
        inherit project;

@@ -26,6 +39,7 @@ in
              version = "0.2.12";
              chartHash = "sha256-7yLcw9/oNPvCePrtTJwKAG88t0Ym5Dl/S83Gz+gQdDU=";
          };
+          transformer = rs: builtins.map (x: kustomize x) rs;
        };

        annotations = {};
@@ -0,0 +1,13 @@
+_:
+{
+  config = {
+    apps = {
+      env = "prod";
+      autoSync = false;
+      prune = false;
+
+      atlantis.enable = true;
+      openfga.enable = true;
+    };
+  };
+}
@@ -0,0 +1,17 @@
+_:
+{
+  config = {
+    apps = {
+      env = "staging";
+      autoSync = true;
+      prune = true;
+
+      atlantis = {
+        enable = true;
+        autoSync = true;
+        prune = false;
+      };
+      openfga.enable = true;
+    };
+  };
+}
@@ -44,19 +44,20 @@
        applib = import ./modules/lib.nix { inherit pkgs; };
      in
      {
-        nixidyEnvs = {
-          prod = nixidy.lib.mkEnv {
+        nixidyEnvs = nixidy.lib.mkEnvs {
            inherit pkgs;
            extraSpecialArgs = { inherit applib; };
            charts = nixhelm.chartsDerivations.${system};
            modules = [
              ./modules
              ./apps
-              ./policies/oceanbox/network
-              # ./policies/oceanbox/kyverno
+              ./policies
            ];
+            envs = {
+              prod.modules = [ ./envs/prod.nix ];
+              staging.modules = [ ./envs/staging.nix ];
+            };
          };
-        };

        checks = {
          pre-commit-check = pre-commit-hooks.lib.${system}.run {
@@ -12,6 +12,6 @@ build target=default:
 switch target=default:
  nix run .#nixidy -- switch .#{{target}}

-generate target=default:
+generate:
  nix build .#generators.cilium
-  # nix build .#generators.kyverno
+  nix build .#generators.kyverno
@@ -1,6 +1,41 @@
-{ lib, ... }:
+{ lib, config, ... }:
+let
+  cfg = config.apps;
+in
 {
-  imports = [ ];
+  imports = [];
+
+  options.apps = with lib; {
+      env = mkOption {
+        type = types.string;
+        default = "prod";
+        description = "Enable";
+      };
+
+      autoSync = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Auto sync";
+      };
+
+      prune = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Prune";
+      };
+
+      selfHeal = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Self-heal";
+      };
+
+      serverSideDiff = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Enable server-side diffing";
+      };
+  };

  config = {
    nixidy = {
@@ -20,9 +55,9 @@
      defaults = {
        syncPolicy = {
          autoSync = {
-            enabled = true;
-            prune = false;
-            selfHeal = false;
+            enabled = cfg.autoSync;
+            prune = cfg.prune;
+            selfHeal = cfg.selfHeal;
          };
        };

@@ -25,6 +25,24 @@
        description = "Enable server-side diffing";
      };

+      namespace = mkOption {
+        type = types.string;
+        default = null;
+        description = "Namespace";
+      };
+
+      project = mkOption {
+        type = types.string;
+        default = "default";
+        description = "Project";
+      };
+
+      cluster = mkOption {
+        type = types.string;
+        default = "https://kubernetes.default.svc";
+        description = "Cluster";
+      };
+
      values = mkOption {
        type = types.attrsOf types.anything;
        default = {};
@@ -55,4 +73,11 @@
       };

    in mkIf cfg.enable { applications.${name} = app; };
+
+  appValues = with pkgs.lib; vs: values:
+    attrsets.mergeAttrsList (lists.flatten [
+      (lib.kube.fromYAML (builtins.readFile "${vs}/values.yaml"))
+      (lib.kube.fromYAML (builtins.readFile "${vs}/values-${env}.yaml"))
+      [ values ]
+  ]);
 }
@@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./oceanbox/network
+    # ./oceanbox/kyverno
+  ];
+}