wip: figuring out how to do multiple envs and stuff

apps/atlantis.nix

@@ -1,9 +1,9 @@
 { lib, config, ... }:
 let
-  cfg = config.services.atlantis;
+  cfg = config.apps.atlantis;
 in
 {
-  options.services.atlantis = {
+  options.apps.atlantis = {
     enable = lib.mkOption {
       type = lib.types.bool;
       default = true;

apps/default.nix

@@ -4,22 +4,4 @@
     ./atlantis.nix
     ./openfga.nix
   ];
-
-  config = {
-    services = {
-
-      atlantis = {
-        enable = true;
-        autoSync = true;
-        prune = false;
-      };
-
-      openfga = {
-        enable = true;
-        autoSync = true;
-        prune = false;
-      };
-
-    };
-  };
 }

apps/openfga.nix

@@ -1,18 +1,31 @@
 { lib, applib, config, ... }:
 let
-  cfg = config.services.openfga;
+  cfg = config.apps.openfga;
 
+  env = config.apps.env;
   namespace = "${env}-openfga";
-  env = "prod";
   project = "aux";
   cluster = "https://kubernetes.default.svc";
+  vs = ../values/openfga;
+
+  # values = applib.appValues ../values/openfga {};
+
+  values = with lib;
+    attrsets.mergeAttrsList (lists.flatten [
+      (kube.fromYAML (builtins.readFile "${vs}/values.yaml"))
+      (kube.fromYAML (builtins.readFile "${vs}/values-${env}.yaml"))
+      [ cfg.values ]
+  ]);
+  kustomize = r:
+    if r.kind == "Job" then
+      lib.attrsets.recursiveUpdate r { spec.backoffLimit = 2; }
+    else r;
 
-  values = lib.attrsets.recursiveUpdate {} cfg.values;
 in
   {
-    options.services.openfga = applib.appOptions {};
+    options.apps.openfga = applib.appOptions {};
 
-    config = applib.appConfig cfg "${cfg.env}-openfga" {
+    config = applib.appConfig cfg "${env}-openfga" {
         inherit namespace;
         inherit project;
 
@@ -26,6 +39,7 @@ in
               version = "0.2.12";
               chartHash = "sha256-7yLcw9/oNPvCePrtTJwKAG88t0Ym5Dl/S83Gz+gQdDU=";
           };
+          transformer = rs: builtins.map (x: kustomize x) rs;
         };
 
         annotations = {};

envs/prod.nix

@@ -0,0 +1,13 @@
+_:
+{
+  config = {
+    apps = {
+      env = "prod";
+      autoSync = false;
+      prune = false;
+
+      atlantis.enable = true;
+      openfga.enable = true;
+    };
+  };
+}

envs/staging.nix

@@ -0,0 +1,17 @@
+_:
+{
+  config = {
+    apps = {
+      env = "staging";
+      autoSync = true;
+      prune = true;
+
+      atlantis = {
+        enable = true;
+        autoSync = true;
+        prune = false;
+      };
+      openfga.enable = true;
+    };
+  };
+}

flake.nix

@@ -44,19 +44,20 @@
         applib = import ./modules/lib.nix { inherit pkgs; };
       in
       {
-        nixidyEnvs = {
+        nixidyEnvs = nixidy.lib.mkEnvs {
-          prod = nixidy.lib.mkEnv {
             inherit pkgs;
             extraSpecialArgs = { inherit applib; };
             charts = nixhelm.chartsDerivations.${system};
             modules = [
               ./modules
               ./apps
-              ./policies/oceanbox/network
+              ./policies
-              # ./policies/oceanbox/kyverno
             ];
+            envs = {
+              prod.modules = [ ./envs/prod.nix ];
+              staging.modules = [ ./envs/staging.nix ];
+            };
           };
-        };
 
         checks = {
           pre-commit-check = pre-commit-hooks.lib.${system}.run {

justfile

@@ -12,6 +12,6 @@ build target=default:
 switch target=default:
   nix run .#nixidy -- switch .#{{target}}
 
-generate target=default:
+generate:
   nix build .#generators.cilium
-  # nix build .#generators.kyverno
+  nix build .#generators.kyverno

modules/default.nix

@@ -1,6 +1,41 @@
-{ lib, ... }:
+{ lib, config, ... }:
+let
+  cfg = config.apps;
+in
 {
-  imports = [ ];
+  imports = [];
+
+  options.apps = with lib; {
+      env = mkOption {
+        type = types.string;
+        default = "prod";
+        description = "Enable";
+      };
+
+      autoSync = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Auto sync";
+      };
+
+      prune = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Prune";
+      };
+
+      selfHeal = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Self-heal";
+      };
+
+      serverSideDiff = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Enable server-side diffing";
+      };
+  };
 
   config = {
     nixidy = {
@@ -20,9 +55,9 @@
       defaults = {
         syncPolicy = {
           autoSync = {
-            enabled = true;
+            enabled = cfg.autoSync;
-            prune = false;
+            prune = cfg.prune;
-            selfHeal = false;
+            selfHeal = cfg.selfHeal;
           };
         };
 

modules/lib.nix

@@ -25,6 +25,24 @@
         description = "Enable server-side diffing";
       };
 
+      namespace = mkOption {
+        type = types.string;
+        default = null;
+        description = "Namespace";
+      };
+
+      project = mkOption {
+        type = types.string;
+        default = "default";
+        description = "Project";
+      };
+
+      cluster = mkOption {
+        type = types.string;
+        default = "https://kubernetes.default.svc";
+        description = "Cluster";
+      };
+
       values = mkOption {
         type = types.attrsOf types.anything;
         default = {};
@@ -55,4 +73,11 @@
        };
 
     in mkIf cfg.enable { applications.${name} = app; };
+
+  appValues = with pkgs.lib; vs: values:
+    attrsets.mergeAttrsList (lists.flatten [
+      (lib.kube.fromYAML (builtins.readFile "${vs}/values.yaml"))
+      (lib.kube.fromYAML (builtins.readFile "${vs}/values-${env}.yaml"))
+      [ values ]
+  ]);
 }

policies/default.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./oceanbox/network
+    # ./oceanbox/kyverno
+  ];
+}