{ description = "My ArgoCD configuration with nixidy."; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; nixidy = { url = "github:juselius/nixidy?ref=HEAD"; # url = "github:juselius/nixidy?ref=special-args"; # url = "/home/jonas/src/OceanBox/nixidy"; # inputs.nixpkgs.follows = "nixpkgs"; }; nixhelm = { url = "github:farcaller/nixhelm"; inputs.nixpkgs.follows = "nixpkgs"; }; pre-commit-hooks = { url = "github:cachix/pre-commit-hooks.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; nix-kube-generators.url = "github:farcaller/nix-kube-generators"; yaml2nix = { url = "github:euank/yaml2nix"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; }; outputs = { self, nixpkgs, flake-utils, nixidy, nixhelm, yaml2nix, pre-commit-hooks, nix-kube-generators, }: (flake-utils.lib.eachDefaultSystem ( system: let pkgs = import nixpkgs { inherit system; }; kube = nix-kube-generators.lib { inherit pkgs; }; lib = { apps = import ./modules/lib.nix { inherit pkgs kube;}; }; in { nixidyEnvs = nixidy.lib.mkEnvs { inherit pkgs; extraSpecialArgs = { inherit lib; }; charts = nixhelm.chartsDerivations.${system}; modules = [ ./modules ./apps ./policies ]; envs = { prod.modules = [ ./envs/prod.nix ]; staging.modules = [ ./envs/staging.nix ]; }; }; checks = { pre-commit-check = pre-commit-hooks.lib.${system}.run { src = ./.; hooks = { nixfmt-rfc-style.enable = false; deadnix.enable = false; statix.enable = false; }; }; }; packages = { nixidy = nixidy.packages.${system}.default; generators = { cilium = nixidy.packages.${system}.generators.fromCRD { name = "cilium"; src = pkgs.fetchFromGitHub { owner = "cilium"; repo = "cilium"; rev = "v1.16.0"; hash = "sha256-LJrNGHF52hdKCuVwjvGifqsH+8hxkf/A3LZNpCHeR7E="; }; crds = [ "pkg/k8s/apis/cilium.io/client/crds/v2/ciliumnetworkpolicies.yaml" "pkg/k8s/apis/cilium.io/client/crds/v2/ciliumclusterwidenetworkpolicies.yaml" ]; }; kyverno = nixidy.packages.${system}.generators.fromCRD { name = "kyverno"; src = pkgs.fetchFromGitHub { owner = "kyverno"; repo = "kyverno"; rev = "v1.12.6"; hash = "sha256-FwVB1okxhWTzWlZljGEEH9KuSsJl9GmwnX7bn4iDx/M="; }; crds = [ "config/crds/kyverno/kyverno.io_cleanuppolicies.yaml" "config/crds/kyverno/kyverno.io_clustercleanuppolicies.yaml" "config/crds/kyverno/kyverno.io_clusterpolicies.yaml" "config/crds/kyverno/kyverno.io_globalcontextentries.yaml" "config/crds/kyverno/kyverno.io_policies.yaml" "config/crds/kyverno/kyverno.io_policyexceptions.yaml" "config/crds/kyverno/kyverno.io_updaterequests.yaml" ]; }; }; }; apps = { gen-crd = { type = "app"; program = (pkgs.writeShellScript "generate-modules" '' set -eo pipefail echo "generate cilium" cat ${self.packages.${system}.generators.cilium} > modules/cilium-crd.nix echo "generate kyverno" cat ${self.packages.${system}.generators.kyverno} > modules/kyverno-crd.nix '').outPath; }; }; devShells.default = pkgs.mkShellNoCC { inherit (self.checks.${system}.pre-commit-check) shellHook; nativeBuildInputs = with pkgs; [ self.checks.${system}.pre-commit-check.enabledPackages nixidy.packages.${system}.default yaml2nix.packages.${system}.default nixd nixfmt-rfc-style just fzf ]; NIXD_FLAGS = "--inlay-hints"; }; } )); }