149 lines
4.5 KiB
Nix
149 lines
4.5 KiB
Nix
{
|
|
description = "My ArgoCD configuration with nixidy.";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
|
flake-utils.url = "github:numtide/flake-utils";
|
|
|
|
nixidy = {
|
|
url = "github:juselius/nixidy?ref=HEAD";
|
|
# url = "github:juselius/nixidy?ref=special-args";
|
|
# url = "/home/jonas/src/OceanBox/nixidy";
|
|
# inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
nixhelm = {
|
|
url = "github:farcaller/nixhelm";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
pre-commit-hooks = {
|
|
url = "github:cachix/pre-commit-hooks.nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
nix-kube-generators.url = "github:farcaller/nix-kube-generators";
|
|
|
|
yaml2nix = {
|
|
url = "github:euank/yaml2nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
inputs.flake-utils.follows = "flake-utils";
|
|
};
|
|
};
|
|
|
|
outputs =
|
|
{
|
|
self,
|
|
nixpkgs,
|
|
flake-utils,
|
|
nixidy,
|
|
nixhelm,
|
|
yaml2nix,
|
|
pre-commit-hooks,
|
|
nix-kube-generators,
|
|
}:
|
|
(flake-utils.lib.eachDefaultSystem (
|
|
system:
|
|
let
|
|
pkgs = import nixpkgs { inherit system; };
|
|
kube = nix-kube-generators.lib { inherit pkgs; };
|
|
lib = {
|
|
apps = import ./modules/lib.nix { inherit pkgs kube;};
|
|
};
|
|
in
|
|
{
|
|
nixidyEnvs = nixidy.lib.mkEnvs {
|
|
inherit pkgs;
|
|
extraSpecialArgs = { inherit lib; };
|
|
charts = nixhelm.chartsDerivations.${system};
|
|
modules = [
|
|
./modules
|
|
./apps
|
|
./policies
|
|
];
|
|
envs = {
|
|
prod.modules = [ ./envs/prod.nix ];
|
|
staging.modules = [ ./envs/staging.nix ];
|
|
};
|
|
};
|
|
|
|
checks = {
|
|
pre-commit-check = pre-commit-hooks.lib.${system}.run {
|
|
src = ./.;
|
|
hooks = {
|
|
nixfmt-rfc-style.enable = false;
|
|
deadnix.enable = false;
|
|
statix.enable = false;
|
|
};
|
|
};
|
|
};
|
|
|
|
packages = {
|
|
nixidy = nixidy.packages.${system}.default;
|
|
generators = {
|
|
cilium = nixidy.packages.${system}.generators.fromCRD {
|
|
name = "cilium";
|
|
src = pkgs.fetchFromGitHub {
|
|
owner = "cilium";
|
|
repo = "cilium";
|
|
rev = "v1.16.0";
|
|
hash = "sha256-LJrNGHF52hdKCuVwjvGifqsH+8hxkf/A3LZNpCHeR7E=";
|
|
};
|
|
crds = [
|
|
"pkg/k8s/apis/cilium.io/client/crds/v2/ciliumnetworkpolicies.yaml"
|
|
"pkg/k8s/apis/cilium.io/client/crds/v2/ciliumclusterwidenetworkpolicies.yaml"
|
|
];
|
|
};
|
|
|
|
kyverno = nixidy.packages.${system}.generators.fromCRD {
|
|
name = "kyverno";
|
|
src = pkgs.fetchFromGitHub {
|
|
owner = "kyverno";
|
|
repo = "kyverno";
|
|
rev = "v1.12.6";
|
|
hash = "sha256-FwVB1okxhWTzWlZljGEEH9KuSsJl9GmwnX7bn4iDx/M=";
|
|
};
|
|
crds = [
|
|
"config/crds/kyverno/kyverno.io_cleanuppolicies.yaml"
|
|
"config/crds/kyverno/kyverno.io_clustercleanuppolicies.yaml"
|
|
"config/crds/kyverno/kyverno.io_clusterpolicies.yaml"
|
|
"config/crds/kyverno/kyverno.io_globalcontextentries.yaml"
|
|
"config/crds/kyverno/kyverno.io_policies.yaml"
|
|
"config/crds/kyverno/kyverno.io_policyexceptions.yaml"
|
|
"config/crds/kyverno/kyverno.io_updaterequests.yaml"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
apps = {
|
|
gen-crd = {
|
|
type = "app";
|
|
program =
|
|
(pkgs.writeShellScript "generate-modules" ''
|
|
set -eo pipefail
|
|
echo "generate cilium"
|
|
cat ${self.packages.${system}.generators.cilium} > modules/cilium-crd.nix
|
|
echo "generate kyverno"
|
|
cat ${self.packages.${system}.generators.kyverno} > modules/kyverno-crd.nix
|
|
'').outPath;
|
|
};
|
|
};
|
|
|
|
devShells.default = pkgs.mkShellNoCC {
|
|
inherit (self.checks.${system}.pre-commit-check) shellHook;
|
|
nativeBuildInputs = with pkgs; [
|
|
self.checks.${system}.pre-commit-check.enabledPackages
|
|
nixidy.packages.${system}.default
|
|
yaml2nix.packages.${system}.default
|
|
nixd
|
|
nixfmt-rfc-style
|
|
just
|
|
fzf
|
|
];
|
|
NIXD_FLAGS = "--inlay-hints";
|
|
};
|
|
}
|
|
));
|
|
}
|