platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity
Files
11b398801dee6dd90efdfc637ba436dca46d334b
manifests/flake.nix
T
Jonas Juselius 11b398801d wip: try nixidy
2024-10-10 16:04:41 +02:00

140 lines
4.1 KiB
Nix
Raw Blame History

{
description = "My ArgoCD configuration with nixidy.";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
nixidy = {
url = "github:arnarg/nixidy";
inputs.nixpkgs.follows = "nixpkgs";
};
nixhelm = {
url = "github:farcaller/nixhelm";
inputs.nixpkgs.follows = "nixpkgs";
};
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
yaml2nix = {
url = "github:euank/yaml2nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
};
outputs =
{
self,
nixpkgs,
flake-utils,
nixidy,
nixhelm,
yaml2nix,
pre-commit-hooks,
}:
(flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = import nixpkgs {
inherit system;
};
in
{
nixidyEnvs = {
prod = nixidy.lib.mkEnv {
inherit pkgs;
charts = nixhelm.chartsDerivations.${system};
modules = [
./modules
./apps
./policies/oceanbox/network
# ./policies/oceanbox/kyverno
];
};
};
checks = {
pre-commit-check = pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt-rfc-style.enable = false;
deadnix.enable = false;
statix.enable = false;
};
};
};
packages = {
nixidy = nixidy.packages.${system}.default;
generators = {
cilium = nixidy.packages.${system}.generators.fromCRD {
name = "cilium";
src = pkgs.fetchFromGitHub {
owner = "cilium";
repo = "cilium";
rev = "v1.16.0";
hash = "sha256-LJrNGHF52hdKCuVwjvGifqsH+8hxkf/A3LZNpCHeR7E=";
};
crds = [
"pkg/k8s/apis/cilium.io/client/crds/v2/ciliumnetworkpolicies.yaml"
"pkg/k8s/apis/cilium.io/client/crds/v2/ciliumclusterwidenetworkpolicies.yaml"
];
};
kyverno = nixidy.packages.${system}.generators.fromCRD {
name = "kyverno";
src = pkgs.fetchFromGitHub {
owner = "kyverno";
repo = "kyverno";
rev = "v1.12.6";
hash = "sha256-FwVB1okxhWTzWlZljGEEH9KuSsJl9GmwnX7bn4iDx/M=";
};
crds = [
"config/crds/kyverno/kyverno.io_cleanuppolicies.yaml"
"config/crds/kyverno/kyverno.io_clustercleanuppolicies.yaml"
"config/crds/kyverno/kyverno.io_clusterpolicies.yaml"
"config/crds/kyverno/kyverno.io_globalcontextentries.yaml"
"config/crds/kyverno/kyverno.io_policies.yaml"
"config/crds/kyverno/kyverno.io_policyexceptions.yaml"
"config/crds/kyverno/kyverno.io_updaterequests.yaml"
];
};
};
};
apps = {
gen-crd = {
type = "app";
program =
(pkgs.writeShellScript "generate-modules" ''
set -eo pipefail
echo "generate cilium"
cat ${self.packages.${system}.generators.cilium} > modules/cilium-crd.nix
echo "generate kyverno"
cat ${self.packages.${system}.generators.kyverno} > modules/kyverno-crd.nix
'').outPath;
};
};
devShells.default = pkgs.mkShellNoCC {
inherit (self.checks.${system}.pre-commit-check) shellHook;
nativeBuildInputs = with pkgs; [
self.checks.${system}.pre-commit-check.enabledPackages
nixidy.packages.${system}.default
yaml2nix.packages.${system}.default
nixd
nixfmt-rfc-style
just
fzf
];
NIXD_FLAGS = "--inlay-hints";
};
}
));
}
Reference in New Issue View Git Blame Copy Permalink