nixos-servers/scripts/default.nix

{ self, nixpkgs, flake-utils, ... }: flake-utils.lib.eachDefaultSystem (system:
let
  pkgs = nixpkgs.legacyPackages.${system};
  createScript = { name, runtimeInputs, scriptPath, extraWrapperFlags ? "", ... }:
    let
      script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: {
        buildCommand = "${old.buildCommand}\n patchShebangs $out";
      });
    in
    pkgs.symlinkJoin {
      inherit name;
      paths = [ script ] ++ runtimeInputs;
      buildInputs = [ pkgs.makeWrapper ];
      postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin ${extraWrapperFlags}";
    };
in
{
  packages.bootstrap = createScript {
    name = "bootstrap";
    runtimeInputs = with pkgs; [ sops coreutils nixos-anywhere ];
    scriptPath = ./bootstrap.sh;
  };

  packages.gen-k3s-cert = createScript {
    name = "create-k3s-cert";
    runtimeInputs = with pkgs; [ openssl coreutils openssh yq ];
    scriptPath = ./gen-k3s-cert.sh;
  };

  packages.prefetch-container-images =
    let
      imagesJSON = builtins.toFile "images.json" (builtins.toJSON self.globals.images);
    in
    pkgs.writers.writePython3Bin "prefetch-container-images.py"
      { } ''
      import json
      import subprocess
      import tempfile
      import sys
      from collections import defaultdict

      prefetch_docker_cmd = "${pkgs.lib.getExe pkgs.nix-prefetch-docker}"  # noqa: E501
      nix_cmd = "${pkgs.lib.getExe pkgs.nix}"  # noqa: E501
      images_file_name = "${imagesJSON}"

      results = defaultdict(lambda: defaultdict(dict))

      with open(images_file_name, 'r') as file:
          data = json.load(file)

      for image_name, image_ref in data.items():
          [name, tag] = image_ref.split(":", maxsplit=1)
          print(f"Prefetching image {image_ref}", file=sys.stderr)

          digest = ""
          if "@" in tag:
              [tag, digest] = tag.split("@", maxsplit=1)

          prefetch_args = [
              prefetch_docker_cmd,
              "--os", "linux",
              "--arch", "amd64",
              "--image-name", name,
              "--image-tag", tag,
              "--json",
              "--quiet"
          ]

          if digest:
              prefetch_args.extend(["--image-digest", digest])

          result = subprocess.run(prefetch_args,
                                  check=True,
                                  capture_output=True,
                                  text=True)

          prefetch_data = json.loads(result.stdout)
          results[image_name] = prefetch_data

      with tempfile.NamedTemporaryFile(mode='w+', suffix='.json') as temp_file:
          json.dump(results, temp_file, indent=4)
          temp_file.flush()

          to_nix_args = [
              nix_cmd,
              "eval",
              "--impure",
              "--expr", f'builtins.fromJSON (builtins.readFile {temp_file.name})'
          ]
          result = subprocess.run(to_nix_args,
                                  check=True,
                                  capture_output=True,
                                  text=True)

      print(result.stdout)
    '';
})
Cleanup after kubernetes deployment migration 2024-09-07 11:06:37 +00:00			`{ self, nixpkgs, flake-utils, ... }: flake-utils.lib.eachDefaultSystem (system:`
add script to generate k3s certificate 2024-03-27 19:10:14 +00:00			`let`
Cleanup after kubernetes deployment migration 2024-09-07 11:06:37 +00:00			`pkgs = nixpkgs.legacyPackages.${system};`
Improve createScript function 2024-05-19 12:05:20 +00:00			`createScript = { name, runtimeInputs, scriptPath, extraWrapperFlags ? "", ... }:`
add script to generate k3s certificate 2024-03-27 19:10:14 +00:00			`let`
create own library for globals and net.nix 2024-04-13 15:28:31 +00:00			`script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: {`
add script to generate k3s certificate 2024-03-27 19:10:14 +00:00			`buildCommand = "${old.buildCommand}\n patchShebangs $out";`
			`});`
			`in`
create own library for globals and net.nix 2024-04-13 15:28:31 +00:00			`pkgs.symlinkJoin {`
add script to generate k3s certificate 2024-03-27 19:10:14 +00:00			`inherit name;`
			`paths = [ script ] ++ runtimeInputs;`
create own library for globals and net.nix 2024-04-13 15:28:31 +00:00			`buildInputs = [ pkgs.makeWrapper ];`
Improve createScript function 2024-05-19 12:05:20 +00:00			`postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin ${extraWrapperFlags}";`
add script to generate k3s certificate 2024-03-27 19:10:14 +00:00			`};`
			`in`
			`{`
Improve createScript function 2024-05-19 12:05:20 +00:00			`packages.bootstrap = createScript {`
			`name = "bootstrap";`
Replace agenix with sops-nix 2024-06-15 20:27:07 +00:00			`runtimeInputs = with pkgs; [ sops coreutils nixos-anywhere ];`
Improve createScript function 2024-05-19 12:05:20 +00:00			`scriptPath = ./bootstrap.sh;`
			`};`

			`packages.gen-k3s-cert = createScript {`
			`name = "create-k3s-cert";`
			`runtimeInputs = with pkgs; [ openssl coreutils openssh yq ];`
			`scriptPath = ./gen-k3s-cert.sh;`
			`};`
Add script to prefetch Docker images 2024-06-30 12:35:47 +00:00
			`packages.prefetch-container-images =`
			`let`
Cleanup after kubernetes deployment migration 2024-09-07 11:06:37 +00:00			`imagesJSON = builtins.toFile "images.json" (builtins.toJSON self.globals.images);`
Add script to prefetch Docker images 2024-06-30 12:35:47 +00:00			`in`
Build tooling around nix-snapshotter 2024-08-29 04:53:05 +00:00			`pkgs.writers.writePython3Bin "prefetch-container-images.py"`
Add script to prefetch Docker images 2024-06-30 12:35:47 +00:00			`{ } ''`
			`import json`
			`import subprocess`
			`import tempfile`
			`import sys`
			`from collections import defaultdict`

			`prefetch_docker_cmd = "${pkgs.lib.getExe pkgs.nix-prefetch-docker}" # noqa: E501`
			`nix_cmd = "${pkgs.lib.getExe pkgs.nix}" # noqa: E501`
			`images_file_name = "${imagesJSON}"`

			`results = defaultdict(lambda: defaultdict(dict))`

			`with open(images_file_name, 'r') as file:`
			`data = json.load(file)`

Build tooling around nix-snapshotter 2024-08-29 04:53:05 +00:00			`for image_name, image_ref in data.items():`
			`[name, tag] = image_ref.split(":", maxsplit=1)`
			`print(f"Prefetching image {image_ref}", file=sys.stderr)`
Add script to prefetch Docker images 2024-06-30 12:35:47 +00:00
Build tooling around nix-snapshotter 2024-08-29 04:53:05 +00:00			`digest = ""`
			`if "@" in tag:`
			`[tag, digest] = tag.split("@", maxsplit=1)`
Add script to prefetch Docker images 2024-06-30 12:35:47 +00:00
Resolve cyberchef and radicale images using nix-snapshotter Increase inotify max user instances to 256 Disable tailscale by default 2024-08-25 15:04:31 +00:00			`prefetch_args = [`
			`prefetch_docker_cmd,`
			`"--os", "linux",`
			`"--arch", "amd64",`
			`"--image-name", name,`
			`"--image-tag", tag,`
			`"--json",`
			`"--quiet"`
			`]`
Build tooling around nix-snapshotter 2024-08-29 04:53:05 +00:00
			`if digest:`
			`prefetch_args.extend(["--image-digest", digest])`

Resolve cyberchef and radicale images using nix-snapshotter Increase inotify max user instances to 256 Disable tailscale by default 2024-08-25 15:04:31 +00:00			`result = subprocess.run(prefetch_args,`
			`check=True,`
			`capture_output=True,`
			`text=True)`
Add script to prefetch Docker images 2024-06-30 12:35:47 +00:00
Resolve cyberchef and radicale images using nix-snapshotter Increase inotify max user instances to 256 Disable tailscale by default 2024-08-25 15:04:31 +00:00			`prefetch_data = json.loads(result.stdout)`
			`results[image_name] = prefetch_data`
Add script to prefetch Docker images 2024-06-30 12:35:47 +00:00
			`with tempfile.NamedTemporaryFile(mode='w+', suffix='.json') as temp_file:`
			`json.dump(results, temp_file, indent=4)`
			`temp_file.flush()`

			`to_nix_args = [`
			`nix_cmd,`
			`"eval",`
			`"--impure",`
			`"--expr", f'builtins.fromJSON (builtins.readFile {temp_file.name})'`
			`]`
			`result = subprocess.run(to_nix_args,`
			`check=True,`
			`capture_output=True,`
			`text=True)`

			`print(result.stdout)`
			`'';`
add script to generate k3s certificate 2024-03-27 19:10:14 +00:00			`})`