101 lines
3.2 KiB
Nix
101 lines
3.2 KiB
Nix
{ flake-utils, pkgs, ... }: flake-utils.lib.eachDefaultSystem (system:
|
|
let
|
|
createScript = { name, runtimeInputs, scriptPath, extraWrapperFlags ? "", ... }:
|
|
let
|
|
script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: {
|
|
buildCommand = "${old.buildCommand}\n patchShebangs $out";
|
|
});
|
|
in
|
|
pkgs.symlinkJoin {
|
|
inherit name;
|
|
paths = [ script ] ++ runtimeInputs;
|
|
buildInputs = [ pkgs.makeWrapper ];
|
|
postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin ${extraWrapperFlags}";
|
|
};
|
|
in
|
|
{
|
|
packages.bootstrap = createScript {
|
|
name = "bootstrap";
|
|
runtimeInputs = with pkgs; [ sops coreutils nixos-anywhere ];
|
|
scriptPath = ./bootstrap.sh;
|
|
};
|
|
|
|
packages.gen-k3s-cert = createScript {
|
|
name = "create-k3s-cert";
|
|
runtimeInputs = with pkgs; [ openssl coreutils openssh yq ];
|
|
scriptPath = ./gen-k3s-cert.sh;
|
|
};
|
|
|
|
packages.prefetch-container-images =
|
|
let
|
|
images = {
|
|
cyberchef = {
|
|
cyberchef = {
|
|
image-name = "mpepping/cyberchef";
|
|
image-tag = "latest";
|
|
};
|
|
};
|
|
};
|
|
imagesJSON = builtins.toFile "images.json" (builtins.toJSON images);
|
|
in
|
|
pkgs.writers.writePython3Bin "prefetch-container-images"
|
|
{ } ''
|
|
import json
|
|
import subprocess
|
|
import tempfile
|
|
import sys
|
|
from collections import defaultdict
|
|
|
|
prefetch_docker_cmd = "${pkgs.lib.getExe pkgs.nix-prefetch-docker}" # noqa: E501
|
|
nix_cmd = "${pkgs.lib.getExe pkgs.nix}" # noqa: E501
|
|
images_file_name = "${imagesJSON}"
|
|
|
|
results = defaultdict(lambda: defaultdict(dict))
|
|
|
|
with open(images_file_name, 'r') as file:
|
|
data = json.load(file)
|
|
|
|
for project_name, images in data.items():
|
|
print(f"Prefetching images for project {project_name}", file=sys.stderr)
|
|
|
|
for image_name, image in images.items():
|
|
name = image["image-name"]
|
|
tag = image["image-tag"]
|
|
|
|
print(f"Prefetching image {name}:{tag}", file=sys.stderr)
|
|
|
|
prefetch_args = [
|
|
prefetch_docker_cmd,
|
|
"--os", "linux",
|
|
"--arch", "amd64",
|
|
"--image-name", name,
|
|
"--image-tag", tag,
|
|
"--json",
|
|
"--quiet"
|
|
]
|
|
result = subprocess.run(prefetch_args,
|
|
check=True,
|
|
capture_output=True,
|
|
text=True)
|
|
|
|
prefetch_data = json.loads(result.stdout)
|
|
results[project_name][image_name] = prefetch_data
|
|
|
|
with tempfile.NamedTemporaryFile(mode='w+', suffix='.json') as temp_file:
|
|
json.dump(results, temp_file, indent=4)
|
|
temp_file.flush()
|
|
|
|
to_nix_args = [
|
|
nix_cmd,
|
|
"eval",
|
|
"--impure",
|
|
"--expr", f'builtins.fromJSON (builtins.readFile {temp_file.name})'
|
|
]
|
|
result = subprocess.run(to_nix_args,
|
|
check=True,
|
|
capture_output=True,
|
|
text=True)
|
|
|
|
print(result.stdout)
|
|
'';
|
|
})
|