srx/srx-platform-nix
1
0
Fork 0
mirror of https://github.com/SebastianWendel/srx-platform-nix.git synced 2024-09-19 20:09:02 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
srx-platform-nix/nix/devshell.nix

292 lines
8.7 KiB
Nix
Raw Permalink Normal View History

first commit
2024-07-04 13:47:18 +02:00
{ self, lib, inputs, ... }:
{
imports = with inputs; [
git-hooks.flakeModule
treefmt-nix.flakeModule
devenv.flakeModule
devshell.flakeModule
flake-root.flakeModule
];
perSystem = { self', inputs', pkgs, config, ... }:
{
formatter = config.treefmt.build.wrapper;
pre-commit = {
inherit pkgs;
check.enable = true;
settings = {
hooks = {
treefmt.enable = true;
nil.enable = true;
statix.enable = true;
deadnix.enable = true;
shellcheck.enable = true;
};
excludes = [ "flake.lock" ];
};
};
treefmt = {
projectRootFile = "flake.nix";
programs = {
deadnix.enable = true;
deadnix.no-lambda-pattern-names = true;
nixpkgs-fmt.enable = true;
shellcheck.enable = true;
statix.enable = true;
};
};
devShells = {
default = pkgs.mkShell {
name = "srx.nix.digital";
inputsFrom = [
config.flake-root.devShell
self'.devShells.commands
self'.devShells.nix
self'.devShells.k8s
self'.devShells.opentofu
];
packages = with pkgs; [
gitFull
git-lfs
treefmt
act
actionlint
shellcheck
bind
knot-dns
wireguard-tools
ipcalc
minio-client
];
shellHook = ''
${config.pre-commit.installationScript}
'';
};
nix = pkgs.mkShell {
packages = with pkgs; [
(pkgs.vault-push-approle-envs self')
(pkgs.vault-push-approles self')
agenix
deadnix
nil
nix-fast-build
sops
statix
vault
];
};
k8s = pkgs.mkShell {
packages = with pkgs; [
k3d
kubectl
kubernetes-helm
];
};
};
devshells.commands = {
motd = ''
$(echo -e "\n")
{202}SRX Platform Development Environment{reset}
$(type -p menu &>/dev/null && menu)
'';
commands = [
{
name = "reload";
command = "direnv reload";
help = "Reload the local environment.";
category = "development";
}
{
name = "fmt";
command = "nix fmt";
help = "Run reformating with nix flake.";
category = "development";
}
{
name = "generate";
command = "${inputs'.nixos-generators.packages.nixos-generate}/bin/nixos-generate $@";
help = "Generate NixOS configuration with nixos-generators.";
category = "development";
}
{
name = "health";
command = "${lib.getExe pkgs.nix-health}";
help = "Checking the health of your Nix setup.";
category = "nix";
}
{
name = "list";
command = "nix flake show";
help = "Run nix flake cheshow.";
category = "nix";
}
{
name = "check";
command = "nix flake check";
help = "Run nix flake check.";
category = "nix";
}
{
name = "build";
command = "nix build";
help = "Run nix flake build.";
category = "nix";
}
{
name = "run";
command = "nix run .\#run-qemu-vm -- $@";
help = "Run host build in a qemu vm.";
category = "nix";
}
{
name = "repl";
command = "nix repl -f .";
help = "Evaluate expressions interactive with Nix repl.";
category = "nix";
}
{
name = "inspect";
command = "${lib.getExe pkgs.nix-inspect}";
help = "Inspect NixOS config and Nix expressions.";
category = "nix";
}
{
name = "cve";
command = "nix build && ${lib.getExe pkgs.vulnix} ./result";
help = "Run NixOS security scanner with vulnix.";
category = "security";
}
{
name = "secrets";
command = "${pkgs.trivy}/bin/trivy fs .";
help = "All-in-one security scanner with trivy.";
category = "security";
}
{
name = "age";
command = "${pkgs.agenix}/bin/agenix $@";
help = "Manage NixOS secrets with agenix.";
category = "operations";
}
{
name = "infect";
command = "${inputs'.nixos-anywhere.packages.nixos-anywhere}/bin/nixos-anywhere $@";
help = "Install NixOS everywhere via ssh.";
category = "operations";
}
{
name = "deploy";
command = "${pkgs.deploy-rs.deploy-rs}/bin/deploy $@";
help = "Deploy NixOS remote machines with deploy-rs.";
category = "operations";
}
{
name = "show";
command = "terranix --pkgs /run/current-system/nixpkgs terranix/default.nix";
help = "Show terranix state.";
category = "terraform";
}
{
name = "validate";
command = "nix run .\#tf-validate";
help = "Run terraform validate.";
category = "terraform";
}
{
name = "apply";
command = "nix run .\#tf-apply";
help = "Run terraform apply.";
category = "terraform";
}
{
name = "destroy";
command = "nix run .\#tf-destroy";
help = "Run terraform destroy.";
category = "terraform";
}
{
name = "state";
command = "nix run .\#tf-state -- $@";
help = "Manage terraform state.";
category = "terraform";
}
];
};
apps = {
run-qemu-vm = {
type = "app";
program = toString (pkgs.writers.writeBash "run-qemu-vm" ''
if [[ ! -z "$@" ]]; then
nixos-rebuild build-vm --flake .#$@
export QEMU_NET_OPTS="hostfwd=tcp::2221-:22"
./result/bin/run-$@-vm
else
echo "Usage: "$0" <host>"
exit 1
fi
'');
};
nix-upgrades = {
type = "app";
program = toString (pkgs.writers.writeBash "nix-upgrades" ''
set -eou pipefail
NORMAL="\033[0m"
RED="\033[0;31m"
YELLOW="\033[0;33m"
GREEN="\033[0;32m"
SKULL="💀"
CHECK=""
WARNING=""
FIRE="🔥"
MAG="🔍"
echo
echo -e "$YELLOW$MAG Scanning for upgradable hosts...$NORMAL"
echo
${lib.concatMapStringsSep "\n" (host:
let
inherit (self.hosts.${host}) address;
in lib.optionalString (address != null) ''
echo -n -e "${host}: $RED"
RUNNING=$(ssh "${address}" "readlink /run/current-system")
if [ $? = 0 ] && [ -n "$RUNNING" ]; then
CURRENT=$(nix eval --raw ".#nixosConfigurations.${host}.config.system.build.toplevel" 2>/dev/null)
RUNNING_VER=$(basename $RUNNING|rev|cut -d - -f 1|rev)
RUNNING_DATE=$(echo $RUNNING_VER|cut -d . -f 3)
CURRENT_VER=$(basename $CURRENT|rev|cut -d - -f 1|rev)
CURRENT_DATE=$(echo $CURRENT_VER|cut -d . -f 3)
if [ "$RUNNING" = "$CURRENT" ]; then
echo -e "$GREEN$CHECK Current: $NORMAL $RUNNING_VER"
elif [ $RUNNING_DATE -gt $CURRENT_DATE ]; then
echo -e "$GREEN$FIRE Newer: $NORMAL $RUNNING_VER > $CURRENT_VER"
elif [ "$RUNNING_VER" = "$CURRENT_VER" ]; then
echo -e "$YELLOW$WARNING Modified: $NORMAL $RUNNING_VER"
elif [ -n "$RUNNING_VER" ]; then
echo -e "$RED$SKULL Outdated: $NORMAL $RUNNING_VER < $CURRENT_VER"
else
echo -e "$RED$SKULL Error: $NORMAL $RUNNING_VER"
fi
else
echo -e "$RED$SKULL SSH Connection Failed$NORMAL"
fi
echo -n -e "$NORMAL"
'') (builtins.attrNames self.nixosConfigurations)}
'');
};
};
};
}
Reference in a new issue Copy permalink