diff --git a/dev/private.narHash b/dev/private.narHash new file mode 100644 index 0000000..b5ccbc3 --- /dev/null +++ b/dev/private.narHash @@ -0,0 +1 @@ +sha256-qF9EiqHqJARLtA+ZABXa2mstgbza762DwoGEIGkyqVY= \ No newline at end of file diff --git a/dev/private/flake.lock b/dev/private/flake.lock new file mode 100644 index 0000000..eb3008e --- /dev/null +++ b/dev/private/flake.lock @@ -0,0 +1,48 @@ +{ + "nodes": { + "nixpkgs-stable": { + "locked": { + "lastModified": 1731842749, + "narHash": "sha256-aNc8irVBH7sM5cGDvqdOueg8S+fGakf0rEMRGfGwWZw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bf6132dc791dbdff8b6894c3a85eb27ad8255682", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs-stable": "nixpkgs-stable", + "treefmt-nix": "treefmt-nix" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1730321837, + "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/dev/private/flake.nix b/dev/private/flake.nix new file mode 100644 index 0000000..e3a4865 --- /dev/null +++ b/dev/private/flake.nix @@ -0,0 +1,9 @@ +{ + description = "private inputs"; + inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05"; + + inputs.treefmt-nix.url = "github:numtide/treefmt-nix"; + inputs.treefmt-nix.inputs.nixpkgs.follows = "nixpkgs-stable"; + + outputs = _: { }; +} diff --git a/flake.lock b/flake.lock index 01c146b..eda6a5f 100644 --- a/flake.lock +++ b/flake.lock @@ -16,26 +16,9 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1731797254, - "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs": "nixpkgs" } } }, diff --git a/flake.nix b/flake.nix index 2777d50..cb212ea 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { description = "Integrates sops into nixos"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05"; + nixConfig.extra-substituters = [ "https://cache.thalheim.io" ]; nixConfig.extra-trusted-public-keys = [ "cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc=" @@ -10,21 +10,41 @@ { self, nixpkgs, - nixpkgs-stable, - }: + }@inputs: let + loadPrivateFlake = + path: + let + flakeHash = builtins.readFile "${toString path}.narHash"; + flakePath = "path:${toString path}?narHash=${flakeHash}"; + in + builtins.getFlake (builtins.unsafeDiscardStringContext flakePath); + + privateFlake = loadPrivateFlake ./dev/private; + + privateInputs = privateFlake.inputs; + systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" "aarch64-linux" ]; - forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system); - suffix-version = - version: attrs: - nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs; - suffix-stable = suffix-version "-24_05"; + + eachSystem = + f: + builtins.listToAttrs ( + builtins.map (system: { + name = system; + value = f { + pkgs = inputs.nixpkgs.legacyPackages.${system}; + inherit system; + }; + }) systems + ); + in + # public outputs { overlays.default = final: prev: @@ -52,39 +72,33 @@ sops = ./modules/nix-darwin; default = self.darwinModules.sops; }; - packages = forAllSystems ( - system: - import ./default.nix { - pkgs = import nixpkgs { inherit system; }; - } - ); - checks = - nixpkgs.lib.genAttrs - [ - "x86_64-linux" - "aarch64-linux" - ] - ( - system: - let - tests = self.packages.${system}.sops-install-secrets.tests; - packages-stable = import ./default.nix { - pkgs = import nixpkgs-stable { inherit system; }; - }; - tests-stable = packages-stable.sops-install-secrets.tests; - in - tests // (suffix-stable tests-stable) // (suffix-stable packages-stable) - ); + packages = eachSystem ({ pkgs, ... }: import ./default.nix { inherit pkgs; }); + } + // + # dev outputs + { + checks = eachSystem ( + { system, ... }: + let + tests = self.packages.${system}.sops-install-secrets.tests; + packages-stable = import ./default.nix { + pkgs = privateInputs.nixpkgs-stable.legacyPackages.${system}; + }; + tests-stable = packages-stable.sops-install-secrets.tests; + suffix-version = + version: attrs: + nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs; + suffix-stable = suffix-version "-24_05"; + in + tests // (suffix-stable tests-stable) // (suffix-stable packages-stable) + ); - devShells = forAllSystems ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - in - { - unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix { }; - default = pkgs.callPackage ./shell.nix { }; - } - ); - }; + devShells = eachSystem ( + { pkgs, ... }: + { + unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix { }; + default = pkgs.callPackage ./shell.nix { }; + } + ); + }; } diff --git a/shell.nix b/shell.nix index 30505fe..02083a6 100644 --- a/shell.nix +++ b/shell.nix @@ -10,6 +10,11 @@ pkgs.mkShell { util-linux nix golangci-lint + + (pkgs.writeScriptBin "update-dev-private-narHash" '' + nix --extra-experimental-features "nix-command flakes" flake lock ./dev/private + nix --extra-experimental-features "nix-command flakes" hash path ./dev/private | tr -d '\n' > ./dev/private.narHash + '') ]; # delve does not compile with hardening enabled hardeningDisable = [ "all" ];