turboprop/flake.nix

{
  description = "Kubernetes deployments flake";

  inputs = {
    # Base
    nixpkgs.url = "github:NixOS/nixpkgs";
    flake-utils.url = "github:numtide/flake-utils";
    nix-kube-generators.url = "github:farcaller/nix-kube-generators";
    nixhelm.url = "github:farcaller/nixhelm";

    # Dev
    devshell = {
      url = "github:numtide/devshell";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    # TODO: My whole homelab is a flake. It would be
    # pretty wild to be able to import data from it.
  };

  outputs = inputs @ {
    self,
    nixpkgs,
    flake-utils,
    nix-kube-generators,
    nixhelm,
    devshell,
  }: let
    rake = import ./lib/rake.nix;
  in
    {
      # Releases expected to provide custom APIs (e.g.: Gateway API,
      # Istio, Longhorn) go in `./system`. All others in `./releases`.
      # This prevents infinite recursion when gathering APIs.
      systemReleaseData = rake.leaves ./system;
      releaseData = rake.leaves ./releases;

      repos = rake.leaves ./charts;

      namespaces = rake.namespaces {
        roots = [./system ./releases];
        extraMetadata = import ./namespaces.nix;
      };
    }
    // flake-utils.lib.eachDefaultSystem (system: let
      pkgs = import nixpkgs {
        inherit system;
        overlays = [devshell.overlays.default];
      };
      kubeVersion = pkgs.k3s.version;
      kubelib = nix-kube-generators.lib {inherit pkgs;};

      # When I move lib/eureka to a separate flake this'll look something like:
      # lib = import ./lib {...} // {eureka = import ./eureka {...};}
      lib = import ./lib {inherit charts kubelib pkgs;};

      flakeBuilders = import ./lib/flake-builders.nix {inherit charts lib pkgs;};
      collectDerivations = with pkgs.lib; attrsets.collect isDerivation;

      charts = flakeBuilders.charts self.repos;

      systemReleases = flakeBuilders.releases self.systemReleaseData {
        inherit kubeVersion;
        apiVersions = [];
      };

      clusterData = {
        inherit kubeVersion;
        apiVersions =
          pkgs.lib.lists.flatten
          (map
            (chartDrv: lib.gatherApis chartDrv.outPath)
            (collectDerivations systemReleases));
      };

      releases = flakeBuilders.releases self.releaseData clusterData;
      namespaces = flakeBuilders.namespaces self.namespaces;

      paths = flakeBuilders.paths {
        inherit releases;
        system = systemReleases;
      };
    in {
      packages = {
        inherit charts;

        # Useful for debugging; will go to own flake eventually.
        inherit systemReleases releases namespaces lib;
        inherit (self) releaseData;
        inherit clusterData;
        inherit paths;

        # Each of the leaves of the `releases` attrset is a derivation
        # (explained better in `lib/flake-builders.nix`).
        # Here, they are gathered into one mega-derivation, with Kustomizations
        # at each level for usage with `k apply -k $path`.
        default = let
          pname = "kubeflake"; # TODO: find better name
        in
          pkgs.stdenv.mkDerivation {
            inherit pname;
            version = "0.0.1";

            derivation_paths = paths;
            namespace_drv = namespaces;

            src = builtins.path {
              path = ./.;
              name = pname;
            };

            buildInputs = with pkgs; [kustomize];
            phases = ["installPhase"];
            installPhase = builtins.readFile ./lib/output.sh;
          };
      };
      devShell = pkgs.devshell.mkShell {
        imports = [(pkgs.devshell.importTOML ./devshell.toml)];
      };
      formatter = pkgs.alejandra;
    });
}
Add flake Chopped-down version of heywoodlh's. 2023-11-15 06:09:04 +00:00			`{`
Fix last vestige of copy-pasta 2023-11-15 16:43:46 +00:00			`description = "Kubernetes deployments flake";`
Add flake Chopped-down version of heywoodlh's. 2023-11-15 06:09:04 +00:00
			`inputs = {`
			`# Base`
			`nixpkgs.url = "github:NixOS/nixpkgs";`
			`flake-utils.url = "github:numtide/flake-utils";`
			`nix-kube-generators.url = "github:farcaller/nix-kube-generators";`
			`nixhelm.url = "github:farcaller/nixhelm";`

Truck in dev niceties from previous k8s repo 2023-11-17 05:29:37 +00:00			`# Dev`
Have devshell follow root nixpkgs; update deps 2023-11-18 07:22:13 +00:00			`devshell = {`
			`url = "github:numtide/devshell";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
Truck in dev niceties from previous k8s repo 2023-11-17 05:29:37 +00:00
Factor out app-template HTTPRoutes 2023-11-18 10:08:23 +00:00			`# TODO: My whole homelab is a flake. It would be`
			`# pretty wild to be able to import data from it.`
Add flake Chopped-down version of heywoodlh's. 2023-11-15 06:09:04 +00:00			`};`

			`outputs = inputs @ {`
			`self,`
			`nixpkgs,`
			`flake-utils,`
			`nix-kube-generators,`
			`nixhelm,`
Truck in dev niceties from previous k8s repo 2023-11-17 05:29:37 +00:00			`devshell,`
Ascend to godlike levels of genericness charts/ and src/ both have two levels of children: - charts/$repo/$chart - src/$ns/$release So, why not use one function to rake them both? Also, the leaf-raking doesn't require nixpkgs or nix-kube-generators so I moved everything that does (e.g.: `downloadCharts`) into the `eachDefaultSystem` part of the output, following the example of nixhelm's flake. 2023-11-15 09:21:47 +00:00			`}: let`
Build namespaces I initially thought this would be just another release in `releases/common/namespaces`, but there's a lot more potential than that. 2023-11-19 21:19:32 +00:00			`rake = import ./lib/rake.nix;`
Ascend to godlike levels of genericness charts/ and src/ both have two levels of children: - charts/$repo/$chart - src/$ns/$release So, why not use one function to rake them both? Also, the leaf-raking doesn't require nixpkgs or nix-kube-generators so I moved everything that does (e.g.: `downloadCharts`) into the `eachDefaultSystem` part of the output, following the example of nixhelm's flake. 2023-11-15 09:21:47 +00:00			`in`
			`{`
Reflow comments I try to insert line breaks where a thought fragment ends (a habit learnt from writing subtitles), but in comments and Git commit messages it doesn't make as much sense. 2023-11-23 01:54:27 +00:00			`# Releases expected to provide custom APIs (e.g.: Gateway API,`
			# Istio, Longhorn) go in `./system`. All others in `./releases`.
			`# This prevents infinite recursion when gathering APIs.`
Start messy refactor Release trees are now split into API-producing and API-using ones. Namespace rake must now take a list of roots of release trees. 2023-11-21 06:42:43 +00:00			`systemReleaseData = rake.leaves ./system;`
Build namespaces I initially thought this would be just another release in `releases/common/namespaces`, but there's a lot more potential than that. 2023-11-19 21:19:32 +00:00			`releaseData = rake.leaves ./releases;`
Start messy refactor Release trees are now split into API-producing and API-using ones. Namespace rake must now take a list of roots of release trees. 2023-11-21 06:42:43 +00:00
Build namespaces I initially thought this would be just another release in `releases/common/namespaces`, but there's a lot more potential than that. 2023-11-19 21:19:32 +00:00			`repos = rake.leaves ./charts;`
Identify another messy refactor on the horizon Packages can either output new APIs or expect them in the cluster. Examples of packages which - output APIs: Gateway API, which installs various versions of gateway.networking.k8s.io resources. - take APIs as input: app-template, which queries the cluster to choose v1a2, v1b1, or v1 for its HTTPRoute (etc.) objects. ("Packages" here collectively refers to Helm charts and YAML bundles.) I will have to impose strict ordering on them, i.e., build the former before the latter. 2023-11-21 05:46:44 +00:00
Build namespaces I initially thought this would be just another release in `releases/common/namespaces`, but there's a lot more potential than that. 2023-11-19 21:19:32 +00:00			`namespaces = rake.namespaces {`
Start messy refactor Release trees are now split into API-producing and API-using ones. Namespace rake must now take a list of roots of release trees. 2023-11-21 06:42:43 +00:00			`roots = [./system ./releases];`
Build namespaces I initially thought this would be just another release in `releases/common/namespaces`, but there's a lot more potential than that. 2023-11-19 21:19:32 +00:00			`extraMetadata = import ./namespaces.nix;`
			`};`
Ascend to godlike levels of genericness charts/ and src/ both have two levels of children: - charts/$repo/$chart - src/$ns/$release So, why not use one function to rake them both? Also, the leaf-raking doesn't require nixpkgs or nix-kube-generators so I moved everything that does (e.g.: `downloadCharts`) into the `eachDefaultSystem` part of the output, following the example of nixhelm's flake. 2023-11-15 09:21:47 +00:00			`}`
			`// flake-utils.lib.eachDefaultSystem (system: let`
Truck in dev niceties from previous k8s repo 2023-11-17 05:29:37 +00:00			`pkgs = import nixpkgs {`
			`inherit system;`
			`overlays = [devshell.overlays.default];`
			`};`
Add kyverno I have my answer to 2638113, and it's what I was suspecting: the flake-builder was never using clusterData until I added a release that needs it, at which point I got the dreaded "error: attribute 'apiVersions' missing". Remediation was simple: realize the wrongheadedness of passing an empty attrset when the values are already well-known. 2023-11-22 04:58:13 +00:00			`kubeVersion = pkgs.k3s.version;`
nix fmt 2023-11-15 06:55:56 +00:00			`kubelib = nix-kube-generators.lib {inherit pkgs;};`
Decouple homelab idiosyncrasies My long-term vision for this flake is to use it as a control flake: plug it into your homelab ("data-plane") flake and avail yourself of its `lib.builders`, et cetera. In short, I want this flake to be useful to many people, and that means not shipping my homelab with it. 2023-11-19 19:35:35 +00:00
Reflow comments I try to insert line breaks where a thought fragment ends (a habit learnt from writing subtitles), but in comments and Git commit messages it doesn't make as much sense. 2023-11-23 01:54:27 +00:00			`# When I move lib/eureka to a separate flake this'll look something like:`
Pass charts into releases, and restore variadity It doesn't pay to be strict about release module arity. 2023-11-22 04:44:47 +00:00			`# lib = import ./lib {...} // {eureka = import ./eureka {...};}`
Refactor modules By declaring builders at the module level, only to call them in flake.nix, I give myself the opportunity to inject `{name, namespace}` there and need no longer pass these args into every module myself. 2023-11-19 01:11:49 +00:00			`lib = import ./lib {inherit charts kubelib pkgs;};`
Decouple homelab idiosyncrasies My long-term vision for this flake is to use it as a control flake: plug it into your homelab ("data-plane") flake and avail yourself of its `lib.builders`, et cetera. In short, I want this flake to be useful to many people, and that means not shipping my homelab with it. 2023-11-19 19:35:35 +00:00
Revert silly name for `import flake-builders` Also, clean out unused variables. 2023-11-23 18:22:34 +00:00			`flakeBuilders = import ./lib/flake-builders.nix {inherit charts lib pkgs;};`
Factor out derivation-collecting 2023-11-19 07:22:51 +00:00			`collectDerivations = with pkgs.lib; attrsets.collect isDerivation;`
Remove verbs from lib.{build,fetch}ers.* Reading things like `lib.builders.buildHelmChart` got exhausting. 2023-11-19 22:05:42 +00:00
Revert silly name for `import flake-builders` Also, clean out unused variables. 2023-11-23 18:22:34 +00:00			`charts = flakeBuilders.charts self.repos;`
Start messy refactor Release trees are now split into API-producing and API-using ones. Namespace rake must now take a list of roots of release trees. 2023-11-21 06:42:43 +00:00
Revert silly name for `import flake-builders` Also, clean out unused variables. 2023-11-23 18:22:34 +00:00			`systemReleases = flakeBuilders.releases self.systemReleaseData {`
Add kyverno I have my answer to 2638113, and it's what I was suspecting: the flake-builder was never using clusterData until I added a release that needs it, at which point I got the dreaded "error: attribute 'apiVersions' missing". Remediation was simple: realize the wrongheadedness of passing an empty attrset when the values are already well-known. 2023-11-22 04:58:13 +00:00			`inherit kubeVersion;`
			`apiVersions = [];`
			`};`

Implement clusterData kubelib.buildHelmChart can take the target Kubernetes version and a list of custom APIs, so I'll bind them both up in an attrset and pass them to `flake-builder.releases`. Accordingly, the other release-builders will have to become variadic. 2023-11-21 07:31:11 +00:00			`clusterData = {`
Add kyverno I have my answer to 2638113, and it's what I was suspecting: the flake-builder was never using clusterData until I added a release that needs it, at which point I got the dreaded "error: attribute 'apiVersions' missing". Remediation was simple: realize the wrongheadedness of passing an empty attrset when the values are already well-known. 2023-11-22 04:58:13 +00:00			`inherit kubeVersion;`
Implement clusterData kubelib.buildHelmChart can take the target Kubernetes version and a list of custom APIs, so I'll bind them both up in an attrset and pass them to `flake-builder.releases`. Accordingly, the other release-builders will have to become variadic. 2023-11-21 07:31:11 +00:00			`apiVersions =`
			`pkgs.lib.lists.flatten`
			`(map`
			`(chartDrv: lib.gatherApis chartDrv.outPath)`
			`(collectDerivations systemReleases));`
			`};`
Start messy refactor Release trees are now split into API-producing and API-using ones. Namespace rake must now take a list of roots of release trees. 2023-11-21 06:42:43 +00:00
Revert silly name for `import flake-builders` Also, clean out unused variables. 2023-11-23 18:22:34 +00:00			`releases = flakeBuilders.releases self.releaseData clusterData;`
			`namespaces = flakeBuilders.namespaces self.namespaces;`
Stop relying on ns/name in derivation path I've changed release modules' signatures from: `{lib} -> ... -> <drv>` to: `{lib} -> ... -> {out=<drv>; extra=<drv>;}` Which makes individual derivations more easily findable. Now, instead of picking them out from a soup of paths in `output.sh` with a specially-crafted needle (`${ns}-${name}`), I map derivations directly to paths and use the result as a sort of index. In other words, I spent some ingenuity in `flake-builders.sh` to save a _lot_ of ingenuity in `output.sh`. This affords me the extra convenience, previously spurned because of the very limitation I've overcome, of symlinking derivations in the output flake. 2023-11-23 17:45:30 +00:00
Revert silly name for `import flake-builders` Also, clean out unused variables. 2023-11-23 18:22:34 +00:00			`paths = flakeBuilders.paths {`
Stop relying on ns/name in derivation path I've changed release modules' signatures from: `{lib} -> ... -> <drv>` to: `{lib} -> ... -> {out=<drv>; extra=<drv>;}` Which makes individual derivations more easily findable. Now, instead of picking them out from a soup of paths in `output.sh` with a specially-crafted needle (`${ns}-${name}`), I map derivations directly to paths and use the result as a sort of index. In other words, I spent some ingenuity in `flake-builders.sh` to save a _lot_ of ingenuity in `output.sh`. This affords me the extra convenience, previously spurned because of the very limitation I've overcome, of symlinking derivations in the output flake. 2023-11-23 17:45:30 +00:00			`inherit releases;`
			`system = systemReleases;`
			`};`
Add flake Chopped-down version of heywoodlh's. 2023-11-15 06:09:04 +00:00			`in {`
			`packages = {`
Factor out (and document exhaustively) flake-builders 2023-11-19 07:09:40 +00:00			`inherit charts;`
Tidy up 2023-11-19 19:46:27 +00:00
			`# Useful for debugging; will go to own flake eventually.`
Revert silly name for `import flake-builders` Also, clean out unused variables. 2023-11-23 18:22:34 +00:00			`inherit systemReleases releases namespaces lib;`
Factor out (and document exhaustively) flake-builders 2023-11-19 07:09:40 +00:00			`inherit (self) releaseData;`
Implement clusterData kubelib.buildHelmChart can take the target Kubernetes version and a list of custom APIs, so I'll bind them both up in an attrset and pass them to `flake-builder.releases`. Accordingly, the other release-builders will have to become variadic. 2023-11-21 07:31:11 +00:00			`inherit clusterData;`
Stop relying on ns/name in derivation path I've changed release modules' signatures from: `{lib} -> ... -> <drv>` to: `{lib} -> ... -> {out=<drv>; extra=<drv>;}` Which makes individual derivations more easily findable. Now, instead of picking them out from a soup of paths in `output.sh` with a specially-crafted needle (`${ns}-${name}`), I map derivations directly to paths and use the result as a sort of index. In other words, I spent some ingenuity in `flake-builders.sh` to save a _lot_ of ingenuity in `output.sh`. This affords me the extra convenience, previously spurned because of the very limitation I've overcome, of symlinking derivations in the output flake. 2023-11-23 17:45:30 +00:00			`inherit paths;`
Flail at creating default output I envision the derivation output to be a directory with nested namespace directories with each release as a single YAML inside. But I'm currently stuck at the `nix build` part. 2023-11-16 01:33:32 +00:00
Revert silly name for `import flake-builders` Also, clean out unused variables. 2023-11-23 18:22:34 +00:00			# Each of the leaves of the `releases` attrset is a derivation
			# (explained better in `lib/flake-builders.nix`).
Reflow comments I try to insert line breaks where a thought fragment ends (a habit learnt from writing subtitles), but in comments and Git commit messages it doesn't make as much sense. 2023-11-23 01:54:27 +00:00			`# Here, they are gathered into one mega-derivation, with Kustomizations`
			# at each level for usage with `k apply -k $path`.
Factor out pname from main derivation 2023-11-19 22:23:50 +00:00			`default = let`
			`pname = "kubeflake"; # TODO: find better name`
			`in`
			`pkgs.stdenv.mkDerivation {`
			`inherit pname;`
			`version = "0.0.1";`
Build top- and namespace-level Kustomizations For `kubectl apply -k result`. 2023-11-18 07:09:06 +00:00
Stop relying on ns/name in derivation path I've changed release modules' signatures from: `{lib} -> ... -> <drv>` to: `{lib} -> ... -> {out=<drv>; extra=<drv>;}` Which makes individual derivations more easily findable. Now, instead of picking them out from a soup of paths in `output.sh` with a specially-crafted needle (`${ns}-${name}`), I map derivations directly to paths and use the result as a sort of index. In other words, I spent some ingenuity in `flake-builders.sh` to save a _lot_ of ingenuity in `output.sh`. This affords me the extra convenience, previously spurned because of the very limitation I've overcome, of symlinking derivations in the output flake. 2023-11-23 17:45:30 +00:00			`derivation_paths = paths;`
Factor out pname from main derivation 2023-11-19 22:23:50 +00:00			`namespace_drv = namespaces;`
Implement attaching extra k8s objects to releases No more tossing YAMLs into release dirs. All is Nix. 2023-11-19 02:35:43 +00:00
Factor out pname from main derivation 2023-11-19 22:23:50 +00:00			`src = builtins.path {`
			`path = ./.;`
			`name = pname;`
			`};`
Build top- and namespace-level Kustomizations For `kubectl apply -k result`. 2023-11-18 07:09:06 +00:00
Factor out pname from main derivation 2023-11-19 22:23:50 +00:00			`buildInputs = with pkgs; [kustomize];`
			`phases = ["installPhase"];`
			`installPhase = builtins.readFile ./lib/output.sh;`
			`};`
Add flake Chopped-down version of heywoodlh's. 2023-11-15 06:09:04 +00:00			`};`
Truck in dev niceties from previous k8s repo 2023-11-17 05:29:37 +00:00			`devShell = pkgs.devshell.mkShell {`
			`imports = [(pkgs.devshell.importTOML ./devshell.toml)];`
Add flake Chopped-down version of heywoodlh's. 2023-11-15 06:09:04 +00:00			`};`
			`formatter = pkgs.alejandra;`
			`});`
			`}`