Clean up provisioning code by moving some logic into

readOnly options
2025-08-04 22:23:47 +02:00 · 2025-08-04 22:23:47 +02:00 · 7adc4a20bd
commit 7adc4a20bd
parent eec5e02770
5 changed files with 67 additions and 78 deletions
--- a/nix/lib/mkSubmodule/default.nix
+++ b/nix/lib/mkSubmodule/default.nix
@ -10,4 +10,15 @@
      shorthandOnlyDefinesConfig = true;
      modules = lib.toList { inherit options; };
    };
+  mkSubmodule' =
+    fn:
+    lib.types.submodule (
+      { config, ... }:
+      let
+        data = fn { inherit config; };
+      in
+      {
+        inherit (data) options;
+      }
+    );
 }
--- a/nix/modules/nixos/infrastructure/provisioning/default.nix
+++ b/nix/modules/nixos/infrastructure/provisioning/default.nix
@ -1,19 +1,20 @@
 {
-  config,
  lib,
  inputs,
  pkgs,
  ...
 }:
 let
-  cfg = config.khscodes.infrastructure.provisioning;
-  provisioning = {
-    modules = lib.mkOption {
-      type = lib.types.listOf lib.types.anything;
-      description = "Modules used to bring up the needed resources";
-      default = [ ];
-    };
-  };
+  terranixConfig =
+    cfg:
+    if lib.lists.length cfg.modules > 0 then
+      inputs.terranix.lib.terranixConfiguration {
+        system = pkgs.hostPlatform.system;
+        modules = cfg.modules;
+        extraArgs = { inherit lib inputs; };
+      }
+    else
+      null;
  usesEndpoint =
    search: endpoint: config:
    if lib.strings.hasInfix search (builtins.readFile config) then [ endpoint ] else [ ];
@ -49,31 +50,49 @@ let
      [ ]
    else
      lib.lists.flatten (lib.lists.map (c: usesEndpoint c.search c.endpoint config) endpointsMaps);
-  preConfig =
-    if lib.lists.length cfg.pre.modules > 0 then
-      inputs.terranix.lib.terranixConfiguration {
-        system = pkgs.hostPlatform.system;
-        modules = cfg.pre.modules;
-        extraArgs = { inherit lib inputs; };
-      }
-    else
-      null;
-  preEndpoints = endpointsUsed preConfig;
-  postConfig =
-    if lib.lists.length cfg.post.modules > 0 then
-      inputs.terranix.lib.terranixConfiguration {
-        system = pkgs.hostPlatform.system;
-        modules = cfg.post.modules;
-        extraArgs = { inherit lib inputs; };
-      }
-    else
-      null;
-  postEndpoints = endpointsUsed postConfig;
+  provisioning = lib.khscodes.mkSubmodule' (
+    { config }:
+    {
+      description = "Module for handling provisioning";
+      options = {
+        modules = lib.mkOption {
+          type = lib.types.listOf lib.types.anything;
+          description = "Modules used to bring up the needed resources";
+          default = [ ];
+        };
+        config = lib.mkOption {
+          type = lib.types.nullOr lib.types.path;
+          readOnly = true;
+          default = terranixConfig config;
+        };
+        endpoints = lib.mkOption {
+          type = lib.types.listOf (
+            lib.types.enum [
+              "openstack"
+              "aws"
+              "unifi"
+              "hcloud"
+              "cloudflare"
+              "vault"
+            ]
+          );
+          readOnly = true;
+          default = endpointsUsed config.config;
+        };
+      };
+    }
+  );
 in
 {
  options.khscodes.infrastructure.provisioning = {
-    pre = provisioning;
-    post = provisioning;
+    pre = lib.mkOption {
+      type = provisioning;
+      default = { };
+    };
+    post = lib.mkOption {
+      type = provisioning;
+      default = { };
+    };
    secretsSource = lib.mkOption {
      type = lib.types.enum [
        "vault"
@ -87,53 +106,12 @@ in
      description = "User data that should be added to the instance during provisioning";
      default = "";
    };
-    preConfig = lib.mkOption {
-      type = lib.types.nullOr lib.types.path;
-      description = "The generated config for the pre provisioning, if any was specified";
-    };
-    preEndpoints = lib.mkOption {
-      type = lib.types.listOf (
-        lib.types.enum [
-          "openstack"
-          "aws"
-          "unifi"
-          "hcloud"
-          "cloudflare"
-          "vault"
-        ]
-      );
-      description = "Needed endpoints to be used during provisioning";
-      default = [ ];
-    };
    preImageUsername = lib.mkOption {
      type = lib.types.str;
      description = "The username for the image being deployed before being swapped for NixOS";
      default = "root";
    };
-    postConfig = lib.mkOption {
-      type = lib.types.nullOr lib.types.path;
-      description = "The generated config for the post provisioning, if any was specified";
-    };
-    postEndpoints = lib.mkOption {
-      type = lib.types.listOf (
-        lib.types.enum [
-          "openstack"
-          "aws"
-          "unifi"
-          "hcloud"
-          "cloudflare"
-          "vault"
-        ]
-      );
-      description = "Needed endpoints to be used during provisioning";
-      default = [ ];
-    };
  };

-  config = {
-    khscodes.infrastructure.provisioning.preConfig = preConfig;
-    khscodes.infrastructure.provisioning.preEndpoints = preEndpoints;
-    khscodes.infrastructure.provisioning.postConfig = postConfig;
-    khscodes.infrastructure.provisioning.postEndpoints = postEndpoints;
-  };
+  config = { };
 }
--- a/nix/packages/nixos-install/default.nix
+++ b/nix/packages/nixos-install/default.nix
@ -19,7 +19,7 @@ pkgs.writeShellApplication {
      nix build --no-link '${inputs.self}#nixosConfigurations."'"$hostname"'".config.system.build.toplevel'
    fi
    baseAttr='${inputs.self}#nixosConfigurations."'"$hostname"'".config.khscodes.infrastructure'
-    config="$(nix build --no-link --print-out-paths "''${baseAttr}.provisioning.preConfig")"
+    config="$(nix build --no-link --print-out-paths "''${baseAttr}.provisioning.pre.config")"
    preScript="$(nix eval --raw "''${baseAttr}.nixos-install.preScript")"
    username="$(nix eval --raw "''${baseAttr}.provisioning.preImageUsername")"
    if [[ "$config" == "null" ]]; then
--- a/nix/packages/post-provisioning/default.nix
+++ b/nix/packages/post-provisioning/default.nix
@ -15,9 +15,9 @@ pkgs.writeShellApplication {
    hostname="$1"
    cmd="''${2:-apply}"
    baseAttr='${inputs.self}#nixosConfigurations."'"$hostname"'".config.khscodes.infrastructure.provisioning'
-    config="$(nix build --no-link --print-out-paths "''${baseAttr}.postConfig")"
+    config="$(nix build --no-link --print-out-paths "''${baseAttr}.post.config")"
    secretsSource="$(nix eval --raw "''${baseAttr}.secretsSource")"
-    endpoints="$(nix eval --show-trace --json "''${baseAttr}.postEndpoints")"
+    endpoints="$(nix eval --show-trace --json "''${baseAttr}.post.endpoints")"
    if [[ "$config" == "null" ]]; then
      echo "No postprovisioning needed"
      exit 0
--- a/nix/packages/pre-provisioning/default.nix
+++ b/nix/packages/pre-provisioning/default.nix
@ -16,9 +16,9 @@ pkgs.writeShellApplication {
    hostname="$1"
    cmd="''${2:-apply}"
    baseAttr='${inputs.self}#nixosConfigurations."'"$hostname"'".config.khscodes.infrastructure.provisioning'
-    config="$(nix build --no-link --print-out-paths "''${baseAttr}.preConfig")"
+    config="$(nix build --no-link --print-out-paths "''${baseAttr}.pre.config")"
    secretsSource="$(nix eval --raw "''${baseAttr}.secretsSource")"
-    endpoints="$(nix eval --show-trace --json "''${baseAttr}.preEndpoints")"
+    endpoints="$(nix eval --show-trace --json "''${baseAttr}.pre.endpoints")"
    if [[ "$config" == "null" ]]; then
      echo "No preprovisioning needed"
      exit 0