Clean up provisioning code by moving some logic into

readOnly options

nix/lib/mkSubmodule/default.nix

@@ -10,4 +10,15 @@
       shorthandOnlyDefinesConfig = true;
       modules = lib.toList { inherit options; };
     };
+  mkSubmodule' =
+    fn:
+    lib.types.submodule (
+      { config, ... }:
+      let
+        data = fn { inherit config; };
+      in
+      {
+        inherit (data) options;
+      }
+    );
 }

nix/modules/nixos/infrastructure/provisioning/default.nix

@@ -1,19 +1,20 @@
 {
-  config,
   lib,
   inputs,
   pkgs,
   ...
 }:
 let
-  cfg = config.khscodes.infrastructure.provisioning;
+  terranixConfig =
-  provisioning = {
+    cfg:
-    modules = lib.mkOption {
+    if lib.lists.length cfg.modules > 0 then
-      type = lib.types.listOf lib.types.anything;
+      inputs.terranix.lib.terranixConfiguration {
-      description = "Modules used to bring up the needed resources";
+        system = pkgs.hostPlatform.system;
-      default = [ ];
+        modules = cfg.modules;
-    };
+        extraArgs = { inherit lib inputs; };
-  };
+      }
+    else
+      null;
   usesEndpoint =
     search: endpoint: config:
     if lib.strings.hasInfix search (builtins.readFile config) then [ endpoint ] else [ ];
@@ -49,31 +50,49 @@ let
       [ ]
     else
       lib.lists.flatten (lib.lists.map (c: usesEndpoint c.search c.endpoint config) endpointsMaps);
-  preConfig =
+  provisioning = lib.khscodes.mkSubmodule' (
-    if lib.lists.length cfg.pre.modules > 0 then
+    { config }:
-      inputs.terranix.lib.terranixConfiguration {
+    {
-        system = pkgs.hostPlatform.system;
+      description = "Module for handling provisioning";
-        modules = cfg.pre.modules;
+      options = {
-        extraArgs = { inherit lib inputs; };
+        modules = lib.mkOption {
-      }
+          type = lib.types.listOf lib.types.anything;
-    else
+          description = "Modules used to bring up the needed resources";
-      null;
+          default = [ ];
-  preEndpoints = endpointsUsed preConfig;
+        };
-  postConfig =
+        config = lib.mkOption {
-    if lib.lists.length cfg.post.modules > 0 then
+          type = lib.types.nullOr lib.types.path;
-      inputs.terranix.lib.terranixConfiguration {
+          readOnly = true;
-        system = pkgs.hostPlatform.system;
+          default = terranixConfig config;
-        modules = cfg.post.modules;
+        };
-        extraArgs = { inherit lib inputs; };
+        endpoints = lib.mkOption {
-      }
+          type = lib.types.listOf (
-    else
+            lib.types.enum [
-      null;
+              "openstack"
-  postEndpoints = endpointsUsed postConfig;
+              "aws"
+              "unifi"
+              "hcloud"
+              "cloudflare"
+              "vault"
+            ]
+          );
+          readOnly = true;
+          default = endpointsUsed config.config;
+        };
+      };
+    }
+  );
 in
 {
   options.khscodes.infrastructure.provisioning = {
-    pre = provisioning;
+    pre = lib.mkOption {
-    post = provisioning;
+      type = provisioning;
+      default = { };
+    };
+    post = lib.mkOption {
+      type = provisioning;
+      default = { };
+    };
     secretsSource = lib.mkOption {
       type = lib.types.enum [
         "vault"
@@ -87,53 +106,12 @@ in
       description = "User data that should be added to the instance during provisioning";
       default = "";
     };
-    preConfig = lib.mkOption {
-      type = lib.types.nullOr lib.types.path;
-      description = "The generated config for the pre provisioning, if any was specified";
-    };
-    preEndpoints = lib.mkOption {
-      type = lib.types.listOf (
-        lib.types.enum [
-          "openstack"
-          "aws"
-          "unifi"
-          "hcloud"
-          "cloudflare"
-          "vault"
-        ]
-      );
-      description = "Needed endpoints to be used during provisioning";
-      default = [ ];
-    };
     preImageUsername = lib.mkOption {
       type = lib.types.str;
       description = "The username for the image being deployed before being swapped for NixOS";
       default = "root";
     };
-    postConfig = lib.mkOption {
-      type = lib.types.nullOr lib.types.path;
-      description = "The generated config for the post provisioning, if any was specified";
-    };
-    postEndpoints = lib.mkOption {
-      type = lib.types.listOf (
-        lib.types.enum [
-          "openstack"
-          "aws"
-          "unifi"
-          "hcloud"
-          "cloudflare"
-          "vault"
-        ]
-      );
-      description = "Needed endpoints to be used during provisioning";
-      default = [ ];
-    };
   };
 
-  config = {
+  config = { };
-    khscodes.infrastructure.provisioning.preConfig = preConfig;
-    khscodes.infrastructure.provisioning.preEndpoints = preEndpoints;
-    khscodes.infrastructure.provisioning.postConfig = postConfig;
-    khscodes.infrastructure.provisioning.postEndpoints = postEndpoints;
-  };
 }

nix/packages/nixos-install/default.nix

@@ -19,7 +19,7 @@ pkgs.writeShellApplication {
       nix build --no-link '${inputs.self}#nixosConfigurations."'"$hostname"'".config.system.build.toplevel'
     fi
     baseAttr='${inputs.self}#nixosConfigurations."'"$hostname"'".config.khscodes.infrastructure'
-    config="$(nix build --no-link --print-out-paths "''${baseAttr}.provisioning.preConfig")"
+    config="$(nix build --no-link --print-out-paths "''${baseAttr}.provisioning.pre.config")"
     preScript="$(nix eval --raw "''${baseAttr}.nixos-install.preScript")"
     username="$(nix eval --raw "''${baseAttr}.provisioning.preImageUsername")"
     if [[ "$config" == "null" ]]; then

nix/packages/post-provisioning/default.nix

@@ -15,9 +15,9 @@ pkgs.writeShellApplication {
     hostname="$1"
     cmd="''${2:-apply}"
     baseAttr='${inputs.self}#nixosConfigurations."'"$hostname"'".config.khscodes.infrastructure.provisioning'
-    config="$(nix build --no-link --print-out-paths "''${baseAttr}.postConfig")"
+    config="$(nix build --no-link --print-out-paths "''${baseAttr}.post.config")"
     secretsSource="$(nix eval --raw "''${baseAttr}.secretsSource")"
-    endpoints="$(nix eval --show-trace --json "''${baseAttr}.postEndpoints")"
+    endpoints="$(nix eval --show-trace --json "''${baseAttr}.post.endpoints")"
     if [[ "$config" == "null" ]]; then
       echo "No postprovisioning needed"
       exit 0

nix/packages/pre-provisioning/default.nix

@@ -16,9 +16,9 @@ pkgs.writeShellApplication {
     hostname="$1"
     cmd="''${2:-apply}"
     baseAttr='${inputs.self}#nixosConfigurations."'"$hostname"'".config.khscodes.infrastructure.provisioning'
-    config="$(nix build --no-link --print-out-paths "''${baseAttr}.preConfig")"
+    config="$(nix build --no-link --print-out-paths "''${baseAttr}.pre.config")"
     secretsSource="$(nix eval --raw "''${baseAttr}.secretsSource")"
-    endpoints="$(nix eval --show-trace --json "''${baseAttr}.preEndpoints")"
+    endpoints="$(nix eval --show-trace --json "''${baseAttr}.pre.endpoints")"
     if [[ "$config" == "null" ]]; then
       echo "No preprovisioning needed"
       exit 0