Lots more updates

Also begin adding rust building capabilities
to be able to write rust binaries for some commands.

nix/packages/bw-opentofu/default.nix

@@ -1,51 +1,52 @@
 { pkgs, lib, ... }:
 let
   opentofu = pkgs.opentofu;
-  bw-opentofu = lib.khscodes.mkBwEnv {
-    inherit pkgs;
-    name = "bw-opentofu";
-    items = {
-      "KHS Openstack" = {
-        TF_VAR_openstack_username = "login.username";
-        TF_VAR_openstack_password = "login.password";
-        TF_VAR_openstack_tenant_name = "Project Name";
-        TF_VAR_openstack_auth_url = "Auth URL";
-        TF_VAR_openstack_endpoint_type = "Interface";
-        TF_VAR_openstack_region = "Region Name";
-      };
-      "Cloudflare" = {
-        TF_VAR_cloudflare_token = "DNS API Token";
-        TF_VAR_cloudflare_email = "login.username";
-        AWS_ACCESS_KEY_ID = "BW Terraform access key id";
-        AWS_SECRET_ACCESS_KEY = "BW Terraform secret access key";
-      };
-      "Hetzner Cloud" = {
-        TF_VAR_hcloud_api_token = "Terraform API Token";
-      };
+  # TODO: We should figure out a way of passing the secrets map at runtime instead of build time.
+  # for now this map just needs to include every secret we could need, which also makes the reading of secrets take way longer than
+  # needed.
+  secrets = {
+    "KHS Openstack" = {
+      TF_VAR_openstack_username = "login.username";
+      TF_VAR_openstack_password = "login.password";
+      TF_VAR_openstack_tenant_name = "Project Name";
+      TF_VAR_openstack_auth_url = "Auth URL";
+      TF_VAR_openstack_endpoint_type = "Interface";
+      TF_VAR_openstack_region = "Region Name";
     };
-    exe = lib.getExe opentofu;
+    "Cloudflare" = {
+      TF_VAR_cloudflare_token = "DNS API Token";
+      TF_VAR_cloudflare_email = "login.username";
+      AWS_ACCESS_KEY_ID = "BW Terraform access key id";
+      AWS_SECRET_ACCESS_KEY = "BW Terraform secret access key";
+    };
+    "Hetzner Cloud" = {
+      TF_VAR_hcloud_api_token = "Terraform API Token";
+    };
+  };
+  wrappedScript = pkgs.writeShellApplication {
+    name = "bw-opentofu-wrapped";
+    runtimeInputs = [
+      pkgs.uutils-coreutils-noprefix
+      pkgs.bitwarden-cli
+      pkgs.khscodes.find-flake-root
+      opentofu
+    ];
+    text = ''
+      fqdn="$1"
+      config="$2"
+      phase="$3"
+      flakeRoot="$(find-flake-root)"
+      dir="$flakeRoot/.terraform-cache/$fqdn/$phase"
+      mkdir -p "$dir"
+      cat "''${config}" > "$dir/config.tf.json"
+      tofu -chdir="$dir" init
+      tofu -chdir="$dir" apply
+    '';
   };
 in
-pkgs.writeShellApplication {
+lib.khscodes.mkBwEnv {
+  inherit pkgs;
   name = "bw-opentofu";
-  runtimeInputs = [
-    bw-opentofu
-    pkgs.uutils-coreutils-noprefix
-    pkgs.bitwarden-cli
-  ];
-  text = ''
-    fqdn="$1"
-    config="$2"
-    lockHcl="$3"
-    dir="$(mktemp -d --tmpdir -t "terraform-hetzher-''${fqdn}.XXXXXXXXXX")"
-    cp "$lockHcl" "$dir/.terraform.lock.hcl"
-    cp "''${config}" "$dir/config.tf.json"
-    if [ "''${BW_SESSION:-}" == "" ]; then
-      BW_SESSION="$(bw unlock --raw)"
-      export BW_SESSION
-      trap "bw lock" EXIT
-    fi
-    bw-opentofu -chdir="$dir" init
-    bw-opentofu -chdir="$dir" apply
-  '';
+  items = secrets;
+  exe = lib.getExe wrappedScript;
 }

nix/packages/find-flake-root/default.nix

@@ -0,0 +1,16 @@
+{ pkgs, ... }:
+pkgs.writeShellApplication {
+  name = "find-flake-root";
+  runtimeInputs = [ pkgs.uutils-coreutils-noprefix ];
+  text = ''
+    while [[ ! -f "$(pwd)/flake.nix" ]]; do
+      if [[ "$(pwd)" == "/" ]]; then
+        echo "Could not find flake root" 1>&2
+        exit 1
+      fi
+      cd ..
+    done
+    pwd
+    exit 0
+  '';
+}

nix/packages/hetzner-ipv6/default.nix

@@ -0,0 +1,6 @@
+{
+  lib,
+  pkgs,
+  inputs,
+}:
+(lib.khscodes.mkRust pkgs "${inputs.self}/rust").buildRustPackage "hetzner-ipv6"

nix/packages/opentofu-hetzner/default.nix

@@ -1,16 +0,0 @@
-{
-  inputs,
-  pkgs,
-}:
-pkgs.writeShellApplication {
-  name = "opentofu-hetzner";
-  runtimeInputs = [
-    pkgs.nix
-    pkgs.khscodes.bw-opentofu
-  ];
-  text = ''
-    hostname="$1"
-    config="$(nix build --no-link --print-out-paths '${inputs.self}#nixosConfigurations."'"$hostname"'".config.khscodes.terraform-hetzner.output')"
-    bw-opentofu "$hostname" "$config" "${./terraform.lock.hcl}"
-  '';
-}

nix/packages/opentofu-hetzner/terraform.lock.hcl

@@ -1,47 +0,0 @@
-# This file is maintained automatically by "tofu init".
-# Manual edits may be lost in future updates.
-
-provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.52.0"
-  constraints = "~> 4.0"
-  hashes = [
-    "h1:Pi5M+GeoMSN2eJ6QnIeXjBf19O+rby/74CfB2ocpv20=",
-    "zh:19be1a91c982b902c42aba47766860dfa5dc151eed1e95fd39ca642229381ef0",
-    "zh:1de451c4d1ecf7efbe67b6dace3426ba810711afdd644b0f1b870364c8ae91f8",
-    "zh:352b4a2120173298622e669258744554339d959ac3a95607b117a48ee4a83238",
-    "zh:3c6f1346d9154afbd2d558fabb4b0150fc8d559aa961254144fe1bc17fe6032f",
-    "zh:4c4c92d53fb535b1e0eff26f222bbd627b97d3b4c891ec9c321268676d06152f",
-    "zh:53276f68006c9ceb7cdb10a6ccf91a5c1eadd1407a28edb5741e84e88d7e29e8",
-    "zh:7925a97773948171a63d4f65bb81ee92fd6d07a447e36012977313293a5435c9",
-    "zh:7dfb0a4496cfe032437386d0a2cd9229a1956e9c30bd920923c141b0f0440060",
-    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8d4aa79f0a414bb4163d771063c70cd991c8fac6c766e685bac2ee12903c5bd6",
-    "zh:a67540c13565616a7e7e51ee9366e88b0dc60046e1d75c72680e150bd02725bb",
-    "zh:a936383a4767f5393f38f622e92bf2d0c03fe04b69c284951f27345766c7b31b",
-    "zh:d4887d73c466ff036eecf50ad6404ba38fd82ea4855296b1846d244b0f13c380",
-    "zh:e9093c8bd5b6cd99c81666e315197791781b8f93afa14fc2e0f732d1bb2a44b7",
-    "zh:efd3b3f1ec59a37f635aa1d4efcf178734c2fcf8ddb0d56ea690bec342da8672",
-  ]
-}
-
-provider "registry.opentofu.org/hetznercloud/hcloud" {
-  version     = "1.45.0"
-  constraints = "~> 1.45.0"
-  hashes = [
-    "h1:dh2iL5GHfDui5DbZFD/kcWlwzmC6slgUirA0FbZBK7g=",
-    "zh:1c4b44a698cfaca215bdbadaf92669dd23533210c3cbf32895fbf4ff7acf6c24",
-    "zh:2915f8385559694e5097d8d0df16358200e9f0d9efb80559e9ea0bd072d792b9",
-    "zh:3a6b37b0bba50d263bd3dba26185bde13c825e59b6b301ab3f9f45686a21456b",
-    "zh:3e3910fa22a3a8d73d1aed38cc479c3e1958e9168b5f4a7d0da6cf03c2dfc155",
-    "zh:3f8d7d09e5c93162a1e9e6c89acac0799fb55765b44b7d1d020763c814263c57",
-    "zh:40bc5e94bff495440e1b4f797165d7f0dcee2282a86a61b158f47fe4bc57e9fb",
-    "zh:473f51d464b897d0e8e3d5ca2eb175b37e2f7ce03c8b26f47cc35885cf620946",
-    "zh:6fdd4bf71c19cfad78d7e1d2336be873eb8567a139d53e672e78ebcbc36a4d7d",
-    "zh:9e08638cbfc90d69f1c21ee34191db077d58d040cf7a9eed07a1dc335d463e97",
-    "zh:b1ed5ea81bc6d2c88efdefaeb244322874508d90d8217ac2e3541445254bdadc",
-    "zh:ced05776c27d550d15d4a71360243740ecb4ea1e65e67229fb2273a27353b00c",
-    "zh:da79b8a1a982a1d365ea206a2654e8b5003aeba9ccdc9c8751bb6ee3f40d8c49",
-    "zh:fabbad25bab09dd74f2b819992ab99b939c642374d6ca080b18d6e2a91d8d487",
-    "zh:fb0e083d2925f289999dc561ef1c2f84a9e0ab11388c40162ca8b470f50f71f5",
-  ]
-}

nix/packages/pre-provisioning/default.nix

@@ -0,0 +1,27 @@
+{
+  inputs,
+  pkgs,
+}:
+pkgs.writeShellApplication {
+  name = "pre-provisioning";
+  runtimeInputs = [
+    pkgs.nix
+    pkgs.khscodes.bw-opentofu
+  ];
+  # TODO: Use secret source and required secrets to set up the correct env variables
+  text = ''
+    hostname="$1"
+    baseAttr='${inputs.self}#nixosConfigurations."'"$hostname"'".config.khscodes.provisioning'
+    config="$(nix eval --raw "''${baseAttr}.preConfig")"
+    secretsSource="$(nix eval --raw "''${baseAttr}.pre.secretsSource")"
+    if [[ "$config" == "null" ]]; then
+      echo "No preprovisioning needed"
+      exit 0
+    fi
+    if [[ "$secretsSource" == "vault" ]]; then
+      >&2 echo "Provisioning using vault is not yet implemented"
+      exit 1
+    fi
+    bw-opentofu "$hostname" "$config" "pre"
+  '';
+}