33 lines
1.1 KiB
Nix
33 lines
1.1 KiB
Nix
{
|
|
inputs,
|
|
pkgs,
|
|
}:
|
|
pkgs.writeShellApplication {
|
|
name = "pre-provisioning";
|
|
runtimeInputs = [
|
|
pkgs.nix
|
|
pkgs.khscodes.bw-opentofu
|
|
pkgs.khscodes.instance-opentofu
|
|
pkgs.khscodes.openbao-helper
|
|
pkgs.jq
|
|
];
|
|
# TODO: Use secret source and required secrets to set up the correct env variables
|
|
text = ''
|
|
hostname="$1"
|
|
cmd="''${2:-apply}"
|
|
baseAttr='${inputs.self}#nixosConfigurations."'"$hostname"'".config.khscodes.infrastructure.provisioning'
|
|
config="$(nix build --no-link --print-out-paths "''${baseAttr}.preConfig")"
|
|
secretsSource="$(nix eval --raw "''${baseAttr}.pre.secretsSource")"
|
|
endpoints="$(nix eval --show-trace --json "''${baseAttr}.preEndpoints")"
|
|
if [[ "$config" == "null" ]]; then
|
|
echo "No preprovisioning needed"
|
|
exit 0
|
|
fi
|
|
if [[ "$secretsSource" == "vault" ]]; then
|
|
readarray -t endpoints_args < <(echo "$endpoints" | jq -cr 'map(["-e", .])[][]')
|
|
openbao-helper wrap-program "''${endpoints_args[@]}" -- instance-opentofu "$hostname" "$config" "$cmd"
|
|
exit 0
|
|
fi
|
|
bw-opentofu "$hostname" "$config" "$cmd"
|
|
'';
|
|
}
|