infrastructure/flake.nix at main · sean-morris/infrastructure · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# code-owner: @agoose77
# This flake sets up a dev-shell that installs all the required
# packages for running deployer, and then installs the tool in the virtual environment
# It is not best-practice for the nix-way of distributing this code,
# but its purpose is to get an environment up and running.
{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixpkgs-helm.url = "github:NixOS/nixpkgs/9b100cfb67ccb2ff6e723b78d4ae2f9c88654a1c";
    dev-python = {
      url = "github:agoose77/dev-flakes/v10?dir=python";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = {
    self,
    nixpkgs,
    nixpkgs-helm,
    dev-python,
  }: let
    forAllSystems = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed;
  in {
    devShells = forAllSystems (system: let
      pkgs = import nixpkgs {
        inherit system;
        config.allowUnfree = true;
      };
      # Additional nixpkgs for a particular package (helm)
      pkgs-helm = import nixpkgs-helm {
        inherit system;
      };

      # Define our interpreter
      python = pkgs.python313;
      gdk = pkgs.google-cloud-sdk.withExtraComponents (with pkgs.google-cloud-sdk.components; [
        gke-gcloud-auth-plugin
      ]);
      # Configure packages that need additional deps
      openstack = python.pkgs.toPythonApplication (
        python.pkgs.python-openstackclient.overridePythonAttrs (oldAttrs: {
          dependencies =
            (oldAttrs.dependencies or [])
            ++ [python.pkgs.python-magnumclient];
        })
      );
      # Configure the hook for enabling venvs
      # I think there's a way to auto-detect this, but
      # let's worry about that another time
      venvHook =
        dev-python.packages.${system}.nix-ld-venv-hook.override
        {python = python;};
      # Define our env packages (including the above)
      packages =
        [
          python
          venvHook
        ]
        ++ (with pkgs; [
          cmake
          ninja
          gcc
          pre-commit
          # Infra packages
          age
          go-jsonnet
          pkgs-helm.kubernetes-helm
          kubectl
          sops
          gdk
          awscli2
          azure-cli
          terraform
          openstack
          eksctl
          # Dev deps
          jq
          yq-go
        ]);
      # Unset these unwanted env vars
      # PYTHONPATH bleeds from Nix Python packages
      unwantedEnvPreamble = ''
        unset SOURCE_DATE_EPOCH PYTHONPATH
      '';
    in {
      default = pkgs.mkShell {
        inherit packages;
        # Define additional input for patching interpreter

        venvDir = ".venv";

        # Drop bad env vars on activation
        postShellHook = unwantedEnvPreamble;

        env = {
          # Disable nested kubeconfigs! This is nearly always a footgun
          DEPLOYER_NO_NESTED_KUBECONFIG = "1";
        };

        # Setup venv by patching interpreter with LD_LIBRARY_PATH
        # This is required because ld does not exist on Nix systems
        postVenvCreation =
          # Install package
          ''
            ${unwantedEnvPreamble}
            pip install -e ".[dev]"
          '';
      };
    });
  };
}