Compare commits
1 commit
| Author | SHA1 | Date | |
|---|---|---|---|
a8dd207837
|
5 changed files with 12 additions and 74 deletions
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
outputs = { nixpkgs, ... }: let
|
||||
outputs = { nixpkgs, ... }@self: let
|
||||
supportedArchitectures = [
|
||||
"aarch64-darwin"
|
||||
"aarch64-linux"
|
||||
|
|
@ -11,16 +11,12 @@
|
|||
packages = nixpkgs.lib.genAttrs supportedArchitectures (system: {
|
||||
nix_templater = nixpkgs.legacyPackages.${system}.callPackage ./pkgs/nix_templater {};
|
||||
});
|
||||
legacyPackages = nixpkgs.lib.genAttrs supportedArchitectures (system: let
|
||||
legacyPackages = nixpkgs.lib.genAttrs supportedArchitectures (system: import ./lib.nix {
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
in import ./lib.nix {
|
||||
inherit pkgs;
|
||||
inherit (pkgs) lib;
|
||||
nix_templater = packages.${system}.nix_templater;
|
||||
});
|
||||
checks = nixpkgs.lib.genAttrs supportedArchitectures (system: {
|
||||
template = import ./tests/template.nix { inherit legacyPackages system nixpkgs; };
|
||||
json = import ./tests/json.nix { inherit legacyPackages system nixpkgs; };
|
||||
});
|
||||
};
|
||||
}
|
||||
|
|
|
|||
29
lib.nix
29
lib.nix
|
|
@ -1,11 +1,8 @@
|
|||
{ pkgs, lib, nix_templater }:
|
||||
let
|
||||
escapeJson = {
|
||||
"\"" = ''\"'';
|
||||
"\\" = ''\\'';
|
||||
};
|
||||
in
|
||||
rec {
|
||||
{
|
||||
pkgs,
|
||||
nix_templater ? pkgs.callPackage ./pkgs/nix_templater { },
|
||||
}:
|
||||
{
|
||||
# placeholder to be substituted with the content of a secret file
|
||||
fileContents = file: {
|
||||
outPath = "<${builtins.placeholder "nix_template"}${toString file}${builtins.placeholder "nix_template"}>";
|
||||
|
|
@ -13,12 +10,12 @@ rec {
|
|||
};
|
||||
|
||||
# make a template with placeholders
|
||||
templateText = { name, text, outPath, translations ? {} }:
|
||||
template_text = { name, text, outPath }:
|
||||
pkgs.runCommand name {
|
||||
textBeforeTemplate = text;
|
||||
script = ''
|
||||
#!/bin/sh
|
||||
${nix_templater}/bin/nix_templater ${builtins.placeholder "out"}/template ${builtins.placeholder "nix_template"} "${outPath}" '${lib.strings.toJSON translations}'
|
||||
${nix_templater}/bin/nix_templater ${builtins.placeholder "out"}/template ${builtins.placeholder "nix_template"} "${outPath}"
|
||||
'';
|
||||
passAsFile = [ "script" "textBeforeTemplate" ];
|
||||
} ''
|
||||
|
|
@ -27,16 +24,4 @@ rec {
|
|||
cp $scriptPath $out/bin/${name}
|
||||
chmod +x $out/bin/${name}
|
||||
'';
|
||||
|
||||
templateGenerator = translations: generator: { name, value, outPath }: templateText {
|
||||
inherit name outPath translations;
|
||||
text = generator value;
|
||||
};
|
||||
|
||||
templateJsonWith = options: templateGenerator escapeJson (lib.generators.toJSON options);
|
||||
templateYamlWith = options: templateGenerator escapeJson (lib.generators.toYAML options); # just json
|
||||
templateIniWith = options: templateGenerator escapeJson (lib.generators.toINI options);
|
||||
templateJson = templateJsonWith { };
|
||||
templateYaml = templateYamlWith { };
|
||||
templateIni = templateIniWith { };
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,12 +1,10 @@
|
|||
# replace occurrences of a magic string in a template file
|
||||
from json import loads
|
||||
import sys
|
||||
from pathlib import Path
|
||||
|
||||
template_file = sys.argv[1]
|
||||
magic_string = sys.argv[2]
|
||||
outfile = sys.argv[3]
|
||||
translations = loads(sys.argv[4]) if len(sys.argv) >= 4 else {}
|
||||
|
||||
if Path(outfile).exists():
|
||||
print(f"{outfile} already exists, aborting")
|
||||
|
|
@ -28,7 +26,7 @@ while True:
|
|||
]
|
||||
output += template_bytes[loc : loc + magic_start]
|
||||
# TODO handle errors better here
|
||||
output += Path(magic_file.decode()).read_bytes().decode().translate(str.maketrans(translations)).encode()
|
||||
output += Path(magic_file.decode()).read_bytes()
|
||||
loc = loc + magic_start + magic_end + len(magic_string) + 1
|
||||
|
||||
Path(outfile).write_bytes(output)
|
||||
|
|
|
|||
|
|
@ -1,41 +0,0 @@
|
|||
# test injecting a secret into a json template
|
||||
{ legacyPackages, system, nixpkgs }:
|
||||
let
|
||||
hostPkgs = nixpkgs.legacyPackages.${system};
|
||||
secret_file = hostPkgs.writeText "secret" "secret\\needing\"escaping";
|
||||
in (nixpkgs.lib.nixos.runTest {
|
||||
inherit hostPkgs;
|
||||
name = "nix_templates";
|
||||
|
||||
nodes.machine = {pkgs, ...}: {
|
||||
config = {
|
||||
systemd.services.testservice = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStartPre = "${legacyPackages.${system}.templateJson {
|
||||
name = "test";
|
||||
value = {
|
||||
foo = "text";
|
||||
bar = legacyPackages.${system}.fileContents secret_file;
|
||||
};
|
||||
outPath = "./test";
|
||||
}}/bin/test";
|
||||
ExecStart = pkgs.writeScript "test_file_got_templates" ''
|
||||
#!/bin/sh
|
||||
cat ./test | grep -q 'secret'
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
print(machine.execute("uname -a"))
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
print(machine.succeed("cat /test"))
|
||||
print(machine.succeed("cat /test | grep -q secret"))
|
||||
print(machine.succeed("cat /test | ${hostPkgs.jq}/bin/jq"))
|
||||
'';
|
||||
})
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# test injecting a secret into a text template
|
||||
# test injecting a secret into a template
|
||||
{ legacyPackages, system, nixpkgs }:
|
||||
let
|
||||
# this file would usually be outside of the store
|
||||
|
|
@ -14,7 +14,7 @@ in (nixpkgs.lib.nixos.runTest {
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStartPre = "${legacyPackages.${system}.templateText {
|
||||
ExecStartPre = "${legacyPackages.${system}.template_text {
|
||||
name = "test";
|
||||
text = ''
|
||||
public text
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue