fediversity/nix-templating
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

escape json

Browse source
This commit is contained in:
Kiara Grouwstra 2025-06-09 22:22:25 +02:00
parent d3688f5426
commit ae46ef757c
Signed by: kiara
SSH key fingerprint: SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
4 changed files with 22 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -1,6 +1,6 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
outputs = { nixpkgs, ... }@self: let
outputs = { nixpkgs, ... }: let
supportedArchitectures = [
"aarch64-darwin"
"aarch64-linux"

20
lib.nix
View file

@ -3,6 +3,12 @@
nix_templater,
lib ? pkgs.lib,
}:
let
escapeJson = {
"\"" = ''\"'';
"\\" = ''\\'';
};
in
rec {
# placeholder to be substituted with the content of a secret file
fileContents = file: {
@ -11,12 +17,12 @@ rec {
};
# make a template with placeholders
templateText = { name, text, outPath }:
templateText = { name, text, outPath, translations ? {} }:
pkgs.runCommand name {
textBeforeTemplate = text;
script = ''
#!/bin/sh
${nix_templater}/bin/nix_templater ${builtins.placeholder "out"}/template ${builtins.placeholder "nix_template"} "${outPath}"
${nix_templater}/bin/nix_templater ${builtins.placeholder "out"}/template ${builtins.placeholder "nix_template"} "${outPath}" '${lib.strings.toJSON translations}'
'';
passAsFile = [ "script" "textBeforeTemplate" ];
} ''
@ -26,14 +32,14 @@ rec {
chmod +x $out/bin/${name}
'';
templateGenerator = generator: { name, value, outPath }: templateText {
inherit name outPath;
templateGenerator = translations: generator: { name, value, outPath }: templateText {
inherit name outPath translations;
text = generator value;
};
templateJsonWith = options: templateGenerator (lib.generators.toJSON options);
templateYamlWith = options: templateGenerator (lib.generators.toYAML options); # just json
templateIniWith = options: templateGenerator (lib.generators.toINI options);
templateJsonWith = options: templateGenerator escapeJson (lib.generators.toJSON options);
templateYamlWith = options: templateGenerator escapeJson (lib.generators.toYAML options); # just json
templateIniWith = options: templateGenerator escapeJson (lib.generators.toINI options);
templateJson = templateJsonWith { };
templateYaml = templateYamlWith { };
templateIni = templateIniWith { };

4
pkgs/nix_templater/replace.py
View file

@ -1,10 +1,12 @@
# replace occurrences of a magic string in a template file
from json import loads
import sys
from pathlib import Path
template_file = sys.argv[1]
magic_string = sys.argv[2]
outfile = sys.argv[3]
translations = loads(sys.argv[4]) if len(sys.argv) >= 4 else {}
if Path(outfile).exists():
print(f"{outfile} already exists, aborting")
@ -26,7 +28,7 @@ while True:
]
output += template_bytes[loc : loc + magic_start]
# TODO handle errors better here
output += Path(magic_file.decode()).read_bytes()
output += Path(magic_file.decode()).read_bytes().decode().translate(str.maketrans(translations)).encode()
loc = loc + magic_start + magic_end + len(magic_string) + 1
Path(outfile).write_bytes(output)

7
tests/json.nix
View file

@ -1,9 +1,10 @@
# test injecting a secret into a json template
{ legacyPackages, system, nixpkgs }:
let
secret_file = (nixpkgs.legacyPackages.${system}.writeText "secret" "secret");
hostPkgs = nixpkgs.legacyPackages.${system};
secret_file = hostPkgs.writeText "secret" "secret\\needing\"escaping";
in (nixpkgs.lib.nixos.runTest {
hostPkgs = nixpkgs.legacyPackages.${system};
inherit hostPkgs;
name = "nix_templates";
nodes.machine = {pkgs, ...}: {
@ -33,6 +34,8 @@ in (nixpkgs.lib.nixos.runTest {
start_all()
print(machine.execute("uname -a"))
machine.wait_for_unit("multi-user.target")
print(machine.succeed("cat /test"))
print(machine.succeed("cat /test | grep -q secret"))
print(machine.succeed("cat /test | ${hostPkgs.jq}/bin/jq"))
'';
})