add json templating

2025-05-29 11:19:33 +02:00 · 2025-05-29 11:19:33 +02:00 · b3f77d4bb0
commit b3f77d4bb0
parent e46bc3ef80
4 changed files with 58 additions and 3 deletions
--- a/flake.nix
+++ b/flake.nix
@ -11,12 +11,16 @@
    packages = nixpkgs.lib.genAttrs supportedArchitectures (system: {
      nix_templater = nixpkgs.legacyPackages.${system}.callPackage ./pkgs/nix_templater {};
    });
-    legacyPackages = nixpkgs.lib.genAttrs supportedArchitectures (system: import ./lib.nix {
+    legacyPackages = nixpkgs.lib.genAttrs supportedArchitectures (system: let
      pkgs = nixpkgs.legacyPackages.${system};
+    in import ./lib.nix {
+      inherit pkgs;
+      inherit (pkgs) lib;
      nix_templater = packages.${system}.nix_templater;
    });
    checks = nixpkgs.lib.genAttrs supportedArchitectures (system: {
      template = import ./tests/template.nix { inherit legacyPackages system nixpkgs; };
+      json = import ./tests/json.nix { inherit legacyPackages system nixpkgs; };
    });
  };
 }
--- a/lib.nix
+++ b/lib.nix
@ -1,5 +1,9 @@
-{ pkgs, nix_templater }:
 {
+  pkgs,
+  nix_templater,
+  lib ? pkgs.lib,
+}:
+rec {
  # placeholder to be substituted with the content of a secret file
  fileContents = file: {
   outPath = "<${builtins.placeholder "nix_template"}${toString file}${builtins.placeholder "nix_template"}>";
@ -21,4 +25,13 @@
      cp $scriptPath $out/bin/${name}
      chmod +x $out/bin/${name}
    '';
+
+  template_generator = generator: { name, value, outPath }: template_text {
+    inherit name outPath;
+    text = generator value;
+  };
+
+  template_json = options: template_generator (lib.generators.toJSON options);
+  template_yaml = options: template_generator (lib.generators.toYAML options); # just json
+  template_ini = options: template_generator (lib.generators.toINI options);
 }
--- a/tests/json.nix
+++ b/tests/json.nix
@ -0,0 +1,38 @@
+# test injecting a secret into a json template
+{ legacyPackages, system, nixpkgs }:
+let
+  secret_file = (nixpkgs.legacyPackages.${system}.writeText "secret" "secret");
+in (nixpkgs.lib.nixos.runTest {
+    hostPkgs = nixpkgs.legacyPackages.${system};
+    name = "nix_templates";
+
+    nodes.machine = {pkgs, ...}: {
+      config = {
+        systemd.services.testservice = {
+          wantedBy = [ "multi-user.target" ];
+          serviceConfig = {
+            Type = "oneshot";
+            ExecStartPre = "${legacyPackages.${system}.template_json {} {
+              name = "test";
+              value = {
+                foo = "text";
+                bar = legacyPackages.${system}.fileContents secret_file;
+              };
+              outPath = "./test";
+            }}/bin/test";
+            ExecStart = pkgs.writeScript "test_file_got_templates" ''
+              #!/bin/sh
+              cat ./test | grep -q 'secret'
+            '';
+          };
+        };
+      };
+    };
+
+    testScript = ''
+      start_all()
+      print(machine.execute("uname -a"))
+      machine.wait_for_unit("multi-user.target")
+      print(machine.succeed("cat /test | grep -q secret"))
+    '';
+  })
--- a/tests/template.nix
+++ b/tests/template.nix
@ -1,4 +1,4 @@
-# test injecting a secret into a template
+# test injecting a secret into a text template
 { legacyPackages, system, nixpkgs }:
 let
  # this file would usually be outside of the store