From 048d81b2236de336bff6c9e44b33c645a3e70bfb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 17 Nov 2024 11:47:10 +0100 Subject: [PATCH] add basic darwin test --- checks/darwin.nix | 10 ++++++++++ flake.lock | 21 +++++++++++++++++++++ flake.nix | 18 ++++++++++++++++-- modules/nix-darwin/manifest-for.nix | 4 ++-- 4 files changed, 49 insertions(+), 4 deletions(-) create mode 100644 checks/darwin.nix diff --git a/checks/darwin.nix b/checks/darwin.nix new file mode 100644 index 0000000..c6373ca --- /dev/null +++ b/checks/darwin.nix @@ -0,0 +1,10 @@ +{ + imports = [ + ../modules/nix-darwin/default.nix + ]; + nixpkgs.hostPlatform = "aarch64-darwin"; + sops.secrets.test_key = { }; + sops.defaultSopsFile = ../pkgs/sops-install-secrets/test-assets/secrets.yaml; + sops.age.generateKey = true; + system.stateVersion = 5; +} diff --git a/flake.lock b/flake.lock index 01c146b..e23b6c5 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731809072, + "narHash": "sha256-pOsDJQR0imnFLfpvTmRpHcP0tflyxtP/QIzokrKSP8U=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "34588d57cfc41c6953c54c93b6b685cab3b548ee", + "type": "github" + }, + "original": { + "owner": "LnL7", + "repo": "nix-darwin", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1731763621, @@ -34,6 +54,7 @@ }, "root": { "inputs": { + "nix-darwin": "nix-darwin", "nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable" } diff --git a/flake.nix b/flake.nix index 8ebb37d..c73e0ac 100644 --- a/flake.nix +++ b/flake.nix @@ -2,13 +2,18 @@ description = "Integrates sops into nixos"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05"; + + inputs.nix-darwin.url = "github:LnL7/nix-darwin"; + inputs.nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; + nixConfig.extra-substituters = ["https://cache.thalheim.io"]; nixConfig.extra-trusted-public-keys = ["cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc="]; outputs = { self, nixpkgs, - nixpkgs-stable - }: let + nixpkgs-stable, + nix-darwin, + } @ inputs: let systems = [ "x86_64-linux" "x86_64-darwin" @@ -36,6 +41,15 @@ sops = ./modules/nix-darwin; default = self.darwinModules.sops; }; + + darwinConfigurations.sops = nix-darwin.lib.darwinSystem { + modules = [ ./checks/darwin.nix ]; + specialArgs = { + inherit self; + inherit inputs; + }; + }; + packages = forAllSystems (system: import ./default.nix { pkgs = import nixpkgs {inherit system;}; diff --git a/modules/nix-darwin/manifest-for.nix b/modules/nix-darwin/manifest-for.nix index 6ab2ba0..76b9701 100644 --- a/modules/nix-darwin/manifest-for.nix +++ b/modules/nix-darwin/manifest-for.nix @@ -1,11 +1,12 @@ { writeTextFile, cfg }: -suffix: secrets: extraJson: +suffix: secrets: templates: extraJson: writeTextFile { name = "manifest${suffix}.json"; text = builtins.toJSON ({ secrets = builtins.attrValues secrets; + templates = builtins.attrValues templates; # Does this need to be configurable? secretsMountPoint = "/run/secrets.d"; symlinkPath = "/run/secrets"; @@ -15,7 +16,6 @@ writeTextFile { ageKeyFile = cfg.age.keyFile; ageSshKeyPaths = cfg.age.sshKeyPaths; useTmpfs = false; - templates = cfg.templates; placeholderBySecretName = cfg.placeholder; userMode = false; logging = {