diff options
| -rw-r--r-- | shell.nix | 32 | ||||
| -rw-r--r-- | tools/ca/default.nix | 25 |
2 files changed, 31 insertions, 26 deletions
| @@ -1,32 +1,13 @@ | |||
| 1 | { system, self, deploy-rs, nvfetcher, mach-nix, leapseconds, ... }: | 1 | inputs@{ system, self, deploy-rs, nvfetcher, nixpkgs, ... }: |
| 2 | let | 2 | let |
| 3 | pkgs = self.legacyPackages.${system}; | 3 | pkgs = self.legacyPackages.${system}; |
| 4 | utils = import ./utils { inherit (nixpkgs) lib; }; | ||
| 5 | inherit (utils) nixImport; | ||
| 4 | 6 | ||
| 5 | ca = mach-nix.lib.${system}.buildPythonPackage { | 7 | tools = nixImport rec { dir = ./tools; _import = _path: name: import "${toString dir}/${name}" inputs; }; |
| 6 | pname = "ca"; | ||
| 7 | src = ./tools/ca; | ||
| 8 | version = "0.0.0"; | ||
| 9 | ignoreDataOutdated = true; | ||
| 10 | |||
| 11 | requirements = '' | ||
| 12 | cryptography >=38.0.0 | ||
| 13 | fqdn | ||
| 14 | atomicwrites | ||
| 15 | leapseconddata | ||
| 16 | xkcdpass | ||
| 17 | ''; | ||
| 18 | |||
| 19 | _.cryptography.buildInputs = with pkgs; [ openssl ]; | ||
| 20 | |||
| 21 | postInstall = '' | ||
| 22 | wrapProgram $out/bin/ca \ | ||
| 23 | --set-default LEAPSECONDS_FILE ${leapseconds} \ | ||
| 24 | --prefix PATH : ${pkgs.lib.makeBinPath (with pkgs; [sops])} | ||
| 25 | ''; | ||
| 26 | }; | ||
| 27 | in pkgs.mkShell { | 8 | in pkgs.mkShell { |
| 28 | name = "nixos"; | 9 | name = "nixos"; |
| 29 | nativeBuildInputs = with pkgs; [ | 10 | nativeBuildInputs = builtins.attrValues tools ++ (with pkgs; [ |
| 30 | sops | 11 | sops |
| 31 | wireguard-tools | 12 | wireguard-tools |
| 32 | gup | 13 | gup |
| @@ -35,6 +16,5 @@ in pkgs.mkShell { | |||
| 35 | knot-dns | 16 | knot-dns |
| 36 | yq | 17 | yq |
| 37 | nvfetcher.defaultPackage.${system} | 18 | nvfetcher.defaultPackage.${system} |
| 38 | ca | 19 | ]); |
| 39 | ]; | ||
| 40 | } | 20 | } |
diff --git a/tools/ca/default.nix b/tools/ca/default.nix new file mode 100644 index 00000000..c5fe0cea --- /dev/null +++ b/tools/ca/default.nix | |||
| @@ -0,0 +1,25 @@ | |||
| 1 | { system, self, mach-nix, leapseconds, ... }: | ||
| 2 | let | ||
| 3 | pkgs = self.legacyPackages.${system}; | ||
| 4 | in mach-nix.lib.${system}.buildPythonPackage { | ||
| 5 | pname = "ca"; | ||
| 6 | src = pkgs.lib.sourceByRegex ./. ["^setup\.py$" "^ca(/[^/]+.*)?$"]; | ||
| 7 | version = "0.0.0"; | ||
| 8 | ignoreDataOutdated = true; | ||
| 9 | |||
| 10 | requirements = '' | ||
| 11 | cryptography >=38.0.0 | ||
| 12 | fqdn | ||
| 13 | atomicwrites | ||
| 14 | leapseconddata | ||
| 15 | xkcdpass | ||
| 16 | ''; | ||
| 17 | |||
| 18 | _.cryptography.buildInputs = with pkgs; [ openssl ]; | ||
| 19 | |||
| 20 | postInstall = '' | ||
| 21 | wrapProgram $out/bin/ca \ | ||
| 22 | --set-default LEAPSECONDS_FILE ${leapseconds} \ | ||
| 23 | --prefix PATH : ${pkgs.lib.makeBinPath (with pkgs; [sops])} | ||
| 24 | ''; | ||
| 25 | } | ||