{ description = "Coder Templates"; outputs = { nixpkgs, flake-parts, systems, ... } @ inputs: flake-parts.lib.mkFlake {inherit inputs;} { imports = [ inputs.devenv.flakeModule inputs.nix-gitlab-ci.flakeModule inputs.nix-devtools.flakeModule inputs.treefmt-nix.flakeModule ]; systems = import systems; flake = { }; perSystem = { pkgs, config, system, ... }: { _module.args.pkgs = import nixpkgs { inherit system; config.allowUnfree = true; }; treefmt = { projectRootFile = "flake.nix"; programs = { alejandra.enable = true; mdformat.enable = true; }; }; devenv.shells.default = { packages = with pkgs; [ opentofu coder buildah ]; pre-commit.hooks.treefmt = { enable = true; packageOverrides.treefmt = config.treefmt.build.wrapper; }; task = { enable = true; alias = ","; tasks = { "build" = { requires.vars = ["TEMPLATE"]; cmds = [ "nix build .#{{ .TEMPLATE }}" "install result {{ .TEMPLATE }}/template.tf.json" ]; }; "validate" = { desc = "Validate the resulting terraform files"; deps = ["build"]; requires.vars = ["TEMPLATE"]; dir = "{{ .TEMPLATE }}"; cmds = [ "${pkgs.opentofu}/bin/tofu init" "${pkgs.opentofu}/bin/tofu validate" ]; }; "upload-to-coder" = { desc = "Uploads the specified template to coder"; deps = ["build" "validate"]; requires.vars = ["TEMPLATE"]; dir = "{{ .TEMPLATE }}"; interactive = true; cmd = ''${pkgs.coder}/bin/coder templates push "{{ .TEMPLATE }}"''; }; }; }; }; packages = { nix-coder-image = pkgs.callPackage ./image.nix {}; nix-kubernetes = inputs.terranix.lib.terranixConfiguration { inherit system; modules = [./nix-kubernetes]; }; }; ci = { stages = ["build" "upload"]; jobs = let SYSTEMS = ["aarch64-linux" "x86_64-linux"]; in { "build" = { stage = "build"; parallel.matrix = [ {TEMPLATE = ["nix-kubernetes"];} ]; nix.deps = [pkgs.gnutar]; script = [ "nix build .#\${TEMPLATE}" "install -D result templates/\${TEMPLATE}.tf.json" "tar -cf templates/\${TEMPLATE}.tar -C templates \${TEMPLATE}.tf.json" ]; artifacts.paths = ["templates/"]; }; "build:image" = { stage = "build"; parallel.matrix = [ {SYSTEM = SYSTEMS;} ]; script = [ "nix build .#nix-coder-image --system $SYSTEM" ]; after_script = [ "install -D result dist/nix-coder-image_\${SYSTEM}.tar.gz" ]; artifacts.paths = ["dist/"]; }; "upload" = { stage = "upload"; nix.deps = [pkgs.buildah]; needs = ["build:image"]; before_script = [ ''export REGISTRY_AUTH_FILE=''${HOME}/auth.json'' ''echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY'' '' mkdir -p /etc/containers && echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json '' ''mkdir -p /var/tmp'' ]; script = [ ''buildah manifest create localhost/nix-coder-image'' ] ++ ( builtins.map (sys: '' buildah manifest add localhost/nix-coder-image docker-archive:dist/nix-coder-image_${sys}.tar.gz '') SYSTEMS ) ++ [ '' buildah manifest push --all localhost/nix-coder-image \ docker://''${CI_REGISTRY_IMAGE}/nix-coder-image:$CI_COMMIT_SHORT_SHA '' ]; }; }; }; }; }; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; flake-parts.url = "github:hercules-ci/flake-parts"; systems.url = "github:nix-systems/default"; devenv.url = "github:cachix/devenv"; nix-gitlab-ci.url = "gitlab:TECHNOFAB/nix-gitlab-ci?dir=lib"; nix-devtools.url = "gitlab:TECHNOFAB/nix-devtools?dir=lib"; treefmt-nix.url = "github:numtide/treefmt-nix"; terranix.url = "github:terranix/terranix"; }; }