From b82393272c48b6dd10fea7c86f49c419cc7ba09a Mon Sep 17 00:00:00 2001 From: soraefir Date: Wed, 3 Jun 2026 19:24:29 +0200 Subject: [PATCH] Refactor --- modules/server/containers/apps/.template.nix | 57 +++++++++++--------- modules/server/containers/builder.nix | 53 +++++++++++++++++- modules/server/containers/default.nix | 18 ++++--- modules/server/database/default.nix | 4 +- modules/server/sops/default.nix | 2 +- modules/shared/syscfg/server.nix | 48 +++++++++++++---- systems/sandbox/cfg.nix | 2 - 7 files changed, 134 insertions(+), 50 deletions(-) diff --git a/modules/server/containers/apps/.template.nix b/modules/server/containers/apps/.template.nix index 0eaa1c8..1b65606 100644 --- a/modules/server/containers/apps/.template.nix +++ b/modules/server/containers/apps/.template.nix @@ -17,33 +17,38 @@ let }; }; in { - sops = false; - db = false; - paths = [{ - path="${serverCfg.path.config}/example/"; - mode = "0444"; - }]; + requires = { + secrets = [ ]; + databases = [ ]; + }; - containers = { - server = builder.mkContainer { - subdomain = containerCfg.subdomain; - # imageStream = image; - image = "....:${version}"; - port = 8080; - secret = name; - extraEnv = { }; - overrides = { - cmd = [ ]; - volumes = [ ]; - }; + runtime = { + paths = [{ + path="${serverCfg.path.config}/example/"; + mode = "0444"; + }]; + + containers = { + server = builder.mkContainer { + subdomain = containerCfg.subdomain; + # imageStream = image; + image = "....:${version}"; + port = 8080; + secret = name; + extraEnv = { }; + overrides = { + cmd = [ ]; + volumes = [ ]; + }; + }; + }; + + setup = { + trigger = "server"; + envFile = config.sops.secrets."EXAMPLE".path; + script = pkgs.writeShellScript "setup" '' + ... + ''; }; }; - - setup = { - trigger = "server"; - envFile = config.sops.secrets."EXAMPLE".path; - script = pkgs.writeShellScript "setup" '' - ... - ''; - }; } diff --git a/modules/server/containers/builder.nix b/modules/server/containers/builder.nix index aca225f..8c64b53 100644 --- a/modules/server/containers/builder.nix +++ b/modules/server/containers/builder.nix @@ -69,6 +69,57 @@ let in { mkContainer = contBuilder; mkVm = vmBuilder; + mkApp = name: app: + let + # Keep legacy app modules working while storing a stricter internal contract. + legacySetup = + if app ? setup then app.setup else null; + in { + inherit name; + requires = { + secrets = + if app ? requires && app.requires ? secrets then app.requires.secrets + else if app ? sops && app.sops then [ name ] + else [ ]; + databases = + if app ? requires && app.requires ? databases then app.requires.databases + else if app ? db && app.db then [ name ] + else [ ]; + }; + exports = { + authentik = { + blueprints = + if app ? exports && app.exports ? authentik && app.exports.authentik ? blueprints + then app.exports.authentik.blueprints + else [ ]; + }; + }; + runtime = { + paths = + if app ? runtime && app.runtime ? paths then app.runtime.paths + else if app ? paths then app.paths + else [ ]; + containers = + if app ? runtime && app.runtime ? containers then app.runtime.containers + else if app ? containers then app.containers + else { }; + vm = + if app ? runtime && app.runtime ? vm then app.runtime.vm + else if app ? vm then app.vm + else null; + cron = + if app ? runtime && app.runtime ? cron then app.runtime.cron + else if app ? cron then app.cron + else [ ]; + setup = + if app ? runtime && app.runtime ? setup then app.runtime.setup + else ({ + trigger = ""; + script = null; + envFile = [ ]; + } // (if legacySetup != null then legacySetup else { })); + }; + }; mkData = { name, dir, vars?{} }: pkgs.runCommand name vars '' mkdir -p $out cp -r ${./data + "/${dir}"}/. $out/ @@ -82,4 +133,4 @@ in { hostIp = if (config.virtualisation.podman.defaultNetwork.settings ? subnets) then (builtins.elemAt config.virtualisation.podman.defaultNetwork.settings.subnets 0).gateway else "10.88.0.1"; -} \ No newline at end of file +} diff --git a/modules/server/containers/default.nix b/modules/server/containers/default.nix index fe107bf..5d4633b 100644 --- a/modules/server/containers/default.nix +++ b/modules/server/containers/default.nix @@ -6,22 +6,26 @@ let in{ config = lib.mkMerge [{ syscfg.server.loadedContainers = lib.mapAttrs (name: containerCfg: - (import (./apps + "/${name}.nix")) { inherit config pkgs lib containerCfg builder name; } + builder.mkApp name ((import (./apps + "/${name}.nix")) { inherit config pkgs lib containerCfg builder name; }) ) config.syscfg.server.containers; } (lib.mkIf ( serverCfg.containers != {} ) ( let appsList = builtins.attrValues config.syscfg.server.loadedContainers; mergedContainers = lib.concatMapAttrs (appName: app: - lib.mapAttrs' (cName: cCfg: lib.nameValuePair "${appName}-${cName}" cCfg) app.containers + lib.mapAttrs' (cName: cCfg: lib.nameValuePair "${appName}-${cName}" cCfg) app.runtime.containers ) config.syscfg.server.loadedContainers; serverPathConfigs = map (path: { inherit path; mode = "0755"; }) (lib.unique (builtins.attrValues serverCfg.path)); - allPathConfigs = serverPathConfigs ++ lib.concatMap (app: app.paths) appsList; - allSetupConfigs = lib.concatMap (app: if app.setup?script then [({name = app.name; envFile="";} // app.setup)] else []) appsList; - allCronsConfigs = lib.concatMap (app: app.cron) appsList; - allVMConfigs = builtins.filter (app: app.vm != null) appsList; + allPathConfigs = serverPathConfigs ++ lib.concatMap (app: app.runtime.paths) appsList; + allSetupConfigs = lib.concatMap (app: + if app.runtime.setup ? script + then [ ({ name = app.name; envFile = ""; } // app.runtime.setup) ] + else [ ] + ) appsList; + allCronsConfigs = lib.concatMap (app: app.runtime.cron) appsList; + allVMConfigs = builtins.filter (app: app.runtime.vm != null) appsList; in{ virtualisation.oci-containers = { backend = "podman"; @@ -73,7 +77,7 @@ in{ RestartSec = "10s"; ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /media/data/kvm"; ExecStart = '' - ${builder.mkVm { name = e.name; vm = e.vm; }}/bin/run-${e.name}-vm -nographic + ${builder.mkVm { name = e.name; vm = e.runtime.vm; }}/bin/run-${e.name}-vm -nographic ''; }; }; diff --git a/modules/server/database/default.nix b/modules/server/database/default.nix index 8d0920a..39bd61d 100644 --- a/modules/server/database/default.nix +++ b/modules/server/database/default.nix @@ -3,7 +3,7 @@ let listNames = config.syscfg.server.db; - containerNames = builtins.attrNames (lib.filterAttrs (appName: app: app.db) config.syscfg.server.loadedContainers); + containerNames = lib.concatMap (app: app.requires.databases) (builtins.attrValues config.syscfg.server.loadedContainers); allApps = lib.unique (listNames ++ containerNames); in { config = lib.mkIf ( builtins.length allApps > 0) { @@ -93,4 +93,4 @@ in { ''; }; }; -} \ No newline at end of file +} diff --git a/modules/server/sops/default.nix b/modules/server/sops/default.nix index afb9587..7e5d3a7 100644 --- a/modules/server/sops/default.nix +++ b/modules/server/sops/default.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let listNames = config.syscfg.server.db; - containerNames = builtins.attrNames (lib.filterAttrs (appName: app: app.sops) config.syscfg.server.loadedContainers); + containerNames = lib.concatMap (app: app.requires.secrets) (builtins.attrValues config.syscfg.server.loadedContainers); allApps = lib.unique (listNames ++ containerNames); in{ sops.secrets = { diff --git a/modules/shared/syscfg/server.nix b/modules/shared/syscfg/server.nix index d898b13..779dc57 100644 --- a/modules/shared/syscfg/server.nix +++ b/modules/shared/syscfg/server.nix @@ -40,18 +40,44 @@ in with lib; { type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { options = { name = lib.mkOption {type = lib.types.str; default = name;}; - sops = lib.mkOption {type = lib.types.bool; default = false;}; - db = lib.mkOption {type = lib.types.bool; default = false;}; + requires = { + secrets = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + }; + databases = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + }; + }; - paths = lib.mkOption {type = lib.types.listOf lib.types.attrs; default = [ ];}; - containers = lib.mkOption {type = lib.types.attrsOf lib.types.attrs; default = { };}; - vm = lib.mkOption {type = lib.types.nullOr lib.types.attrs; default = null;}; - cron = lib.mkOption {type = lib.types.listOf lib.types.str; default = [ ];}; + exports = { + authentik = { + blueprints = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + }; + }; + }; - setup = { - trigger = lib.mkOption {type = lib.types.str; default = "";}; - script = lib.mkOption {type = lib.types.nullOr lib.types.package; default = null;}; - envFile = lib.mkOption {type = with lib.types; coercedTo str (x: [x]) (listOf str); default = [];}; + runtime = { + paths = lib.mkOption {type = lib.types.listOf lib.types.attrs; default = [ ];}; + containers = lib.mkOption {type = lib.types.attrsOf lib.types.attrs; default = { };}; + vm = lib.mkOption {type = lib.types.nullOr lib.types.attrs; default = null;}; + cron = lib.mkOption {type = lib.types.listOf lib.types.str; default = [ ];}; + setup = lib.mkOption { + type = lib.types.submodule { + options = { + trigger = lib.mkOption {type = lib.types.str; default = "";}; + script = lib.mkOption {type = lib.types.nullOr lib.types.package; default = null;}; + envFile = lib.mkOption { + type = with lib.types; coercedTo str (x: [x]) (listOf str); + default = [ ]; + }; + }; + }; + default = { }; + }; }; }; })); @@ -106,4 +132,4 @@ in with lib; { default = [ ]; }; -} \ No newline at end of file +} diff --git a/systems/sandbox/cfg.nix b/systems/sandbox/cfg.nix index faa648f..f1282d3 100644 --- a/systems/sandbox/cfg.nix +++ b/systems/sandbox/cfg.nix @@ -27,8 +27,6 @@ # user = ... # ... # }; - mailDomain = "test@helcel"; - mailServer = "infomaniak.ch"; containers = { # ===== BASE =====