diff --git a/default.nix b/default.nix index 9b5f2db2..a0bc468a 100644 --- a/default.nix +++ b/default.nix @@ -1,8 +1,16 @@ +<<<<<<< Updated upstream { pkgs ? import {} , vendorHash ? "sha256-wd25uVUm3ISDjafy+4vImmLyObagEEeE+Ci8PbvaYD8=" +======= +{ + home-manager ? import {}, + pkgs ? import {}, + vendorHash ? "sha256-CvIJqgqRk0fpU5lp3NO7bQC9vSU5a8SGnT3XsNLPpok=" +>>>>>>> Stashed changes }: let sops-install-secrets = pkgs.callPackage ./pkgs/sops-install-secrets { inherit vendorHash; + inherit home-manager; }; in rec { inherit sops-install-secrets; @@ -22,7 +30,7 @@ in rec { sops-pgp-hook-test = pkgs.callPackage ./pkgs/sops-pgp-hook-test.nix { inherit vendorHash; }; - unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix {}; + unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix { inherit home-manager; }; } // (pkgs.lib.optionalAttrs pkgs.stdenv.isLinux { lint = pkgs.callPackage ./pkgs/lint.nix { inherit sops-install-secrets; diff --git a/flake.lock b/flake.lock index 9d6b8e4a..b27b9cc7 100644 --- a/flake.lock +++ b/flake.lock @@ -1,28 +1,78 @@ { "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1720734513, + "narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "90ae324e2c56af10f20549ab72014804a3064c7f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "nixpkgs": { "locked": { +<<<<<<< Updated upstream "lastModified": 1729265718, "narHash": "sha256-4HQI+6LsO3kpWTYuVGIzhJs1cetFcwT7quWCk/6rqeo=", "owner": "NixOS", "repo": "nixpkgs", "rev": "ccc0c2126893dd20963580b6478d1a10a4512185", +======= +<<<<<<< Updated upstream + "lastModified": 1721466660, + "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", +======= + "lastModified": 1719848872, + "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8", +>>>>>>> Stashed changes +>>>>>>> Stashed changes "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable": { "locked": { +<<<<<<< Updated upstream "lastModified": 1729357638, "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", "owner": "NixOS", "repo": "nixpkgs", "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22", +======= +<<<<<<< Updated upstream + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", +======= + "lastModified": 1720787440, + "narHash": "sha256-q0pxZrqXm+XK+hesIoa4/wBngevgZ1IQgNq2x+d2z+g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d216ba96e125d6d3b8df07b5e193a3c6f846f092", +>>>>>>> Stashed changes +>>>>>>> Stashed changes "type": "github" }, "original": { @@ -32,9 +82,26 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1720687749, + "narHash": "sha256-nqJ+iK/zyqCJ/YShqCpZ2cJKE1UtjZIEUWLUFZqvxcA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6af55cb91ca2005516b9562f707bb99c8f79bf77", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { - "nixpkgs": "nixpkgs", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs_2", "nixpkgs-stable": "nixpkgs-stable" } } diff --git a/flake.nix b/flake.nix index 287ac863..7f792956 100644 --- a/flake.nix +++ b/flake.nix @@ -1,57 +1,72 @@ { description = "Integrates sops into nixos"; - inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05"; - nixConfig.extra-substituters = ["https://cache.thalheim.io"]; - nixConfig.extra-trusted-public-keys = ["cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc="]; + + inputs = { + home-manager.url = "github:nix-community/home-manager"; + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05"; + }; + + nixConfig = { + extra-substituters = ["https://cache.thalheim.io"]; + extra-trusted-public-keys = ["cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc="]; + }; + outputs = { self, + home-manager, nixpkgs, - nixpkgs-stable + nixpkgs-stable, + ... }: let + inherit (nixpkgs.lib) genAttrs mapAttrs' nameValuePair; + + mkFlakePkgs = pkgs: import ./default.nix { inherit home-manager pkgs; }; + + forAllSystems = f: genAttrs systems (system: f system); systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" "aarch64-linux" ]; - forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system); - suffix-version = version: attrs: nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs; + suffix-stable = suffix-version "-24_05"; + suffix-version = version: attrs: mapAttrs' (name: value: nameValuePair (name + version) value) attrs; in { - overlays.default = final: prev: let - localPkgs = import ./default.nix {pkgs = final;}; - in { - inherit (localPkgs) sops-install-secrets sops-init-gpg-key sops-pgp-hook sops-import-keys-hook sops-ssh-to-age; - # backward compatibility - inherit (prev) ssh-to-pgp; - }; - nixosModules = { - sops = import ./modules/sops; - default = self.nixosModules.sops; - }; - homeManagerModules.sops = import ./modules/home-manager/sops.nix; - homeManagerModule = self.homeManagerModules.sops; - packages = forAllSystems (system: - import ./default.nix { - pkgs = import nixpkgs {inherit system;}; - }); - checks = nixpkgs.lib.genAttrs ["x86_64-linux" "aarch64-linux"] + checks = genAttrs ["x86_64-linux" "aarch64-linux"] (system: let tests = self.packages.${system}.sops-install-secrets.tests; - packages-stable = import ./default.nix { - pkgs = import nixpkgs-stable {inherit system;}; - }; + packages-stable = mkFlakePkgs (import nixpkgs-stable {inherit system;}); tests-stable = packages-stable.sops-install-secrets.tests; in tests // - (suffix-stable tests-stable) // - (suffix-stable packages-stable)); + (suffix-stable tests-stable) // + (suffix-stable packages-stable)); devShells = forAllSystems (system: let pkgs = nixpkgs.legacyPackages.${system}; in { - unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix {}; + unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix { inherit home-manager; }; default = pkgs.callPackage ./shell.nix {}; + hm-tests = self.packages.${system}.sops-install-secrets.hm-tests; }); + + homeManagerModule = self.homeManagerModules.sops; + homeManagerModules.sops = import ./modules/home-manager/sops.nix; + + nixosModules = { + sops = import ./modules/sops; + default = self.nixosModules.sops; + }; + + overlays.default = final: prev: let + localPkgs = mkFlakePkgs final; + in { + inherit (localPkgs) sops-install-secrets sops-init-gpg-key sops-pgp-hook sops-import-keys-hook sops-ssh-to-age; + # backward compatibility + inherit (prev) ssh-to-pgp; + }; + + packages = forAllSystems (system: mkFlakePkgs (import nixpkgs {inherit system;})); }; } diff --git a/pkgs/sops-install-secrets/default.nix b/pkgs/sops-install-secrets/default.nix index fbe1fbd1..f3fb8725 100644 --- a/pkgs/sops-install-secrets/default.nix +++ b/pkgs/sops-install-secrets/default.nix @@ -1,4 +1,8 @@ +<<<<<<< Updated upstream { lib, buildGoModule, stdenv, vendorHash, go, callPackages }: +======= +{ lib, buildGoModule, path, pkgs, vendorHash, go, home-manager }: +>>>>>>> Stashed changes buildGoModule { pname = "sops-install-secrets"; version = "0.0.1"; @@ -10,7 +14,17 @@ buildGoModule { # requires root privileges for tests doCheck = false; +<<<<<<< Updated upstream passthru.tests = callPackages ./nixos-test.nix { }; +======= + passthru = { + hm-tests = (import ./hm-test.nix { inherit pkgs; inherit home-manager; }).run.all; + tests = import ./nixos-test.nix { + makeTest = import (path + "/nixos/tests/make-test-python.nix"); + inherit pkgs; + }; + }; +>>>>>>> Stashed changes outputs = [ "out" ] ++ lib.lists.optionals (stdenv.isLinux) [ "unittest" ]; diff --git a/pkgs/sops-install-secrets/hm-test.nix b/pkgs/sops-install-secrets/hm-test.nix new file mode 100644 index 00000000..e355db45 --- /dev/null +++ b/pkgs/sops-install-secrets/hm-test.nix @@ -0,0 +1,42 @@ +{ pkgs, home-manager }: + +let + + lib = import "${home-manager}/modules/lib/stdlib-extended.nix" pkgs.lib; + + nmtSrc = fetchTarball { + url = "https://git.sr.ht/~rycee/nmt/archive/v0.5.1.tar.gz"; + sha256 = "0qhn7nnwdwzh910ss78ga2d00v42b0lspfd7ybl61mpfgz3lmdcj"; + }; + + modules = import "${home-manager}/modules/modules.nix" { + inherit lib pkgs; + check = false; + } ++ [{ + # Bypass reference inside modules/modules.nix to make the test + # suite more pure. + _module.args.pkgsPath = pkgs.path; + + # Fix impurities. Without these some of the user's environment + # will leak into the tests through `builtins.getEnv`. + xdg.enable = true; + home = { + username = "hm-user"; + homeDirectory = "/home/hm-user"; + stateVersion = lib.mkDefault "18.09"; + }; + + # Avoid including documentation since this will cause + # unnecessary rebuilds of the tests. + manual.manpages.enable = lib.mkDefault false; + + # imports = [ ./asserts.nix ./big-test.nix ./stubs.nix ]; + }]; + +in import nmtSrc { + inherit lib pkgs modules; + testedAttrPath = [ "home" "activationPackage" ]; + tests = { + default = (import ./hm-tests/basic.nix); + }; +} diff --git a/pkgs/sops-install-secrets/hm-tests/basic.nix b/pkgs/sops-install-secrets/hm-tests/basic.nix new file mode 100644 index 00000000..6cd8da36 --- /dev/null +++ b/pkgs/sops-install-secrets/hm-tests/basic.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + nix.gc = { + automatic = true; + frequency = "monthly"; + options = "--delete-older-than 30d"; + }; + + test.stubs.nix = { name = "nix"; }; + + nmt.script = '' + ''; +} diff --git a/pkgs/unit-tests.nix b/pkgs/unit-tests.nix index dce7294b..446b50f0 100644 --- a/pkgs/unit-tests.nix +++ b/pkgs/unit-tests.nix @@ -1,7 +1,8 @@ { pkgs ? import {} +, home-manager ? import {} }: let - sopsPkgs = import ../. { inherit pkgs; }; + sopsPkgs = import ../. { inherit home-manager pkgs; }; in pkgs.stdenv.mkDerivation { name = "env"; nativeBuildInputs = with pkgs; [