diff options
Diffstat (limited to 'flake')
| -rw-r--r-- | flake/devshells.nix | 2 | ||||
| -rw-r--r-- | flake/scripts/common.nix | 29 | ||||
| -rw-r--r-- | flake/scripts/darwin.nix | 29 | ||||
| -rw-r--r-- | flake/scripts/default.nix | 15 |
4 files changed, 74 insertions, 1 deletions
diff --git a/flake/devshells.nix b/flake/devshells.nix index a97dc2b..19f9497 100644 --- a/flake/devshells.nix +++ b/flake/devshells.nix @@ -36,7 +36,7 @@ }; pre-commit-check = mkPreCommitHooks ./.; - scripts = import "${self}/scripts" { + scripts = import "${self}/flake/scripts" { inherit pkgs system diff --git a/flake/scripts/common.nix b/flake/scripts/common.nix new file mode 100644 index 0000000..b8ab82e --- /dev/null +++ b/flake/scripts/common.nix @@ -0,0 +1,29 @@ +{ pkgs }: +[ + (pkgs.writeScriptBin "update-deps" "nix flake update --commit-lock-file") + + (pkgs.writeShellScriptBin "gcloud-auth" '' + set -xeuo pipefail + ${pkgs.google-cloud-sdk}/bin/gcloud auth print-identity-token > /dev/null 2>&1 || \ + ${pkgs.google-cloud-sdk}/bin/gcloud auth login --quiet + ${pkgs.google-cloud-sdk}/bin/gcloud auth application-default print-access-token > /dev/null 2>&1 || \ + ${pkgs.google-cloud-sdk}/bin/gcloud auth application-default login --quiet + '') + + (pkgs.writeShellScriptBin "tf-state-setup" '' + set -xeuo pipefail + ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets describe \ + gs://fcuny-infra-tofu-state \ + --project=fcuny-infra \ + --quiet || \ + + ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets create \ + gs://fcuny-infra-tofu-state \ + --project=fcuny-infra \ + --uniform-bucket-level-access \ + --public-access-prevention \ + --location=us-west1 \ + --default-storage-class=STANDARD \ + --quiet + '') +] diff --git a/flake/scripts/darwin.nix b/flake/scripts/darwin.nix new file mode 100644 index 0000000..abf6eac --- /dev/null +++ b/flake/scripts/darwin.nix @@ -0,0 +1,29 @@ +{ + pkgs, + system, + inputs, +}: +[ + (pkgs.writeScriptBin "nbuild" '' + set -e + echo "> Running darwin-rebuild build..." + ${inputs.darwin.packages.${system}.darwin-rebuild}/bin/darwin-rebuild build --flake . + echo "> darwin-rebuild build was successful ✅" + '') + + (pkgs.writeScriptBin "nswitch" '' + set -e + echo "> Running darwin-rebuild switch..." + ${inputs.darwin.packages.${system}.darwin-rebuild}/bin/darwin-rebuild switch --flake . + echo "> macOS config was successfully applied 🚀" + '') + + (pkgs.writeScriptBin "sync-agenix-key" '' + set -e + echo "> Copying agenix SSH key from 1password ..." + mkdir -p ~/.ssh + ${pkgs._1password-cli}/bin/op --account my.1password.com read "op://Private/agenix/private key?ssh-format=openssh" > ~/.ssh/agenix + ${pkgs._1password-cli}/bin/op --account my.1password.com read "op://Private/agenix/public key" > ~/.ssh/agenix.pub + echo "> agenix SSH key copied successfully 🔐" + '') +] diff --git a/flake/scripts/default.nix b/flake/scripts/default.nix new file mode 100644 index 0000000..db6febe --- /dev/null +++ b/flake/scripts/default.nix @@ -0,0 +1,15 @@ +{ + pkgs, + system, + inputs, +}: +let + common = import ./common.nix { inherit pkgs; }; + darwin = import ./darwin.nix { inherit pkgs system inputs; }; +in +{ + common = common; + darwin = if pkgs.lib.hasSuffix "darwin" system then darwin else [ ]; + + all = common ++ (if pkgs.lib.hasSuffix "darwin" system then darwin else [ ]); +} |