depot/cluster/lib/services.nix

{ config, lib, ... }:
with lib;

let
  getHostConfigurations = hostName: svcName: svcConfig: let
    serviceConfigs =
      lib.mapAttrsToList (groupName: _: svcConfig.nixos.${groupName})
      (lib.filterAttrs (_: lib.elem hostName) svcConfig.nodes);

    secretsConfig = let
      secrets = lib.filterAttrs (_: secret: lib.any (node: node == hostName) secret.nodes) svcConfig.secrets;
    in {
      age.secrets = lib.mapAttrs' (secretName: secretConfig: {
        name = "cluster-${svcName}-${secretName}";
        value = {
          inherit (secretConfig) path mode owner group;
          file = ../secrets/${svcName}-${secretName}${lib.optionalString (!secretConfig.shared) "-${hostName}"}.age;
        };
      }) secrets;

      systemd.services = lib.mkMerge (lib.mapAttrsToList (secretName: secretConfig: lib.genAttrs secretConfig.services (systemdServiceName: {
        restartTriggers = [ "${../secrets/${svcName}-${secretName}${lib.optionalString (!secretConfig.shared) "-${hostName}"}.age}" ];
      })) secrets);
    };
  in serviceConfigs ++ [
    secretsConfig
  ];

  introspectionModule._module.args.cluster = {
    inherit (config) vars;
    inherit config;
  };
in

{
  options.services = mkOption {
    description = "Cluster services.";
    type = with types; attrsOf (submodule ./service-module.nix);
    default = {};
  };

  config.out.injectNixosConfig = hostName: (lib.flatten (lib.mapAttrsToList (getHostConfigurations hostName) config.services)) ++ [
    introspectionModule
  ];
}
cluster: init 2022-06-23 21:13:28 +03:00			`{ config, lib, ... }:`
			`with lib;`

			`let`
cluster/lib: inject secrets into agenix modules 2024-07-07 01:44:14 +03:00			`getHostConfigurations = hostName: svcName: svcConfig: let`
			`serviceConfigs =`
			`lib.mapAttrsToList (groupName: _: svcConfig.nixos.${groupName})`
			`(lib.filterAttrs (_: lib.elem hostName) svcConfig.nodes);`
cluster: init 2022-06-23 21:13:28 +03:00
cluster/lib: set restartTriggers for changing secrets 2024-07-08 20:45:13 +03:00			`secretsConfig = let`
			`secrets = lib.filterAttrs (_: secret: lib.any (node: node == hostName) secret.nodes) svcConfig.secrets;`
			`in {`
			`age.secrets = lib.mapAttrs' (secretName: secretConfig: {`
			`name = "cluster-${svcName}-${secretName}";`
			`value = {`
			`inherit (secretConfig) path mode owner group;`
			`file = ../secrets/${svcName}-${secretName}${lib.optionalString (!secretConfig.shared) "-${hostName}"}.age;`
			`};`
			`}) secrets;`

			`systemd.services = lib.mkMerge (lib.mapAttrsToList (secretName: secretConfig: lib.genAttrs secretConfig.services (systemdServiceName: {`
			`restartTriggers = [ "${../secrets/${svcName}-${secretName}${lib.optionalString (!secretConfig.shared) "-${hostName}"}.age}" ];`
			`})) secrets);`
			`};`
cluster/lib: inject secrets into agenix modules 2024-07-07 01:44:14 +03:00			`in serviceConfigs ++ [`
			`secretsConfig`
			`];`
treewide: massive refactor 2023-08-31 01:55:45 +03:00
			`introspectionModule._module.args.cluster = {`
			`inherit (config) vars;`
			`inherit config;`
			`};`
cluster: init 2022-06-23 21:13:28 +03:00			`in`

			`{`
			`options.services = mkOption {`
			`description = "Cluster services.";`
treewide: massive refactor 2023-08-31 01:55:45 +03:00			`type = with types; attrsOf (submodule ./service-module.nix);`
cluster: init 2022-06-23 21:13:28 +03:00			`default = {};`
			`};`
treewide: massive refactor 2023-08-31 01:55:45 +03:00
cluster/lib: inject secrets into agenix modules 2024-07-07 01:44:14 +03:00			`config.out.injectNixosConfig = hostName: (lib.flatten (lib.mapAttrsToList (getHostConfigurations hostName) config.services)) ++ [`
treewide: massive refactor 2023-08-31 01:55:45 +03:00			`introspectionModule`
			`];`
cluster: init 2022-06-23 21:13:28 +03:00			`}`