s0me1newithhand7s/kube-parts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

initial commit

Browse source 
Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
This commit is contained in:
s0me1newithhand7s 2026-03-29 04:20:33 +03:00
commit 0078a09395
10 changed files with 1859 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
.envrc Normal file
View file

@ -0,0 +1,17 @@
#!/usr/bin/env bash
if ! has nix_direnv_version || ! nix_direnv_version 3.1.0; then
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.1.0/direnvrc" "sha256-yMJ2OVMzrFaDPn7q8nCBZFRYpL/f0RcHzhmw/i6btJM="
fi
export DEVENV_IN_DIRENV_SHELL=true
watch_file flake.nix
watch_file flake.lock
mkdir -p "$PWD/.devenv"
DEVENV_ROOT_FILE="$PWD/.devenv/root"
printf %s "$PWD" >"$DEVENV_ROOT_FILE"
if ! use flake . --override-input devenv-root "file+file://$DEVENV_ROOT_FILE"; then
echo "devenv could not be built. The devenv environment was not loaded. Make the necessary changes to devenv.nix and hit enter to try again." >&2
fi

3
.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
# stuff from devenv and direnv-nix
.direnv/
.devenv/

1363
flake.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

228
flake.nix Normal file
View file

@ -0,0 +1,228 @@
{
inputs = {
"cachix" = {
flake = true;
type = "github";
owner = "cachix";
repo = "cachix";
};
"devenv" = {
flake = true;
type = "github";
owner = "cachix";
repo = "devenv";
};
"flake-parts" = {
flake = true;
type = "github";
owner = "hercules-ci";
repo = "flake-parts";
};
"github-actions-nix" = {
flake = true;
type = "github";
owner = "synapdeck";
repo = "github-actions-nix";
};
"git-hooks-nix" = {
flake = true;
type = "github";
owner = "cachix";
repo = "git-hooks.nix";
};
"nixpkgs" = {
flake = true;
type = "github";
owner = "nixos";
repo = "nixpkgs";
ref = "nixos-unstable";
};
"treefmt-nix" = {
flake = true;
type = "github";
owner = "numtide";
repo = "treefmt-nix";
};
};
outputs = inputs @ {
self,
flake-parts,
...
}:
flake-parts.lib.mkFlake {
inherit
inputs
self
;
} {
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
imports = [
inputs.treefmt-nix.flakeModule
inputs.git-hooks-nix.flakeModule
inputs.devenv.flakeModule
inputs.github-actions-nix.flakeModule
./lib/flakeModules.nix
];
flake = {
flakeModules = {
default = ./lib/flakeModules.nix;
};
};
perSystem = {
config,
pkgs,
...
}: {
devenv = {
shells = {
"default" = {
enterShell = config.pre-commit.shellHook;
devenv = {
root = toString /home/hand7s/Projects/flake;
};
packages =
[
config.treefmt.build.wrapper
]
++ config.pre-commit.settings.enabledPackages
++ config.kubeClusters."test".toolchainPkgs;
};
};
};
pre-commit = {
check = {
enable = true;
};
settings = {
enable = true;
package = pkgs.prek;
gitPackage = pkgs.git;
hooks = {
"alejandra" = {
enable = true;
settings = {
verbosity = "quiet";
check = true;
};
};
"deadnix" = {
enable = true;
settings = {
edit = false;
};
};
"statix" = {
enable = true;
};
};
};
};
kubeClusters = {
"test" = {
objects = [
{
type = "talosObject";
content = {
"controlplane.yaml" = {
version = "v1alpha1";
debug = false;
persist = true;
machine = {
type = "controlplane";
token = "abc123def456";
ca = {
crt = "qUoOLPqZw4XVehCSe11VQV62SIbTSVmP8dy+hpVQkBQ=";
key = "PF8jB7W4JQr7AIItDdILgKE19LseiCUkF7zyDBE9rl8=";
};
};
};
};
}
{
type = "helmObject";
content = {
name = "kube-prometheus-stack";
namespace = "monitoring";
chart = "prometheus-community/kube-prometheus-stack";
version = "45.0.0";
values = {
grafana = {
enabled = true;
adminPassword = "prom-operator";
};
prometheus = {
prometheusSpec = {
scrapeInterval = "15s";
};
};
};
};
}
{
type = "helmfileObject";
content = {
repositories = [
{
name = "bitnami"; # lord forgive me
url = "https://charts.bitnami.com";
}
];
releases = [
{
name = "redis";
chart = "bitnami/redis";
values = [{sentinel = {enabled = true;};}];
}
];
};
}
{
type = "kubeObject";
content = {
"pod.yaml" = {
apiVersion = "v1";
kind = "Pod";
metadata.name = "nginx";
spec.containers = [
{
name = "nginx";
image = "nginx:1.14.2";
}
];
};
};
}
];
};
};
};
};
}

181
lib/flakeModules.nix Normal file
View file

@ -0,0 +1,181 @@
{
lib,
flake-parts-lib,
...
}: {
options = {
perSystem = flake-parts-lib.mkPerSystemOption (
{
config,
pkgs,
...
}: {
options = {
kubeClusters = lib.mkOption {
default = {};
description = "Attribute set of Kubernetes/Talos clusters.";
type = lib.types.attrsOf (
lib.types.submodule (
{config, ...}: {
config = {
toolchainPkgs = lib.pipe config.toolchain [
builtins.attrValues
(builtins.filter (p: p != null))
];
};
options = {
toolchainPkgs = lib.mkOption {
type = lib.types.listOf lib.types.package;
description = "Calculated toolchain packages for this cluster";
readOnly = true;
};
objects = lib.mkOption {
default = [];
description = "List of cluster objects.";
type = lib.types.listOf (
lib.types.submodule {
options = {
type = lib.mkOption {
description = "Object type.";
type = lib.types.enum [
"kubeObject"
"talosObject"
"helmObject"
"helmfileObject"
];
};
content = lib.mkOption {
description = "Raw content, validated by kubeconform/talosctl.";
type = lib.types.anything;
};
};
}
);
};
toolchain = lib.mkOption {
default = {};
type = lib.types.submodule {
options = {
kubePkg = lib.mkOption {
description = "Place for kubectl.";
type = lib.types.package;
default = pkgs.kubectl;
};
helmPkg = lib.mkOption {
description = "Place for helm.";
type = lib.types.package;
default = pkgs.kubernetes-helm;
};
talosPkg = lib.mkOption {
description = "Place for talosctl.";
type = lib.types.package;
default = pkgs.talosctl;
};
helmfilePkg = lib.mkOption {
description = "Place for helmfile";
type = lib.types.package;
default = pkgs.helmfile;
};
};
};
};
};
}
)
);
};
};
config = {
apps =
lib.mapAttrs (
name: cluster: {
type = "app";
program = toString (
pkgs.writeShellScript "apply-${name}" ''
# safe measures lol
# logic could be better
set -e
nix build .#${name}
cd result
# pre-apply
# aka dry-run
printf "validating "
[ -d kube/ ] && \
${lib.getExe cluster.toolchain.kubePkg} apply \
--dry-run=client --validate=true \
-f kube/
[ -d talos/ ] && \
${lib.getExe cluster.toolchain.talosPkg} config validate \
--file talos/
[ -d helmfile/ ] && \
${lib.getExe cluster.toolchain.helmfilePkg} lint
# apply
# !!!!
printf "applying 🤓"
[ -d kube/ ] && \
${lib.getExe cluster.toolchain.kubePkg} apply -f kube/
[ -d helm/ ] && \
${lib.getExe cluster.toolchain.helmPkg} upgrade --install \
--atomic --cleanup-on-fail --timeout 5m \
"${name}" ./helm/
[ -d talos/ ] && \
${lib.getExe cluster.toolchain.talosPkg} apply-config -f talos/
[ -d helmfile/ ] && \
${lib.getExe cluster.toolchain.helmfilePkg} apply
''
);
}
)
config.kubeClusters;
packages =
lib.mapAttrs (
name: cluster:
pkgs.symlinkJoin {
name = "kube-cluster-${name}";
paths =
lib.concatMap (
obj:
lib.toList (
(
import ./generators {
inherit
lib
;
}
pkgs
).${
obj.type
}
obj.content
)
)
cluster.objects;
}
)
config.kubeClusters;
};
}
);
};
}

33
lib/generators/default.nix Normal file
View file

@ -0,0 +1,33 @@
{lib, ...}: pkgs: {
kubeObject =
import ./kube.nix {
inherit
lib
;
}
pkgs;
talosObject =
import ./talos.nix {
inherit
lib
;
}
pkgs;
helmObject =
import ./helm.nix {
inherit
lib
;
}
pkgs;
helmfileObject =
import ./helmfile.nix {
inherit
lib
;
}
pkgs;
}

10
lib/generators/helm.nix Normal file
View file

@ -0,0 +1,10 @@
_: pkgs: content:
pkgs.runCommand "helm-${content.name}" {} ''
mkdir -p $out/helm/${content.name}/templates
cp ${(pkgs.formats.yaml {}).generate "Chart.yaml" {
apiVersion = "v2";
name = content.name;
version = content.version or "0.1.0";
}} $out/helm/${content.name}/Chart.yaml
cp ${(pkgs.formats.yaml {}).generate "values.yaml" (content.values or {})} $out/helm/${content.name}/values.yaml
''

8
lib/generators/helmfile.nix Normal file
View file

@ -0,0 +1,8 @@
_: pkgs: content:
pkgs.runCommand "helmfile" {} ''
mkdir -p $out/helmfile
cp ${(pkgs.formats.yaml {}).generate "helmfile.yaml" {
repositories = content.repositories or [];
releases = map (r: r // {chart = "${r.chart}";}) content.releases;
}} $out/helmfile/helmfile.yaml
''

8
lib/generators/kube.nix Normal file
View file

@ -0,0 +1,8 @@
{lib, ...}: pkgs: content:
pkgs.runCommand "kube-manifests" {} ''
mkdir -p $out/kube
${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: attrs: ''
cp ${(pkgs.formats.yaml {}).generate name attrs} $out/kube/${name}
'')
content)}
''

8
lib/generators/talos.nix Normal file
View file

@ -0,0 +1,8 @@
{lib, ...}: pkgs: content:
pkgs.runCommand "talos-manifests" {} ''
mkdir -p $out/talos
${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: attrs: ''
cp ${(pkgs.formats.yaml {}).generate name attrs} $out/talos/${name}
'')
content)}
''