forked from numtide/devshell
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathoptions.nix
More file actions
120 lines (115 loc) · 3.65 KB
/
options.nix
File metadata and controls
120 lines (115 loc) · 3.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
{ lib, pkgs, config, ... }:
with lib;
let
inherit (config)
name
;
inherit (config.extensions)
static-dns
dev-ca-path
;
installProjectCA = {
name = "ca-install";
help = "install dev CA";
category = "host state";
package = pkgs.mkcert;
command = ''
echo "$(tput bold)Installing ${name}'s dev CA into local trust stores via mkcert command ...$(tput sgr0)"
export CAROOT=$DEVSHELL_ROOT${dev-ca-path}
${pkgs.mkcert}/bin/mkcert -install
'';
};
uninstallProjectCA = {
name = "ca-uninstall";
help = "uninstall dev CA";
category = "host state";
package = pkgs.mkcert;
command = ''
echo "$(tput bold)Purging ${name}'s dev CA from local trust stores via mkcert command ...$(tput sgr0)"
export CAROOT=$DEVSHELL_ROOT${dev-ca-path}
${pkgs.mkcert}/bin/mkcert -uninstall
'';
};
etcHosts =
pkgs.writeText "${name}-etchosts"
(
lib.concatStringsSep "\n"
(lib.mapAttrsToList (name: value: value + " " + name) static-dns)
);
# since this temporarily modifies /etc/hosts, use of sudo can't be avoided
fqdnsActivate = {
name = "dns-activate";
category = "host state";
help = "activate pre-configured static dns";
package = pkgs.hostctl;
command = ''
echo "$(tput bold)Installing ${name}'s static local DNS resolution via hostctl command ...$(tput sgr0)"
sudo ${pkgs.hostctl}/bin/hostctl add ${name} --from ${etcHosts}
'';
};
fqdnsDeactivate = {
name = "dns-deactivate";
category = "host state";
help = "deactivate pre-configured static dns";
package = pkgs.hostctl;
command = ''
echo "$(tput bold)Purging ${name}'s static local DNS resolution via hostctl command ...$(tput sgr0)"
sudo ${pkgs.hostctl}/bin/hostctl remove ${name}
'';
};
extensionOptions = {
dev-ca-path = mkOption {
type = types.str;
default = "";
description = ''
Path to a development CA.
Users can load/unload this dev CA easily and cleanly into their local
trust stores via a wrapper around mkcert third party tool so that browsers
and other tools would accept issued certificates under this CA as valid.
Use cases:
- Ship static dev certificates under version control and make them trusted
on user machines: add the rootCA under version control alongside your
dev certificates.
- Provide users with easy and reliable CA bootstrapping through the mkcert
command: exempt this path from version control via .gitignore and have
users easily and reliably bootstrap a dev CA infrastructure on first use.
'';
};
static-dns = mkOption {
type = types.attrs;
default = { };
description = ''
A list of static DNS entries, for which to enable instrumentation.
Users can enable/disable listed static DNS easily and cleanly
via a wrapper around the hostctl third party tool.
'';
example = {
"test.domain.local" = "172.0.0.1";
"shared.domain.link-local" = "169.254.0.5";
};
};
};
in
{
options = {
extensions = mkOption {
type = types.submodule { options = extensionOptions; };
default = [ ];
description = ''
Custom extensions to devshell.
'';
};
};
config = {
commands =
(
if static-dns == null || static-dns == "" then [ ]
else [ fqdnsActivate fqdnsDeactivate ]
) ++
(
if dev-ca-path == null || dev-ca-path == "" then [ ]
else [ installProjectCA uninstallProjectCA ]
);
};
bash.extra = "export CAROOT=$DEVSHELL_ROOT/${dev-ca-path}";
}