initial migration

2026-03-24 14:09:46 +00:00 · 2026-03-24 14:09:46 +00:00 · 59a1fbaf0f
commit 59a1fbaf0f
parent 01fb98ba10
54 changed files with 522 additions and 613 deletions
--- a/.just/machine.just
+++ b/.just/machine.just
@ -1,20 +0,0 @@
-@_default: list
-
-[doc('List machines')]
-@list:
-    ls -1 ../systems/x86_64-linux/
-
-[doc('Update target machine')]
-[no-exit-message]
-@update machine:
-    echo "Checking vars"
-    cd .. && just vars _check {{ machine }}
-    echo ""
-    just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')"
-    nixos-rebuild switch -L --sudo --target-host {{ machine }} --flake ..#{{ machine }} --log-format internal-json -v |& nom --json
-
-[doc('Check if target machine builds')]
-[no-exit-message]
-@check machine:
-    just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')"
-    nix build ..#nixosConfigurations.{{ machine }}.config.system.build.toplevel
--- a/.just/users.just
+++ b/.just/users.just
@ -1,101 +0,0 @@
-set unstable := true
-set quiet := true
-
-_default:
-    just --list users
-
-[doc('List available users')]
-[script]
-list:
-    cd .. && just vars get ulmo zitadel/users | jq -r -C '
-        import ".jq/table" as table;
-        import ".jq/format" as f;
-
-        fromjson
-        | to_entries
-        | sort_by(.key)
-        | map(
-            (.key|f::to_title) + ":\n"
-            + table::create(
-                .value
-                | to_entries
-                | sort_by(.key)
-                | map({username:.key} + .value)
-            )
-        )
-        | join("\n\n┄┄┄\n\n")
-    ';
-
-[doc('Add a new user')]
-[script]
-add:
-    exec 5>&1
-
-    pad () { [ "$#" -gt 1 ] && [ -n "$2" ] && printf "%$2.${2#-}s" "$1"; }
-
-    input() {
-        local label=$1
-        local value=$2
-
-        local res=$(gum input --header "$label" --value "$value")
-        echo -e "\e[2m$(pad "$label" -11)\e[0m$res" >&5
-        echo $res
-    }
-
-    data=`cd .. && just vars get ulmo zitadel/users | jq 'fromjson'`
-
-    # Gather inputs
-    org=`
-        jq -r 'to_entries | map(.key)[]' <<< "$data" \
-        | gum choose --header 'Which organisation to save to?' --select-if-one
-    `
-    username=`input 'user name' ''`
-    email=`input 'email' ''`
-    first_name=`input 'first name' ''`
-    last_name=`input 'last name' ''`
-
-    user_exists=`jq --arg 'org' "$org" --arg 'username' "$username" '.[$org][$username]? | . != null' <<< "$data"`
-
-    if [ "$user_exists" == "true" ]; then
-        gum confirm 'User already exists, overwrite it?' --padding="1 1" || exit 0
-    fi
-
-    next=`
-        jq \
-        --arg 'org' "$org" \
-        --arg 'username' "$username" \
-        --arg 'email' "$email" \
-        --arg 'first_name' "$first_name" \
-        --arg 'last_name' "$last_name" \
-        --compact-output \
-        '.[$org] += { $username: { email: $email, firstName: $first_name, lastName: $last_name } }' \
-        <<< $data
-    `
-
-    gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")"
-
-[doc('Remove a new user')]
-[script]
-remove:
-    data=`cd .. && just vars get ulmo zitadel/users | jq fromjson`
-
-    # Gather inputs
-    org=`
-        jq -r 'to_entries | map(.key)[]' <<< "$data" \
-        | gum choose --header 'Which organisation?' --select-if-one
-    `
-    user=`
-        jq -r --arg org "$org" '.[$org] | to_entries | map(.key)[]' <<< "$data" \
-        | gum choose --header 'Which user?' --select-if-one
-    `
-
-    next=`
-        jq \
-        --arg 'org' "$org" \
-        --arg 'user' "$user" \
-        --compact-output \
-        'del(.[$org][$user])' \
-        <<< $data
-    `
-
-    gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")"
--- a/.just/vars.just
+++ b/.just/vars.just
@ -1,38 +1,39 @@
 set unstable := true
 set quiet := true

-base_path := justfile_directory() + "/systems/x86_64-linux"
+machine_base_path := justfile_directory() + "/../machines"
+secret_base_path := justfile_directory() + "/../systems/x86_64-linux"

 _default:
    just --list vars

 [doc('List all vars of {machine}')]
 list machine:
-    sops decrypt {{ base_path }}/{{ machine }}/secrets.yml
+    sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml

 [doc('Edit all vars of {machine} in your editor')]
 edit machine:
-    sops edit {{ base_path }}/{{ machine }}/secrets.yml
+    sops edit {{ secret_base_path }}/{{ machine }}/secrets.yml

 [doc('Set var {value} by {key} for {machine}')]
@set machine key value:
-    sops set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\""
+    sops set {{ secret_base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\""

-    git add {{ base_path }}/{{ machine }}/secrets.yml
-    git commit -m 'chore(secrets): set secret "{{ key }}" for machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null
+    git add {{ secret_base_path }}/{{ machine }}/secrets.yml
+    git commit -m 'chore(secrets): set secret "{{ key }}" for machine "{{ machine }}"' -- {{ secret_base_path }}/{{ machine }}/secrets.yml > /dev/null

    echo "Done"

 [doc('Get var by {key} from {machine}')]
 get machine key:
-    sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g') // \"\""
+    sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g') // \"\""

 [doc('Remove var by {key} for {machine}')]
 remove machine key:
-    sops unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')"
+    sops unset {{ secret_base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')"

-    git add {{ base_path }}/{{ machine }}/secrets.yml
-    git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null
+    git add {{ secret_base_path }}/{{ machine }}/secrets.yml
+    git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ secret_base_path }}/{{ machine }}/secrets.yml > /dev/null

    echo "Done"

@ -59,7 +60,7 @@ _rotate machine key:
 check:
    cd ..

-    for machine in $(ls {{ base_path }}); do
+    for machine in $(ls {{ machine_base_path }}); do
         just vars _check "$machine"
    done

@ -70,14 +71,14 @@ _check machine:
    # we can skip this folder as we are
    # missing the files used to compare
    # the defined vs the configured secrets
-    if [ ! -f "{{ base_path }}/{{ machine }}/default.nix" ]; then
+    if [ ! -f "{{ machine_base_path }}/{{ machine }}/default.nix" ]; then
        printf "\r• %-8sskipped\n" "{{ machine }}"
        exit 0
    fi

    exec 3< <(jq -nr \
        --rawfile defined <(nix eval --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets 2>/dev/null) \
-        --rawfile configured <([ -f "{{ base_path }}/{{ machine }}/secrets.yml" ] && sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq '.' || echo "{}") \
+        --rawfile configured <([ -f "{{ secret_base_path }}/{{ machine }}/secrets.yml" ] && sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml | yq '.' || echo "{}") \
        '
            [ $configured | fromjson | paths(scalars) | join("/") ] as $conf
            | $defined