Use overlay

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

overlays/default.nix

@@ -0,0 +1,13 @@
+final: prev: {
+  lib = prev.lib.recursiveUpdate prev.lib {
+    fetchers = {
+      sshKnownHosts = import ./fetchers/sshKnownHosts final prev;
+    };
+
+    runtime = {
+      merge = {
+        keyValue = import ./runtime/merge/keyValue final prev;
+      };
+    };
+  };
+}

overlays/fetchers/sshKnownHosts/default.nix

@@ -0,0 +1,33 @@
+final: prev:
+prev.lib.fetchers.withNormalizedHash { } (
+  {
+    host,
+    name ? "ssh-known-hosts-${host}",
+    outputHash,
+    outputHashAlgo,
+    port ? 22,
+    keyTypes ? [
+      "rsa"
+      "ecdsa"
+      "ed25519"
+    ],
+  }:
+  let
+    keyTypeArgs = prev.lib.concatStringsSep "," keyTypes;
+  in
+  prev.runCommandLocal name
+    {
+      inherit outputHash outputHashAlgo;
+      outputHashMode = "flat";
+      preferLocalBuild = true;
+
+      nativeBuildInputs = with final; [
+        openssh
+        gnugrep
+        coreutils
+      ];
+    }
+    ''
+      ssh-keyscan -p ${toString port} -t ${keyTypeArgs} ${host} | grep -v '^#' | sort > $out
+    ''
+)

overlays/runtime/merge/keyValue/default.nix

@@ -0,0 +1,11 @@
+final: prev:
+"${
+  prev.writeShellApplication {
+    name = "merge-key-value";
+    runtimeInputs = with final; [
+      coreutils
+      gawk
+    ];
+    text = builtins.readFile ./key-value.sh;
+  }
+}/bin/merge-key-value"

overlays/runtime/merge/keyValue/key-value.sh

@@ -0,0 +1,15 @@
+# shellcheck shell=bash
+
+source=$(realpath -m "$1")
+target=$(realpath -m "$2")
+
+if [[ -f "$target" ]]; then
+  temp=$(mktemp)
+  awk -F '=' 'NR==FNR{a[$1]=$0;next}($1 in a){$0=a[$1]}1' "$source" "$target" > "$temp"
+  mv "$temp" "$target"
+else
+  mkdir -p "$(dirname "$target")"
+  cp "$source" "$target"
+fi
+
+echo "Configuration file $target has been updated."