diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index e319b57..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,27 +0,0 @@ -stages: - - build - - test - -variables: - GIT_SUBMODULE_STRATEGY: recursive - -cache: &global_cache - key: - files: - - flake.lock - - flake.nix - paths: - - /nix/store - policy: pull-push - -build: - image: nixos/nix - stage: build - timeout: 48h - cache: - <<: *global_cache - script: - - nix --experimental-features 'nix-command flakes' flake check --show-trace - -include: - - template: Jobs/Secret-Detection.gitlab-ci.yml diff --git a/.gitmodules b/.gitmodules index b238f43..a0025f4 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "secrets"] - path = secrets - url = https://git.karaolidis.com/karaolidis/nix-secrets.git + path = submodules/secrets + url = git@karaolidis.com:karaolidis/nix-secrets.git +[submodule "sas"] + path = submodules/sas + url = git@karaolidis.com:karaolidis/nix-sas.git diff --git a/README.md b/README.md index 325e168..c625bac 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ NixOS dotfiles and configuration for various hosts and users. - [`flake.lock`](./flake.lock) and [`flake.nix`](./flake.nix): Core Nix flake files defining the repository's dependencies and entry points. - [`hosts/`](./hosts): All host-specific configurations. - - [`common/`](./hosts/common): Shared configuration definitions. - [`shells/`](./hosts/common/shells): Nix dev shells. - [`configs/`](./hosts/common/configs): System configurations applicable to all hosts. @@ -20,7 +19,6 @@ NixOS dotfiles and configuration for various hosts and users. - [`packages/`](./packages/): Custom packages. - [`lib/`](./lib): Nix library function definitions and utilities. - - [`scripts/`](./lib/scripts): Utility scripts for managing the repository. - [`add-host.sh`](./lib/scripts/add-host.sh): Instantiate the keys for a new host configuration. - [`remove-host.sh`](./lib/scripts/remove-host.sh): Remove references to a host. diff --git a/flake.lock b/flake.lock index f9d60c6..5756102 100644 --- a/flake.lock +++ b/flake.lock @@ -357,6 +357,7 @@ "nur": "nur", "nvidia-patch": "nvidia-patch", "quadlet-nix": "quadlet-nix", + "sas": "sas", "secrets": "secrets", "sops-nix": "sops-nix", "spicetify-nix": "spicetify-nix", @@ -385,14 +386,30 @@ "type": "github" } }, + "sas": { + "flake": false, + "locked": { + "lastModified": 1755243359, + "narHash": "sha256-R8Tt700YWn/AEIfqG3n4mklFqmtYGsqKnj+kV+Sq6u8=", + "ref": "refs/heads/main", + "rev": "7bf093db0a30e4b0d8867c1b21e461f0bf08d866", + "revCount": 4, + "type": "git", + "url": "ssh://git@karaolidis.com/karaolidis/nix-sas.git" + }, + "original": { + "type": "git", + "url": "ssh://git@karaolidis.com/karaolidis/nix-sas.git" + } + }, "secrets": { "flake": false, "locked": { - "lastModified": 1755240913, - "narHash": "sha256-SSDNNnOjeON7DtoWL+8lDTordE6xqMgDOG2efoN2AaQ=", + "lastModified": 1755243351, + "narHash": "sha256-Oa7ASrkHUcNHMf/rXnVokLytKEqiM4X2C7R8gBSy/AM=", "ref": "refs/heads/main", - "rev": "0cc52a34f20cd4de6d647986e1df1018aa8dbf82", - "revCount": 31, + "rev": "13b3145cbabcf1d042abdab931cec9042bccc771", + "revCount": 32, "type": "git", "url": "ssh://git@karaolidis.com/karaolidis/nix-secrets.git" }, diff --git a/flake.nix b/flake.nix index dbc716f..4b28306 100644 --- a/flake.nix +++ b/flake.nix @@ -30,6 +30,11 @@ flake = false; }; + sas = { + url = "git+ssh://git@karaolidis.com/karaolidis/nix-sas.git"; + flake = false; + }; + nur = { url = "github:nix-community/NUR"; inputs = { diff --git a/hosts/common/configs/user/console/nix-develop/template.nix b/hosts/common/configs/user/console/nix-develop/template.nix index 3ece0c5..b5faa97 100644 --- a/hosts/common/configs/user/console/nix-develop/template.nix +++ b/hosts/common/configs/user/console/nix-develop/template.nix @@ -2,8 +2,6 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - flake-utils.url = "github:numtide/flake-utils"; - treefmt-nix = { url = "github:numtide/treefmt-nix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/elara/users/nikara/configs/console/sas/default.nix b/hosts/elara/users/nikara/configs/console/artifactory/default.nix similarity index 100% rename from hosts/elara/users/nikara/configs/console/sas/default.nix rename to hosts/elara/users/nikara/configs/console/artifactory/default.nix diff --git a/hosts/elara/users/nikara/configs/console/sagew/default.nix b/hosts/elara/users/nikara/configs/console/sagew/default.nix new file mode 100644 index 0000000..faaba09 --- /dev/null +++ b/hosts/elara/users/nikara/configs/console/sagew/default.nix @@ -0,0 +1,8 @@ +{ user, home }: +{ inputs, system, ... }: +let + selfPkgs = inputs.self.packages.${system}; +in +{ + home-manager.users.${user}.home.packages = [ selfPkgs.sagew ]; +} diff --git a/hosts/elara/users/nikara/default.nix b/hosts/elara/users/nikara/default.nix index feb5646..b85789e 100644 --- a/hosts/elara/users/nikara/default.nix +++ b/hosts/elara/users/nikara/default.nix @@ -85,6 +85,7 @@ in (import ../../../common/configs/user/gui/x11 { inherit user home; }) (import ../../../common/configs/user/gui/xdg { inherit user home; }) + (import ./configs/console/artifactory { inherit user home; }) (import ./configs/console/c { inherit user home; }) (import ./configs/console/go { inherit user home; }) (import ./configs/console/gpg { inherit user home; }) @@ -92,7 +93,7 @@ in (import ./configs/console/java { inherit user home; }) (import ./configs/console/kubernetes { inherit user home; }) (import ./configs/console/podman { inherit user home; }) - (import ./configs/console/sas { inherit user home; }) + (import ./configs/console/sagew { inherit user home; }) (import ./configs/console/ssh { inherit user home; }) (import ./configs/console/viya4-orders-cli { inherit user home; }) diff --git a/packages/default.nix b/packages/default.nix index 792cbcd..c48736c 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -91,13 +91,5 @@ in ssh-known-hosts-gitlab = callPackage ./ssh/known-hosts/gitlab { }; yazi-plugin-custom-shell = callPackage ./yazi/plugins/custom-shell { }; - - # SAS - ssh-known-hosts-sas-artifact = callPackage ./ssh/known-hosts/sas/artifact { }; - ssh-known-hosts-sas-cldlgn = callPackage ./ssh/known-hosts/sas/cldlgn { }; - ssh-known-hosts-sas-gerrit = callPackage ./ssh/known-hosts/sas/gerrit { }; - ssh-known-hosts-sas-gitlab = callPackage ./ssh/known-hosts/sas/gitlab { }; - - sas-cacert = callPackage ./sas/cacert { }; - viya4-orders-cli = callPackage ./sas/viya4-orders-cli { }; } +// (import "${inputs.sas}/packages" { inherit pkgs inputs system; }) diff --git a/packages/sas/cacert/default.nix b/packages/sas/cacert/default.nix deleted file mode 100644 index 52ef918..0000000 --- a/packages/sas/cacert/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: -pkgs.stdenv.mkDerivation { - pname = "sas-cacert"; - version = "0-unstable-2025-05-13"; - - src = builtins.fetchurl { - url = "http://certificates.sas.com/pki/sascacertsbundle.txt"; - sha256 = "sha256:1lah292kqhw6mkj63870qh8fjm44ll4jdqz87pfgr4sb803w1i15"; - }; - - phases = [ "installPhase" ]; - - installPhase = '' - mkdir -p $out/etc/ssl/certs - cp $src $out/etc/ssl/certs/ca-bundle.crt - ''; -} diff --git a/packages/sas/viya4-orders-cli/better-config.patch b/packages/sas/viya4-orders-cli/better-config.patch deleted file mode 100644 index 24c7396..0000000 --- a/packages/sas/viya4-orders-cli/better-config.patch +++ /dev/null @@ -1,159 +0,0 @@ -diff --git a/README.md b/README.md -index 4740e58..5fd44fe 100644 ---- a/README.md -+++ b/README.md -@@ -25,7 +25,7 @@ Available Commands: - license Download a license for the given order number at the given cadence name and version - - Flags: -- -c, --config string config file (default is $HOME/.viya4-orders-cli) -+ -c, --config string config file (default is $XDG_CONFIG_HOME/viya4-orders-cli/config.yaml) - -n, --file-name string name of the file where you want the downloaded order asset to be stored - (defaults: - assetHistory - assetHistory_.json -@@ -146,9 +146,9 @@ Take the following steps to start using SAS Viya Orders CLI: - - 1. If you want to use a configuration file, create it. - -- The default location for the configuration file is `$HOME/.viya4-orders-cli` and the default format is [YAML](https://yaml.org/). -- You can save the file anywhere you want and use any supported format, as long as you use the `--config` / -- `-c` option to specify its path and name to the CLI. -+ The default location for the configuration file is `$XDG_CONFIG_HOME/viya4-orders-cli/config.yaml` and the default format is [YAML](https://yaml.org/). -+ You can save the file anywhere you want as long as you use the `--config` / -+ `-c` option to inform the CLI of any non-default location. - - When using the `-c` option to specify a config file, that file must have a valid extension denoting its format. Supported - formats are [JSON](https://www.json.org/), -@@ -196,7 +196,7 @@ You have the following options for launching SAS Viya Orders CLI: - The examples in this section correspond to typical tasks that you might perform - using SAS Viya Orders CLI: - --- Using a configuration file, `/c/Users/auser/vocli/.viya4-orders-cli.yaml`, to -+- Using a configuration file, `/c/Users/auser/vocli/.config/viya4-orders-cli/config.yaml`, to - convey your API credentials, get deployment assets for SAS Viya order `923456` - at the latest version of the Long Term Support (`lts`) cadence. Send the - contents to file `/c/Users/auser/vocli/sasfiles/923456_lts_depassets.tgz`: -@@ -204,13 +204,13 @@ using SAS Viya Orders CLI: - - ```docker - docker run -v /c/Users/auser/vocli:/sasstuff viya4-orders-cli deploymentAssets 923456 lts \ -- --config /sasstuff/.viya4-orders-cli.yaml --file-path /sasstuff/sasfiles --file-name 923456_lts_depassets -+ --config /sasstuff/.config/viya4-orders-cli/config.yaml --file-path /sasstuff/sasfiles --file-name 923456_lts_depassets - ``` - - Sample output: - - ```text -- 2020/10/02 19:16:30 Using config file: /sasstuff/.viya4-orders-cli.yaml -+ 2020/10/02 19:16:30 Using config file: /sasstuff/.config/viya4-orders-cli/config.yaml - OrderNumber: 923456 - AssetName: deploymentAssets - AssetReqURL: https://api.sas.com/mysas/orders/923456/cadenceNames/lts/deploymentAssets -diff --git a/cmd/root.go b/cmd/root.go -index f8870da..9b0816a 100644 ---- a/cmd/root.go -+++ b/cmd/root.go -@@ -8,7 +8,6 @@ import ( - "log" - "os" - -- homedir "github.com/mitchellh/go-homedir" - "github.com/sassoftware/viya4-orders-cli/lib/authn" - "github.com/spf13/cobra" - "github.com/spf13/viper" -@@ -48,7 +47,7 @@ func init() { - - // Define global flags / options and set their default values. - rootCmd.PersistentFlags().StringVarP(&cfgFile, "config", "c", "", -- "config file (default is $HOME/.viya4-orders-cli)") -+ "config file (default is $XDG_CONFIG_HOME/viya4-orders-cli/config.yaml)") - rootCmd.PersistentFlags().StringVarP(&assetFileName, "file-name", "n", "", - "name of the file where you want the downloaded order asset to be stored\n"+ - "(defaults:\n\tassetHistory - assetHistory_.json\n\tcerts - SASViyaV4__certs.zip\n\tlicense and depassets - SASViyaV4_____."+ -@@ -74,16 +73,9 @@ func initConfig() { - // Use config file from the flag. - viper.SetConfigFile(cfgFile) - } else { -- // Find home directory. -- home, err := homedir.Dir() -- if err != nil { -- log.Fatalln("ERROR: homedir.Dir() returned: " + err.Error()) -- } -- -- // Search config in home directory with name ".viya4-orders-cli" (without extension). -- viper.AddConfigPath(home) -- viper.SetConfigName(".viya4-orders-cli") -- // If they provide a config file with no extension if must be in yaml format. -+ viper.AddConfigPath("$XDG_CONFIG_HOME/viya4-orders-cli") -+ viper.AddConfigPath("$HOME/.config/viya4-orders-cli") -+ viper.SetConfigName("config") - viper.SetConfigType("yaml") - } - -diff --git a/go.mod b/go.mod -index 9fc71bd..0354b7c 100644 ---- a/go.mod -+++ b/go.mod -@@ -3,7 +3,6 @@ module github.com/sassoftware/viya4-orders-cli - go 1.22 - - require ( -- github.com/mitchellh/go-homedir v1.1.0 - github.com/spf13/cobra v1.8.1 - github.com/spf13/viper v1.19.0 - golang.org/x/oauth2 v0.26.0 -diff --git a/go.sum b/go.sum -index b687b77..0e1433c 100644 ---- a/go.sum -+++ b/go.sum -@@ -23,8 +23,6 @@ github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0V - github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= - github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM= - github.com/magiconair/properties v1.8.9/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= --github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= --github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= - github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= - github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= - github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= -diff --git a/lib/authn/authn.go b/lib/authn/authn.go -index a35c405..6345b6f 100644 ---- a/lib/authn/authn.go -+++ b/lib/authn/authn.go -@@ -7,10 +7,10 @@ package authn - - import ( - "context" -- "encoding/base64" - "errors" - "fmt" - "net/url" -+ "os" - "strings" - - "github.com/spf13/viper" -@@ -26,15 +26,20 @@ const ( - - // GetBearerToken calls the /token SAS Viya Orders API endpoint to exchange client credentials for a Bearer token. - // The client credentials are obtained from the SAS API Portal (https://apiportal.sas.com), and should be defined in --// Viper (https://github.com/spf13/viper) as clientCredentialsId (key) and clientCredentialsSecret (secret). -+// Viper (https://github.com/spf13/viper) as clientCredentialsIdFile (key file) and clientCredentialsSecretFile (secret file). - func GetBearerToken() (token string, err error) { -- id, err := base64.StdEncoding.DecodeString(viper.GetString("clientCredentialsId")) -+ idFile := viper.GetString("clientCredentialsIdFile") -+ secFile := viper.GetString("clientCredentialsSecretFile") -+ -+ // read id and sec from the files -+ id, err := os.ReadFile(idFile) - if err != nil { -- return token, errors.New("ERROR: attempt to decode clientCredentialsId failed: " + err.Error()) -+ return token, errors.New("ERROR: attempt to read client credentials ID file failed: " + err.Error()) - } -- sec, err := base64.StdEncoding.DecodeString(viper.GetString("clientCredentialsSecret")) -+ -+ sec, err := os.ReadFile(secFile) - if err != nil { -- return token, errors.New("ERROR: attempt to decode clientCredentialsSecret failed: " + err.Error()) -+ return token, errors.New("ERROR: attempt to read client credentials secret file failed: " + err.Error()) - } - - // Build the request URL. diff --git a/packages/sas/viya4-orders-cli/default.nix b/packages/sas/viya4-orders-cli/default.nix deleted file mode 100644 index 0f20891..0000000 --- a/packages/sas/viya4-orders-cli/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, ... }: -# AUTO-UPDATE: nix-update --flake viya4-orders-cli -pkgs.buildGoModule (finalAttrs: { - pname = "viya4-orders-cli"; - version = "1.7.0"; - - src = pkgs.fetchFromGitHub { - owner = "sassoftware"; - repo = "viya4-orders-cli"; - rev = finalAttrs.version; - hash = "sha256-0AZBKxQC3NDgwtdnso0zEd4h9PBexFzqig4tWoHJTFM="; - }; - - vendorHash = "sha256-EsDdrmcFnsU0woXe562lb5Hx/7yZvYYR6GmNxPJEsxM="; - - patches = [ ./better-config.patch ]; - - ldflags = [ - "-s" - "-w" - "-X github.com/sassoftware/viya4-orders-cli/cmd.version=${finalAttrs.version}" - ]; - - installPhase = '' - mkdir -p $out/bin - cp $GOPATH/bin/viya4-orders-cli $out/bin/viya4-orders-cli - ''; - - meta.mainProgram = finalAttrs.pname; -}) diff --git a/packages/ssh/known-hosts/sas/artifact/default.nix b/packages/ssh/known-hosts/sas/artifact/default.nix deleted file mode 100644 index 08b3dfe..0000000 --- a/packages/ssh/known-hosts/sas/artifact/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - pkgs, - inputs, - system, - ... -}: -pkgs.stdenv.mkDerivation { - pname = "ssh-known-hosts-sas-artifact"; - version = "0-unstable-2025-03-14"; - - src = inputs.self.lib.${system}.fetchers.sshKnownHosts { - host = "artifactlfs.unx.sas.com"; - port = 1339; - hash = "sha256-r3RaTj1GClvD0NwMwgNyfLYNBBjtGFu72CqB1L7f6wQ="; - }; - - phases = [ "installPhase" ]; - - installPhase = '' - cp $src $out - ''; -} diff --git a/packages/ssh/known-hosts/sas/cldlgn/default.nix b/packages/ssh/known-hosts/sas/cldlgn/default.nix deleted file mode 100644 index 740112c..0000000 --- a/packages/ssh/known-hosts/sas/cldlgn/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - pkgs, - inputs, - system, - ... -}: -pkgs.stdenv.mkDerivation { - pname = "ssh-known-hosts-sas-cldlgn"; - version = "0-unstable-2025-02-25"; - - src = inputs.self.lib.${system}.fetchers.sshKnownHosts { - host = "cldlgn.fyi.sas.com"; - hash = "sha256-HymFic00RROW1tC4sQe5QdDM7D8IDeTdKe8rWU6xhZM="; - }; - - phases = [ "installPhase" ]; - - installPhase = '' - cp $src $out - ''; -} diff --git a/packages/ssh/known-hosts/sas/gerrit/default.nix b/packages/ssh/known-hosts/sas/gerrit/default.nix deleted file mode 100644 index d1832f1..0000000 --- a/packages/ssh/known-hosts/sas/gerrit/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - pkgs, - inputs, - system, - ... -}: -pkgs.stdenv.mkDerivation { - pname = "ssh-known-hosts-sas-gerrit"; - version = "0-unstable-2025-02-25"; - - src = inputs.self.lib.${system}.fetchers.sshKnownHosts { - host = "gerrit-svi.unx.sas.com"; - hash = "sha256-+lvC19RyBWFhEwEdXIb/xwEyGuKnatkgOsmhAc583kA="; - }; - - phases = [ "installPhase" ]; - - installPhase = '' - cp $src $out - ''; -} diff --git a/packages/ssh/known-hosts/sas/gitlab/default.nix b/packages/ssh/known-hosts/sas/gitlab/default.nix deleted file mode 100644 index ebd7f4e..0000000 --- a/packages/ssh/known-hosts/sas/gitlab/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - pkgs, - inputs, - system, - ... -}: -pkgs.stdenv.mkDerivation { - pname = "ssh-known-hosts-sas-gitlab"; - version = "0-unstable-2025-02-25"; - - src = inputs.self.lib.${system}.fetchers.sshKnownHosts { - host = "gitlab.sas.com"; - hash = "sha256-gJGM6bG+u+XS2UdyYtK7MXP2r8w3tX/1kJmsDpyFKWI="; - }; - - phases = [ "installPhase" ]; - - installPhase = '' - cp $src $out - ''; -} diff --git a/secrets b/secrets deleted file mode 160000 index 0cc52a3..0000000 --- a/secrets +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 0cc52a34f20cd4de6d647986e1df1018aa8dbf82 diff --git a/submodules/sas b/submodules/sas new file mode 160000 index 0000000..7bf093d --- /dev/null +++ b/submodules/sas @@ -0,0 +1 @@ +Subproject commit 7bf093db0a30e4b0d8867c1b21e461f0bf08d866 diff --git a/submodules/secrets b/submodules/secrets new file mode 160000 index 0000000..13b3145 --- /dev/null +++ b/submodules/secrets @@ -0,0 +1 @@ +Subproject commit 13b3145cbabcf1d042abdab931cec9042bccc771