diff --git a/nix/configuration/flake.nix b/nix/configuration/flake.nix index 2b84092..2b2e7e8 100644 --- a/nix/configuration/flake.nix +++ b/nix/configuration/flake.nix @@ -43,6 +43,12 @@ zsh-histdb = { url = "path:flakes/zsh-histdb"; + # Optional but recommended to limit the size of your system closure. + inputs.nixpkgs.follows = "nixpkgs"; + }; + ansible-sshjail = { + url = "path:flakes/ansible-sshjail"; + # Optional but recommended to limit the size of your system closure. inputs.nixpkgs.follows = "nixpkgs"; }; @@ -57,6 +63,7 @@ home-manager, lanzaboote, zsh-histdb, + ansible-sshjail, ... }@inputs: let @@ -75,7 +82,12 @@ home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; } - { nixpkgs.overlays = [ zsh-histdb.overlays.default ]; } + { + nixpkgs.overlays = [ + zsh-histdb.overlays.default + ansible-sshjail.overlays.default + ]; + } ./configuration.nix ]; }; diff --git a/nix/configuration/flakes/ansible-sshjail/flake.lock b/nix/configuration/flakes/ansible-sshjail/flake.lock new file mode 100644 index 0000000..fdf755d --- /dev/null +++ b/nix/configuration/flakes/ansible-sshjail/flake.lock @@ -0,0 +1,61 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1735141468, + "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/configuration/flakes/ansible-sshjail/flake.nix b/nix/configuration/flakes/ansible-sshjail/flake.nix new file mode 100644 index 0000000..581331a --- /dev/null +++ b/nix/configuration/flakes/ansible-sshjail/flake.nix @@ -0,0 +1,34 @@ +{ + description = "A slightly better history for zsh"; + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + inputs.flake-utils.url = "github:numtide/flake-utils"; + + outputs = + { + self, + nixpkgs, + flake-utils, + ... + }: + let + out = + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + # Maybe pkgs = import nixpkgs { inherit system; }; ? + appliedOverlay = self.overlays.default pkgs pkgs; + in + { + packages = rec { + default = ansible-sshjail; + ansible-sshjail = appliedOverlay.ansible-sshjail; + }; + }; + in + flake-utils.lib.eachDefaultSystem out + // { + overlays.default = final: prev: { + ansible-sshjail = final.callPackage ./package.nix { }; + }; + }; +} diff --git a/nix/configuration/flakes/ansible-sshjail/package.nix b/nix/configuration/flakes/ansible-sshjail/package.nix new file mode 100644 index 0000000..11572fd --- /dev/null +++ b/nix/configuration/flakes/ansible-sshjail/package.nix @@ -0,0 +1,33 @@ +# unpackPhase +# patchPhase +# configurePhase +# buildPhase +# checkPhase +# installPhase +# fixupPhase +# installCheckPhase +# distPhase +{ + stdenv, + fetchgit, + ... +}: +stdenv.mkDerivation { + name = "ansible-sshjail"; + src = fetchgit { + url = "https://github.com/austinhyde/ansible-sshjail.git"; + rev = "a7b0076fdb680b915d35efafd1382919100532b6"; + sha256 = "sha256-4QX/017fDRzb363NexgvHZ/VFKXOjRgGPDKKygyUylM="; + }; + phases = [ + "installPhase" + ]; + installPhase = '' + runHook preInstall + + mkdir -p $out/share/ansible/plugins/connection_plugins + cp $src/sshjail.py $out/share/ansible/plugins/connection_plugins/ + + runHook postInstall + ''; +} diff --git a/nix/configuration/roles/ansible/default.nix b/nix/configuration/roles/ansible/default.nix index 58a3d06..d36dfda 100644 --- a/nix/configuration/roles/ansible/default.nix +++ b/nix/configuration/roles/ansible/default.nix @@ -32,10 +32,50 @@ (prev.ansible.overridePythonAttrs { propagatedBuildInputs = prev.ansible.propagatedBuildInputs ++ [ prev.python3Packages.jmespath ]; }) + pkgs.ansible-sshjail ]; buildInputs = [ pkgs.makeWrapper ]; + postBuild = '' - wrapProgram $out/bin/ansible --prefix PATH : ${lib.makeBinPath [ ]} + ${lib.concatMapStringsSep "\n" + ( + prog: + ( + "wrapProgram $out/bin/${prog} ${ + lib.concatMapStringsSep " " + ( + plugin_type: + "--set ANSIBLE_${lib.toUpper plugin_type}_PLUGINS $out/share/ansible/plugins/${lib.toLower plugin_type}_plugins" + ) + [ + "action" + "cache" + "callback" + "connection" + "filter" + "inventory" + "lookup" + "shell" + "strategy" + "test" + "vars" + ] + } --prefix PATH : ${lib.makeBinPath [ ]}" + ) + ) + [ + "ansible" + "ansible-config" + "ansible-console" + "ansible-doc" + "ansible-galaxy" + "ansible-inventory" + "ansible-playbook" + "ansible-pull" + "ansible-test" + "ansible-vault" + ] + } ''; }; })