Allow sources.json override on deployment basis

2 years ago · 5390e027f9
5 changed files with 87 additions and 66 deletions
--- a/default.nix
+++ b/default.nix
@ -1,60 +1,8 @@
-{ sourcePaths ? import ./nix/sources.nix
-, system ? builtins.currentSystem
+{ system ? builtins.currentSystem
 , crossSystem ? null
 , config ? {}
-}@args: with import ./nix args; {
+, pkgs ? import ./nix { inherit system crossSystem config; }
+}: with pkgs; {

-  shell = let
-    genesisFile = iohkNix.cardanoLib.environments.${globals.environmentName}.genesisFile or "please/set/globals.environmentName";
-
-    mkDevGenesis = writeShellScriptBin "make-dev-genesis" (builtins.replaceStrings
-      [ "\${RUNNER}"
-        "SCRIPTDIR=$(dirname $0)"
-        "TARGETDIR=\"\${CONFIGDIR}/\${GENHASH:0:5}"
-        "--n-delegate-addresses         \${n_delegates}"
-      ]
-      [ ""
-        "SCRIPTDIR=${sourcePaths.cardano-node}/scripts"
-        ("TARGETDIR=\"" + toString ./keys)
-        ""
-      ]
-      (builtins.readFile (sourcePaths.cardano-node + "/scripts/genesis.sh")));
-    migrate-keys = writeShellScriptBin "migrate-keys" ''
-        i=0
-        for k in keys/*.sk; do
-          ((i++))
-          signing_key=keys/delegate-keys.00$i.key
-          echo "migrating $k to $signing_key"
-          cardano-cli migrate-delegate-key-from --byron-legacy --from $k --real-pbft --to $signing_key
-          pk=$(cardano-cli signing-key-public --real-pbft --secret $signing_key | fgrep 'public key (base64):' | cut -d: -f2 | xargs echo -n)
-          delegate_cert=keys/delegation-cert.00$i.json
-          echo "generating delegation certificate for $pk in $delegate_cert"
-          ${jq}/bin/jq ".heavyDelegation | .[] | select(.delegatePk == \"$pk\")" < ${genesisFile} > $delegate_cert
-        done
-     '';
-    create-shelley-genesis-and-keys =
-      let nbCoreNodes = builtins.length globals.topology.coreNodes;
-          maxSupply = 10000000000 * nbCoreNodes;
-      in writeShellScriptBin "create-shelley-genesis-and-keys" ''
-        set -euxo pipefail
-
-        cd ${toString ./keys}
-        cardano-cli shelley genesis create-genesis --genesis-dir . --supply ${toString maxSupply} --genesis-delegates ${toString nbCoreNodes}
-        mkdir -p node-keys
-        cd node-keys
-        for i in {1..${toString nbCoreNodes}}; do
-          cardano-cli shelley node key-gen-VRF --verification-key-file node-vrf$i.vkey --signing-key-file node-vrf$i.skey
-          cardano-cli shelley node key-gen-KES --verification-key-file node-kes$i.vkey --signing-key-file node-kes$i.skey --kes-duration 30
-          cardano-cli shelley node issue-op-cert --hot-kes-verification-key-file node-kes$i.vkey --cold-signing-key-file ../delegate-keys/delegate$i.skey --operational-certificate-issue-counter ../delegate-keys/delegate-opcert$i.counter --kes-period 0 --out-file delegate$i.opcert
-        done
-     '';
-  in  mkShell {
-    buildInputs = [ niv nixops nix cardano-cli telnet dnsutils mkDevGenesis nix-diff migrate-keys pandoc create-shelley-genesis-and-keys ] ++
-                  (with cardano-sl-pkgs.nix-tools.exes; [ cardano-sl-auxx cardano-sl-tools ]);
-    NIX_PATH = "nixpkgs=${path}";
-    NIXOPS_DEPLOYMENT = "${globals.deploymentName}";
-    passthru = {
-      gen-graylog-creds = iohk-ops-lib.scripts.gen-graylog-creds { staticPath = ./static; };
-    };
-  };
+  shell = import ./shell.nix { inherit pkgs; };
 }
--- a/globals-defaults.nix
+++ b/globals-defaults.nix
@ -14,6 +14,8 @@ in {

  environmentName = pkgs.globals.deploymentName;

+  sourcesJsonOverride = ./nix + "/sources.${pkgs.globals.environmentName}.json";
+
  dnsZone = "dev.cardano.org";
  domain = "${pkgs.globals.deploymentName}.${pkgs.globals.dnsZone}";

--- a/nix/default.nix
+++ b/nix/default.nix
@ -1,16 +1,26 @@
 { system ? builtins.currentSystem
 , crossSystem ? null
-, config ? {} }:
+, config ? {}
+}:
 let
-  sourcePaths = import ./sources.nix { inherit pkgs; };
-
-  iohkNix = import sourcePaths.iohk-nix {};
+  defaultSourcePaths = import ./sources.nix { inherit pkgs; };

  # use our own nixpkgs if it exists in our sources,
  # otherwise use iohkNix default nixpkgs.
-  nixpkgs = if (sourcePaths ? nixpkgs)
-    then sourcePaths.nixpkgs
-    else iohkNix.nixpkgs;
+  defaultNixpkgs = if (defaultSourcePaths ? nixpkgs)
+    then defaultSourcePaths.nixpkgs
+    else (import defaultSourcePaths.iohk-nix {}).nixpkgs;
+
+  sourcesOverride = let sourcesFile = ((import defaultNixpkgs { overlays = globals; }).globals).sourcesJsonOverride; in
+    if (builtins.pathExists sourcesFile)
+    then import ./sources.nix { inherit pkgs sourcesFile; }
+    else {};
+
+  sourcePaths = defaultSourcePaths // sourcesOverride;
+
+  iohkNix = import sourcePaths.iohk-nix {};
+
+  nixpkgs = if (sourcesOverride ? nixpkgs) then sourcesOverride.nixpkgs else defaultNixpkgs;

  # overlays from ops-lib (include ops-lib sourcePaths):
  ops-lib-overlays = (import sourcePaths.ops-lib {}).overlays;
--- a/release.nix
+++ b/release.nix
@ -11,7 +11,7 @@
 { cardano-ops ? { outPath = ./.; rev = "abcdef"; }

 # Function arguments to pass to the project
-, projectArgs ? { config = { allowUnfree = false; inHydra = true; }; }
+, projectArgs ? { inherit sourcesOverride; config = { allowUnfree = false; inHydra = true; }; }

 # The systems that the jobset will be built for.
 , supportedSystems ? [ "x86_64-linux" "x86_64-darwin" ]
@ -23,7 +23,7 @@
 , scrubJobs ? true

 # Import pkgs
-, pkgs ? import ./nix {}
+, pkgs ? import ./nix { inherit sourcesOverride; }
 }:

 with import pkgs.iohkNix.release-lib {
--- a/shell.nix
+++ b/shell.nix
@ -1 +1,62 @@
-(import ./. {}).shell
+{ config ? {}
+, pkgs ? import ./nix {
+    inherit config;
+  }
+}:
+with pkgs;
+let
+  nivOverrides = writeShellScriptBin "niv-overrides" ''
+    niv --sources-file ${toString globals.sourcesJsonOverride} $@
+  '';
+  genesisFile = iohkNix.cardanoLib.environments.${globals.environmentName}.genesisFile or "please/set/globals.environmentName";
+
+  mkDevGenesis = writeShellScriptBin "make-dev-genesis" (builtins.replaceStrings
+    [ "\${RUNNER}"
+      "SCRIPTDIR=$(dirname $0)"
+      "TARGETDIR=\"\${CONFIGDIR}/\${GENHASH:0:5}"
+      "--n-delegate-addresses         \${n_delegates}"
+    ]
+    [ ""
+      "SCRIPTDIR=${sourcePaths.cardano-node}/scripts"
+      ("TARGETDIR=\"" + toString ./keys)
+      ""
+    ]
+    (builtins.readFile (sourcePaths.cardano-node + "/scripts/genesis.sh")));
+  migrate-keys = writeShellScriptBin "migrate-keys" ''
+      i=0
+      for k in keys/*.sk; do
+        ((i++))
+        signing_key=keys/delegate-keys.00$i.key
+        echo "migrating $k to $signing_key"
+        cardano-cli migrate-delegate-key-from --byron-legacy --from $k --real-pbft --to $signing_key
+        pk=$(cardano-cli signing-key-public --real-pbft --secret $signing_key | fgrep 'public key (base64):' | cut -d: -f2 | xargs echo -n)
+        delegate_cert=keys/delegation-cert.00$i.json
+        echo "generating delegation certificate for $pk in $delegate_cert"
+        ${jq}/bin/jq ".heavyDelegation | .[] | select(.delegatePk == \"$pk\")" < ${genesisFile} > $delegate_cert
+      done
+    '';
+  create-shelley-genesis-and-keys =
+    let nbCoreNodes = builtins.length globals.topology.coreNodes;
+        maxSupply = 10000000000 * nbCoreNodes;
+    in writeShellScriptBin "create-shelley-genesis-and-keys" ''
+      set -euxo pipefail
+
+      cd ${toString ./keys}
+      cardano-cli shelley genesis create-genesis --genesis-dir . --supply ${toString maxSupply} --genesis-delegates ${toString nbCoreNodes}
+      mkdir -p node-keys
+      cd node-keys
+      for i in {1..${toString nbCoreNodes}}; do
+        cardano-cli shelley node key-gen-VRF --verification-key-file node-vrf$i.vkey --signing-key-file node-vrf$i.skey
+        cardano-cli shelley node key-gen-KES --verification-key-file node-kes$i.vkey --signing-key-file node-kes$i.skey --kes-duration 30
+        cardano-cli shelley node issue-op-cert --hot-kes-verification-key-file node-kes$i.vkey --cold-signing-key-file ../delegate-keys/delegate$i.skey --operational-certificate-issue-counter ../delegate-keys/delegate-opcert$i.counter --kes-period 0 --out-file delegate$i.opcert
+      done
+    '';
+in  mkShell {
+  buildInputs = [ iohkNix.niv nivOverrides nixops nix cardano-cli telnet dnsutils mkDevGenesis nix-diff migrate-keys pandoc create-shelley-genesis-and-keys ] ++
+                (with cardano-sl-pkgs.nix-tools.exes; [ cardano-sl-auxx cardano-sl-tools ]);
+  NIX_PATH = "nixpkgs=${path}";
+  NIXOPS_DEPLOYMENT = "${globals.deploymentName}";
+  passthru = {
+    gen-graylog-creds = iohk-ops-lib.scripts.gen-graylog-creds { staticPath = ./static; };
+  };
+}