From 4c6fd43e576e92642aa8d525677049a81dd3349a Mon Sep 17 00:00:00 2001 From: Hunter Halloran Date: Fri, 30 Jan 2026 13:15:01 -0500 Subject: [PATCH] fix: Use usda-vision from flake inputs when loaded with athenix --- ATHENIX_INTEGRATION.md | 137 ++++++++++++++++------------------------- default.nix | 86 +++++++++++--------------- 2 files changed, 88 insertions(+), 135 deletions(-) diff --git a/ATHENIX_INTEGRATION.md b/ATHENIX_INTEGRATION.md index ce08c9f..563f518 100644 --- a/ATHENIX_INTEGRATION.md +++ b/ATHENIX_INTEGRATION.md @@ -7,16 +7,16 @@ This guide shows how to properly integrate the usda-vision flake and usda-dash-c ``` athenix/ (main flake) ├── flake.nix - │ └── inputs.usda-vision (flake input) + │ ├── inputs.usda-vision (flake input) + │ └── inputs.ragenix (for secrets) └── nixos-systems/ └── inventory.nix - └── imports usda-dash-config/default.nix (external module) - └── receives usda-vision packages as parameter + └── imports default.nix (accesses inputs directly) ``` -## Step 1: Add usda-vision as a flake input in athenix +## Step 1: Add required flake inputs in athenix -In your `~/athenix/flake.nix`, add usda-vision as an input: +In your `~/athenix/flake.nix`, add usda-vision and ragenix as inputs: ```nix { @@ -27,58 +27,40 @@ In your `~/athenix/flake.nix`, add usda-vision as an input: # Add usda-vision flake usda-vision = { - url = "path:/path/to/usda-dash-config/usda-vision"; + url = "git+https://git.factory.uga.edu/MODEL/usda-vision.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # Ragenix for secrets management + ragenix = { + url = "github:yaxitech/ragenix"; inputs.nixpkgs.follows = "nixpkgs"; }; # Your other inputs... }; - outputs = { self, nixpkgs, usda-vision, ... }: { + outputs = { self, nixpkgs, usda-vision, ragenix, ... }@inputs: { # Your outputs... }; } ``` -## Step 2: Make packages available to NixOS modules +## Step 2: Pass inputs to NixOS modules -In your athenix flake outputs, ensure the usda-vision packages are available to your NixOS configurations. There are two approaches: - -### Approach A: Using specialArgs (Recommended) +Make inputs available to all modules via specialArgs: ```nix -outputs = { self, nixpkgs, usda-vision, ... }: { - nixosConfigurations.usda-dash = nixpkgs.lib.nixosSystem { +outputs = { self, nixpkgs, ... }@inputs: { + nixosConfigurations.proxmox-usda-dash = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - specialArgs = { - # Pass usda-vision packages to all modules - usda-vision-packages = usda-vision.packages.x86_64-linux; - }; + # Make inputs available to all modules + specialArgs = { inherit inputs; }; modules = [ - # Your modules... - ]; - }; -} -``` - -### Approach B: Using _module.args - -```nix -outputs = { self, nixpkgs, usda-vision, ... }: { - nixosConfigurations.usda-dash = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - - modules = [ - # Make packages available as module args - { - _module.args = { - usda-vision-packages = usda-vision.packages.x86_64-linux; - }; - } - - # Your other modules... + ragenix.nixosModules.default + ./nixos-systems/inventory.nix ]; }; } @@ -86,20 +68,20 @@ outputs = { self, nixpkgs, usda-vision, ... }: { ## Step 3: Configure secrets with ragenix in athenix -Secrets are managed by ragenix in the athenix flake, not in this flake. Configure your secrets in athenix: +Secrets are managed by ragenix in the athenix flake: ```nix -# In your athenix flake or secrets configuration +# In your athenix configuration (e.g., inventory.nix) { age.secrets.usda-vision-env = { - file = ./secrets/usda-vision/env.age; # Encrypted with ragenix in athenix + file = ./secrets/usda-vision/env.age; mode = "0644"; owner = "root"; group = "root"; }; age.secrets.usda-vision-azure-env = { - file = ./secrets/usda-vision/azure-env.age; # Encrypted with ragenix in athenix + file = ./secrets/usda-vision/azure-env.age; mode = "0644"; owner = "root"; group = "root"; @@ -107,50 +89,43 @@ Secrets are managed by ragenix in the athenix flake, not in this flake. Configur } ``` -## Step 4: Import usda-dash-config in inventory.nix +## Step 4: Import usda-dash-config module -In your `nixos-systems/inventory.nix` (or wherever you import external modules): +Simply import the default.nix - it will access inputs and age secrets automatically: ```nix -{ config, usda-vision-packages, ... }: +# In inventory.nix +{ config, inputs, ... }: { imports = [ - # Import the usda-dash-config module, passing packages and secret paths - (import /path/to/usda-dash-config/default.nix { - inherit usda-vision-packages; - envFile = config.age.secrets.usda-vision-env.path; - azureEnvFile = config.age.secrets.usda-vision-azure-env.path; - }) - - # Your other imports... + # Just import directly - no parameters needed! + /path/to/usda-dash-config/default.nix ]; + + # Configure secrets (shown above) + age.secrets.usda-vision-env = { + file = ./secrets/usda-vision/env.age; + mode = "0644"; + }; } ``` -Or if using nix-lxc devices pattern: +Or using fetchGit: ```nix -{ config, usda-vision-packages, ... }: +{ config, inputs, ... }: -{ - nix-lxc = { - devices = { - "usda-dash" = - let - usda-dash-config = builtins.fetchGit { - url = "https://git.factory.uga.edu/MODEL/usda-dash-config.git"; - rev = "commit-hash"; - submodules = true; - }; - in - import "${usda-dash-config}/default.nix" { - inherit usda-vision-packages; - envFile = config.age.secrets.usda-vision-env.path; - azureEnvFile = config.age.secrets.usda-vision-azure-env.path; - }; - }; +let + usda-dash-config = builtins.fetchGit { + url = "https://git.factory.uga.edu/MODEL/usda-dash-config.git"; + rev = "commit-hash"; }; +in +{ + imports = [ + "${usda-dash-config}/default.nix" + ]; } ``` @@ -197,30 +172,24 @@ Here's a complete example of how it all fits together: ### ~/athenix/nixos-systems/inventory.nix ```nix -{ config, pkgs, usda-vision-packages, ... }: +{ config, pkgs, inputs, ... }: { imports = [ - # Import usda-dash-config, passing the packages and secret file paths - (import /home/engr-ugaif/usda-dash-config/default.nix { - inherit usda-vision-packages; - envFile = config.age.secrets.usda-vision-env.path; - azureEnvFile = config.age.secrets.usda-vision-azure-env.path; - }) + # Simply import - it accesses inputs.usda-vision automatically + /path/to/usda-dash-config/default.nix ]; # Configure secrets (managed by ragenix in athenix) age.secrets.usda-vision-env = { - file = ./secrets/usda-vision/env.age; # Store encrypted secrets in athenix + file = ./secrets/usda-vision/env.age; mode = "0644"; }; age.secrets.usda-vision-azure-env = { - file = ./secrets/usda-vision/azure-env.age; # Azure OAuth config + file = ./secrets/usda-vision/azure-env.age; mode = "0644"; }; - - # The usda-dash services are now configured and will use the ragenix-managed secrets } ``` diff --git a/default.nix b/default.nix index 9a0fa94..aee1146 100644 --- a/default.nix +++ b/default.nix @@ -1,69 +1,53 @@ -{ usda-vision-packages ? null -, envFile ? null -, azureEnvFile ? null -, ... -}: - # ============================================================================ # USDA Dashboard External System Module # ============================================================================ # External system configuration for usda-dash -# This module can be referenced from nixos-systems/inventory.nix using: -# -# nix-lxc = { -# devices = { -# "usda-dash" = builtins.fetchGit { -# url = "https://git.factory.uga.edu/MODEL/usda-dash-config.git"; -# rev = "commit-hash"; -# submodules = true; # REQUIRED for usda-vision submodule -# }; -# }; -# }; -# -# IMPORTANT: For LXC containers running Docker, the Proxmox LXC must be configured with: -# - Features: nesting=1, keyctl=1 -# - Unprivileged: no (or privileged: yes) -# Edit the container config in Proxmox: /etc/pve/lxc/.conf -# Add: features: nesting=1,keyctl=1 # # USAGE FROM ATHENIX: # -# 1. Add usda-vision as a flake input in athenix/flake.nix: +# 1. Add required flake inputs in athenix/flake.nix: # -# inputs.usda-vision = { -# url = "path:/path/to/usda-dash-config/usda-vision"; -# inputs.nixpkgs.follows = "nixpkgs"; +# inputs = { +# usda-vision = { +# url = "git+https://git.factory.uga.edu/MODEL/usda-vision.git"; +# inputs.nixpkgs.follows = "nixpkgs"; +# }; +# ragenix = { +# url = "github:yaxitech/ragenix"; +# inputs.nixpkgs.follows = "nixpkgs"; +# }; # }; # -# 2. In inventory.nix, pass the usda-vision packages and ragenix-managed secrets: +# 2. Pass inputs to modules via specialArgs: # -# imports = [ -# (import /path/to/usda-dash-config/default.nix { -# usda-vision-packages = inputs.usda-vision.packages.${system}; -# envFile = config.age.secrets.usda-vision-env.path; -# azureEnvFile = config.age.secrets.usda-vision-azure-env.path; -# }) -# ]; +# nixosConfigurations.proxmox-usda-dash = nixpkgs.lib.nixosSystem { +# specialArgs = { inherit inputs; }; +# modules = [ +# ./path/to/usda-dash-config/default.nix +# ]; +# }; +# +# 3. Configure secrets in your athenix configuration: +# +# age.secrets.usda-vision-env = { +# file = ./secrets/usda-vision/env.age; +# }; -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, inputs +, ... }: let - # Get packages from the parameter passed by athenix - # Fallback to local callPackage if not provided (for standalone testing) - camera-sdk = - if usda-vision-packages != null - then usda-vision-packages.camera-sdk - else pkgs.callPackage ./usda-vision/camera-sdk.nix {}; - - usda-vision-app = - if usda-vision-packages != null - then usda-vision-packages.usda-vision - else pkgs.callPackage ./usda-vision/package.nix {}; + # Get packages from flake inputs + camera-sdk = inputs.usda-vision.packages.${pkgs.system}.camera-sdk; + usda-vision-app = inputs.usda-vision.packages.${pkgs.system}.usda-vision; + + # Get secret paths from age configuration (if configured) + envFile = config.age.secrets.usda-vision-env.path or null; + azureEnvFile = config.age.secrets.usda-vision-azure-env.path or null; in {