aboutsummaryrefslogtreecommitdiff
path: root/modules/pkgs/xinclude2nix/default.nix
blob: 09a9ab33c89f328eec263fcd0f9f2734953c7c9b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
{ runCommand, haskellPackages }:

/*
  Given a list of XML files, produces a Nix file with a list of files included
  with the XInclude mechanism.  The file produced can be imported into other
  Nix files.  This requires read-write mode of evaluation.

  Use case: XML config files with portions of sensitive data (secrets, keys),
  merged in runtime. With this package, deployment tools like NixOps can be
  taught to extract keys and deploy them automatically.


  Example of input file (for Jenkins):

  <?xml version="1.0" encoding="UTF-8"?>
  <hudson xmlns:xi="http://www.w3.org/2001/XInclude">
    <useSecurity>true</useSecurity>
    <authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
      <permission>hudson.model.Hudson.Read:ip1981</permission>
      <permission>hudson.model.Item.Build:ip1981</permission>
      <permission>hudson.model.Item.Cancel:ip1981</permission>
      <permission>hudson.model.Item.Read:ip1981</permission>
      <permission>hudson.model.Hudson.Administer:ip1981</permission>
    </authorizationStrategy>
    <securityRealm class="org.jenkinsci.plugins.GithubSecurityRealm">
      <clientID>XXXXXXXXXXXXXXXXXXX</clientID>
      <xi:include href="/run/keys/github-oauth-XXXXXXXXXXXXXXXXXXX.xml"/>
      <oauthScopes>read:org,user:email</oauthScopes>
    </securityRealm>
  </hudson>


  Corresponding output file (/nix/store/abc...xyz-xinclude.nix):

  ["/run/keys/github-oauth-XXXXXXXXXXXXXXXXXXX.xml"]

*/

# XXX: either string or list of strings
xmlFiles:

let

  inherit (builtins) toString;

  xinclude2nix =
    let
      deps = hpkgs: with hpkgs; [ hxt ];
      ghc = "${haskellPackages.ghcWithPackages deps}/bin/ghc -Wall -static";
    in runCommand "xinclude2nix" {} ''
      ${ghc} -o $out ${./xinclude2nix.hs}
    '';

in runCommand "xinclude.nix" {} ''
  echo ${xinclude2nix} ${toString xmlFiles} >&2
  ${xinclude2nix} ${toString xmlFiles} > $out
  echo -n "$out: " >&2
  cat "$out" >&2
''