From ab228a4c91d99b17bc9ebfa55e2feec2363bc69f Mon Sep 17 00:00:00 2001
From: Victor Engmark <vengmark@linz.govt.nz>
Date: Fri, 18 Aug 2023 10:13:07 +1200
Subject: [PATCH] feat: Add Nix support

Provides dependencies and a `k` command.
---
 .envrc           |   5 +
 .gitignore       |   1 +
 nix/sources.json |  14 +++
 nix/sources.nix  | 248 +++++++++++++++++++++++++++++++++++++++++++++++
 shell.nix        |  16 +++
 tools/k          |   3 +
 6 files changed, 287 insertions(+)
 create mode 100644 .envrc
 create mode 100644 nix/sources.json
 create mode 100644 nix/sources.nix
 create mode 100644 shell.nix
 create mode 100755 tools/k

diff --git a/.envrc b/.envrc
new file mode 100644
index 000000000..3fb98d488
--- /dev/null
+++ b/.envrc
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+nix_direnv_watch_file nix
+use nix
+PATH_add tools
+ln --force --no-target-directory --symbolic "$(which node)" node
diff --git a/.gitignore b/.gitignore
index 18b980ca2..27de97dd7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ node_modules/
 dist/
 cdk.out/
 cdk.context.json
+/node
diff --git a/nix/sources.json b/nix/sources.json
new file mode 100644
index 000000000..ac5813726
--- /dev/null
+++ b/nix/sources.json
@@ -0,0 +1,14 @@
+{
+  "nixpkgs": {
+    "branch": "nixos-23.05",
+    "description": "Nix Packages collection",
+    "homepage": "",
+    "owner": "NixOS",
+    "repo": "nixpkgs",
+    "rev": "261abe8a44a7e8392598d038d2e01f7b33cf26d0",
+    "sha256": "1hpjj75s3xvngn48q27q78syrlg2yfac5hmk2573z6089ajpaxli",
+    "type": "tarball",
+    "url": "https://github.com/NixOS/nixpkgs/archive/261abe8a44a7e8392598d038d2e01f7b33cf26d0.tar.gz",
+    "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+  }
+}
diff --git a/nix/sources.nix b/nix/sources.nix
new file mode 100644
index 000000000..f86fe8926
--- /dev/null
+++ b/nix/sources.nix
@@ -0,0 +1,248 @@
+# This file has been generated by Niv.
+let
+  #
+  # The fetchers. fetch_<type> fetches specs of type <type>.
+  #
+  fetch_file = pkgs: name: spec: let
+    name' = sanitizeName name + "-src";
+  in
+    if spec.builtin or true
+    then
+      builtins_fetchurl {
+        inherit (spec) url sha256;
+        name = name';
+      }
+    else
+      pkgs.fetchurl {
+        inherit (spec) url sha256;
+        name = name';
+      };
+
+  fetch_tarball = pkgs: name: spec: let
+    name' = sanitizeName name + "-src";
+  in
+    if spec.builtin or true
+    then
+      builtins_fetchTarball {
+        name = name';
+        inherit (spec) url sha256;
+      }
+    else
+      pkgs.fetchzip {
+        name = name';
+        inherit (spec) url sha256;
+      };
+
+  fetch_git = name: spec: let
+    ref =
+      if spec ? ref
+      then spec.ref
+      else if spec ? branch
+      then "refs/heads/${spec.branch}"
+      else if spec ? tag
+      then "refs/tags/${spec.tag}"
+      else abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
+    submodules =
+      if spec ? submodules
+      then spec.submodules
+      else false;
+    submoduleArg = let
+      nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
+      emptyArgWithWarning =
+        if submodules == true
+        then
+          builtins.trace
+          (
+            "The niv input \"${name}\" uses submodules "
+            + "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
+            + "does not support them"
+          )
+          {}
+        else {};
+    in
+      if nixSupportsSubmodules
+      then {inherit submodules;}
+      else emptyArgWithWarning;
+  in
+    builtins.fetchGit
+    ({
+        url = spec.repo;
+        inherit (spec) rev;
+        inherit ref;
+      }
+      // submoduleArg);
+
+  fetch_local = spec: spec.path;
+
+  fetch_builtin-tarball = name:
+    throw
+    ''      [${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
+              $ niv modify ${name} -a type=tarball -a builtin=true'';
+
+  fetch_builtin-url = name:
+    throw
+    ''      [${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
+              $ niv modify ${name} -a type=file -a builtin=true'';
+
+  #
+  # Various helpers
+  #
+
+  # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
+  sanitizeName = name: (
+    concatMapStrings (s:
+      if builtins.isList s
+      then "-"
+      else s)
+    (
+      builtins.split "[^[:alnum:]+._?=-]+"
+      ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
+    )
+  );
+
+  # The set of packages used when specs are fetched using non-builtins.
+  mkPkgs = sources: system: let
+    sourcesNixpkgs =
+      import (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;}) {inherit system;};
+    hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
+    hasThisAsNixpkgsPath = <nixpkgs> == ./.;
+  in
+    if builtins.hasAttr "nixpkgs" sources
+    then sourcesNixpkgs
+    else if hasNixpkgsPath && ! hasThisAsNixpkgsPath
+    then import <nixpkgs> {}
+    else
+      abort
+      ''
+        Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
+        add a package called "nixpkgs" to your sources.json.
+      '';
+
+  # The actual fetching function.
+  fetch = pkgs: name: spec:
+    if ! builtins.hasAttr "type" spec
+    then abort "ERROR: niv spec ${name} does not have a 'type' attribute"
+    else if spec.type == "file"
+    then fetch_file pkgs name spec
+    else if spec.type == "tarball"
+    then fetch_tarball pkgs name spec
+    else if spec.type == "git"
+    then fetch_git name spec
+    else if spec.type == "local"
+    then fetch_local spec
+    else if spec.type == "builtin-tarball"
+    then fetch_builtin-tarball name
+    else if spec.type == "builtin-url"
+    then fetch_builtin-url name
+    else abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
+
+  # If the environment variable NIV_OVERRIDE_${name} is set, then use
+  # the path directly as opposed to the fetched source.
+  replace = name: drv: let
+    saneName = stringAsChars (c:
+      if isNull (builtins.match "[a-zA-Z0-9]" c)
+      then "_"
+      else c)
+    name;
+    ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
+  in
+    if ersatz == ""
+    then drv
+    else
+      # this turns the string into an actual Nix path (for both absolute and
+      # relative paths)
+      if builtins.substring 0 1 ersatz == "/"
+      then /. + ersatz
+      else /. + builtins.getEnv "PWD" + "/${ersatz}";
+
+  # Ports of functions for older nix versions
+
+  # a Nix version of mapAttrs if the built-in doesn't exist
+  mapAttrs =
+    builtins.mapAttrs
+    or (
+      f: set:
+        with builtins;
+          listToAttrs (map (attr: {
+            name = attr;
+            value = f attr set.${attr};
+          }) (attrNames set))
+    );
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
+  range = first: last:
+    if first > last
+    then []
+    else builtins.genList (n: first + n) (last - first + 1);
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
+  stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
+  stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
+  concatMapStrings = f: list: concatStrings (map f list);
+  concatStrings = builtins.concatStringsSep "";
+
+  # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
+  optionalAttrs = cond: as:
+    if cond
+    then as
+    else {};
+
+  # fetchTarball version that is compatible between all the versions of Nix
+  builtins_fetchTarball = {
+    url,
+    name ? null,
+    sha256,
+  } @ attrs: let
+    inherit (builtins) lessThan nixVersion fetchTarball;
+  in
+    if lessThan nixVersion "1.12"
+    then fetchTarball ({inherit url;} // (optionalAttrs (!isNull name) {inherit name;}))
+    else fetchTarball attrs;
+
+  # fetchurl version that is compatible between all the versions of Nix
+  builtins_fetchurl = {
+    url,
+    name ? null,
+    sha256,
+  } @ attrs: let
+    inherit (builtins) lessThan nixVersion fetchurl;
+  in
+    if lessThan nixVersion "1.12"
+    then fetchurl ({inherit url;} // (optionalAttrs (!isNull name) {inherit name;}))
+    else fetchurl attrs;
+
+  # Create the final "sources" from the config
+  mkSources = config:
+    mapAttrs (
+      name: spec:
+        if builtins.hasAttr "outPath" spec
+        then
+          abort
+          "The values in sources.json should not have an 'outPath' attribute"
+        else spec // {outPath = replace name (fetch config.pkgs name spec);}
+    )
+    config.sources;
+
+  # The "config" used by the fetchers
+  mkConfig = {
+    sourcesFile ?
+      if builtins.pathExists ./sources.json
+      then ./sources.json
+      else null,
+    sources ?
+      if isNull sourcesFile
+      then {}
+      else builtins.fromJSON (builtins.readFile sourcesFile),
+    system ? builtins.currentSystem,
+    pkgs ? mkPkgs sources system,
+  }: rec {
+    # The sources, i.e. the attribute set of spec name to spec
+    inherit sources;
+
+    # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
+    inherit pkgs;
+  };
+in
+  mkSources (mkConfig {}) // {__functor = _: settings: mkSources (mkConfig settings);}
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 000000000..cc2fcc206
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1,16 @@
+let
+  sources = import ./nix/sources.nix;
+  pkgs = import sources.nixpkgs {};
+in
+  pkgs.mkShell {
+    packages = [
+      pkgs.argo
+      pkgs.awscli2
+      pkgs.bashInteractive
+      pkgs.kubectl
+      pkgs.nodejs
+    ];
+    shellHook = ''
+      ln --force --no-target-directory --symbolic "${pkgs.nodejs}/bin/node" node
+    '';
+  }
diff --git a/tools/k b/tools/k
new file mode 100755
index 000000000..e4dab7d52
--- /dev/null
+++ b/tools/k
@@ -0,0 +1,3 @@
+#!/bin/sh -e
+
+kubectl "$@"