I have the following files:
.
├── ansible-collections
│ └── default.nix
├── ansible-environment
│ └── default.nix
├── ansible-wrapper
│ └── default.nix
├── container-image
│ └── default.nix
├── ansible-code
│ └── default.nix
├── read-vault-pass
│ ├── default.nix
│ └── read_vault_pass.py
└── default.nix
pkgs/default.nix
{
pkgs,
root,
python,
pythonProdEnvironment,
}:
let
callPackage = pkgs.lib.callPackageWith (pkgs // packages);
packages = {
ansible-collections = callPackage ./ansible-collections {
prodEnv = pythonProdEnvironment;
inherit root;
};
ansible = callPackage ./ansible-code { inherit root; };
ansible-environment = callPackage ./ansible-environment { };
ansible-wrapper = callPackage ./ansible-wrapper { };
container = callPackage ./container-image { };
};
in
packages
The ansible-environment
contains an attribute set with variables that I would like to share between the derivations and the projects mkShellNoCC
defined in the flake.nix
.
ansible-environment/default.nix
{
ansible-collections,
glibcLocales,
readVaultPass,
}:
{
ANSIBLE_COLLECTIONS_PATH = ansible-collections;
ANSIBLE_VAULT_PASSWORD_FILE = "${readVaultPass}/bin/read-vault-pass";
LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive";
}
I was able to make it work like this:
ansible-wrapper/default.nix
{
ansible-environment,
ansible,
bash,
openssh,
pythonProdEnvironment,
rsync,
sshpass,
writeShellApplication,
}:
writeShellApplication {
name = "ansible-wrapper";
runtimeEnv = {
inherit (ansible-environment)
ANSIBLE_COLLECTIONS_PATH
ANSIBLE_VAULT_PASSWORD_FILE
LOCALE_ARCHIVE
;
};
runtimeInputs = [
ansible
bash
openssh
pythonProdEnvironment
rsync # required for ansible.posix.synchronize
sshpass # required to use passwords with SSH
];
text = ''
if [ $# -eq 0 ]; then
echo "No input arguments provided."
exit 1
fi
cd "''\${OUR_ANSIBLE_DIRECTORY:-${ansible}}"
"$@"
'';
}
However since ansible-environment
is an attribute set, shouldn’t it be possible to just set runtimeEnv = ansible-environment
?
But when I try that I get the error:
error: cannot coerce a set to a string: { ansible-collections = false; glibcLocales = false; readVaultPass = false; }
Same goes for mkShellNoCC
shouldn’t something like the following work?
It builds without error but the variables aren’t available in the shell.
mkShellNoCC { } // ourpackages.ansible-environment;