numtide · blaggacao · Oct 7, 2020 · Oct 7, 2020 · Oct 7, 2020 · Oct 7, 2020
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,3 @@
+# mimick use case where users are expected to boostrap their dev ca
+# this is also better for testing devhsell ca bootstrapping
+dev-ca
diff --git a/devshell.toml b/devshell.toml
@@ -16,6 +16,18 @@ packages = [
 #
 # motd = ""
 
+# This setting helps to add a project's shared *development* root CA
+# to host's local trust stores by instrumenting the mkcert third party tool.
+# Defining this section also adds `mkcert` to the available packages.
+# Set to the path where mkcert-generated CAROOT files are expected to exist
+#
+# NOTES:
+# - be careful to only put *development* certificates under version control
+# - create those files with the devshell generated *-install-CA command
+# - optionally put this path under .gitignore, if you want users to
+#   generate certificates themselves on first clone (using *-install-CA)
+dev-ca-path = "./dev-ca"
+
 # Use this section to set environment variables to have in the environment.
 #
 # NOTE: all the values are escaped
@@ -47,8 +59,18 @@ command = "echo hello"
 help = "used to format Nix code"
 name = "nixpkgs-fmt"
 package = "nixpkgs-fmt"
+category = "formatters"
 
 [[commands]]
 help = "github utility"
 name = "hub"
 package = "gitAndTools.hub"
+category = "utilites"
+
+# These settings help to manage local DNS overrides via
+# instrumentation of the hostcl third party tool.
+# Defining this section also adds `hostctl` to the available packages.
+[static-dns]
+"test.domain.local" = "172.0.0.1"
+"shared.domain.link-local" = "169.254.0.5"
+
diff --git a/devshell/config.go b/devshell/config.go
@@ -22,12 +22,14 @@ type configCommand struct {
 }
 
 type config struct {
-	Name     string                 `toml:"name"`
-	Packages []string               `toml:"packages"`
-	Motd     *string                `toml:"motd"`
-	Env      map[string]interface{} `toml:"env"`
-	Bash     configBash             `toml:"bash,omitempty"`
-	Commands []configCommand        `toml:"commands"`
+	Name      string                 `toml:"name"`
+	Packages  []string               `toml:"packages"`
+	Motd      *string                `toml:"motd"`
+	DevCaPath *string                `toml:"dev-ca-path,omitempty"`
+	Env       map[string]interface{} `toml:"env"`
+	Bash      configBash             `toml:"bash,omitempty"`
+	Commands  []configCommand        `toml:"commands"`
+	StaticDNS map[string]interface{} `toml:"static-dns,omitempty"`
 }
 
 func configLoad(path string) (*config, error) {

diff --git a/docs/devshell.toml b/docs/devshell.toml
@@ -16,6 +16,18 @@ packages = [
 #
 # motd = ""
 
+# This setting helps to add a project's shared *development* root CA
+# to host's local trust stores by instrumenting the mkcert third party tool.
+# Defining this section also adds `mkcert` to the available packages.
+# Set to the path where mkcert-generated CAROOT files are expected to exist
+#
+# NOTES:
+# - be careful to only put *development* certificates under version control
+# - create those files with the devshell generated *-install-CA command
+# - optionally put this path under .gitignore, if you want users to
+#   generate certificates themselves on first clone (using *-install-CA)
+# dev-ca-path = "./dev-ca"
+
 # Use this section to set environment variables to have in the environment.
 #
 # NOTE: all the values are escaped
@@ -47,8 +59,17 @@ command = "echo hello"
 help = "used to format Nix code"
 name = "nixpkgs-fmt"
 package = "nixpkgs-fmt"
+category = "formatters"
 
 [[commands]]
 help = "github utility"
 name = "hub"
 package = "gitAndTools.hub"
+category = "utilites"
+
+# These settings help to manage local DNS overrides via
+# instrumentation of the hostcl third party tool.
+# Defining this section also adds `hostctl` to the available packages.
+[static-dns]
+"test.domain.local" = "172.0.0.1"
+"shared.domain.link-local" = "169.254.0.5"
diff --git a/docs/devshell.toml.md b/docs/devshell.toml.md
@@ -24,6 +24,18 @@ packages = [
 #
 # motd = ""
 
+# This setting helps to add a project's shared *development* root CA
+# to host's local trust stores by instrumenting the mkcert third party tool.
+# Defining this section also adds `mkcert` to the available packages.
+# Set to the path where mkcert-generated CAROOT files are expected to exist
+#
+# NOTES:
+# - be careful to only put *development* certificates under version control
+# - create those files with the devshell generated *-install-CA command
+# - optionally put this path under .gitignore, if you want users to
+#   generate certificates themselves on first clone (using *-install-CA)
+# dev-ca-path = "./dev-ca"
+
 # Use this section to set environment variables to have in the environment.
 #
 # NOTE: all the values are escaped
@@ -55,11 +67,20 @@ command = "echo hello"
 help = "used to format Nix code"
 name = "nixpkgs-fmt"
 package = "nixpkgs-fmt"
+category = "formatters"
 
 [[commands]]
 help = "github utility"
 name = "hub"
 package = "gitAndTools.hub"
+category = "utilities"
+
+# These settings help to manage local DNS overrides via
+# instrumentation of the hostcl third party tool.
+# Defining this section also adds `hostctl` to the available packages.
+[static-dns]
+"test.domain.local" = "172.0.0.1"
+"shared.domain.link-local" = "169.254.0.5"
 ```
 
 ## Schema
@@ -83,6 +104,8 @@ The name field is optional and defaults to `devshell`.
 
 ### The `motd` field
 
+### The `dev-ca-path` field
+
 ### The `env` section
 
 ### The `bash.extra` field
@@ -96,3 +119,5 @@ The name field is optional and defaults to `devshell`.
 * `name`:
 * `package`:
 
+### The `static-dns` section
+
diff --git a/hostctl/default.nix b/hostctl/default.nix
@@ -0,0 +1,40 @@
+{ buildGoModule, fetchFromGitHub, lib, installShellFiles }:
+
+buildGoModule rec {
+  pname = "hostctl";
+  version = "1.0.14";
+
+  src = fetchFromGitHub {
+    owner = "guumaster";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "02bjii97l4fy43v2rb93m9b0ad8y6mjvbvp4sz6a5n0w9dm1z1q9";
+  };
+
+  vendorSha256 = "1lqk3cda0frqp2vwkqa4b3xkdw814wgkbr7g9r2mwxn85fpdcq5c";
+
+  doCheck = false;
+  buildFlagsArray = [ "-ldflags=-s -w -X github.com/guumaster/hostctl/cmd/hostctl/actions.version=${version}" ];
+
+  nativeBuildInputs = [ installShellFiles ];
+  postInstall = ''
+    $out/bin/hostctl completion bash > hostctl.bash
+    $out/bin/hostctl completion zsh > hostctl.zsh
+    installShellCompletion hostctl.{bash,zsh}
+    # replace above by following once merged https://github.com/NixOS/nixpkgs/pull/83630
+    # installShellCompletion --cmd hostctl \
+    #   --bash <($out/bin/hostctl completion bash) \
+    #   --zsh <($out/bin/hostctl completion zsh)
+  '';
+
+  meta = with lib; {
+    description = "Your dev tool to manage /etc/hosts like a pro!";
+    longDescription = ''
+      This tool gives you more control over the use of your hosts file.
+      You can have multiple profiles and switch them on/off as you need.
+    '';
+    homepage = "https://guumaster.github.io/hostctl/";
+    license = licenses.mit;
+    maintainers = with maintainers; [ blaggacao ];
+  };
+}
diff --git a/mkDevShell/instrumentation.nix b/mkDevShell/instrumentation.nix
@@ -0,0 +1,64 @@
+{ lib, pkgs, config }:
+let
+  inherit (config)
+    name
+    dev-ca-path
+    static-dns
+    ;
+  installProjectCA = {
+    name = "ca-install";
+    help = "install dev CA";
+    category = "host state";
+    package = pkgs.mkcert;
+    command = ''
+      echo "$(tput bold)Installing the ${name}'s dev CA into local trust stores via mkcert command ...$(tput sgr0)"
+      export CAROOT=${dev-ca-path}
+      ${pkgs.mkcert}/bin/mkcert -install
+    '';
+  };
+  uninstallProjectCA = {
+    name = "ca-uninstall";
+    help = "uninstall dev CA";
+    category = "host state";
+    package = pkgs.mkcert;
+    command = ''
+      echo "$(tput bold)Purging the ${name}'s dev CA from local trust stores via mkcert command ...$(tput sgr0)"
+      export CAROOT=${dev-ca-path}
+      ${pkgs.mkcert}/bin/mkcert -uninstall
+    '';
+  };
+
+  etcHosts = pkgs.writeText "${name}-etchosts"
+    (lib.concatStringsSep "\n"
+      (lib.mapAttrsToList (name: value: value + " " + name) static-dns)
+    );
+  # since this temporarily modifies /etc/hosts, use of sudo can't be avoided
+  fqdnsActivate = {
+    name = "dns-activate";
+    category = "host state";
+    help = "activate pre-configured static dns";
+    package = pkgs.hostctl;
+    command = ''
+      echo "$(tput bold)Installing ${name}'s static local DNS resolution via hostctl command ...$(tput sgr0)"
+      sudo ${pkgs.hostctl}/bin/hostctl add ${name} --from ${etcHosts}
+    '';
+  };
+  fqdnsDeactivate = {
+    name = "dns-deactivate";
+    category = "host state";
+    help = "deactivate pre-configured static dns";
+    package = pkgs.hostctl;
+    command = ''
+      echo "$(tput bold)Purging ${name}'s static local DNS resolution via hostctl command ...$(tput sgr0)"
+      sudo ${pkgs.hostctl}/bin/hostctl remove ${name}
+    '';
+  };
+in
+(
+  if static-dns == null || static-dns == "" then [ ]
+  else [ fqdnsActivate fqdnsDeactivate ]
+) ++
+(
+  if dev-ca-path == null || dev-ca-path == "" then [ ]
+  else [ installProjectCA uninstallProjectCA ]
+)