From f5efa59ad1e3ea384637bd3f3a9472a8ad0cea75 Mon Sep 17 00:00:00 2001
From: Robert Rose <robert.rose@mailbox.org>
Date: Mon, 5 May 2025 11:58:39 +0200
Subject: [PATCH] nixos/k3s: support fetching helm charts from OCI registries

This enables fetching Helm charts from OCI-based registries. OCI charts
will be detected by checking that the repo has a `oci://` prefix, the
behaviour for regular chart registries remains the same. The `name`
field can be omitted for OCI charts.
---
 .../modules/services/cluster/k3s/default.nix  | 26 ++++++++++++++-----
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/nixos/modules/services/cluster/k3s/default.nix b/nixos/modules/services/cluster/k3s/default.nix
index fe73c178d491..22e3534ea591 100644
--- a/nixos/modules/services/cluster/k3s/default.nix
+++ b/nixos/modules/services/cluster/k3s/default.nix
@@ -46,8 +46,12 @@ let
       )
     );
 
-  # Replace characters that are problematic in file names
+  # Replace prefixes and characters that are problematic in file names
   cleanHelmChartName =
+    name:
+    let
+      woPrefix = lib.removePrefix "https://" (lib.removePrefix "oci://" name);
+    in
     lib.replaceStrings
       [
         "/"
@@ -56,7 +60,8 @@ let
       [
         "-"
         "-"
-      ];
+      ]
+      woPrefix;
 
   # Fetch a Helm chart from a public registry. This only supports a basic Helm pull.
   fetchHelm =
@@ -66,7 +71,12 @@ let
       version,
       hash ? lib.fakeHash,
     }:
-    pkgs.runCommand (cleanHelmChartName "${lib.removePrefix "https://" repo}-${name}-${version}.tgz")
+    let
+      isOci = lib.hasPrefix "oci://" repo;
+      pullCmd = if isOci then repo else "--repo ${repo} ${name}";
+      name' = if isOci then "${repo}-${version}" else "${repo}-${name}-${version}";
+    in
+    pkgs.runCommand (cleanHelmChartName "${name'}.tgz")
       {
         inherit (lib.fetchers.normalizeHash { } { inherit hash; }) outputHash outputHashAlgo;
         impureEnvVars = lib.fetchers.proxyImpureEnvVars;
@@ -76,9 +86,7 @@ let
         ];
       }
       ''
-        export HOME="$PWD"
-        helm repo add repository ${repo}
-        helm pull repository/${name} --version ${version}
+        helm pull ${pullCmd} --version ${version}
         mv ./*.tgz $out
       '';
 
@@ -724,7 +732,11 @@ in
               };
             };
           };
-
+          nginx = {
+            repo = "oci://registry-1.docker.io/bitnamicharts/nginx";
+            version = "20.0.0";
+            hash = "sha256-sy+tzB+i9jIl/tqOMzzuhVhTU4EZVsoSBtPznxF/36c=";
+          };
           custom-chart = {
             package = ../charts/my-chart.tgz;
             values = ../values/my-values.yaml;