difftreelog
fix do not check nixos config for secret management
in: trunk
2 files changed
crates/fleet-base/src/host.rsdiffbeforeafterboth979798 pub host_config: Option<Value>,98 pub host_config: Option<Value>,99 pub nixos_config: OnceCell<Value>,99 pub nixos_config: OnceCell<Value>,100 pub nixos_unchecked_config: OnceCell<Value>,100 pub pkgs_override: Option<Value>,101 pub pkgs_override: Option<Value>,101102102 // TODO: Move command helpers away with connectivity refactor103 // TODO: Move command helpers away with connectivity refactor377378378 Ok(nixos_config)379 Ok(nixos_config)379 }380 }381 pub async fn nixos_unchecked_config(&self) -> Result<Value> {382 if let Some(v) = self.nixos_unchecked_config.get() {383 return Ok(v.clone());384 }385 let Some(host_config) = &self.host_config else {386 bail!("local host has no nixos_config");387 };388 let nixos_config = nix_go!(host_config.nixos_unchecked.config);389390 let _ = self.nixos_unchecked_config.set(nixos_config.clone());391392 Ok(nixos_config)393 }380394381 pub async fn list_configured_secrets(&self) -> Result<Vec<String>> {395 pub async fn list_configured_secrets(&self) -> Result<Vec<String>> {382 let nixos = self.nixos_config().await?;396 let nixos = self.nixos_unchecked_config().await?;383 let secrets = nix_go!(nixos.secrets);397 let secrets = nix_go!(nixos.secrets);384 let mut out = Vec::new();398 let mut out = Vec::new();385 for name in secrets.list_fields().await? {399 for name in secrets.list_fields().await? {393 Ok(out)407 Ok(out)394 }408 }395 pub async fn secret_field(&self, name: &str) -> Result<Value> {409 pub async fn secret_field(&self, name: &str) -> Result<Value> {396 let nixos = self.nixos_config().await?;410 let nixos = self.nixos_unchecked_config().await?;397 Ok(nix_go!(nixos.secrets[{ name }]))411 Ok(nix_go!(nixos.secrets[{ name }]))398 }412 }399413434 name: "<virtual localhost>".to_owned(),448 name: "<virtual localhost>".to_owned(),435 host_config: None,449 host_config: None,436 nixos_config: OnceCell::new(),450 nixos_config: OnceCell::new(),451 nixos_unchecked_config: OnceCell::new(),437 groups: {452 groups: {438 let cell = OnceCell::new();453 let cell = OnceCell::new();439 let _ = cell.set(vec![]);454 let _ = cell.set(vec![]);456 name: name.to_owned(),471 name: name.to_owned(),457 host_config: Some(host_config),472 host_config: Some(host_config),458 nixos_config: OnceCell::new(),473 nixos_config: OnceCell::new(),474 nixos_unchecked_config: OnceCell::new(),459 groups: OnceCell::new(),475 groups: OnceCell::new(),460 pkgs_override: None,476 pkgs_override: None,461477modules/nixos.nixdiffbeforeafterboth9}: let9}: let10 inherit (lib.attrsets) mapAttrs;10 inherit (lib.attrsets) mapAttrs;11 inherit (lib.options) mkOption;11 inherit (lib.options) mkOption;12 inherit (lib.types) deferredModule;12 inherit (lib.types) deferredModule unspecified;13 inherit (lib.modules) mkRemovedOptionModule;13 inherit (lib.modules) mkRemovedOptionModule;14 inherit (lib.strings) escapeNixIdentifier;14 inherit (lib.strings) escapeNixIdentifier;15 inherit (fleetLib.options) mkHostsOption;15 inherit (fleetLib.options) mkHostsOption;54 };54 };55 };55 };56 };56 };57 nixos_unchecked = mkOption {58 type = unspecified;59 };57 };60 };58 config = {61 config = {59 # imports = [62 # imports = [60 # (mkRemovedOptionModule ["nixosModules"] "replaced with hosts.*.nixos.imports.")63 # (mkRemovedOptionModule ["nixosModules"] "replaced with hosts.*.nixos.imports.")61 # ];64 # ];62 nixos = {65 nixos = {63 config._module.args = {66 config._module.args = {64 nixosHosts = mapAttrs (_: value: value.nixos.config) config.hosts;67 nixosHosts = mapAttrs (_: value: value.nixos_unchecked.config) config.hosts;65 hosts = config.hosts;68 hosts = config.hosts;66 host = hostArgs.config;69 host = hostArgs.config;67 };70 };68 };71 };72 nixos_unchecked = hostArgs.config.nixos.extendModules {73 modules = [74 {75 _module.check = false;76 }77 ];78 };69 };79 };70 });80 });71 };81 };