difftreelog
fix do not check nixos config for secret management
in: trunk
2 files changed
crates/fleet-base/src/host.rsdiffbeforeafterboth979798 pub host_config: Option<Value>,98 pub host_config: Option<Value>,99 pub nixos_config: OnceCell<Value>,99 pub nixos_config: OnceCell<Value>,100 pub nixos_unchecked_config: OnceCell<Value>,100 pub pkgs_override: Option<Value>,101 pub pkgs_override: Option<Value>,101102102 // TODO: Move command helpers away with connectivity refactor103 // TODO: Move command helpers away with connectivity refactor377378378 Ok(nixos_config)379 Ok(nixos_config)379 }380 }381 pub async fn nixos_unchecked_config(&self) -> Result<Value> {382 if let Some(v) = self.nixos_unchecked_config.get() {383 return Ok(v.clone());384 }385 let Some(host_config) = &self.host_config else {386 bail!("local host has no nixos_config");387 };388 let nixos_config = nix_go!(host_config.nixos_unchecked.config);389390 let _ = self.nixos_unchecked_config.set(nixos_config.clone());391392 Ok(nixos_config)393 }380394381 pub async fn list_configured_secrets(&self) -> Result<Vec<String>> {395 pub async fn list_configured_secrets(&self) -> Result<Vec<String>> {382 let nixos = self.nixos_config().await?;396 let nixos = self.nixos_unchecked_config().await?;383 let secrets = nix_go!(nixos.secrets);397 let secrets = nix_go!(nixos.secrets);384 let mut out = Vec::new();398 let mut out = Vec::new();385 for name in secrets.list_fields().await? {399 for name in secrets.list_fields().await? {393 Ok(out)407 Ok(out)394 }408 }395 pub async fn secret_field(&self, name: &str) -> Result<Value> {409 pub async fn secret_field(&self, name: &str) -> Result<Value> {396 let nixos = self.nixos_config().await?;410 let nixos = self.nixos_unchecked_config().await?;397 Ok(nix_go!(nixos.secrets[{ name }]))411 Ok(nix_go!(nixos.secrets[{ name }]))398 }412 }399413434 name: "<virtual localhost>".to_owned(),448 name: "<virtual localhost>".to_owned(),435 host_config: None,449 host_config: None,436 nixos_config: OnceCell::new(),450 nixos_config: OnceCell::new(),451 nixos_unchecked_config: OnceCell::new(),437 groups: {452 groups: {438 let cell = OnceCell::new();453 let cell = OnceCell::new();439 let _ = cell.set(vec![]);454 let _ = cell.set(vec![]);456 name: name.to_owned(),471 name: name.to_owned(),457 host_config: Some(host_config),472 host_config: Some(host_config),458 nixos_config: OnceCell::new(),473 nixos_config: OnceCell::new(),474 nixos_unchecked_config: OnceCell::new(),459 groups: OnceCell::new(),475 groups: OnceCell::new(),460 pkgs_override: None,476 pkgs_override: None,461477modules/nixos.nixdiffbeforeafterboth--- a/modules/nixos.nix
+++ b/modules/nixos.nix
@@ -9,7 +9,7 @@
}: let
inherit (lib.attrsets) mapAttrs;
inherit (lib.options) mkOption;
- inherit (lib.types) deferredModule;
+ inherit (lib.types) deferredModule unspecified;
inherit (lib.modules) mkRemovedOptionModule;
inherit (lib.strings) escapeNixIdentifier;
inherit (fleetLib.options) mkHostsOption;
@@ -54,6 +54,9 @@
};
};
};
+ nixos_unchecked = mkOption {
+ type = unspecified;
+ };
};
config = {
# imports = [
@@ -61,11 +64,18 @@
# ];
nixos = {
config._module.args = {
- nixosHosts = mapAttrs (_: value: value.nixos.config) config.hosts;
+ nixosHosts = mapAttrs (_: value: value.nixos_unchecked.config) config.hosts;
hosts = config.hosts;
host = hostArgs.config;
};
};
+ nixos_unchecked = hostArgs.config.nixos.extendModules {
+ modules = [
+ {
+ _module.check = false;
+ }
+ ];
+ };
};
});
};