difftreelog
fix do not check nixos config for secret management
in: trunk
2 files changed
crates/fleet-base/src/host.rsdiffbeforeafterboth--- a/crates/fleet-base/src/host.rs
+++ b/crates/fleet-base/src/host.rs
@@ -97,6 +97,7 @@
pub host_config: Option<Value>,
pub nixos_config: OnceCell<Value>,
+ pub nixos_unchecked_config: OnceCell<Value>,
pub pkgs_override: Option<Value>,
// TODO: Move command helpers away with connectivity refactor
@@ -377,9 +378,22 @@
Ok(nixos_config)
}
+ pub async fn nixos_unchecked_config(&self) -> Result<Value> {
+ if let Some(v) = self.nixos_unchecked_config.get() {
+ return Ok(v.clone());
+ }
+ let Some(host_config) = &self.host_config else {
+ bail!("local host has no nixos_config");
+ };
+ let nixos_config = nix_go!(host_config.nixos_unchecked.config);
+
+ let _ = self.nixos_unchecked_config.set(nixos_config.clone());
+
+ Ok(nixos_config)
+ }
pub async fn list_configured_secrets(&self) -> Result<Vec<String>> {
- let nixos = self.nixos_config().await?;
+ let nixos = self.nixos_unchecked_config().await?;
let secrets = nix_go!(nixos.secrets);
let mut out = Vec::new();
for name in secrets.list_fields().await? {
@@ -393,7 +407,7 @@
Ok(out)
}
pub async fn secret_field(&self, name: &str) -> Result<Value> {
- let nixos = self.nixos_config().await?;
+ let nixos = self.nixos_unchecked_config().await?;
Ok(nix_go!(nixos.secrets[{ name }]))
}
@@ -434,6 +448,7 @@
name: "<virtual localhost>".to_owned(),
host_config: None,
nixos_config: OnceCell::new(),
+ nixos_unchecked_config: OnceCell::new(),
groups: {
let cell = OnceCell::new();
let _ = cell.set(vec![]);
@@ -456,6 +471,7 @@
name: name.to_owned(),
host_config: Some(host_config),
nixos_config: OnceCell::new(),
+ nixos_unchecked_config: OnceCell::new(),
groups: OnceCell::new(),
pkgs_override: None,
modules/nixos.nixdiffbeforeafterboth1{2 lib,3 fleetLib,4 inputs,5 self,6 config,7 _fleetFlakeRootConfig,8 ...9}: let10 inherit (lib.attrsets) mapAttrs;11 inherit (lib.options) mkOption;12 inherit (lib.types) deferredModule;13 inherit (lib.modules) mkRemovedOptionModule;14 inherit (lib.strings) escapeNixIdentifier;15 inherit (fleetLib.options) mkHostsOption;1617 _file = ./nixos.nix;18in {19 options = {20 nixos = mkOption {21 description = ''22 Nixos configuration for all hosts.23 '';24 type = deferredModule;25 };26 hosts = mkHostsOption (hostArgs: {27 inherit _file;28 options = {29 nixos = mkOption {30 description = ''31 Nixos configuration for the current host.32 '';33 type = deferredModule;34 apply = module: let35 inherit (hostArgs.config) system;36 in37 config.nixpkgs.buildUsing.lib.nixosSystem {38 inherit system;39 modules = [40 (module // {key = "attr<host.nixos>";})41 (config.nixos // {key = "attr<fleet.nixos>";})42 ];43 specialArgs = {44 inherit fleetLib inputs self;45 inputs' = mapAttrs (inputName: input:46 builtins.addErrorContext "while retrieving system-dependent attributes for input ${escapeNixIdentifierinputName}"47 (48 if input._type or null == "flake"49 then _fleetFlakeRootConfig.perInput system input50 else "input is not a flake, perhaps flake = false was added to te input declaration?"51 ))52 inputs;53 self' = builtins.addErrorContext "while retrieving system-dependent attributes for a flake's own outputs" (_fleetFlakeRootConfig.perInput system self);54 };55 };56 };57 };58 config = {59 # imports = [60 # (mkRemovedOptionModule ["nixosModules"] "replaced with hosts.*.nixos.imports.")61 # ];62 nixos = {63 config._module.args = {64 nixosHosts = mapAttrs (_: value: value.nixos.config) config.hosts;65 hosts = config.hosts;66 host = hostArgs.config;67 };68 };69 };70 });71 };72 imports = [73 (mkRemovedOptionModule ["nixosModules"] "replaced with nixos.imports.")74 ];75 config.nixos.imports =76 import ./nixos/module-list.nix;77}