git.delta.rocks / jrsonnet / refs/commits / 459a8464f4ff

difftreelog

fix secret generator should create $out themself

Yaroslav Bolyukin2024-05-13parent: #0920f04.patch.diff
in: trunk

1 file changed

modifiedlib/fleetLib.nixdiffbeforeafterboth
before · lib/fleetLib.nix
1# Shared functions for fleet configuration, available as `fleet` module argument2{3  nixpkgs,4  hostNames,5}:6with nixpkgs.lib; rec {7  hostsToAttrs = f:8    listToAttrs (9      map (name: {10        inherit name;11        value = f name;12      })13      hostNames14    );15  hostsCartesian = remove null (16    unique (17      crossLists18      (19        a: b:20          if a == b21          then null22          else hostsPair a b23      ) [hostNames hostNames]24    )25  );26  hostsPair = this: other: let27    sorted = sort (a: b: a < b) [this other];28  in {29    a = elemAt sorted 0;30    b = elemAt sorted 1;31  };32  hostPairName = this: other:33    if this < other34    then "${this}-${other}"35    else "${other}-${this}";3637  # mkDefault = mkOverride 100038  # For places, where fleet knows better than nixpkgs defaults.39  mkFleetDefault = mkOverride 999;40  # Some generators use mkDefault, but optionDefault is set by nixpkgs.41  mkFleetGeneratorDefault = mkOverride 1001;4243  mkPassword = {size ? 32}: {44    coreutils,45    encrypt,46    mkSecretGenerator,47  }:48    mkSecretGenerator {49      script = ''50        ${coreutils}/bin/tr -dc 'A-Za-z0-9!?%=' < /dev/random \51          | ${coreutils}/bin/head -c ${toString size} \52          | ${encrypt} > $out/secret53      '';54    };5556  mkRsa = {size ? 4096}: {57    openssl,58    encrypt,59    mkSecretGenerator,60  }:61    mkSecretGenerator {62      script = ''63        ${openssl}/bin/openssl genrsa -out rsa_private.key ${toString size}64        ${openssl}/bin/openssl rsa -in rsa_private.key -pubout -out rsa_public.key6566        sudo cat rsa_private.key | ${encrypt} > $out/secret67        sudo cat rsa_public.key > $out/public68      '';69    };70}
after · lib/fleetLib.nix
1# Shared functions for fleet configuration, available as `fleet` module argument2{3  nixpkgs,4  hostNames,5}:6with nixpkgs.lib; rec {7  hostsToAttrs = f:8    listToAttrs (9      map (name: {10        inherit name;11        value = f name;12      })13      hostNames14    );15  hostsCartesian = remove null (16    unique (17      crossLists18      (19        a: b:20          if a == b21          then null22          else hostsPair a b23      ) [hostNames hostNames]24    )25  );26  hostsPair = this: other: let27    sorted = sort (a: b: a < b) [this other];28  in {29    a = elemAt sorted 0;30    b = elemAt sorted 1;31  };32  hostPairName = this: other:33    if this < other34    then "${this}-${other}"35    else "${other}-${this}";3637  # mkDefault = mkOverride 100038  # For places, where fleet knows better than nixpkgs defaults.39  mkFleetDefault = mkOverride 999;40  # Some generators use mkDefault, but optionDefault is set by nixpkgs.41  mkFleetGeneratorDefault = mkOverride 1001;4243  mkPassword = {size ? 32}: {44    coreutils,45    encrypt,46    mkSecretGenerator,47  }:48    mkSecretGenerator {49      script = ''50        mkdir $out5152        ${coreutils}/bin/tr -dc 'A-Za-z0-9!?%=' < /dev/random \53          | ${coreutils}/bin/head -c ${toString size} \54          | ${encrypt} > $out/secret55      '';56    };5758  mkRsa = {size ? 4096}: {59    openssl,60    encrypt,61    mkSecretGenerator,62  }:63    mkSecretGenerator {64      script = ''65        mkdir $out6667        ${openssl}/bin/openssl genrsa -out rsa_private.key ${toString size}68        ${openssl}/bin/openssl rsa -in rsa_private.key -pubout -out rsa_public.key6970        sudo cat rsa_private.key | ${encrypt} > $out/secret71        sudo cat rsa_public.key > $out/public72      '';73    };74}