--- a/crates/nix-eval/Cargo.toml +++ b/crates/nix-eval/Cargo.toml @@ -16,9 +16,9 @@ cxx = "1.0.168" itertools = "0.14.0" test-log = { version = "0.2.18", features = ["trace"] } +tokio.workspace = true tracing-indicatif = { version = "0.3.13", optional = true } vte = { version = "0.15.0", features = ["ansi"] } -tokio.workspace = true [build-dependencies] bindgen = "0.72.0" --- a/crates/nix-eval/src/lib.rs +++ b/crates/nix-eval/src/lib.rs @@ -307,9 +307,8 @@ } } -static GLOBAL_STATE: LazyLock = LazyLock::new(|| { - GlobalState::new().expect("global state init shouldn't fail") -}); +static GLOBAL_STATE: LazyLock = + LazyLock::new(|| GlobalState::new().expect("global state init shouldn't fail")); thread_local! { static THREAD_STATE: RefCell = RefCell::new(ThreadState::new().expect("thread state init shouldn't fail")); @@ -965,7 +964,9 @@ let runtime = TOKIO_FOR_NIX .get() .expect("init_tokio_for_nix was not called"); - std::thread::spawn(move || runtime.block_on(f)).join().expect("await_in_nix inner thread panicked") + std::thread::spawn(move || runtime.block_on(f)) + .join() + .expect("await_in_nix inner thread panicked") } unsafe extern "C" fn nix_primop_closure_adapter( --- a/modules/nixos.nix +++ b/modules/nixos.nix @@ -10,7 +10,12 @@ let inherit (lib.attrsets) mapAttrs; inherit (lib.options) mkOption; - inherit (lib.types) deferredModule unspecified uniq str; + inherit (lib.types) + deferredModule + unspecified + uniq + str + ; inherit (lib.strings) escapeNixIdentifier; inherit (fleetLib.options) mkHostsOption; @@ -24,92 +29,102 @@ ''; type = deferredModule; }; - hosts = mkHostsOption (hostArgs: let - hostName = hostArgs.config._module.args.name; - in { - inherit _file; - options = { - name = mkOption { - description = '' - Host name (alias) - ''; - type = uniq str; - default = hostName; + hosts = mkHostsOption ( + hostArgs: + let + hostName = hostArgs.config._module.args.name; + in + { + inherit _file; + options = { + name = mkOption { + description = '' + Host name (alias) + ''; + type = uniq str; + default = hostName; + }; + nixos = mkOption { + description = '' + Nixos configuration for the current host. + ''; + type = deferredModule; + apply = + module: + let + modulesPath = "${config.nixpkgs.buildUsing}/nixos/modules"; + baseModules = (import "${modulesPath}/module-list.nix"); + modules = baseModules ++ [ + (module // { key = "attr"; }) + (config.nixos // { key = "attr"; }) + ]; + in + config.nixpkgs.buildUsing.lib.evalModules { + class = "nixos"; + prefix = [ + "fleetConfiguration" + "hosts" + hostName + "nixos" + ]; + inherit modules; + specialArgs = { + inherit + fleetLib + inputs + self + modulesPath + baseModules + modules + ; + noUserModules = baseModules; + extraModules = [ ]; + }; + }; + }; + nixos_unchecked = mkOption { + type = unspecified; + }; }; - nixos = mkOption { - description = '' - Nixos configuration for the current host. - ''; - type = deferredModule; - apply = - module: + config = { + nixos = let - modulesPath = "${config.nixpkgs.buildUsing}/nixos/modules"; + inherit (hostArgs.config) system; in - config.nixpkgs.buildUsing.lib.evalModules { - class = "nixos"; - prefix = [ - "fleetConfiguration" - "hosts" - hostName - "nixos" - ]; - modules = (import "${modulesPath}/module-list.nix") ++ [ - (module // { key = "attr"; }) - (config.nixos // { key = "attr"; }) - ]; - specialArgs = { - inherit - fleetLib - inputs - self - modulesPath - ; - }; - }; - }; - nixos_unchecked = mkOption { - type = unspecified; - }; - }; - config = { - nixos = - let - inherit (hostArgs.config) system; - in - { - _module.args = { - nixosHosts = mapAttrs (_: value: value.nixos_unchecked.config) config.hosts; - hosts = config.hosts; - host = hostArgs.config; - fleetConfiguration = config; + { + _module.args = { + nixosHosts = mapAttrs (_: value: value.nixos_unchecked.config) config.hosts; + hosts = config.hosts; + host = hostArgs.config; + fleetConfiguration = config; - inputs' = mapAttrs ( - inputName: input: - builtins.addErrorContext - "while retrieving system-dependent attributes for input ${escapeNixIdentifier inputName}" - ( - if input._type or null == "flake" then - _fleetFlakeRootConfig.perInput system input - else - "input is not a flake, perhaps flake = false was added to te input declaration?" - ) - ) inputs; - self' = builtins.addErrorContext "while retrieving system-dependent attributes for a flake's own outputs" ( - _fleetFlakeRootConfig.perInput system self - ); + inputs' = mapAttrs ( + inputName: input: + builtins.addErrorContext + "while retrieving system-dependent attributes for input ${escapeNixIdentifier inputName}" + ( + if input._type or null == "flake" then + _fleetFlakeRootConfig.perInput system input + else + "input is not a flake, perhaps flake = false was added to te input declaration?" + ) + ) inputs; + self' = builtins.addErrorContext "while retrieving system-dependent attributes for a flake's own outputs" ( + _fleetFlakeRootConfig.perInput system self + ); + }; + nixpkgs.hostPlatform = system; }; - nixpkgs.hostPlatform = system; + nixos_unchecked = hostArgs.config.nixos.extendModules { + modules = [ + { + _module.check = false; + } + ]; }; - nixos_unchecked = hostArgs.config.nixos.extendModules { - modules = [ - { - _module.check = false; - } - ]; }; - }; - }); + } + ); }; config.nixos.imports = import ./nixos/module-list.nix; } --- a/modules/nixos/secrets.nix +++ b/modules/nixos/secrets.nix @@ -142,7 +142,7 @@ List of shared secrets, for which the current host was specified as `expectedOwners` ''; type = listOf str; - default = []; + default = [ ]; internal = true; }; secrets = mkOption { @@ -189,10 +189,7 @@ { assertion = (secret.definition.generator == "shared") == hasSharedDefinition - && ( - hasSharedDefinition - -> (elem host.name fleetConfiguration.secrets.${name}.expectedOwners) - ); + && (hasSharedDefinition -> (elem host.name fleetConfiguration.secrets.${name}.expectedOwners)); message = if hasSharedDefinition then "secret ${name} has host-specific secret generator, secrets with host-specific generators can not have shared generator in fleet configuration" --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -83,9 +83,13 @@ }; }; config = { - nixos = {host, ...}: { - _providedSharedSecrets = filter (name: elem host.name config.secrets.${name}.expectedOwners) (attrNames config.secrets); - }; + nixos = + { host, ... }: + { + _providedSharedSecrets = filter (name: elem host.name config.secrets.${name}.expectedOwners) ( + attrNames config.secrets + ); + }; nixpkgs.overlays = [ (final: prev: { mkSecretGenerators =