git.delta.rocks / jrsonnet / refs/commits / 757475fe4cab

--- a/Cargo.lock
+++ b/Cargo.lock
@@ -92,6 +92,8 @@
  "scrypt",
  "sha2",
  "subtle",
+ "which",
+ "wsl",
  "x25519-dalek",
  "zeroize",
 ]
@@ -111,6 +113,7 @@
  "rand 0.8.5",
  "secrecy",
  "sha2",
+ "tempfile",
 ]
 
 [[package]]
@@ -1286,6 +1289,15 @@
 ]
 
 [[package]]
+name = "home"
+version = "0.5.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf"
+dependencies = [
+ "windows-sys 0.59.0",
+]
+
+[[package]]
 name = "hostname"
 version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -3639,6 +3651,18 @@
 ]
 
 [[package]]
+name = "which"
+version = "4.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
+dependencies = [
+ "either",
+ "home",
+ "once_cell",
+ "rustix 0.38.40",
+]
+
+[[package]]
 name = "winapi"
 version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -3776,6 +3800,12 @@
 ]
 
 [[package]]
+name = "wsl"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8dab7ac864710bdea6594becbea5b5050333cf34fefb0dc319567eb347950d4"
+
+[[package]]
 name = "x25519-dalek"
 version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"

--- a/Cargo.toml
+++ b/Cargo.toml
@@ -11,7 +11,7 @@
 nix-eval = { path = "./crates/nix-eval" }
 nixlike = { path = "./crates/nixlike" }
 
-age = { version = "0.11", features = ["ssh"] }
+age = { version = "0.11", features = ["ssh", "plugin"] }
 anyhow = "1.0"
 clap = { version = "4.5", features = ["derive", "env", "unicode", "wrap_help"] }
 clap_complete = "4.5"

--- a/cmds/fleet/src/cmds/secrets/mod.rs
+++ b/cmds/fleet/src/cmds/secrets/mod.rs
@@ -23,6 +23,7 @@
 
 #[derive(Parser)]
 pub enum Secret {
+	AddManager,
 	/// Force load host keys for all defined hosts
 	ForceKeys,
 	/// Add secret, data should be provided in stdin
@@ -521,6 +522,9 @@
 impl Secret {
 	pub async fn run(self, config: &Config, opts: &FleetOpts) -> Result<()> {
 		match self {
+			Secret::AddManager => {
+				todo!("part of fleet-pusher")
+			}
 			Secret::ForceKeys => {
 				for host in config.list_hosts().await? {
 					if opts.should_skip(&host).await? {

--- a/crates/fleet-base/src/fleetdata.rs
+++ b/crates/fleet-base/src/fleetdata.rs
@@ -53,12 +53,22 @@
 
 #[derive(Serialize, Deserialize)]
 #[serde(rename_all = "camelCase")]
+pub struct ManagerKey {
+	pub name: String,
+	pub key: String,
+}
+
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
 pub struct FleetData {
 	pub version: FleetDataVersion,
 	#[serde(default = "generate_gc_prefix")]
 	pub gc_root_prefix: String,
 
 	#[serde(default)]
+	pub manager_keys: Vec<ManagerKey>,
+
+	#[serde(default)]
 	pub hosts: BTreeMap<String, HostData>,
 	#[serde(default)]
 	#[serde(skip_serializing_if = "BTreeMap::is_empty")]

--- a/modules/secrets-data.nix
+++ b/modules/secrets-data.nix
@@ -94,12 +94,28 @@
     };
     config = { };
   };
+  managerKey = {
+    options = {
+      name = mkOption {
+        type = str;
+        description = "Who does this manager key belongs to.";
+      };
+      key = mkOption {
+        type = str;
+        description = "Age-compatible key";
+      };
+    };
+    config = {};
+  };
 in
 {
   options.data = mkDataOption (
     { config, ... }:
     {
       options = {
+        managerKeys = mkOption {
+          type = listOf (submodule managerKey);
+        };
         sharedSecrets = mkOption {
           type = attrsOf (submodule sharedSecretData);
           default = { };

--- a/rust-toolchain.toml
+++ b/rust-toolchain.toml
@@ -1,3 +1,3 @@
 [toolchain]
-channel = "1.86.0"
+channel = "nightly-2025-06-10"
 components = ["rustfmt", "clippy", "rust-analyzer", "rust-src"]