difftreelog
build upgrade nixpkgs
in: trunk
4 files changed
flake.lockdiffbeforeafterboth--- a/flake.lock
+++ b/flake.lock
@@ -17,11 +17,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1632011270,
- "narHash": "sha256-UyEYSWTKB3boKu5JX/TrQtnAgaYvfSWT61VU8ZT1juk=",
+ "lastModified": 1633629671,
+ "narHash": "sha256-1IItATjckflBBAFDm9C0v/pg9b9BvKMj0mT/NDKZkJE=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "7f59b4b5295b58659064a91d0bcc8e8a11d0b351",
+ "rev": "471980fd33961a6b893041774a9633811d03354f",
"type": "github"
},
"original": {
@@ -41,11 +41,11 @@
"rust-overlay": {
"flake": false,
"locked": {
- "lastModified": 1631758650,
- "narHash": "sha256-7OAtO2V8omtPaoFBASTfPA5m8MzN5LX8agk0k5p8dH0=",
+ "lastModified": 1633573101,
+ "narHash": "sha256-h9NFLA4VLYfa5Cjkwkbq/8N0/wy9bJ7xiIeLE9bjh4g=",
"owner": "oxalica",
"repo": "rust-overlay",
- "rev": "4e79ebf67452cca4ae938180728f9f513e828d5b",
+ "rev": "3131abe7900b142eca189806f51fcc3c475ed072",
"type": "github"
},
"original": {
flake.nixdiffbeforeafterboth--- a/flake.nix
+++ b/flake.nix
@@ -24,6 +24,7 @@
rust
cargo-edit
cargo-udeps
+ cargo-fuzz
pkgconfig
openssl
lib/default.nixdiffbeforeafterboth--- a/lib/default.nix
+++ b/lib/default.nix
@@ -19,10 +19,12 @@
map
(
name: {
- inherit name; value = nixpkgs.lib.nixosSystem {
- system = configuredHosts.${name}.system;
- modules = configuredHosts.${name}.modules;
- };
+ inherit name;
+ value = nixpkgs.lib.nixosSystem {
+ system = configuredHosts.${name}.system;
+ modules = configuredHosts.${name}.modules;
+ pkgs = import nixpkgs { system = configuredHosts.${name}.system; };
+ };
}
)
(builtins.attrNames root.config.hosts)
modules/fleet/secrets.nixdiffbeforeafterboth1{ lib, fleet, config, ... }: with lib;2let3 sharedSecret = with types; {4 options = {5 owners = mkOption {6 type = listOf str;7 description = ''8 List of hosts to encrypt secret for910 Secrets would be decrypted and stored to /run/secrets/$\{name} on owners11 '';12 };13 generator = mkOption {14 type = package;15 description = "Derivation to execute for secret generation";16 };17 expireIn = mkOption {18 type = nullOr int;19 description = "Time in hours, in which this secret should be regenerated";20 default = null;21 };22 public = mkOption {23 type = nullOr str;24 description = "Secret public data";25 default = null;26 };27 secret = mkOption {28 type = str;29 description = "Encrypted secret data";30 };31 };32 };33 hostSecret = with types; {34 options = {35 generator = mkOption {36 type = package;37 description = "Derivation to execute for secret generation";38 };39 expireIn = mkOption {40 type = nullOr int;41 description = "Time in hours, in which this secret should be regenerated";42 default = null;43 };44 public = mkOption {45 type = nullOr str;46 description = "Secret public data";47 default = null;48 };49 secret = mkOption {50 type = str;51 description = "Encrypted secret data";52 };53 };54 };55in56{57 options = with types; {58 sharedSecrets = mkOption {59 type = attrsOf (submodule sharedSecret);60 default = { };61 description = "Shared secrets";62 };63 hostSecrets = mkOption {64 type = attrsOf (attrsOf (submodule hostSecret));65 default = { };66 description = "Host secrets";67 };68 };69 config = with fleet; {70 hosts = hostsToAttrs (host: {71 modules =72 let73 cleanupSecret = (secretName: v: {74 inherit (v) public secret;75 });76 in77 [78 {79 secrets = (mapAttrs cleanupSecret80 (filterAttrs (_: v: builtins.elem host v.owners) config.sharedSecrets)81 ) // (mapAttrs cleanupSecret (if config.hostSecrets ? host then config.hostSecrets.${host} else {}));82 }83 ];84 });85 };86}1{ lib, fleet, config, ... }: with lib;2let3 sharedSecret = with types; {4 options = {5 owners = mkOption {6 type = listOf str;7 description = ''8 List of hosts to encrypt secret for910 Secrets would be decrypted and stored to /run/secrets/$\{name} on owners11 '';12 };13 generator = mkOption {14 type = package;15 description = "Derivation to execute for secret generation";16 };17 expireIn = mkOption {18 type = nullOr int;19 description = "Time in hours, in which this secret should be regenerated";20 default = null;21 };22 public = mkOption {23 type = nullOr str;24 description = "Secret public data";25 default = null;26 };27 secret = mkOption {28 type = str;29 description = "Encrypted secret data";30 };31 };32 };33 hostSecret = with types; {34 options = {35 generator = mkOption {36 type = package;37 description = "Derivation to execute for secret generation";38 };39 expireIn = mkOption {40 type = nullOr int;41 description = "Time in hours, in which this secret should be regenerated";42 default = null;43 };44 public = mkOption {45 type = nullOr str;46 description = "Secret public data";47 default = null;48 };49 secret = mkOption {50 type = str;51 description = "Encrypted secret data";52 };53 };54 };55in56{57 options = with types; {58 sharedSecrets = mkOption {59 type = attrsOf (submodule sharedSecret);60 default = { };61 description = "Shared secrets";62 };63 hostSecrets = mkOption {64 type = attrsOf (attrsOf (submodule hostSecret));65 default = { };66 description = "Host secrets";67 };68 };69 config = with fleet; {70 hosts = hostsToAttrs (host: {71 modules =72 let73 cleanupSecret = (secretName: v: {74 inherit (v) public secret;75 });76 in77 [78 {79 secrets = (mapAttrs cleanupSecret80 (filterAttrs (_: v: builtins.elem host v.owners) config.sharedSecrets)81 ) // (mapAttrs cleanupSecret (config.hostSecrets.${host} or {}));82 }83 ];84 });85 };86}