`ffbc7e982cb4`

6 files changed

modifiedcmds/fleet/src/cmds/secrets/mod.rsdiff before after both

265	let generator = nix_go!(secret.generator);265	let generator = nix_go!(secret.generator);
266	let on: Option<String> = nix_go_json!(default_generator.impureOn);266	let on: Option<String> = nix_go_json!(default_generator.impureOn);
267
268	let nixpkgs = &config.nixpkgs;
267269
268	let host = if let Some(on) = &on {270	let host = if let Some(on) = &on {
269		config.host(on).await?271		config.host(on).await?
270	} else {272	} else {
271		config.local_host()273		config.local_host()
272	};274	};
273	let on_pkgs = host.pkgs().await?;275	let on_pkgs = host.pkgs().await?;
274	let call_package = nix_go!(on_pkgs.callPackage);
275	let mk_secret_generators = nix_go!(on_pkgs.mkSecretGenerators);276	let mk_secret_generators = nix_go!(on_pkgs.mkSecretGenerators);
276277
277	let mut recipients = Vec::new();278	let mut recipients = Vec::new();
280		recipients.push(key);281		recipients.push(key);
281	}282	}
282	let generators = nix_go!(mk_secret_generators(Obj { recipients }));283	let generators = nix_go!(mk_secret_generators(Obj { recipients }));
284	let pkgs_and_generators = nix_go!(on_pkgs + generators);
285
286	let call_package = nix_go!(nixpkgs.lib.callPackageWith(pkgs_and_generators));
283287
284	let generator = nix_go!(call_package(generator)(generators));288	let generator = nix_go!(call_package(generator)(Obj {}));
285289
286	let generator = generator.build_maybe_batch(batch).await?;290	let generator = generator.build_maybe_batch(batch).await?;
287	let generator = generator291	let generator = generator
353			bail!("generator should be lambda, got {gen_ty}");357			bail!("generator should be lambda, got {gen_ty}");
354		}358		}
355	}359	}
360	let nixpkgs = &config.nixpkgs;
356	let default_pkgs = &config.default_pkgs;361	let default_pkgs = &config.default_pkgs;
357	let default_call_package = nix_go!(default_pkgs.callPackage);
358	let default_mk_secret_generators = nix_go!(default_pkgs.mkSecretGenerators);362	let default_mk_secret_generators = nix_go!(default_pkgs.mkSecretGenerators);
359	// Generators provide additional information in passthru, to access363	// Generators provide additional information in passthru, to access
360	// passthru we should call generator, but information about where this generator is supposed to build364	// passthru we should call generator, but information about where this generator is supposed to build
367	let generators = nix_go!(default_mk_secret_generators(Obj {371	let generators = nix_go!(default_mk_secret_generators(Obj {
368		recipients: <Vec<String>>::new(),372		recipients: <Vec<String>>::new(),
369	}));373	}));
374	let pkgs_and_generators = nix_go!(default_pkgs + generators);
375
376	let call_package = nix_go!(nixpkgs.lib.callPackageWith(pkgs_and_generators));
370	let default_generator = nix_go!(default_call_package(generator)(generators));377	let default_generator = nix_go!(call_package(generator)(Obj {}));
371378
372	let kind: GeneratorKind = nix_go_json!(default_generator.generatorKind);379	let kind: GeneratorKind = nix_go_json!(default_generator.generatorKind);
373380

modifiedcrates/fleet-base/src/host.rsdiff before after both

--- a/crates/fleet-base/src/host.rs
+++ b/crates/fleet-base/src/host.rs
@@ -34,6 +34,7 @@
 
 	/// import nixpkgs {system = local};
 	pub default_pkgs: Value,
+	pub nixpkgs: Value,
 
 	pub nix_session: NixSession,
 }

modifiedcrates/fleet-base/src/opts.rsdiff before after both

--- a/crates/fleet-base/src/opts.rs
+++ b/crates/fleet-base/src/opts.rs
@@ -225,6 +225,7 @@
 			nix_args,
 			config_field,
 			default_pkgs,
+			nixpkgs,
 			localhost: self.localhost.to_owned(),
 		})))
 	}

modifiedcrates/nix-eval/src/macros.rsdiff before after both

--- a/crates/nix-eval/src/macros.rs
+++ b/crates/nix-eval/src/macros.rs
@@ -231,6 +231,9 @@
 	(@o($o:ident) | $($var:tt)*) => {
 		$o.push(Index::Pipe($crate::nix_expr_inner!($($var)+)));
 	};
+	(@o($o:ident) + $($var:tt)*) => {
+		$o.push(Index::Merge($crate::nix_expr_inner!($($var)+)));
+	};
 	(@o($o:ident)) => {};
 	($field:ident $($tt:tt)+) => {{
 		use $crate::{nix_go, Index};

modifiedcrates/nix-eval/src/value.rsdiff before after both

--- a/crates/nix-eval/src/value.rs
+++ b/crates/nix-eval/src/value.rs
@@ -15,6 +15,7 @@
 	Expr(NixExprBuilder),
 	ExprApply(NixExprBuilder),
 	Pipe(NixExprBuilder),
+	Merge(NixExprBuilder),
 }
 impl Index {
 	pub fn var(v: impl AsRef<str>) -> Self {
@@ -56,6 +57,9 @@
 			Index::Pipe(e) => {
 				write!(f, "<map>({})", e.out)
 			}
+			Index::Merge(e) => {
+				write!(f, "//({})", e.out)
+			}
 		}
 	}
 }
@@ -157,6 +161,12 @@
 					let index = format!("sess_field_{}", index.0.value.expect("value"));
 					query = format!("({index} {query})");
 				}
+				Index::Merge(v) => {
+					let index = Value::new(self.0.session.clone(), &v.out).await?;
+					used_fields.push(index.clone());
+					let index = format!("sess_field_{}", index.0.value.expect("value"));
+					query = format!("({query} // {index})");
+				}
 			}
 		}

modifiedlib/default.nixdiff before after both

--- a/lib/default.nix
+++ b/lib/default.nix
@@ -46,7 +46,6 @@
     mkPassword = {size ? 32}: {
       coreutils,
       mkSecretGenerator,
-      ...
     }:
       mkSecretGenerator {
         script = ''
@@ -58,7 +57,7 @@
     mkEd25519 = {
       noEmbedPublic ? false,
       encoding ? null,
-    }: {mkSecretGenerator, ...}:
+    }: {mkSecretGenerator}:
       mkSecretGenerator {
         script = ''
           mkdir $out
@@ -68,7 +67,7 @@
         '';
       };
 
-    mkX25519 = {encoding ? null}: {mkSecretGenerator, ...}:
+    mkX25519 = {encoding ? null}: {mkSecretGenerator}:
       mkSecretGenerator {
         script = ''
           mkdir $out
@@ -80,7 +79,6 @@
     mkRsa = {size ? 4096}: {
       openssl,
       mkSecretGenerator,
-      ...
     }:
       mkSecretGenerator {
         script = ''
@@ -98,7 +96,7 @@
       count ? 32,
       encoding,
       noNuls ? false,
-    }: {mkSecretGenerator, ...}:
+    }: {mkSecretGenerator}:
       mkSecretGenerator {
         script = ''
           mkdir $out