git.delta.rocks / jrsonnet / refs/commits / ffbc7e982cb4

difftreelog

fix do not require wildcard with callPackage

Yaroslav Bolyukin2024-12-08parent: #3b8059d.patch.diff
in: trunk

6 files changed

modifiedcmds/fleet/src/cmds/secrets/mod.rsdiffbeforeafterboth
--- a/cmds/fleet/src/cmds/secrets/mod.rs
+++ b/cmds/fleet/src/cmds/secrets/mod.rs
@@ -265,13 +265,14 @@
 	let generator = nix_go!(secret.generator);
 	let on: Option<String> = nix_go_json!(default_generator.impureOn);
 
+	let nixpkgs = &config.nixpkgs;
+
 	let host = if let Some(on) = &on {
 		config.host(on).await?
 	} else {
 		config.local_host()
 	};
 	let on_pkgs = host.pkgs().await?;
-	let call_package = nix_go!(on_pkgs.callPackage);
 	let mk_secret_generators = nix_go!(on_pkgs.mkSecretGenerators);
 
 	let mut recipients = Vec::new();
@@ -280,8 +281,11 @@
 		recipients.push(key);
 	}
 	let generators = nix_go!(mk_secret_generators(Obj { recipients }));
+	let pkgs_and_generators = nix_go!(on_pkgs + generators);
+
+	let call_package = nix_go!(nixpkgs.lib.callPackageWith(pkgs_and_generators));
 
-	let generator = nix_go!(call_package(generator)(generators));
+	let generator = nix_go!(call_package(generator)(Obj {}));
 
 	let generator = generator.build_maybe_batch(batch).await?;
 	let generator = generator
@@ -353,8 +357,8 @@
 			bail!("generator should be lambda, got {gen_ty}");
 		}
 	}
+	let nixpkgs = &config.nixpkgs;
 	let default_pkgs = &config.default_pkgs;
-	let default_call_package = nix_go!(default_pkgs.callPackage);
 	let default_mk_secret_generators = nix_go!(default_pkgs.mkSecretGenerators);
 	// Generators provide additional information in passthru, to access
 	// passthru we should call generator, but information about where this generator is supposed to build
@@ -367,7 +371,10 @@
 	let generators = nix_go!(default_mk_secret_generators(Obj {
 		recipients: <Vec<String>>::new(),
 	}));
-	let default_generator = nix_go!(default_call_package(generator)(generators));
+	let pkgs_and_generators = nix_go!(default_pkgs + generators);
+
+	let call_package = nix_go!(nixpkgs.lib.callPackageWith(pkgs_and_generators));
+	let default_generator = nix_go!(call_package(generator)(Obj {}));
 
 	let kind: GeneratorKind = nix_go_json!(default_generator.generatorKind);
modifiedcrates/fleet-base/src/host.rsdiffbeforeafterboth
--- a/crates/fleet-base/src/host.rs
+++ b/crates/fleet-base/src/host.rs
@@ -34,6 +34,7 @@
 
 	/// import nixpkgs {system = local};
 	pub default_pkgs: Value,
+	pub nixpkgs: Value,
 
 	pub nix_session: NixSession,
 }
modifiedcrates/fleet-base/src/opts.rsdiffbeforeafterboth
--- a/crates/fleet-base/src/opts.rs
+++ b/crates/fleet-base/src/opts.rs
@@ -225,6 +225,7 @@
 			nix_args,
 			config_field,
 			default_pkgs,
+			nixpkgs,
 			localhost: self.localhost.to_owned(),
 		})))
 	}
modifiedcrates/nix-eval/src/macros.rsdiffbeforeafterboth
--- a/crates/nix-eval/src/macros.rs
+++ b/crates/nix-eval/src/macros.rs
@@ -231,6 +231,9 @@
 	(@o($o:ident) | $($var:tt)*) => {
 		$o.push(Index::Pipe($crate::nix_expr_inner!($($var)+)));
 	};
+	(@o($o:ident) + $($var:tt)*) => {
+		$o.push(Index::Merge($crate::nix_expr_inner!($($var)+)));
+	};
 	(@o($o:ident)) => {};
 	($field:ident $($tt:tt)+) => {{
 		use $crate::{nix_go, Index};
modifiedcrates/nix-eval/src/value.rsdiffbeforeafterboth
--- a/crates/nix-eval/src/value.rs
+++ b/crates/nix-eval/src/value.rs
@@ -15,6 +15,7 @@
 	Expr(NixExprBuilder),
 	ExprApply(NixExprBuilder),
 	Pipe(NixExprBuilder),
+	Merge(NixExprBuilder),
 }
 impl Index {
 	pub fn var(v: impl AsRef<str>) -> Self {
@@ -56,6 +57,9 @@
 			Index::Pipe(e) => {
 				write!(f, "<map>({})", e.out)
 			}
+			Index::Merge(e) => {
+				write!(f, "//({})", e.out)
+			}
 		}
 	}
 }
@@ -157,6 +161,12 @@
 					let index = format!("sess_field_{}", index.0.value.expect("value"));
 					query = format!("({index} {query})");
 				}
+				Index::Merge(v) => {
+					let index = Value::new(self.0.session.clone(), &v.out).await?;
+					used_fields.push(index.clone());
+					let index = format!("sess_field_{}", index.0.value.expect("value"));
+					query = format!("({query} // {index})");
+				}
 			}
 		}
modifiedlib/default.nixdiffbeforeafterboth
before · lib/default.nix
1# Shared functions for fleet configuration, available as `fleet` module argument2{lib}: let3  inherit (lib.trivial) isFunction;4  inherit (lib.options) mkOption mergeOneOption;5  inherit (lib.modules) mkOverride;6  inherit (lib.types) listOf submodule attrsOf mkOptionType;7  inherit (lib.strings) optionalString hasPrefix removePrefix;8in rec {9  types = {10    overlay = mkOptionType {11      name = "nixpkgs-overlay";12      description = "nixpkgs overlay";13      check = isFunction;14      merge = mergeOneOption;15    };16    listOfOverlay = listOf types.overlay;1718    mkHostsType = module: attrsOf (submodule module);19    mkDataType = module: submodule module;20  };2122  options = {23    mkHostsOption = module:24      mkOption {25        type = types.mkHostsType module;26      };27    mkDataOption = module:28      mkOption {29        type = types.mkDataType module;30      };31  };3233  inherit (options) mkHostsOption;3435  modules = {36    # mkDefault = mkOverride 100037    # For places, where fleet knows better than nixpkgs defaults.38    mkFleetDefault = mkOverride 999;39    # Some generators use mkDefault, but optionDefault is set by nixpkgs.40    mkFleetGeneratorDefault = mkOverride 1001;41  };4243  inherit (modules) mkFleetDefault mkFleetGeneratorDefault;4445  secrets = {46    mkPassword = {size ? 32}: {47      coreutils,48      mkSecretGenerator,49      ...50    }:51      mkSecretGenerator {52        script = ''53          mkdir $out54          gh generate password -o $out/secret --size ${toString size}55        '';56      };5758    mkEd25519 = {59      noEmbedPublic ? false,60      encoding ? null,61    }: {mkSecretGenerator, ...}:62      mkSecretGenerator {63        script = ''64          mkdir $out65          gh generate ed25519 -p $out/public -s $out/secret \66            ${optionalString noEmbedPublic "--no-embed-public"} \67            ${optionalString (encoding != null) "--encoding=${encoding}"}68        '';69      };7071    mkX25519 = {encoding ? null}: {mkSecretGenerator, ...}:72      mkSecretGenerator {73        script = ''74          mkdir $out75          gh generate x25519 -p $out/public -s $out/secret \76            ${optionalString (encoding != null) "--encoding=${encoding}"}77        '';78      };7980    mkRsa = {size ? 4096}: {81      openssl,82      mkSecretGenerator,83      ...84    }:85      mkSecretGenerator {86        script = ''87          mkdir $out8889          ${openssl}/bin/openssl genrsa -out rsa_private.key ${toString size}90          ${openssl}/bin/openssl rsa -in rsa_private.key -pubout -out rsa_public.key9192          cat rsa_private.key | gh private -o $out/secret93          cat rsa_public.key | gh public -o $out/public94        '';95      };9697    mkBytes = {98      count ? 32,99      encoding,100      noNuls ? false,101    }: {mkSecretGenerator, ...}:102      mkSecretGenerator {103        script = ''104          mkdir $out105          gh generate bytes --count=${toString count} --encoding=${encoding} -o $out/secret \106            ${optionalString noNuls "--no-nuls"}107        '';108      };109    mkHexBytes = {count ? 32}:110      mkBytes {111        inherit count;112        encoding = "hex";113      };114    mkBase64Bytes = {count ? 32}:115      mkBytes {116        inherit count;117        encoding = "base64";118      };119120    # Wireguard121    # mkWireguard = {}: mkX25519 {encoding = "base64";};122    # mkWireguardPsk = {}: mkBase64Bytes {count = 32;};123  };124125  inherit (secrets) mkPassword mkEd25519 mkX25519 mkRsa mkBytes mkHexBytes mkBase64Bytes;126127  strings = let128    plaintextPrefix = "<PLAINTEXT>";129    plaintextNewlinePrefix = "<PLAINTEXT-NL>";130  in {131    decodeRawSecret = raw:132      if hasPrefix plaintextPrefix raw133      then removePrefix plaintextPrefix raw134      else if hasPrefix plaintextNewlinePrefix raw135      then removePrefix plaintextNewlinePrefix raw136      else throw "decodeRawSecret only works with plaintext-encoded secret public parts, got ${raw}";137  };138139  inherit (strings) decodeRawSecret;140}
after · lib/default.nix
1# Shared functions for fleet configuration, available as `fleet` module argument2{lib}: let3  inherit (lib.trivial) isFunction;4  inherit (lib.options) mkOption mergeOneOption;5  inherit (lib.modules) mkOverride;6  inherit (lib.types) listOf submodule attrsOf mkOptionType;7  inherit (lib.strings) optionalString hasPrefix removePrefix;8in rec {9  types = {10    overlay = mkOptionType {11      name = "nixpkgs-overlay";12      description = "nixpkgs overlay";13      check = isFunction;14      merge = mergeOneOption;15    };16    listOfOverlay = listOf types.overlay;1718    mkHostsType = module: attrsOf (submodule module);19    mkDataType = module: submodule module;20  };2122  options = {23    mkHostsOption = module:24      mkOption {25        type = types.mkHostsType module;26      };27    mkDataOption = module:28      mkOption {29        type = types.mkDataType module;30      };31  };3233  inherit (options) mkHostsOption;3435  modules = {36    # mkDefault = mkOverride 100037    # For places, where fleet knows better than nixpkgs defaults.38    mkFleetDefault = mkOverride 999;39    # Some generators use mkDefault, but optionDefault is set by nixpkgs.40    mkFleetGeneratorDefault = mkOverride 1001;41  };4243  inherit (modules) mkFleetDefault mkFleetGeneratorDefault;4445  secrets = {46    mkPassword = {size ? 32}: {47      coreutils,48      mkSecretGenerator,49    }:50      mkSecretGenerator {51        script = ''52          mkdir $out53          gh generate password -o $out/secret --size ${toString size}54        '';55      };5657    mkEd25519 = {58      noEmbedPublic ? false,59      encoding ? null,60    }: {mkSecretGenerator}:61      mkSecretGenerator {62        script = ''63          mkdir $out64          gh generate ed25519 -p $out/public -s $out/secret \65            ${optionalString noEmbedPublic "--no-embed-public"} \66            ${optionalString (encoding != null) "--encoding=${encoding}"}67        '';68      };6970    mkX25519 = {encoding ? null}: {mkSecretGenerator}:71      mkSecretGenerator {72        script = ''73          mkdir $out74          gh generate x25519 -p $out/public -s $out/secret \75            ${optionalString (encoding != null) "--encoding=${encoding}"}76        '';77      };7879    mkRsa = {size ? 4096}: {80      openssl,81      mkSecretGenerator,82    }:83      mkSecretGenerator {84        script = ''85          mkdir $out8687          ${openssl}/bin/openssl genrsa -out rsa_private.key ${toString size}88          ${openssl}/bin/openssl rsa -in rsa_private.key -pubout -out rsa_public.key8990          cat rsa_private.key | gh private -o $out/secret91          cat rsa_public.key | gh public -o $out/public92        '';93      };9495    mkBytes = {96      count ? 32,97      encoding,98      noNuls ? false,99    }: {mkSecretGenerator}:100      mkSecretGenerator {101        script = ''102          mkdir $out103          gh generate bytes --count=${toString count} --encoding=${encoding} -o $out/secret \104            ${optionalString noNuls "--no-nuls"}105        '';106      };107    mkHexBytes = {count ? 32}:108      mkBytes {109        inherit count;110        encoding = "hex";111      };112    mkBase64Bytes = {count ? 32}:113      mkBytes {114        inherit count;115        encoding = "base64";116      };117118    # Wireguard119    # mkWireguard = {}: mkX25519 {encoding = "base64";};120    # mkWireguardPsk = {}: mkBase64Bytes {count = 32;};121  };122123  inherit (secrets) mkPassword mkEd25519 mkX25519 mkRsa mkBytes mkHexBytes mkBase64Bytes;124125  strings = let126    plaintextPrefix = "<PLAINTEXT>";127    plaintextNewlinePrefix = "<PLAINTEXT-NL>";128  in {129    decodeRawSecret = raw:130      if hasPrefix plaintextPrefix raw131      then removePrefix plaintextPrefix raw132      else if hasPrefix plaintextNewlinePrefix raw133      then removePrefix plaintextNewlinePrefix raw134      else throw "decodeRawSecret only works with plaintext-encoded secret public parts, got ${raw}";135  };136137  inherit (strings) decodeRawSecret;138}