diff options
| author |  Alexander Foremny <aforemny@posteo.de> | 2025-09-05 23:52:28 +0200 |
|---|---|---|
| committer | Alexander Foremny <aforemny@posteo.de> | 2025-09-05 23:52:28 +0200 |
| commit | 7132c52c038de995eb291070a4cda3eaf975635b (patch) | |
| tree | a8a2a438d03b0761454e11f50ccfe59e7850c87d /default.nix | |
| parent | adba5f32fdec0ca53937d571cd76f36e66fa6556 (diff) | |
another take on basic contracts
- adds "secret" consumer `nixosModules.userSecret`
- binds secret provider `testing.hardcodedSecret.rootPassword` with
secret consumer `users.users.root.passwordSecret`
Diffstat (limited to 'default.nix')
| -rw-r--r-- | default.nix | 59 |
1 files changed, 18 insertions, 41 deletions
diff --git a/default.nix b/default.nix index 5fe0306..03a67f4 100644 --- a/default.nix +++ b/default.nix @@ -3,47 +3,24 @@ }: with (import ./lib {}); eval { - machines.bob = { self, config, ... }: { - imports = [ - ./consumers/users.nix - ./contracts/secrets.nix - ./providers/asecret.nix - ]; - networking.hostName = "bob"; - asecret.secrets.provider = config.userPasswords.secrets; - userPasswords.secrets.consumer = config.asecret.secrets; - }; + machines.bob.imports = [ + ({ self, config, ... }: { + imports = [ + "${sources.nixpkgs}/nixos/modules/testing/hardcodedSecret.nix" + ./modules/userSecret.nix + ]; + networking.hostName = "bob"; + + testing.hardcodedSecret.rootPassword = { + secret.consumer = config.users.users.root.passwordSecret; + content = "nixos"; + }; + + users.users.root.passwordSecret.provider = + config.testing.hardcodedSecret.rootPassword.secret; + }) + ]; machines.alice = { networking.hostName = "alice"; }; -} // -(let - lib = pkgs.lib; - config = {}; -in -{ - test = - let - inherit ((import ./contracts/secrets.nix { - inherit lib; - }).contracts.secrets) behaviorTest; - in - pkgs.testers.runNixOSTest ({ - name = "contracts-filebackup-restic"; - meta.maintainers = [ lib.maintainers.ibizaman ]; - # I tried using the following line but it leads to infinite recursion. - # Instead, I made a hacky import. pkgs.callPackage was also giving an - # infinite recursion. - # - # } // config.contracts.secret.behaviorTest { - # - } // behaviorTest { - providerRoot = [ "testing" "asecret" "mysecret" "secret" ]; - extraModules = [ - ./providers/asecret.nix - ({ config, ... }: { - testing.asecret.mysecret.content = config.test.content; - }) - ]; - }); -}) +} |