nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-13 15:43:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
82785b7c60
nixpkgs/nixos/lib/utils.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

440 lines
13 KiB
Nix
Raw Normal View History

Avoid top-level `with ...;` in nixos/lib/utils.nix
2024-03-28 05:02:32 +00:00
{
lib,
config,
pkgs,
}:
let
inherit (lib)
any
attrNames
concatMapStringsSep
concatStringsSep
elem
escapeShellArg
filter
flatten
getName
hasPrefix
hasSuffix
imap0
imap1
isAttrs
isDerivation
isFloat
isInt
isList
isPath
isString
listToAttrs
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
mapAttrs
Avoid top-level `with ...;` in nixos/lib/utils.nix
2024-03-28 05:02:32 +00:00
nameValuePair
optionalString
removePrefix
removeSuffix
replaceStrings
stringToCharacters
types
;
inherit (lib.strings) toJSON normalizePath escapeC;
in
Move escapeSystemdPath to lib/utils.nix The new file ‘utils.nix’ is intended for NixOS-specific library functions (i.e. stuff that shouldn't go into Nixpkgs' lib/).
2012-10-12 21:01:49 +00:00
systemd: add a name option to all systemd units This allows us to set things like dependencies in a way that we can catch typos at eval time. So instead of ```nix systemd.services.foo.wants = [ "bar.service" ]; ``` we can write ```nix systemd.services.foo.wants = [ config.systemd.services.bar.name ]; ``` which will throw an error if no such service has been defined. Not all cases can be done like this (eg template services), but in a lot of cases this will allow to avoid typos. There is a matching option on the unit option (`systemd.units."foo.service".name`) as well.
2024-03-21 13:52:12 +00:00
let
utils = rec {
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/{containers,cri-o,podman}: move copyFile to nixos/lib/utils
2020-08-16 12:34:26 +00:00
# Copy configuration files to avoid having the entire sources in the system closure
Avoid top-level `with ...;` in nixos/lib/utils.nix
2024-03-28 05:02:32 +00:00
copyFile =
filePath:
pkgs.runCommand (builtins.unsafeDiscardStringContext (baseNameOf filePath)) { } ''
nixos/{containers,cri-o,podman}: move copyFile to nixos/lib/utils
2020-08-16 12:34:26 +00:00
cp ${filePath} $out
'';
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/boot: some documentation improvements - Give a more accurate description of how fileSystems.<name/>.neededForBoot works - Give a more detailed description of how fileSystems.<name/>.encrypted.keyFile works
2020-07-27 00:05:21 +00:00
# Check whenever fileSystem is needed for boot. NOTE: Make sure
# pathsNeededForBoot is closed under the parent relationship, i.e. if /a/b/c
# is in the list, put /a and /a/b in as well.
Revert "nixos/lib: add /home to pathsNeededForBoot"
2022-12-03 13:16:42 +00:00
pathsNeededForBoot = [
"/"
"/nix"
"/nix/store"
"/var"
"/var/log"
"/var/lib"
"/var/lib/nixos"
"/etc"
"/usr"
];
nixos/boot: some documentation improvements - Give a more accurate description of how fileSystems.<name/>.neededForBoot works - Give a more detailed description of how fileSystems.<name/>.encrypted.keyFile works
2020-07-27 00:05:21 +00:00
fsNeededForBoot = fs: fs.neededForBoot || elem fs.mountPoint pathsNeededForBoot;
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos: apply toposort to fileSystems to support bind and move mounts And use new `config.system.build.fileSystems` property everywhere.
2015-11-25 19:09:09 +00:00
# Check whenever `b` depends on `a` as a fileSystem
nixos/lib, nixos/filesystems: Make fsBefore more stable, and add `depends` option
2020-05-21 07:10:47 +00:00
fsBefore =
a: b:
let
# normalisePath adds a slash at the end of the path if it didn't already
# have one.
#
# The reason slashes are added at the end of each path is to prevent `b`
# from accidentally depending on `a` in cases like
# a = { mountPoint = "/aaa"; ... }
# b = { device = "/aaaa"; ... }
# Here a.mountPoint *is* a prefix of b.device even though a.mountPoint is
# *not* a parent of b.device. If we add a slash at the end of each string,
# though, this is not a problem: "/aaa/" is not a prefix of "/aaaa/".
normalisePath = path: "${path}${optionalString (!(hasSuffix "/" path)) "/"}";
nixos/lib: Handle null `device` correctly
2021-06-18 06:32:45 +00:00
normalise =
mount:
mount
// {
device = normalisePath (toString mount.device);
nixos/lib, nixos/filesystems: Make fsBefore more stable, and add `depends` option
2020-05-21 07:10:47 +00:00
mountPoint = normalisePath mount.mountPoint;
depends = map normalisePath mount.depends;
};
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/lib, nixos/filesystems: Make fsBefore more stable, and add `depends` option
2020-05-21 07:10:47 +00:00
a' = normalise a;
b' = normalise b;
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/lib, nixos/filesystems: Make fsBefore more stable, and add `depends` option
2020-05-21 07:10:47 +00:00
in
hasPrefix a'.mountPoint b'.device
|| hasPrefix a'.mountPoint b'.mountPoint
|| any (hasPrefix a'.mountPoint) b'.depends;
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/lib.escapeSystemdPath: Implement the correct algorithm for escaping names in systemd units Co-authored-by: ajs124 <git@ajs124.de>
2022-06-11 09:18:54 +00:00
# Escape a path according to the systemd rules. FIXME: slow
# The rules are described in systemd.unit(5) as follows:
# The escaping algorithm operates as follows: given a string, any "/" character is replaced by "-", and all other characters which are not ASCII alphanumerics, ":", "_" or "." are replaced by C-style "\x2d" escapes. In addition, "." is replaced with such a C-style escape when it would appear as the first character in the escaped string.
# When the input qualifies as absolute file system path, this algorithm is extended slightly: the path to the root directory "/" is encoded as single dash "-". In addition, any leading, trailing or duplicate "/" characters are removed from the string before transformation. Example: /foo//bar/baz/ becomes "foo-bar-baz".
escapeSystemdPath =
s:
let
replacePrefix =
p: r: s:
(if (hasPrefix p s) then r + (removePrefix p s) else s);
trim = s: removeSuffix "/" (removePrefix "/" s);
Avoid top-level `with ...;` in nixos/lib/utils.nix
2024-03-28 05:02:32 +00:00
normalizedPath = normalizePath s;
nixos/lib.escapeSystemdPath: Implement the correct algorithm for escaping names in systemd units Co-authored-by: ajs124 <git@ajs124.de>
2022-06-11 09:18:54 +00:00
in
lib.replaceChars: warn about being a deprecated alias replaceStrings has been in nix since 2015(nix 1.10) so it is safe to remove the fallback https://github.com/nixos/nix/commit/d6d5885c1567454754a0d260521bafa0bd5e7fdb
2022-12-12 01:36:03 +00:00
replaceStrings [ "/" ] [ "-" ] (
Avoid top-level `with ...;` in nixos/lib/utils.nix
2024-03-28 05:02:32 +00:00
replacePrefix "." (escapeC [ "." ] ".") (
escapeC (stringToCharacters " !\"#$%&'()*+,;<=>=@[\\]^`{|}~-") (
nixos/lib.escapeSystemdPath: Implement the correct algorithm for escaping names in systemd units Co-authored-by: ajs124 <git@ajs124.de>
2022-06-11 09:18:54 +00:00
if normalizedPath == "/" then normalizedPath else trim normalizedPath
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
)
)
nixos/lib.escapeSystemdPath: Implement the correct algorithm for escaping names in systemd units Co-authored-by: ajs124 <git@ajs124.de>
2022-06-11 09:18:54 +00:00
);
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos: add functions and documentation for escaping systemd Exec* directives it's really easy to accidentally write the wrong systemd Exec* directive, ones that works most of the time but fails when users include systemd metacharacters in arguments that are interpolated into an Exec* directive. add a few functions analogous to escapeShellArg{,s} and some documentation on how and when to use them.
2022-01-09 07:46:55 +00:00
# Quotes an argument for use in Exec* service lines.
# systemd accepts "-quoted strings with escape sequences, toJSON produces
# a subset of these.
# Additionally we escape % to disallow expansion of % specifiers. Any lone ;
# in the input will be turned it ";" and thus lose its special meaning.
# Every $ is escaped to $$, this makes it unnecessary to disable environment
# substitution for the directive.
escapeSystemdExecArg =
arg:
let
Avoid top-level `with ...;` in nixos/lib/utils.nix
2024-03-28 05:02:32 +00:00
s =
if isPath arg then
"${arg}"
else if isString arg then
arg
else if isInt arg || isFloat arg || isDerivation arg then
toString arg
nixos/lib: Support derivations in escapeSystemdExecArg They can be transformed into their outpath string, which is useful for config generators.
2024-03-23 14:59:50 +00:00
else
throw "escapeSystemdExecArg only allows strings, paths, numbers and derivations";
nixos: add functions and documentation for escaping systemd Exec* directives it's really easy to accidentally write the wrong systemd Exec* directive, ones that works most of the time but fails when users include systemd metacharacters in arguments that are interpolated into an Exec* directive. add a few functions analogous to escapeShellArg{,s} and some documentation on how and when to use them.
2022-01-09 07:46:55 +00:00
in
Avoid top-level `with ...;` in nixos/lib/utils.nix
2024-03-28 05:02:32 +00:00
replaceStrings [ "%" "$" ] [ "%%" "$$" ] (toJSON s);
nixos: add functions and documentation for escaping systemd Exec* directives it's really easy to accidentally write the wrong systemd Exec* directive, ones that works most of the time but fails when users include systemd metacharacters in arguments that are interpolated into an Exec* directive. add a few functions analogous to escapeShellArg{,s} and some documentation on how and when to use them.
2022-01-09 07:46:55 +00:00
# Quotes a list of arguments into a single string for use in a Exec*
# line.
escapeSystemdExecArgs = concatMapStringsSep " " escapeSystemdExecArg;
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
Use shell packages to select the user's shell The string type is still available for backward-compatiblity.
2016-06-12 19:03:14 +00:00
# Returns a system path for a given shell package
toShellPath =
shell:
if types.shellPackage.check shell then
"/run/current-system/sw${shell.shellPath}"
nixos: throw an error on invalid shell package All shell packages must export the shellPath passthru
2016-07-04 14:10:51 +00:00
else if types.package.check shell then
throw "${shell} is not a shell package"
Use shell packages to select the user's shell The string type is still available for backward-compatiblity.
2016-06-12 19:03:14 +00:00
else
shell;
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
/*
Recurse into a list or an attrset, searching for attrs named like
the value of the "attr" parameter, and return an attrset where the
names are the corresponding jq path where the attrs were found and
the values are the values of the attrs.
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
Example:
recursiveGetAttrWithJqPrefix {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = {
_secret = "/path/to/secret";
};
};
}
];
} "_secret" -> { ".example[1].relevant.secret" = "/path/to/secret"; }
*/
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
recursiveGetAttrWithJqPrefix =
item: attr: mapAttrs (_name: set: set.${attr}) (recursiveGetAttrsetWithJqPrefix item attr);
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
/*
Similar to `recursiveGetAttrWithJqPrefix`, but returns the whole
attribute set containing `attr` instead of the value of `attr` in
the set.
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
Example:
recursiveGetAttrsetWithJqPrefix {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = {
_secret = "/path/to/secret";
quote = true;
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
};
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
};
}
];
} "_secret" -> { ".example[1].relevant.secret" = { _secret = "/path/to/secret"; quote = true; }; }
*/
recursiveGetAttrsetWithJqPrefix =
item: attr:
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
let
recurse =
prefix: item:
if item ? ${attr} then
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
nameValuePair prefix item
nixos/utils: fix stack overflow in genJqReplacementSnippet (#284027) When the input contains derivations, don't attempt to recurse into them
2024-01-30 10:00:08 +00:00
else if isDerivation item then
[ ]
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
else if isAttrs item then
genJqSecretsReplacementSnippet: Allow dots in attribute names... ...and escape quotation marks and backslashes.
2022-09-30 15:02:24 +00:00
map (
name:
let
lib.replaceChars: warn about being a deprecated alias replaceStrings has been in nix since 2015(nix 1.10) so it is safe to remove the fallback https://github.com/nixos/nix/commit/d6d5885c1567454754a0d260521bafa0bd5e7fdb
2022-12-12 01:36:03 +00:00
escapedName = ''"${replaceStrings [ ''"'' "\\" ] [ ''\"'' "\\\\" ] name}"'';
genJqSecretsReplacementSnippet: Allow dots in attribute names... ...and escape quotation marks and backslashes.
2022-09-30 15:02:24 +00:00
in
recurse (prefix + "." + escapedName) item.${name}
) (attrNames item)
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
else if isList item then
imap0 (index: item: recurse (prefix + "[${toString index}]") item) item
else
[ ];
in
listToAttrs (flatten (recurse "" item));
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
/*
Takes an attrset and a file path and generates a bash snippet that
outputs a JSON file at the file path with all instances of
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
{ _secret = "/path/to/secret" }
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
in the attrset replaced with the contents of the file
"/path/to/secret" in the output JSON.
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
When a configuration option accepts an attrset that is finally
converted to JSON, this makes it possible to let the user define
arbitrary secret values.
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
Example:
If the file "/path/to/secret" contains the string
"topsecretpassword1234",
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
genJqSecretsReplacementSnippet {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = {
_secret = "/path/to/secret";
};
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
};
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
}
];
} "/path/to/output.json"
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
would generate a snippet that, when run, outputs the following
JSON file at "/path/to/output.json":
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
{
"example": [
{
"irrelevant": "not interesting"
},
{
"ignored": "ignored attr",
"relevant": {
"secret": "topsecretpassword1234"
}
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
}
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
]
}
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
The attribute set { _secret = "/path/to/secret"; } can contain extra
options, currently it accepts the `quote = true|false` option.
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
If `quote = true` (default behavior), the content of the secret file will
be quoted as a string and embedded. Otherwise, if `quote = false`, the
content of the secret file will be parsed to JSON and then embedded.
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
Example:
If the file "/path/to/secret" contains the JSON document:
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
[
{ "a": "topsecretpassword1234" },
{ "b": "topsecretpassword5678" }
]
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
genJqSecretsReplacementSnippet {
example = [
{
irrelevant = "not interesting";
}
{
ignored = "ignored attr";
relevant = {
secret = {
_secret = "/path/to/secret";
quote = false;
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
};
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
};
}
];
} "/path/to/output.json"
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
would generate a snippet that, when run, outputs the following
JSON file at "/path/to/output.json":
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
{
"example": [
{
"irrelevant": "not interesting"
},
{
"ignored": "ignored attr",
"relevant": {
"secret": [
{ "a": "topsecretpassword1234" },
{ "b": "topsecretpassword5678" }
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
]
}
}
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
]
}
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
*/
genJqSecretsReplacementSnippet = genJqSecretsReplacementSnippet' "_secret";
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
# Like genJqSecretsReplacementSnippet, but allows the name of the
# attr which identifies the secret to be changed.
genJqSecretsReplacementSnippet' =
attr: set: output:
let
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
secretsRaw = recursiveGetAttrsetWithJqPrefix set attr;
# Set default option values
secrets = mapAttrs (
_name: set:
{
quote = true;
}
// set
) secretsRaw;
Fix broken genJqSecretsReplacementSnippet for jq 1.7 (#257932) jq 1.7 updated it's behaviour and now throws an error if the first argument is an empty string. It now needs "." to pass the input through.
2023-09-30 12:00:13 +00:00
stringOrDefault = str: def: if str == "" then def else str;
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
in
''
if [[ -h '${output}' ]]; then
rm '${output}'
fi
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
genJqSecretsReplacementSnippet: Fix error handling With the previous change that enabled error propagation through `inherit_errexit`, the script would fail if `errexit` was set, but `inherit_errexit` was not. This is due to `shopt -p` exiting with an error if the option is disabled. To work around this, use the exit code instead of the text value returned by `shopt -p`. Fixes #160869.
2022-02-23 11:48:51 +00:00
inherit_errexit_enabled=0
shopt -pq inherit_errexit && inherit_errexit_enabled=1
genJqSecretsReplacementSnippet: Propagate secret file read errors If an error occurs while trying to read a secret file, we want that error to propagate to the main shell context. That means we have to set the `inherit_errexit` option, which allows errors from subshells to propagate to the outer shell. Also, the subshell cannot run as part of another command, such as `export`, since that will simply ignore the subshell exit status and only respect `export`s exit status; first assigning the value to a variable and then exporting it solves issue.
2022-01-31 11:44:54 +00:00
shopt -s inherit_errexit
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
''
+ concatStringsSep "\n" (
genJqSecretsReplacementSnippet: Propagate secret file read errors If an error occurs while trying to read a secret file, we want that error to propagate to the main shell context. That means we have to set the `inherit_errexit` option, which allows errors from subshells to propagate to the outer shell. Also, the subshell cannot run as part of another command, such as `export`, since that will simply ignore the subshell exit status and only respect `export`s exit status; first assigning the value to a variable and then exporting it solves issue.
2022-01-31 11:44:54 +00:00
imap1 (index: name: ''
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
secret${toString index}=$(<'${secrets.${name}.${attr}}')
genJqSecretsReplacementSnippet: Propagate secret file read errors If an error occurs while trying to read a secret file, we want that error to propagate to the main shell context. That means we have to set the `inherit_errexit` option, which allows errors from subshells to propagate to the outer shell. Also, the subshell cannot run as part of another command, such as `export`, since that will simply ignore the subshell exit status and only respect `export`s exit status; first assigning the value to a variable and then exporting it solves issue.
2022-01-31 11:44:54 +00:00
export secret${toString index}
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
'') (attrNames secrets)
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
)
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
+ "\n"
genJqSecretsReplacementSnippet: Allow dots in attribute names... ...and escape quotation marks and backslashes.
2022-09-30 15:02:24 +00:00
+ "${pkgs.jq}/bin/jq >'${output}' "
Avoid top-level `with ...;` in nixos/lib/utils.nix
2024-03-28 05:02:32 +00:00
+ escapeShellArg (
Fix broken genJqSecretsReplacementSnippet for jq 1.7 (#257932) jq 1.7 updated it's behaviour and now throws an error if the first argument is an empty string. It now needs "." to pass the input through.
2023-09-30 12:00:13 +00:00
stringOrDefault (concatStringsSep " | " (
nixos/utils: support JSON secret files in genJqSecretsReplacementSnippet genJqReplacementSnippet quotes the content of the secret file in the output json file, which prevents structured secret, such as a list or an object, from being used. This commit adds a `quote = true|false` option to the `{ _secret = "/path/to/secret"; }` attribute set. `quote = true` treats the content of /path/to/secret as string, while `quote = false` treats the content of /path/to/secret as a JSON document. `quote = true` is the default, maintaining backward compatibility.
2024-07-07 06:24:03 +00:00
imap1 (
index: name:
''${name} = ($ENV.secret${toString index}${optionalString (!secrets.${name}.quote) " | fromjson"})''
Fix broken genJqSecretsReplacementSnippet for jq 1.7 (#257932) jq 1.7 updated it's behaviour and now throws an error if the first argument is an empty string. It now needs "." to pass the input through.
2023-09-30 12:00:13 +00:00
) (attrNames secrets)
)) "."
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
)
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
+ ''
genJqSecretsReplacementSnippet: Allow dots in attribute names... ...and escape quotation marks and backslashes.
2022-09-30 15:02:24 +00:00
<<'EOF'
Avoid top-level `with ...;` in nixos/lib/utils.nix
2024-03-28 05:02:32 +00:00
${toJSON set}
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
EOF
genJqSecretsReplacementSnippet: Fix error handling With the previous change that enabled error propagation through `inherit_errexit`, the script would fail if `errexit` was set, but `inherit_errexit` was not. This is due to `shopt -p` exiting with an error if the option is disabled. To work around this, use the exit code instead of the text value returned by `shopt -p`. Fixes #160869.
2022-02-23 11:48:51 +00:00
(( ! $inherit_errexit_enabled )) && shopt -u inherit_errexit
nixos/utils: Handle arbitrary secrets in JSON output files Introduce new functions which allows modules to define options where, if the input is an attrset and the output is JSON, the user can define arbitrary secrets.
2019-09-06 14:38:41 +00:00
'';
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: move removePackagesByName to here from gnome
2022-04-11 08:51:54 +00:00
/*
Remove packages of packagesToRemove from packages, based on their names.
Relies on package names and has quadratic complexity so use with caution!
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: move removePackagesByName to here from gnome
2022-04-11 08:51:54 +00:00
Type:
removePackagesByName :: [package] -> [package] -> [package]
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/utils: move removePackagesByName to here from gnome
2022-04-11 08:51:54 +00:00
Example:
removePackagesByName [ nautilus file-roller ] [ file-roller totem ]
=> [ nautilus ]
*/
removePackagesByName =
packages: packagesToRemove:
let
Avoid top-level `with ...;` in nixos/lib/utils.nix
2024-03-28 05:02:32 +00:00
namesToRemove = map getName packagesToRemove;
nixos/utils: move removePackagesByName to here from gnome
2022-04-11 08:51:54 +00:00
in
Avoid top-level `with ...;` in nixos/lib/utils.nix
2024-03-28 05:02:32 +00:00
filter (x: !(elem (getName x) namesToRemove)) packages;
nixos/utils: move removePackagesByName to here from gnome
2022-04-11 08:51:54 +00:00
nixos/lib: Add disablePackageByName We do this in multiple DE modules and the behaviour was not consistent.
2024-12-01 17:27:19 +00:00
/*
Returns false if a package with the same name as the `package` is present in `packagesToDisable`.
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/lib: Add disablePackageByName We do this in multiple DE modules and the behaviour was not consistent.
2024-12-01 17:27:19 +00:00
Type:
disablePackageByName :: package -> [package] -> bool
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/lib: Add disablePackageByName We do this in multiple DE modules and the behaviour was not consistent.
2024-12-01 17:27:19 +00:00
Example:
disablePackageByName file-roller [ file-roller totem ]
=> false
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
nixos/lib: Add disablePackageByName We do this in multiple DE modules and the behaviour was not consistent.
2024-12-01 17:27:19 +00:00
Example:
disablePackageByName nautilus [ file-roller totem ]
=> true
*/
disablePackageByName =
package: packagesToDisable:
let
namesToDisable = map getName packagesToDisable;
in
!elem (getName package) namesToDisable;
Move systemd-lib.nix and systemd-unit-options.nix into utils
2021-11-20 17:34:13 +00:00
systemdUtils = {
systemd: add a name option to all systemd units This allows us to set things like dependencies in a way that we can catch typos at eval time. So instead of ```nix systemd.services.foo.wants = [ "bar.service" ]; ``` we can write ```nix systemd.services.foo.wants = [ config.systemd.services.bar.name ]; ``` which will throw an error if no such service has been defined. Not all cases can be done like this (eg template services), but in a lot of cases this will allow to avoid typos. There is a matching option on the unit option (`systemd.units."foo.service".name`) as well.
2024-03-21 13:52:12 +00:00
lib = import ./systemd-lib.nix {
inherit
lib
config
pkgs
utils
;
};
Move systemd-lib.nix and systemd-unit-options.nix into utils
2021-11-20 17:34:13 +00:00
unitOptions = import ./systemd-unit-options.nix { inherit lib systemdUtils; };
nixos: Fix up systemd shutdown ramfs
2022-04-24 18:47:28 +00:00
types = import ./systemd-types.nix { inherit lib systemdUtils pkgs; };
nixos/networkd: refactor Reduces size of networkd module by moving unit file generation code into a util.
2023-07-01 02:18:05 +00:00
network = {
units = import ./systemd-network-units.nix { inherit lib systemdUtils; };
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 19:26:33 +00:00
};
nixos/networkd: refactor Reduces size of networkd module by moving unit file generation code into a util.
2023-07-01 02:18:05 +00:00
};
Move systemd-lib.nix and systemd-unit-options.nix into utils
2021-11-20 17:34:13 +00:00
};
systemd: add a name option to all systemd units This allows us to set things like dependencies in a way that we can catch typos at eval time. So instead of ```nix systemd.services.foo.wants = [ "bar.service" ]; ``` we can write ```nix systemd.services.foo.wants = [ config.systemd.services.bar.name ]; ``` which will throw an error if no such service has been defined. Not all cases can be done like this (eg template services), but in a lot of cases this will allow to avoid typos. There is a matching option on the unit option (`systemd.units."foo.service".name`) as well.
2024-03-21 13:52:12 +00:00
in
utils
Reference in New Issue Copy Permalink