Add deployment.keys.<name>.name

This commit is contained in:
Zhaofeng Li 2021-12-05 01:14:12 -08:00
parent fb69d701b3
commit 7433661aed
6 changed files with 27 additions and 12 deletions

View file

@ -22,11 +22,15 @@ in {
}; };
users.groups.testgroup = {}; users.groups.testgroup = {};
# /run/keys/custom-name
deployment.keys.original-name = {
name = "custom-name";
text = "@poison@";
};
# /run/keys/key-text # /run/keys/key-text
deployment.keys.key-text = { deployment.keys.key-text = {
text = '' text = "@poison@";
@poison@
'';
}; };
# /tmp/another-key-dir/key-command # /tmp/another-key-dir/key-command

View file

@ -32,6 +32,7 @@ with subtest("Check that the new configurations are indeed applied"):
with subtest("Check that key files have correct contents"): with subtest("Check that key files have correct contents"):
contents = { contents = {
"/run/keys/custom-name": poison,
"/run/keys/key-text": poison, "/run/keys/key-text": poison,
"/tmp/another-key-dir/key-command": "deployer", "/tmp/another-key-dir/key-command": "deployer",
"/tmp/another-key-dir/key-file": poison, "/tmp/another-key-dir/key-file": poison,
@ -46,6 +47,7 @@ with subtest("Check that key files have correct contents"):
with subtest("Check that key files have correct permissions"): with subtest("Check that key files have correct permissions"):
permissions = { permissions = {
"/run/keys/custom-name": "600 root root",
"/run/keys/key-text": "600 root root", "/run/keys/key-text": "600 root root",
"/tmp/another-key-dir/key-command": "600 root root", "/tmp/another-key-dir/key-command": "600 root root",
"/tmp/another-key-dir/key-file": "600 root root", "/tmp/another-key-dir/key-file": "600 root root",

View file

@ -16,7 +16,7 @@ let
# Hive-wide options # Hive-wide options
metaOptions = { lib, ... }: let metaOptions = { lib, ... }: let
types = lib.types; inherit (lib) types;
in { in {
options = { options = {
name = lib.mkOption { name = lib.mkOption {
@ -89,7 +89,7 @@ let
# #
# Largely compatible with NixOps/Morph. # Largely compatible with NixOps/Morph.
deploymentOptions = { name, lib, ... }: let deploymentOptions = { name, lib, ... }: let
types = lib.types; inherit (lib) types;
in { in {
options = { options = {
deployment = { deployment = {
@ -187,10 +187,17 @@ let
}; };
}; };
keyType = { lib, ... }: let keyType = { lib, name, ... }: let
types = lib.types; inherit (lib) types;
in { in {
options = { options = {
name = lib.mkOption {
description = ''
File name of the key.
'';
default = name;
type = types.str;
};
text = lib.mkOption { text = lib.mkOption {
description = '' description = ''
Content of the key. Content of the key.

View file

@ -106,8 +106,8 @@ impl Local {
job.message(format!("Deploying key {}", name))?; job.message(format!("Deploying key {}", name))?;
} }
let dest_path = key.dest_dir().join(name); let path = key.path();
let key_script = format!("'{}'", key_uploader::generate_script(key, &dest_path, require_ownership)); let key_script = format!("'{}'", key_uploader::generate_script(key, &path, require_ownership));
let mut command = Command::new("sh"); let mut command = Command::new("sh");

View file

@ -229,8 +229,8 @@ impl Ssh {
job.message(format!("Uploading key {}", name))?; job.message(format!("Uploading key {}", name))?;
} }
let dest_path = key.dest_dir().join(name); let path = key.path();
let key_script = key_uploader::generate_script(key, &dest_path, require_ownership); let key_script = key_uploader::generate_script(key, &path, require_ownership);
let mut command = self.ssh(&["sh", "-c", &key_script]); let mut command = self.ssh(&["sh", "-c", &key_script]);

View file

@ -89,6 +89,8 @@ pub enum UploadAt {
#[derive(Debug, Clone, Validate, Serialize, Deserialize)] #[derive(Debug, Clone, Validate, Serialize, Deserialize)]
pub struct Key { pub struct Key {
name: String,
#[serde(flatten)] #[serde(flatten)]
source: KeySource, source: KeySource,
@ -144,7 +146,7 @@ impl Key {
} }
} }
pub fn dest_dir(&self) -> &Path { &self.dest_dir } pub fn path(&self) -> PathBuf { self.dest_dir.join(&self.name) }
pub fn user(&self) -> &str { &self.user } pub fn user(&self) -> &str { &self.user }
pub fn group(&self) -> &str { &self.group } pub fn group(&self) -> &str { &self.group }
pub fn permissions(&self) -> &str { &self.permissions } pub fn permissions(&self) -> &str { &self.permissions }