Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/scrutiny: use genJqSecretsReplacementSnippet #320672

Merged
merged 3 commits into from
Mar 21, 2025
Merged

nixos/scrutiny: use genJqSecretsReplacementSnippet #320672

merged 3 commits into from
Mar 21, 2025

Conversation

Moraxyc
Copy link
Contributor

@Moraxyc Moraxyc commented Jun 18, 2024
edited
Loading

Description of changes

Use genJqSecretsReplacementSnippet to support adding secrets in config.

scrutiny has several notifiction methods may need password to work

should merge after #319969 (Done)

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@Moraxyc Moraxyc requested a review from eclairevoyant June 18, 2024 02:19
@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Jun 18, 2024
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Jun 18, 2024
@MinerSebas
Copy link
Contributor

The services.scrutiny.settings option should contain an example that demonstrates this Feature.

@poperigby
Copy link
Contributor

Will this cause the secret to end up in the Nix store?

@Moraxyc
Copy link
Contributor Author

Moraxyc commented Jun 21, 2024

@poperigby no, it doesn't.
https://github.com/NixOS/nixpkgs/blob/master/nixos/lib/utils.nix#L214-L247
genJqSecretsReplacementSnippet uses jq in script to pass the secrets to config file, which is done in systemd service preStart phase

@Moraxyc Moraxyc force-pushed the scrutiny-perf branch 2 times, most recently from 7d42f92 to 41a9e14 Compare October 20, 2024 05:05
@Moraxyc

This comment was marked as outdated.

Sign in to view
1 similar comment
@FliegendeWurst

This comment was marked as outdated.

Sign in to view
@wegank wegank added the 2.status: merge conflict This PR has merge conflicts with the target branch label Feb 15, 2025
jian-lin
jian-lin reviewed Mar 20, 2025
View reviewed changes
@ofborg ofborg bot removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Mar 20, 2025
@jian-lin jian-lin requested review from jnsgruk and removed request for eclairevoyant March 20, 2025 14:38
@jnsgruk
Copy link
Member

jnsgruk commented Mar 20, 2025

This LGTM mostly, but could we add a nixos test for this? Validate that things are working as expected?

@Moraxyc
Copy link
Contributor Author

Moraxyc commented Mar 21, 2025

This LGTM mostly, but could we add a nixos test for this? Validate that things are working as expected?

Done.

FliegendeWurst
FliegendeWurst approved these changes Mar 21, 2025
View reviewed changes
Copy link
Member

@FliegendeWurst FliegendeWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Modified test still passes.

@jnsgruk jnsgruk merged commit bfa9810 into NixOS:master Mar 21, 2025
26 of 28 checks passed
@jnsgruk
Copy link
Member

jnsgruk commented Mar 21, 2025

Thank you 🚀

@Moraxyc Moraxyc deleted the scrutiny-perf branch March 21, 2025 08:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jnsgruk jnsgruk

@FliegendeWurst FliegendeWurst

@jian-lin jian-lin

Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@Moraxyc @MinerSebas @poperigby @FliegendeWurst @jnsgruk @jian-lin @wegank