- Remove deployment.json file generation from outputs.nix
- Add throw for deprecated deployment.file usage with upgrade instructions
- Remove vars data from deployment.data
- Update Machine class to use direct select() calls instead of deployment property
- Update all deployment property accesses to use direct selectors
- Add precaching for frequently accessed values in update.py:
- Module paths for facts and vars
- Deployment settings (requireExplicitUpdate, nixosMobileWorkaround)
- Services and generators data
- Secret upload locations
- This removes unnecessary JSON serialization and makes the code more composable
For secrets not part of the nix store there is no other way in NixOS to
restart a service after the secret is updated. One example is changing
password in userborn, which doesn't run as a activation script but as a
systemd service.
Create a store path per in repo secret/var to be copied, this prevents
unused secrets from being leaked.
For example the `root-password` generator contains both the hashed and
unhashed password but only the hash is used.
revert vars: use writeShellApplication to shellcheck generators
Cannot re-generate the vars for data-mesher or any of our tests anymore
cc @DavHau @Qubasa Can we work together to fix this.
I like shellchecking but if we loose the ability to add tests thats unfortunate
This is blocking: the new 'restic' and 'zerotier' migrations because we need to write integration tests from the beginning.
Change `prompt.persist` default to false.
We want a consistent default that is not conditionally dependent on
other values.
This makes communication on how the functionality is used more
consistent and easier understood.
Some test were referring to the whole source code via ${self} which amde them rebuild on every single commit.
This is not mitigated by introduceing `self.filter { include = [...]; }` allowin to a content addressed subset of the source code in tests.
