althaea.zone / wire
ALPHA: wire is a tool to deploy nixos systems wire.althaea.zone/
3
fork

Configure Feed

Select the types of activity you want to include in your feed.

compile all linux platforms for key agent (#156)

authored by

marshmallow and committed by
GitHub b07b9e0b 5af594bf

+114 -25
+21 -1
.github/workflows/build.yml
··· 14 14 with: 15 15 concurrent_skipping: "same_content_newer" 16 16 cancel_others: "true" 17 + agent: 18 + runs-on: ubuntu-latest 19 + strategy: 20 + matrix: 21 + system: ["x86_64-linux", "aarch64-linux"] 22 + needs: pre-job 23 + if: needs.pre-job.outputs.should_skip != 'true' 24 + steps: 25 + - uses: actions/checkout@v4 26 + - run: sudo apt-get install -y qemu-user-static 27 + - uses: cachix/install-nix-action@v31 28 + with: 29 + nix_path: nixpkgs=channel:nixos-unstable 30 + extra_nix_config: | 31 + system = ${{ matrix.system }} 32 + - uses: cachix/cachix-action@v16 33 + with: 34 + name: wires 35 + authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" 36 + - run: nix build .#agent 17 37 build: 18 38 runs-on: ubuntu-latest 19 39 strategy: 20 40 matrix: 21 41 package: [wire, docs] 22 - needs: pre-job 42 + needs: agent 23 43 if: needs.pre-job.outputs.should_skip != 'true' 24 44 steps: 25 45 - uses: actions/checkout@v4
+4
CHANGELOG.md
··· 11 11 12 12 - Dependency Updates. 13 13 14 + ### Fixed 15 + 16 + - Not bundling the key agent for all supported target platforms. 17 + 14 18 ## [0.2.0] - 2025-04-21 15 19 16 20 ### Added
+1 -1
doc/default.nix
··· 6 6 ... 7 7 }: 8 8 { 9 - packages.docs = pkgs.callPackage ./package.nix { inherit (self'.packages) wire; }; 9 + packages.docs = pkgs.callPackage ./package.nix { inherit (self'.packages) wire-small; }; 10 10 }; 11 11 }
+2 -2
doc/package.nix
··· 2 2 lib, 3 3 nixosOptionsDoc, 4 4 runCommand, 5 - wire, 5 + wire-small, 6 6 nix, 7 7 nodejs, 8 8 pnpm, ··· 41 41 inherit (pkg) version; 42 42 pname = pkg.name; 43 43 nativeBuildInputs = [ 44 - wire 44 + wire-small 45 45 nodejs 46 46 pnpm.configHook 47 47 nix
+16
flake.lock
··· 126 126 "type": "github" 127 127 } 128 128 }, 129 + "linux-systems": { 130 + "locked": { 131 + "lastModified": 1689347949, 132 + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", 133 + "owner": "nix-systems", 134 + "repo": "default-linux", 135 + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", 136 + "type": "github" 137 + }, 138 + "original": { 139 + "owner": "nix-systems", 140 + "repo": "default-linux", 141 + "type": "github" 142 + } 143 + }, 129 144 "nixpkgs": { 130 145 "locked": { 131 146 "lastModified": 1730768919, ··· 196 211 "flake-compat": "flake-compat", 197 212 "flake-parts": "flake-parts", 198 213 "git-hooks": "git-hooks", 214 + "linux-systems": "linux-systems", 199 215 "nixpkgs": "nixpkgs_2", 200 216 "systems": "systems", 201 217 "treefmt-nix": "treefmt-nix"
+3
flake.nix
··· 9 9 fenix.url = "github:nix-community/fenix"; 10 10 fenix.inputs.nixpkgs.follows = "nixpkgs"; 11 11 treefmt-nix.url = "github:numtide/treefmt-nix"; 12 + 13 + # determines systems available for deployment 14 + linux-systems.url = "github:nix-systems/default-linux"; 12 15 }; 13 16 outputs = 14 17 {
+22 -13
runtime/module.nix
··· 76 76 readOnly = true; 77 77 }; 78 78 79 + _hostPlatform = lib.mkOption { 80 + internal = true; 81 + readOnly = true; 82 + }; 83 + 79 84 keys = lib.mkOption { 80 85 type = types.attrsOf ( 81 86 types.submodule ( ··· 173 178 }; 174 179 175 180 config = { 176 - deployment._keys = lib.mapAttrsToList ( 177 - _: value: 178 - value 179 - // { 180 - source = { 181 - # Attach type to internally tag serde enum 182 - t = builtins.replaceStrings [ "path" "string" "list" ] [ "Path" "String" "Command" ] ( 183 - builtins.typeOf value.source 184 - ); 185 - c = value.source; 186 - }; 187 - } 188 - ) config.deployment.keys; 181 + deployment = { 182 + _keys = lib.mapAttrsToList ( 183 + _: value: 184 + value 185 + // { 186 + source = { 187 + # Attach type to internally tag serde enum 188 + t = builtins.replaceStrings [ "path" "string" "list" ] [ "Path" "String" "Command" ] ( 189 + builtins.typeOf value.source 190 + ); 191 + c = value.source; 192 + }; 193 + } 194 + ) config.deployment.keys; 195 + 196 + _hostPlatform = config.nixpkgs.hostPlatform.system; 197 + }; 189 198 }; 190 199 }
+1 -1
tests/nix/default.nix
··· 116 116 inherit testName; 117 117 snakeOil = import "${pkgs.path}/nixos/tests/ssh-keys.nix" pkgs; 118 118 inherit (opts) testDir; 119 - inherit (self'.packages) wire; 119 + inherit (self'.packages) wire-small; 120 120 }; 121 121 # NOTE: there is surely a better way of doing this in a more 122 122 # "controlled" manner, but until a need is asked for, this will remain
+2 -2
tests/nix/test-opts.nix
··· 1 1 { 2 2 lib, 3 3 snakeOil, 4 - wire, 4 + wire-small, 5 5 config, 6 6 ... 7 7 }: ··· 31 31 systemd.tmpfiles.rules = [ 32 32 "C+ /root/.ssh/id_ed25519 600 - - - ${snakeOil.snakeOilEd25519PrivateKey}" 33 33 ]; 34 - environment.systemPackages = [ wire ]; 34 + environment.systemPackages = [ wire-small ]; 35 35 # It's important to note that you should never ever use this configuration 36 36 # for production. You are risking a MITM attack with this! 37 37 programs.ssh.extraConfig = ''
+27 -3
wire/cli/default.nix
··· 1 + { getSystem, inputs, ... }: 1 2 { 2 3 perSystem = 3 4 { 4 5 pkgs, 6 + lib, 5 7 self', 6 8 buildRustProgram, 9 + system, 7 10 ... 8 11 }: 12 + let 13 + postBuild = '' 14 + wrapProgram $out/bin/wire \ 15 + --set WIRE_RUNTIME ${../../runtime} \ 16 + --set WIRE_KEY_AGENT ${self'.packages.agent} \ 17 + ''; 18 + cleanSystem = system: lib.replaceStrings [ "-" ] [ "_" ] system; 19 + agents = lib.strings.concatMapStrings ( 20 + system: "--set WIRE_KEY_AGENT_${cleanSystem system} ${(getSystem system).packages.agent} " 21 + ) (import inputs.linux-systems); 22 + in 9 23 { 10 24 packages = { 11 25 default = self'.packages.wire; ··· 30 44 pkgs.makeWrapper 31 45 ]; 32 46 postBuild = '' 33 - wrapProgram $out/bin/wire \ 34 - --set WIRE_RUNTIME ${../../runtime} \ 35 - --set WIRE_KEY_AGENT ${self'.packages.agent} 47 + ${postBuild} ${agents} 48 + ''; 49 + meta.mainProgram = "wire"; 50 + }; 51 + 52 + wire-small = pkgs.symlinkJoin { 53 + name = "wire"; 54 + paths = [ self'.packages.wire-unwrapped ]; 55 + nativeBuildInputs = [ 56 + pkgs.makeWrapper 57 + ]; 58 + postBuild = '' 59 + ${postBuild} --set WIRE_KEY_AGENT_${cleanSystem system} ${self'.packages.agent} 36 60 ''; 37 61 meta.mainProgram = "wire"; 38 62 };
+11 -2
wire/lib/src/hive/key.rs
··· 284 284 } 285 285 286 286 async fn execute(&self, ctx: &mut Context<'_>) -> Result<(), HiveLibError> { 287 - let agent_directory = match env::var_os("WIRE_KEY_AGENT") { 287 + let arg_name = format!( 288 + "WIRE_KEY_AGENT_{platform}", 289 + platform = ctx.node.host_platform.replace('-', "_") 290 + ); 291 + 292 + let agent_directory = match env::var_os(&arg_name) { 288 293 Some(agent) => agent.into_string().unwrap(), 289 - None => panic!("WIRE_KEY_AGENT environment variable not set"), 294 + None => panic!( 295 + "{arg_name} environment variable not set! \n 296 + Wire was not built with the ability to deploy keys to this platform. \n 297 + Please create an issue: https://github.com/wires-org/wire/issues/new?template=bug_report.md" 298 + ), 290 299 }; 291 300 292 301 push(ctx.node, ctx.name, Push::Path(&agent_directory)).await?;
+4
wire/lib/src/hive/node.rs
··· 58 58 59 59 #[serde(rename(deserialize = "_keys", serialize = "keys"))] 60 60 pub keys: im::Vector<Key>, 61 + 62 + #[serde(rename(deserialize = "_hostPlatform", serialize = "host_platform"))] 63 + pub host_platform: Arc<str>, 61 64 } 62 65 63 66 #[cfg(test)] ··· 69 72 tags: im::HashSet::new(), 70 73 allow_local_deployment: true, 71 74 build_remotely: false, 75 + host_platform: "x86_64-linux".into(), 72 76 } 73 77 } 74 78 }