diff --git a/lib.nix b/lib.nix index 0f34930..16b1791 100644 --- a/lib.nix +++ b/lib.nix @@ -1,10 +1,12 @@ { pkgs, nix_templater }: -rec { +{ + # placeholder to be substituted with the content of a secret file fileContents = file: { outPath = "<${builtins.placeholder "nix_template"}${toString file}${builtins.placeholder "nix_template"}>"; file = file; }; + # make a template with placeholders template_text = { name, text, outPath }: pkgs.runCommand name { textBeforeTemplate = text; diff --git a/pkgs/nix_templater/replace.py b/pkgs/nix_templater/replace.py index 8b434a9..50ff7c5 100644 --- a/pkgs/nix_templater/replace.py +++ b/pkgs/nix_templater/replace.py @@ -1,7 +1,8 @@ +# replace occurrences of a magic string in a template file import sys from pathlib import Path -tempalte_file = sys.argv[1] +template_file = sys.argv[1] magic_string = sys.argv[2] outfile = sys.argv[3] @@ -9,7 +10,7 @@ if Path(outfile).exists(): print(f"{outfile} already exists, aborting") sys.exit(1) -template_bytes = Path(tempalte_file).read_bytes() +template_bytes = Path(template_file).read_bytes() loc = 0 output = b"" diff --git a/tests/template.nix b/tests/template.nix index d7e92de..a72911c 100644 --- a/tests/template.nix +++ b/tests/template.nix @@ -1,3 +1,4 @@ +# test injecting a secret into a template { legacyPackages, system, nixpkgs }: let # this file would usually be outside of the store @@ -7,7 +8,7 @@ in (nixpkgs.lib.nixos.runTest { hostPkgs = nixpkgs.legacyPackages.${system}; name = "nix_templates"; - nodes.machine = {config, pkgs, ...}: { + nodes.machine = {pkgs, ...}: { config = { systemd.services.testservice = { wantedBy = [ "multi-user.target" ]; @@ -33,7 +34,7 @@ in (nixpkgs.lib.nixos.runTest { testScript = '' start_all() print(machine.execute("uname -a")) - machine.wait_for_unit("testservice.service") - print(machine.succeed("cat /root/test | grep -q secret")) + machine.wait_for_unit("multi-user.target") + print(machine.succeed("cat /test | grep -q secret")) ''; })