Unverified Commit 5e2fa65c authored by benaryorg's avatar benaryorg
Browse files

nixos/kubo: IFD-less merging of defaults 



No more IFD for the defaults.
Specifically the merging with the config values is now done at runtime.
The output of the command for generating the defaults is also specifically stripped of the generated credentials, making it reproducible.

This introduces caveats in terms of overwriting as it is now dependent on jq's merge behaviour.

A cleaner solution would probably move from specifying a single JSON-esque datastructure to specifying an attrset with keys and values being those of `ipfs config set` respectively.
This would allow setting individual keys to objects, removing entries, and more fine grained control in general.
However that would introduce severe backwards incompatibilities, so this commit is merely a "minimum viable fix" so to say.

Signed-off-by: default avatarbenaryorg <binary@benary.org>
parent 7a4dd1b2

nixos/modules/services/network-filesystems/kubo.nix

+22 −17
Original line number Diff line number Diff line
@@ -10,29 +10,22 @@ let 


  settingsFormat = pkgs.formats.json { };



  rawDefaultConfig = lib.importJSON (

  defaultConfig =

    pkgs.runCommand "kubo-default-config"

      {

        nativeBuildInputs = [ cfg.package ];

        nativeBuildInputs = [

          cfg.package

          pkgs.jq

        ];

      }

      ''

        export IPFS_PATH="$TMPDIR"

        ipfs init --empty-repo --profile=${profile}

        ipfs --offline config show > "$out"

      ''

  );



  # Remove the PeerID (an attribute of "Identity") of the temporary Kubo repo.

  # The "Pinning" section contains the "RemoteServices" section, which would prevent

  # the daemon from starting as that setting can't be changed via ipfs config replace.

  defaultConfig = removeAttrs rawDefaultConfig [

    "Identity"

    "Pinning"

  ];



  customizedConfig = lib.recursiveUpdate defaultConfig cfg.settings;

        # Remove the variable key to make the result deterministic.

        ipfs --offline config show | jq 'del(.Identity)' > $out

      '';



  configFile = settingsFormat.generate "kubo-config.json" customizedConfig;

  configFile = settingsFormat.generate "kubo-config.json" cfg.settings;



  # Create a fake repo containing only the file "api".

  # $IPFS_PATH will point to this directory instead of the real one.
@@ -392,8 +385,20 @@ in 
      ''

      + ''

        fi



        # We need the Identity and Pinning configuration from the current settings.

        ipfs --offline config show |

          ${pkgs.jq}/bin/jq -s '.[0].Pinning as $Pinning | .[0].Identity as $Identity | .[1] + {$Identity,$Pinning}' - '${configFile}' |

          ${lib.getExe pkgs.jq} '{ Identity, Pinning, }' |



          # Now we deep-merge all configuration sources (later data wins):

          # 1. the default configuration

          # 2. the user-provided configuration

          # 3. the dynamic keys from the existing configuration

          ${lib.getExe pkgs.jq} -s 'reduce .[] as $config ({}; . * $config)' \

            ${defaultConfig} \

            ${configFile} \

            - \

          |



          # This command automatically injects the private key and other secrets from

          # the old config file back into the new config file.