[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Deferring evaluation of a get-secret procedure so -L doesn't evaluate it
From: |
Richard Sent |
Subject: |
Deferring evaluation of a get-secret procedure so -L doesn't evaluate it unless needed for build |
Date: |
Thu, 04 Jan 2024 12:28:28 -0500 |
Hi Guix!
Until recently I reconfigured my home & system by setting the
GUILE_LOAD_PATH env var, but I am now trying to transition to using the
-L argument.
I have a configuration repo that's broken down into separate modules,
(mostly) like so:
--8<---------------cut here---------------start------------->8---
lib
└── rsent
├── constants
│ └── wireguard.scm
├── home
│ └── pathfinder.scm
├── system
│ └── pathfinder.scm
└── utils
└── secrets.scm
--8<---------------cut here---------------end--------------->8---
wireguard.scm contains code that fetches secret values
(private+preshared keys) from my password store and defines a service
using that secret value. The code looks something like this:
--8<---------------cut here---------------start------------->8---
(define wireguard-lan-secret-service
(service
(wireguard-configuration
...
(private-key
(plain-file "private.key"
(get-secret*
"System/WireGuard/LAN/private.key"))))))
--8<---------------cut here---------------end--------------->8---
I've noticed that when I run `guix home reconfigure -L lib
lib/rsent/home/pathfinder.scm`, (get-secret* ...) is still evaluated,
meaning that I'm prompted for a password when I don't need to enter one
(home-environment doesn't support wireguard-service). I don't have this
problem if I run `GUILE_LOAD_PATH=lib guix home reconfigure
lib/rsent/home/pathfinder.scm`, presumably because Guix's -L doesn't
just add to the load path, but also evaluates every file for possible
package definitions.
I suspect I need to replace (plain-file ...) with another option,
perhaps (computed-file), as well as rework (get-secret*) into a gexp.
I'm struggling with the syntax though, so any help in this would be
appreciated. Or if there's a better solution, that would be amazing!
*On another note*, should Guix have another command line flag that
behaves identically to `$ guile -L`? Adds directory to the load path,
but does not do anything else? The distinction between Guile and Guix's
-L isn't emphasized enough in my experience. To a beginner, these two
sound identical.
Guile: -L DIRECTORY add DIRECTORY to the front of the module load
path
Guix: -L, --load-path=DIR prepend DIR to the package module search
path
Apologies for the wall of text, hopefully someone has some thoughts.
Richard
secrets.scm
Description: Text document
wireguard.scm
Description: Text document
- Deferring evaluation of a get-secret procedure so -L doesn't evaluate it unless needed for build,
Richard Sent <=