Skip to content

Comments

Add SPIRE NixOS Module#481447

Open
arianvp wants to merge 4 commits intoNixOS:masterfrom
arianvp:push-nmpovotlmwyw
Open

Add SPIRE NixOS Module#481447
arianvp wants to merge 4 commits intoNixOS:masterfrom
arianvp:push-nmpovotlmwyw

Conversation

@arianvp
Copy link
Member

@arianvp arianvp commented Jan 18, 2026
edited
Loading

First iteration of SPIRE module. I plan to add more goodies later like more tests for the other built-in plugins.

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Jan 18, 2026
@arianvp arianvp requested a review from RaitoBezarius January 18, 2026 22:32
@arianvp arianvp force-pushed the push-nmpovotlmwyw branch 4 times, most recently from c9cbc8e to 6a01d55 Compare January 18, 2026 22:56
arianvp
arianvp commented Jan 18, 2026
View reviewed changes
@nikstur nikstur self-requested a review January 19, 2026 10:03
@arianvp arianvp marked this pull request as ready for review February 1, 2026 12:20
@KiaraGrouwstra
Copy link
Contributor

KiaraGrouwstra commented Feb 6, 2026

in your FOSDEM talk you further listed outstanding PRs:

given those seem not mentioned in spire-related nixpkgs PRs so far, does that mean those are not breaking issues for this use-case?

@arianvp
Copy link
Member Author

arianvp commented Feb 6, 2026

If you're okay with using join tokens you don't need the TPM plugin to use spire. Spire is pluggable and supports dozens of different attestation methods.

Stunkymonkey
Stunkymonkey reviewed Feb 8, 2026
View reviewed changes
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. and removed 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. labels Feb 10, 2026
@nixpkgs-ci nixpkgs-ci bot added the 8.has: documentation This PR adds or changes documentation label Feb 10, 2026
06kellyjac
06kellyjac reviewed Feb 12, 2026
View reviewed changes
Copy link
Member

@06kellyjac 06kellyjac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not trialed it on a NixOS box or in a VM but overall looks good. 🚀

@nixpkgs-ci nixpkgs-ci bot added the 2.status: merge conflict This PR has merge conflicts with the target branch label Feb 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Stunkymonkey Stunkymonkey Stunkymonkey left review comments

@06kellyjac 06kellyjac 06kellyjac left review comments

@RaitoBezarius RaitoBezarius Awaiting requested review from RaitoBezarius

@nikstur nikstur Awaiting requested review from nikstur

@fkautz fkautz Awaiting requested review from fkautz

@h7x4 h7x4 Awaiting requested review from h7x4

@mjm mjm Awaiting requested review from mjm

Assignees

No one assigned

Labels

2.status: merge conflict This PR has merge conflicts with the target branch 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@arianvp @KiaraGrouwstra @Stunkymonkey @06kellyjac