typeguard exception with deployment.keys

[mvnetbiz]

With recent nixops, using keys results in the error:

typeguard.TypeCheckError: value of key 'test' of nixops.resources.ResourceEval is not an instance of nixops.backends.KeyOptions

Full exception

``` Traceback (most recent call last): File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/bin/.nixops-wrapped", line 9, in sys.exit(main()) ^^^^^^ File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/lib/python3.11/site-packages/nixops/__main__.py", line 56, in main args.op(args) File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/lib/python3.11/site-packages/nixops/script_defs.py", line 715, in op_deploy depl.deploy( File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/lib/python3.11/site-packages/nixops/deployment.py", line 1365, in deploy self.run_with_notify("deploy", lambda: self._deploy(**kwargs)) File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/lib/python3.11/site-packages/nixops/deployment.py", line 1354, in run_with_notify f() File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/lib/python3.11/site-packages/nixops/deployment.py", line 1365, in self.run_with_notify("deploy", lambda: self._deploy(**kwargs)) ^^^^^^^^^^^^^^^^^^^^^^ File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/lib/python3.11/site-packages/nixops/deployment.py", line 1150, in _deploy self.evaluate_active(include, exclude, kill_obsolete) File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/lib/python3.11/site-packages/nixops/deployment.py", line 1091, in evaluate_active self.evaluate() File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/lib/python3.11/site-packages/nixops/deployment.py", line 445, in evaluate defn = _create_definition(name, cfg, cfg["targetEnv"]) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/lib/python3.11/site-packages/nixops/deployment.py", line 1677, in _create_definition return cls(name, nixops.resources.ResourceEval(config)) # type: ignore ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/nix/store/10n6zd519x65p3l26rhv0ijdamn9qprk-python3.11-nixops-libvirtd-unstable-2023-09-01/lib/python3.11/site-packages/nixops_virtd/backends/libvirtd.py", line 60, in __init__ super().__init__(name, config) File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/lib/python3.11/site-packages/nixops/backends/__init__.py", line 68, in __init__ super().__init__(name, config) File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/lib/python3.11/site-packages/nixops/resources/__init__.py", line 75, in __init__ self.config = config_type(**config) ^^^^^^^^^^^^^^^^^^^^^ File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/lib/python3.11/site-packages/nixops/util.py", line 183, in __init__ setattr(self, key, _transform_value(key, value)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/nix/store/1n5hmldxwzg2d2xmqlqxbf42ra57i11z-nixops-unstable-2023-10-26/lib/python3.11/site-packages/nixops/util.py", line 168, in _transform_value typeguard.check_type(value, ann) File "/nix/store/gslhf4g01nn5q1004pq1iwadyqw3w8yf-python3.11-typeguard-4.1.5/lib/python3.11/site-packages/typeguard/_functions.py", line 108, in check_type check_type_internal(value, expected_type, memo) File "/nix/store/gslhf4g01nn5q1004pq1iwadyqw3w8yf-python3.11-typeguard-4.1.5/lib/python3.11/site-packages/typeguard/_checkers.py", line 759, in check_type_internal checker(value, origin_type, args, memo) File "/nix/store/gslhf4g01nn5q1004pq1iwadyqw3w8yf-python3.11-typeguard-4.1.5/lib/python3.11/site-packages/typeguard/_checkers.py", line 231, in check_mapping check_type_internal(v, value_type, memo) File "/nix/store/gslhf4g01nn5q1004pq1iwadyqw3w8yf-python3.11-typeguard-4.1.5/lib/python3.11/site-packages/typeguard/_checkers.py", line 764, in check_type_internal raise TypeCheckError(f"is not an instance of {qualified_name(origin_type)}") typeguard.TypeCheckError: value of key 'test' of nixops.resources.ResourceEval is not an instance of nixops.backends.KeyOptions ```

flake.nix

```nix { description = "nixops python type bug"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; }; outputs = { self, nixpkgs }: let pkgs = import nixpkgs { system = "x86_64-linux"; }; inherit (nixpkgs) lib; in { nixopsConfigurations.default = { inherit nixpkgs; network.description = "test"; network.storage.legacy = { databasefile = "test.nixops"; }; machine = { system.stateVersion = "23.11"; deployment.targetEnv = "libvirtd"; deployment.keys.test = { keyCommand = [ "dd" "if=/dev/urandom" "bs=1" "count=10" ]; user = "root"; }; }; }; defaultPackage.x86_64-linux = with pkgs; (buildEnv { name = "test"; paths = [ nixops_unstable ]; }); }; } ```

[kevincox]

I'm seeing this too for every key in my config (at least removing the first few just saw other ones fail).

Likely related to https://github.com/NixOS/nixops/pull/1569 cc @K900 @roberth.

My keys look like:

    deployment.keys.foo = {
        text = "Some secret";
        destDir = "/var/keys";
    };

[K900]

I'll take a look tomorrow morning.

[datafoo]

Any update on this?

[K900]

Sorry, completely lost track of this :( Can you try https://github.com/NixOS/nixops/pull/1572 ?

[datafoo]

Sorry, completely lost track of this :( Can you try #1572 ?

Is there an easy way to get the a flake input with your contribution?

[K900]

github:K900/nixops/patch-1

[datafoo]

That did not fix the problem.

[K900]

Sorry then, I'm temporarily out of ideas. I'll have to look at it closer later. For now you should be able to comment out this line: https://github.com/NixOS/nixops/blob/2cfc2cb4fa9ecb89a4274574ff7f63ea61782498/nixops/util.py#L168

[kevincox]

Maybe we should do that for now and push a patch release? nixops has been broken in nixpkgs for quite a while now, and while it is possible to use a pinned version it is annoying and requires every user to find out what is happening on their own.

[talyz]

I've opened #1573, which solves this for me, but it would be nice with more testing.

[zeratax]

github:K900/nixops/patch-1

hope this isn't too offtopic but I am trying to use these patches, but with a flake like this:

{
  inputs = {
    nixpkgs.url = "nixpkgs/nixos-unstable";
    flake-utils.url   = "github:numtide/flake-utils";
    nixops.url = "github:talyz/nixops/mapping-types";
    nixops.inputs.nixpkgs.follows = "nixpkgs";
  };

  outputs = { self, nixpkgs, flake-utils, nixops, ... }:
    {
      nixopsConfigurations.default = {
        inherit nixpkgs;
        network.storage.legacy.databasefile = "~/.nixops/deployments.nixops";
        network.enableRollback = true;
      };

    } // flake-utils.lib.eachDefaultSystem (system:
      let
        pkgs = nixpkgs.legacyPackages.${system};
        nixops-pkgs = nixops.packages.${system};
      in {
        devShell = pkgs.mkShell {
            buildInputs = [
              pkgs.nix
              nixops-pkgs.default
            ];
        };

        formatter = nixpkgs.legacyPackages.${system}.nixpkgs-fmt;
      });
}

I just get

error: The option `deployment.hetznerCloud' does not exist. Definition values:
...

wish something like this would work ^^ https://github.com/NixOS/nixops/issues/1324#issuecomment-1174855490

[talyz]

Yes, that should be because the hetzner plugin is missing. A somewhat easy way to test this is to override NixOps' src attribute in nixpkgs.

[kevincox]

This has been broken in nixpkgs-unstable for a month now. Can we consider merging a quick fix (disabling the type check) for now until we can get a full resolution?

For those who need to deploy now an easy workaround is using nixops from 23.05 nix shell github:NixOS/nixpkgs/nixos-23.05#nixopsUnstable -c nixops help. Be aware what version you are using though if you need bug fixes or new features.

[K900]

1573 is the fix, I'll poke Robert about it.