Expand description
NixFleet fleet agent (v0.2 runtime).
Modules§
- activation
- Activation pipeline (RFC-0005 §4). The runtime worker
(
runtime/workers/activation.rs) is the wire-layer entry point; this module owns the seven LOADBEARING operational steps the activation must preserve: - comms
- mTLS HTTP client construction for the control plane.
- enrollment
- Bootstrap enrollment + cert renewal. Both flows sign the CSR with the host’s SSH ed25519 key (RFC-0003 §2); the agent never generates keys.
- evidence_
signer - Sign JCS-canonical event payloads with the SSH host key. The auditor trust root rotates independently from mTLS, so a leaked agent cert doesn’t compromise the third-party chain.
- freshness
- Defense-in-depth: refuse targets whose backing manifest’s
signed_atis older than the channel’s freshness window when measured at dispatch reception time. - host_
facts - Per-host OS primitives (
boot_id,pending_generation); cfg-gated re-export. - manifest_
cache - Rollout manifest fetch + verify + disk cache. Disk-cache hit re-verifies
the bytes (defense in depth); miss fetches from CP, verifies, writes
through. Per RFC-0005 §4.1, the dispatch path also asserts the manifest’s
declared
target_closurefor this host matches the dispatched value before the reducer ever sees the event. - runtime
- Agent runtime: MPSC reducer loop + applier + workers (RFC-0006 §7.1).