deploy_nixos leaks files from the working directory into the world-readable nix store

**Describe the bug**
`deploy_nixos` evaulates an expression that has `./.` as src and leaks the contents of the working directory into the world-readable nix store. The working directory may contain (.gitignored) secrets so this is a security issue.
https://github.com/tweag/terraform-nixos/blob/646cacb12439ca477c05315a7bfd49e9832bc4e3/deploy_nixos/nixos-instantiate.sh#L22

**To Reproduce**
Use `deploy_nixos` module

**Expected behavior**
Don't leak files from working directory.

**Environment**
 - OS name + version: NixOS unstable
 - Version of the code: 646cacb12439ca477c05315a7bfd49e9832bc4e3


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deploy_nixos leaks files from the working directory into the world-readable nix store #67

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

deploy_nixos leaks files from the working directory into the world-readable nix store #67

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions