Skip to main content

EncryptedSpawnPodRequest

paygress::nostr

Struct EncryptedSpawnPodRequest 

Source 
pub struct EncryptedSpawnPodRequest {
    pub cashu_token: String,
    pub pod_spec_id: Option<String>,
    pub pod_image: String,
    pub ssh_username: String,
    pub ssh_password: String,
    pub template_slug: Option<String>,
    pub replication: Option<ReplicationMode>,
    pub primary_npub: Option<String>,
    pub workload_id: Option<String>,
    pub volume_encryption: Option<VolumeEncryption>,
}

Fields§

§cashu_token: String§pod_spec_id: Option<String>§pod_image: String§ssh_username: String§ssh_password: String§template_slug: Option<String>

Optional template slug. When set, the provider materializes the workload’s image / ports / env from its OWN local template registry (paygress::templates) rather than trusting consumer-supplied bytes — so a consumer cannot smuggle an arbitrary image past the provider’s vetted list. pod_image is ignored when template_slug resolves. Old clients that don’t set this field continue to work (#[serde(default)]).

§replication: Option<ReplicationMode>

Replication mode requested by the consumer (Unit 5 wiring completion). Old clients that don’t set this field default to ReplicationMode::None — same shape as before, no behavior change for unspecified spawns.

WarmStandby { standby_providers } is the load-bearing variant: the consumer sends the SAME spawn request to every provider in the standby set; each provider determines its own role (primary if it is not in the standby list, standby otherwise) and the orchestrator coordinates failover via the LeaseRevocation event published by #34’s wiring.

§primary_npub: Option<String>

Primary provider’s npub. Required when replication is WarmStandby; ignored otherwise. Lets each receiving provider self-determine its role: if self.npub == primary_npub it acts as the primary (spawns + heartbeats); otherwise (and only if it is in standby_providers) it acts as a standby (reserves a slot, listens for revocations, promotes on signal).

§workload_id: Option<String>

Consumer-assigned workload identifier (UUID-shaped string). Required when replication is WarmStandby so the primary and N standbys share one stable id across providers — the LeaseRevocation event uses this id, and the standby looks up its reserved slot by it on receipt. Single-provider spawns can leave this unset; the provider derives a vmid-based id internally.

§volume_encryption: Option<VolumeEncryption>

Optional encryption key for the workload’s persistent data volume. When set, the provider creates a LUKS-encrypted volume (instead of a plain one) for template.data_path and destroys the volume header on tenancy end so post-eviction disk forensics reveal only ciphertext.

Threat model: protects against post-eviction snooping, lazy host-operator backups, co-tenant attacks on shared storage, and cold-disk forensics if the host is seized. Does NOT protect against a live host with CAP_SYS_PTRACE reading /proc//mem or extracting the LUKS key from the kernel keyring while the workload runs — that requires hardware confidential VMs (SEV-SNP / TDX), which the attested-research-tier IsolationLevel is reserved for.

The key travels inside this Nostr DM, which is itself NIP-04 / NIP-17 encrypted to the provider’s pubkey, so it is never visible on relays or in transit. The provider holds it only in memory while the workload runs.

Old clients that don’t set this field get plain volumes — same shape as before, no behavior change for unspecified spawns.

Trait Implementations§

Source§

impl Clone for EncryptedSpawnPodRequest

Source§

fn clone(&self) -> EncryptedSpawnPodRequest

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for EncryptedSpawnPodRequest

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for EncryptedSpawnPodRequest

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for EncryptedSpawnPodRequest

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,