yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

rewrite sops backend for secret generation and add tests

Browse Source
This commit is contained in:
Jörg Thalheim
2023-09-19 21:48:39 +02:00
committed by lassulus
parent ead5c6e6a8
commit 0314132a1a
9 changed files with 287 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
nixosModules/clanCore/secrets/default.nix
View File

@@ -18,14 +18,17 @@
type = lib.types.str;
default = secret.config._module.args.name;
description = ''
namespace of the secret
Namespace of the secret
'';
};
generator = lib.mkOption {
type = lib.types.nullOr lib.types.str;
type = lib.types.str;
description = ''
script to generate the secret.
can be set to null. then the user has to provide the secret via the clan cli
Script to generate the secret.
The script will be called with the following variables:
- facts: path to a directory where facts can be stored
- secrets: path to a directory where secrets can be stored
The script is expected to generate all secrets and facts defined in the module.
'';
};
secrets = lib.mkOption {
@@ -63,7 +66,11 @@
};
value = lib.mkOption {
defaultText = lib.literalExpression "\${config.clanCore.clanDir}/\${fact.config.path}";
default = builtins.readFile "${config.clanCore.clanDir}/${fact.config.path}";
default =
if builtins.pathExists "${config.clanCore.clanDir}/${fact.config.path}" then
builtins.readFile "${config.clanCore.clanDir}/${fact.config.path}"
else
"";
};
};
}));