Migrate borgbackup module to vars

2025-01-13 22:38:13 +01:00
parent 89890d34af
commit 038083bece
9 changed files with 64 additions and 45 deletions
--- a/clanModules/borgbackup/roles/client.nix
+++ b/clanModules/borgbackup/roles/client.nix
@@ -63,9 +63,9 @@ in
            rsh = lib.mkOption {
              type = lib.types.str;
              default = "ssh -i ${
-                config.clan.core.facts.services.borgbackup.secret."borgbackup.ssh".path
+                config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path
              } -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=Yes";
-              defaultText = "ssh -i \${config.clan.core.facts.services.borgbackup.secret.\"borgbackup.ssh\".path} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
+              defaultText = "ssh -i \${config.clan.core.vars.generators.borgbackup.files.\"borgbackup.ssh\".path} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
              description = "the rsh to use for the backup";
            };
          };
@@ -126,7 +126,7 @@ in

      encryption = {
        mode = "repokey";
-        passCommand = "cat ${config.clan.core.facts.services.borgbackup.secret."borgbackup.repokey".path}";
+        passCommand = "cat ${config.clan.core.vars.generators.borgbackup.files."borgbackup.repokey".path}";
      };

      prune.keep = {
@@ -177,20 +177,21 @@ in
      })
    ];

-    # Facts generation. So the client can authenticate to the server
-    clan.core.facts.services.borgbackup = {
-      public."borgbackup.ssh.pub" = { };
-      secret."borgbackup.ssh" = { };
-      secret."borgbackup.repokey" = { };
-      generator.path = [
-        pkgs.openssh
+    clan.core.vars.generators.borgbackup = {
+
+      files."borgbackup.ssh.pub".secret = false;
+      files."borgbackup.ssh" = { };
+      files."borgbackup.repokey" = { };
+
+      migrateFact = "borgbackup";
+      runtimeInputs = [
        pkgs.coreutils
+        pkgs.openssh
        pkgs.xkcdpass
      ];
-      generator.script = ''
-        ssh-keygen -t ed25519 -N "" -f "$secrets"/borgbackup.ssh
-        mv "$secrets"/borgbackup.ssh.pub "$facts"/borgbackup.ssh.pub
-        xkcdpass -n 4 -d - > "$secrets"/borgbackup.repokey
+      script = ''
+        ssh-keygen -t ed25519 -N "" -f $out/borgbackup.ssh
+        xkcdpass -n 4 -d - > $out/borgbackup.repokey
      '';
    };

--- a/clanModules/borgbackup/roles/server.nix
+++ b/clanModules/borgbackup/roles/server.nix
@@ -1,7 +1,7 @@
 { config, lib, ... }:
 let
  dir = config.clan.core.settings.directory;
-  machineDir = dir + "/machines/";
+  machineDir = dir + "/vars/per-machine/";
  machineName = config.clan.core.settings.machine.name;

  # Instances might be empty, if the module is not used via the inventory
@@ -33,7 +33,8 @@ in
  };
  config.services.borgbackup.repos =
    let
-      borgbackupIpMachinePath = machines: machineDir + machines + "/facts/borgbackup.ssh.pub";
+      borgbackupIpMachinePath = machine: machineDir + machine + "/borgbackup/borgbackup.ssh.pub/value";
+
      machinesMaybeKey = builtins.map (
        machine:
        let
@@ -44,7 +45,7 @@ in
        else
          lib.warn ''
            Machine ${machine} does not have a borgbackup key at ${fullPath},
-            run `clan facts generate ${machine}` to generate it.
+            run `clan var generate ${machine}` to generate it.
          '' null
      ) allClients;