yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

lib/test/sops: Fix secret deployment for test machines

Browse Source 
Fix secret deployment for test machines in our NixOS vm and container
tests.

We filter now if we really need to deploy a certain set of files as a
deployment script, which alleviates us running into these edgecases:
```
error: The option `nodes.server.system.activationScripts.setupSecrets.text'
was accessed but has no value defined. Try setting the option.
```
This commit is contained in:
a-kenji
2025-06-27 12:14:38 +02:00
parent 6929700c77
commit 0a56f60005
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/test/sops.nix
View File

@@ -6,15 +6,18 @@
system.activationScripts = system.activationScripts =
let let
# https://github.com/Mic92/sops-nix/blob/61154300d945f0b147b30d24ddcafa159148026a/modules/sops/default.nix#L27 # https://github.com/Mic92/sops-nix/blob/61154300d945f0b147b30d24ddcafa159148026a/modules/sops/default.nix#L27
hasRegularSecrets = lib.filterAttrs (_: v: v.neededForUsers) config.sops.secrets != { }; hasRegularSecrets = lib.filterAttrs (_: v: !v.neededForUsers) config.sops.secrets != { };
hasUserSecrets = lib.filterAttrs (_: v: v.neededForUsers) config.sops.secrets != { };
in in
{ {
age-key.text = '' age-key.text = ''
echo AGE-SECRET-KEY-1PL0M9CWRCG3PZ9DXRTTLMCVD57U6JDFE8K7DNVQ35F4JENZ6G3MQ0RQLRV > /run/age-key.txt echo AGE-SECRET-KEY-1PL0M9CWRCG3PZ9DXRTTLMCVD57U6JDFE8K7DNVQ35F4JENZ6G3MQ0RQLRV > /run/age-key.txt
''; '';
} }
// lib.optionalAttrs (hasRegularSecrets) { // lib.optionalAttrs hasRegularSecrets {
setupSecrets.deps = [ "age-key" ]; setupSecrets.deps = [ "age-key" ];
}
// lib.optionalAttrs hasUserSecrets {
setupSecretsForUsers.deps = [ "age-key" ]; setupSecretsForUsers.deps = [ "age-key" ];
}; };
} }