Merge pull request 'vars: move owner/group to a sops namespace' (#2294) from sops-owner into main
This commit is contained in:
clan-bot
@@ -25,7 +25,6 @@ let
|
|||||||
specialArgs.pkgs = pkgs;
|
specialArgs.pkgs = pkgs;
|
||||||
modules = [ module ];
|
modules = [ module ];
|
||||||
};
|
};
|
||||||
options = lib.mapAttrs (_: mkOption);
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
@@ -40,8 +39,8 @@ in
|
|||||||
type = attrsOf (
|
type = attrsOf (
|
||||||
submodule (generator: {
|
submodule (generator: {
|
||||||
imports = [ ./generator.nix ];
|
imports = [ ./generator.nix ];
|
||||||
options = options {
|
options = {
|
||||||
dependencies = {
|
dependencies = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
A list of other generators that this generator depends on.
|
A list of other generators that this generator depends on.
|
||||||
The output values of these generators will be available to the generator script as files.
|
The output values of these generators will be available to the generator script as files.
|
||||||
@@ -50,7 +49,7 @@ in
|
|||||||
type = listOf str;
|
type = listOf str;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
};
|
};
|
||||||
migrateFact = {
|
migrateFact = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
The fact service name to import the files from.
|
The fact service name to import the files from.
|
||||||
|
|
||||||
@@ -60,16 +59,26 @@ in
|
|||||||
example = "my_service";
|
example = "my_service";
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
files = {
|
files = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
A set of files to generate.
|
A set of files to generate.
|
||||||
The generator 'script' is expected to produce exactly these files under $out.
|
The generator 'script' is expected to produce exactly these files under $out.
|
||||||
'';
|
'';
|
||||||
type = attrsOf (
|
type = attrsOf (
|
||||||
submodule (file: {
|
submodule (file: {
|
||||||
imports = [ config.settings.fileModule ];
|
imports = [
|
||||||
options = options {
|
config.settings.fileModule
|
||||||
name = {
|
(lib.mkRenamedOptionModule [ "owner" ] [
|
||||||
|
"sops"
|
||||||
|
"owner"
|
||||||
|
])
|
||||||
|
(lib.mkRenamedOptionModule [ "group" ] [
|
||||||
|
"sops"
|
||||||
|
"group"
|
||||||
|
])
|
||||||
|
];
|
||||||
|
options = {
|
||||||
|
name = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
description = ''
|
description = ''
|
||||||
name of the public fact
|
name of the public fact
|
||||||
@@ -77,7 +86,7 @@ in
|
|||||||
readOnly = true;
|
readOnly = true;
|
||||||
default = file.config._module.args.name;
|
default = file.config._module.args.name;
|
||||||
};
|
};
|
||||||
generatorName = {
|
generatorName = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
description = ''
|
description = ''
|
||||||
name of the generator
|
name of the generator
|
||||||
@@ -85,7 +94,7 @@ in
|
|||||||
readOnly = true;
|
readOnly = true;
|
||||||
default = generator.config._module.args.name;
|
default = generator.config._module.args.name;
|
||||||
};
|
};
|
||||||
share = {
|
share = lib.mkOption {
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
description = ''
|
description = ''
|
||||||
Whether the generated vars should be shared between machines.
|
Whether the generated vars should be shared between machines.
|
||||||
@@ -96,7 +105,7 @@ in
|
|||||||
internal = true;
|
internal = true;
|
||||||
default = generator.config.share;
|
default = generator.config.share;
|
||||||
};
|
};
|
||||||
deploy = {
|
deploy = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
Whether the file should be deployed to the target machine.
|
Whether the file should be deployed to the target machine.
|
||||||
|
|
||||||
@@ -105,30 +114,34 @@ in
|
|||||||
type = bool;
|
type = bool;
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
secret = {
|
secret = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
Whether the file should be treated as a secret.
|
Whether the file should be treated as a secret.
|
||||||
'';
|
'';
|
||||||
type = bool;
|
type = bool;
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
path = {
|
path = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
The path to the file containing the content of the generated value.
|
The path to the file containing the content of the generated value.
|
||||||
This will be set automatically
|
This will be set automatically
|
||||||
'';
|
'';
|
||||||
type = str;
|
type = str;
|
||||||
};
|
};
|
||||||
owner = {
|
|
||||||
description = "The user name or id that will own the secret file. This option is currently only implemented for sops";
|
sops = {
|
||||||
default = "root";
|
owner = lib.mkOption {
|
||||||
};
|
description = "The user name or id that will own the secret file. This option is currently only implemented for sops";
|
||||||
group = {
|
default = "root";
|
||||||
description = "The group name or id that will own the secret file. This option is currently only implemented for sops";
|
};
|
||||||
default = "root";
|
group = lib.mkOption {
|
||||||
|
description = "The group name or id that will own the secret file. This option is currently only implemented for sops";
|
||||||
|
default = "root";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
value =
|
value =
|
||||||
{
|
lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
The content of the generated value.
|
The content of the generated value.
|
||||||
Only available if the file is not secret.
|
Only available if the file is not secret.
|
||||||
@@ -143,7 +156,7 @@ in
|
|||||||
})
|
})
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
prompts = {
|
prompts = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
A set of prompts to ask the user for values.
|
A set of prompts to ask the user for values.
|
||||||
Prompts are available to the generator script as files.
|
Prompts are available to the generator script as files.
|
||||||
@@ -152,8 +165,8 @@ in
|
|||||||
default = { };
|
default = { };
|
||||||
type = attrsOf (
|
type = attrsOf (
|
||||||
submodule (prompt: {
|
submodule (prompt: {
|
||||||
options = options {
|
options = {
|
||||||
createFile = {
|
createFile = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
Whether the prompted value should be stored in a file with the same name as the prompt.
|
Whether the prompted value should be stored in a file with the same name as the prompt.
|
||||||
|
|
||||||
@@ -168,7 +181,7 @@ in
|
|||||||
type = bool;
|
type = bool;
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
description = {
|
description = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
The description of the prompted value
|
The description of the prompted value
|
||||||
'';
|
'';
|
||||||
@@ -176,7 +189,7 @@ in
|
|||||||
example = "SSH private key";
|
example = "SSH private key";
|
||||||
default = prompt.config._module.args.name;
|
default = prompt.config._module.args.name;
|
||||||
};
|
};
|
||||||
type = {
|
type = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
The input type of the prompt.
|
The input type of the prompt.
|
||||||
The following types are available:
|
The following types are available:
|
||||||
@@ -195,7 +208,7 @@ in
|
|||||||
})
|
})
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
runtimeInputs = {
|
runtimeInputs = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
A list of packages that the generator script requires.
|
A list of packages that the generator script requires.
|
||||||
These packages will be available in the PATH when the script is run.
|
These packages will be available in the PATH when the script is run.
|
||||||
@@ -203,7 +216,7 @@ in
|
|||||||
type = listOf package;
|
type = listOf package;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
};
|
};
|
||||||
script = {
|
script = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
The script to run to generate the files.
|
The script to run to generate the files.
|
||||||
The script will be run with the following environment variables:
|
The script will be run with the following environment variables:
|
||||||
@@ -215,7 +228,7 @@ in
|
|||||||
type = either str path;
|
type = either str path;
|
||||||
default = "";
|
default = "";
|
||||||
};
|
};
|
||||||
finalScript = {
|
finalScript = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
The final generator script, wrapped, so:
|
The final generator script, wrapped, so:
|
||||||
- all required programs are in PATH
|
- all required programs are in PATH
|
||||||
@@ -226,7 +239,7 @@ in
|
|||||||
internal = true;
|
internal = true;
|
||||||
visible = false;
|
visible = false;
|
||||||
};
|
};
|
||||||
share = {
|
share = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
Whether the generated vars should be shared between machines.
|
Whether the generated vars should be shared between machines.
|
||||||
Shared vars are only generated once, when the first machine using it is deployed.
|
Shared vars are only generated once, when the first machine using it is deployed.
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ in
|
|||||||
flip map vars (secret: {
|
flip map vars (secret: {
|
||||||
name = "vars/${secret.generator}/${secret.name}";
|
name = "vars/${secret.generator}/${secret.name}";
|
||||||
value = {
|
value = {
|
||||||
inherit (secret) owner group;
|
inherit (secret.sops) owner group;
|
||||||
sopsFile = secretPath secret;
|
sopsFile = secretPath secret;
|
||||||
format = "binary";
|
format = "binary";
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ in
|
|||||||
name = fname;
|
name = fname;
|
||||||
generator = gen_name;
|
generator = gen_name;
|
||||||
inherit (generator) share;
|
inherit (generator) share;
|
||||||
inherit (file) owner group;
|
inherit (file) sops;
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|||||||
Reference in New Issue
Block a user