yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'vars: move owner/group to a sops namespace' (#2294) from sops-owner into main

Browse Source
This commit is contained in:
clan-bot
2024-10-31 11:26:50 +00:00
parent 48e1dcb0f2 6bfabbb8e6
commit 1bd3af310e
3 changed files with 45 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
nixosModules/clanCore/vars/interface.nix
View File

@@ -25,7 +25,6 @@ let
specialArgs.pkgs = pkgs;
modules = [ module ];
};
options = lib.mapAttrs (_: mkOption);
in
{
options = {
@@ -40,8 +39,8 @@ in
type = attrsOf (
submodule (generator: {
imports = [ ./generator.nix ];
options = options {
dependencies = {
options = {
dependencies = lib.mkOption {
description = ''
A list of other generators that this generator depends on.
The output values of these generators will be available to the generator script as files.
@@ -50,7 +49,7 @@ in
type = listOf str;
default = [ ];
};
migrateFact = {
migrateFact = lib.mkOption {
description = ''
The fact service name to import the files from.
@@ -60,16 +59,26 @@ in
example = "my_service";
default = null;
};
files = {
files = lib.mkOption {
description = ''
A set of files to generate.
The generator 'script' is expected to produce exactly these files under $out.
'';
type = attrsOf (
submodule (file: {
imports = [ config.settings.fileModule ];
options = options {
name = {
imports = [
config.settings.fileModule
(lib.mkRenamedOptionModule [ "owner" ] [
"sops"
"owner"
])
(lib.mkRenamedOptionModule [ "group" ] [
"sops"
"group"
])
];
options = {
name = lib.mkOption {
type = lib.types.str;
description = ''
name of the public fact
@@ -77,7 +86,7 @@ in
readOnly = true;
default = file.config._module.args.name;
};
generatorName = {
generatorName = lib.mkOption {
type = lib.types.str;
description = ''
name of the generator
@@ -85,7 +94,7 @@ in
readOnly = true;
default = generator.config._module.args.name;
};
share = {
share = lib.mkOption {
type = lib.types.bool;
description = ''
Whether the generated vars should be shared between machines.
@@ -96,7 +105,7 @@ in
internal = true;
default = generator.config.share;
};
deploy = {
deploy = lib.mkOption {
description = ''
Whether the file should be deployed to the target machine.
@@ -105,30 +114,34 @@ in
type = bool;
default = true;
};
secret = {
secret = lib.mkOption {
description = ''
Whether the file should be treated as a secret.
'';
type = bool;
default = true;
};
path = {
path = lib.mkOption {
description = ''
The path to the file containing the content of the generated value.
This will be set automatically
'';
type = str;
};
owner = {
description = "The user name or id that will own the secret file. This option is currently only implemented for sops";
default = "root";
};
group = {
description = "The group name or id that will own the secret file. This option is currently only implemented for sops";
default = "root";
sops = {
owner = lib.mkOption {
description = "The user name or id that will own the secret file. This option is currently only implemented for sops";
default = "root";
};
group = lib.mkOption {
description = "The group name or id that will own the secret file. This option is currently only implemented for sops";
default = "root";
};
};
value =
{
lib.mkOption {
description = ''
The content of the generated value.
Only available if the file is not secret.
@@ -143,7 +156,7 @@ in
})
);
};
prompts = {
prompts = lib.mkOption {
description = ''
A set of prompts to ask the user for values.
Prompts are available to the generator script as files.
@@ -152,8 +165,8 @@ in
default = { };
type = attrsOf (
submodule (prompt: {
options = options {
createFile = {
options = {
createFile = lib.mkOption {
description = ''
Whether the prompted value should be stored in a file with the same name as the prompt.
@@ -168,7 +181,7 @@ in
type = bool;
default = true;
};
description = {
description = lib.mkOption {
description = ''
The description of the prompted value
'';
@@ -176,7 +189,7 @@ in
example = "SSH private key";
default = prompt.config._module.args.name;
};
type = {
type = lib.mkOption {
description = ''
The input type of the prompt.
The following types are available:
@@ -195,7 +208,7 @@ in
})
);
};
runtimeInputs = {
runtimeInputs = lib.mkOption {
description = ''
A list of packages that the generator script requires.
These packages will be available in the PATH when the script is run.
@@ -203,7 +216,7 @@ in
type = listOf package;
default = [ ];
};
script = {
script = lib.mkOption {
description = ''
The script to run to generate the files.
The script will be run with the following environment variables:
@@ -215,7 +228,7 @@ in
type = either str path;
default = "";
};
finalScript = {
finalScript = lib.mkOption {
description = ''
The final generator script, wrapped, so:
- all required programs are in PATH
@@ -226,7 +239,7 @@ in
internal = true;
visible = false;
};
share = {
share = lib.mkOption {
description = ''
Whether the generated vars should be shared between machines.
Shared vars are only generated once, when the first machine using it is deployed.

2
nixosModules/clanCore/vars/secret/sops/default.nix
View File

@@ -40,7 +40,7 @@ in
flip map vars (secret: {
name = "vars/${secret.generator}/${secret.name}";
value = {
inherit (secret) owner group;
inherit (secret.sops) owner group;
sopsFile = secretPath secret;
format = "binary";
};

2
nixosModules/clanCore/vars/secret/sops/funcs.nix
View File

@@ -25,7 +25,7 @@ in
name = fname;
generator = gen_name;
inherit (generator) share;
inherit (file) owner group;
inherit (file) sops;
}
)
)