yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'clanCore/vars/sops: only copy required secrets to store' (#3457) from vdbe/clan-core:clanCore/vars/sops/only-copy-used into main

Browse Source 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3457
This commit is contained in:
Mic92
2025-05-04 06:41:37 +00:00
parent e8c85e3237 d445a353d5
commit 20ab5a67c1
4 changed files with 26 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
nixosModules/clanCore/vars/interface.nix
View File

@@ -241,12 +241,30 @@ in
type = bool; type = bool;
default = true; default = true;
}; };
flakePath = lib.mkOption {
description = ''
The path to the file containing the content of the generated value.
This will be set automatically
'';
type = nullOr str;
default = null;
};
path = lib.mkOption { path = lib.mkOption {
description = '' description = ''
The path to the file containing the content of the generated value. The path to the file containing the content of the generated value.
This will be set automatically This will be set automatically
''; '';
type = str; type = str;
defaultText = ''
builtins.path {
name = "$${generator.config._module.args.name}_$${file.config._module.args.name}";
path = file.config.inRepoPath;
}
'';
default = builtins.path {
name = "${generator.config._module.args.name}_${file.config._module.args.name}";
path = file.config.flakePath;
};
}; };
neededFor = lib.mkOption { neededFor = lib.mkOption {
description = '' description = ''

6
nixosModules/clanCore/vars/public/in_repo.nix
View File

@@ -11,7 +11,7 @@ in
config.clan.core.vars.settings = mkIf (config.clan.core.vars.settings.publicStore == "in_repo") { config.clan.core.vars.settings = mkIf (config.clan.core.vars.settings.publicStore == "in_repo") {
publicModule = "clan_cli.vars.public_modules.in_repo"; publicModule = "clan_cli.vars.public_modules.in_repo";
fileModule = file: { fileModule = file: {
path = mkIf (file.config.secret == false) ( flakePath = mkIf (file.config.secret == false) (
if file.config.share then if file.config.share then
( (
config.clan.core.settings.directory config.clan.core.settings.directory
@@ -25,9 +25,9 @@ in
); );
value = mkIf (file.config.secret == false) ( value = mkIf (file.config.secret == false) (
# dynamically adjust priority to allow overriding with mkDefault in case the file is not found # dynamically adjust priority to allow overriding with mkDefault in case the file is not found
if (pathExists file.config.path) then if (pathExists file.config.flakePath) then
# if the file is found it should have normal priority # if the file is found it should have normal priority
readFile file.config.path readFile file.config.flakePath
else else
# if the file is not found, we want to downgrade the priority, to allow overriding via mkDefault # if the file is not found, we want to downgrade the priority, to allow overriding via mkDefault
mkOptionDefault ( mkOptionDefault (

5
nixosModules/clanCore/vars/secret/sops/default.nix
View File

@@ -49,7 +49,10 @@ in
mode mode
neededForUsers neededForUsers
; ;
sopsFile = secretPath secret; sopsFile = builtins.path {
name = "${secret.generator}_${secret.name}";
path = secretPath secret;
};
format = "binary"; format = "binary";
}; };
}) (builtins.filter (x: builtins.pathExists (secretPath x)) vars) }) (builtins.filter (x: builtins.pathExists (secretPath x)) vars)

2
pkgs/clan-cli/clan_cli/tests/test_vars.py
View File

@@ -970,7 +970,7 @@ def test_dynamic_invalidation(
custom_nix.write_text( custom_nix.write_text(
""" """
{ config, ... }: let { config, ... }: let
p = config.clan.core.vars.generators.my_generator.files.my_value.path; p = config.clan.core.vars.generators.my_generator.files.my_value.flakePath;
in { in {
clan.core.vars.generators.dependent_generator.validation = if builtins.pathExists p then builtins.readFile p else null; clan.core.vars.generators.dependent_generator.validation = if builtins.pathExists p then builtins.readFile p else null;
} }