yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

refactor: rename clanCore -> clan.core

Browse Source
This commit is contained in:
DavHau
2024-06-17 17:42:28 +07:00
parent 93a6d7a476
commit 313db5643f
68 changed files with 237 additions and 202 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nixosModules/clanCore/backups.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{
imports = [ ./state.nix ];
options.clanCore.backups = {
options.clan.core.backups = {
providers = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule (

46
nixosModules/clanCore/facts/compat.nix
View File

@@ -2,37 +2,43 @@
{
imports = [
(lib.mkRemovedOptionModule [
"clanCore"
"clan"
"core"
"secretsPrefix"
] "secretsPrefix was only used by the sops module and the code is now integrated in there")
(lib.mkRenamedOptionModule
[
"clanCore"
"clan"
"core"
"secretStore"
]
[
"clanCore"
"clan"
"core"
"facts"
"secretStore"
]
)
(lib.mkRemovedOptionModule [
"clanCore"
"clan"
"core"
"secretsDirectory"
] "clancore.secretsDirectory was removed. Use clanCore.facts.secretPathFunction instead")
] "clan.core.secretsDirectory was removed. Use clan.core.facts.secretPathFunction instead")
(lib.mkRenamedOptionModule
[
"clanCore"
"clan"
"core"
"secretsUploadDirectory"
]
[
"clanCore"
"clan"
"core"
"facts"
"secretUploadDirectory"
]
)
];
options.clanCore.secrets = lib.mkOption {
options.clan.core.secrets = lib.mkOption {
visible = false;
default = { };
type = lib.types.attrsOf (
@@ -97,14 +103,14 @@
description = ''
path to a secret which is generated by the generator
'';
default = config.clanCore.facts.secretPathFunction secret;
defaultText = lib.literalExpression "config.clanCore.facts.secretPathFunction secret";
default = config.clan.core.facts.secretPathFunction secret;
defaultText = lib.literalExpression "config.clan.core.facts.secretPathFunction secret";
};
}
// lib.optionalAttrs (config.clanCore.facts.secretStore == "sops") {
// lib.optionalAttrs (config.clan.core.facts.secretStore == "sops") {
groups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = config.clanCore.sops.defaultGroups;
default = config.clan.core.sops.defaultGroups;
description = ''
Groups to decrypt the secret for. By default we always use the user's key.
'';
@@ -134,12 +140,12 @@
path to a fact which is generated by the generator
'';
default =
config.clanCore.clanDir
+ "/machines/${config.clanCore.machineName}/facts/${fact.config._module.args.name}";
defaultText = lib.literalExpression "\${config.clanCore.clanDir}/machines/\${config.clanCore.machineName}/facts/\${fact.config._module.args.name}";
config.clan.core.clanDir
+ "/machines/${config.clan.core.machineName}/facts/${fact.config._module.args.name}";
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config._module.args.name}";
};
value = lib.mkOption {
defaultText = lib.literalExpression "\${config.clanCore.clanDir}/\${fact.config.path}";
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}";
type = lib.types.nullOr lib.types.str;
default =
if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null;
@@ -152,16 +158,16 @@
})
);
};
config = lib.mkIf (config.clanCore.secrets != { }) {
clanCore.facts.services = lib.mapAttrs' (
config = lib.mkIf (config.clan.core.secrets != { }) {
clan.core.facts.services = lib.mapAttrs' (
name: service:
lib.warn "clanCore.secrets.${name} is deprecated, use clanCore.facts.services.${name} instead" (
lib.warn "clan.core.secrets.${name} is deprecated, use clan.core.facts.services.${name} instead" (
lib.nameValuePair name ({
secret = service.secrets;
public = service.facts;
generator = service.generator;
})
)
) config.clanCore.secrets;
) config.clan.core.secrets;
};
}

25
nixosModules/clanCore/facts/default.nix
View File

@@ -5,7 +5,7 @@
...
}:
{
options.clanCore.facts = {
options.clan.core.facts = {
secretStore = lib.mkOption {
type = lib.types.enum [
"sops"
@@ -115,6 +115,7 @@
type = lib.types.str;
readOnly = true;
internal = true;
defaultText = "read only script";
default = ''
set -eu -o pipefail
@@ -155,13 +156,13 @@
description = ''
path to a secret which is generated by the generator
'';
default = config.clanCore.facts.secretPathFunction secret;
default = config.clan.core.facts.secretPathFunction secret;
};
}
// lib.optionalAttrs (config.clanCore.facts.secretModule == "clan_cli.facts.secret_modules.sops") {
// lib.optionalAttrs (config.clan.core.facts.secretModule == "clan_cli.facts.secret_modules.sops") {
groups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = config.clanCore.sops.defaultGroups;
default = config.clan.core.sops.defaultGroups;
description = ''
Groups to decrypt the secret for. By default we always use the user's key.
'';
@@ -190,12 +191,12 @@
description = ''
path to a fact which is generated by the generator
'';
defaultText = lib.literalExpression "\${config.clanCore.clanDir}/machines/\${config.clanCore.machineName}/facts/\${fact.config.name}";
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config.name}";
default =
config.clanCore.clanDir + "/machines/${config.clanCore.machineName}/facts/${fact.config.name}";
config.clan.core.clanDir + "/machines/${config.clan.core.machineName}/facts/${fact.config.name}";
};
value = lib.mkOption {
defaultText = lib.literalExpression "\${config.clanCore.clanDir}/\${fact.config.path}";
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}";
type = lib.types.nullOr lib.types.str;
default =
if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null;
@@ -218,5 +219,15 @@
./public/in_repo.nix
./public/vm.nix
# (lib.mkRenamedOptionModule
# [
# "clanCore"
# ]
# [
# "clan"
# "core"
# ]
# )
];
}

4
nixosModules/clanCore/facts/public/in_repo.nix
View File

@@ -1,6 +1,6 @@
{ config, lib, ... }:
{
config = lib.mkIf (config.clanCore.facts.publicStore == "in_repo") {
clanCore.facts.publicModule = "clan_cli.facts.public_modules.in_repo";
config = lib.mkIf (config.clan.core.facts.publicStore == "in_repo") {
clan.core.facts.publicModule = "clan_cli.facts.public_modules.in_repo";
};
}

4
nixosModules/clanCore/facts/public/vm.nix
View File

@@ -1,6 +1,6 @@
{ config, lib, ... }:
{
config = lib.mkIf (config.clanCore.facts.publicStore == "vm") {
clanCore.facts.publicModule = "clan_cli.facts.public_modules.vm";
config = lib.mkIf (config.clan.core.facts.publicStore == "vm") {
clan.core.facts.publicModule = "clan_cli.facts.public_modules.vm";
};
}

8
nixosModules/clanCore/facts/secret/password-store.nix
View File

@@ -8,10 +8,10 @@
'';
};
config = lib.mkIf (config.clanCore.facts.secretStore == "password-store") {
clanCore.facts.secretPathFunction =
config = lib.mkIf (config.clan.core.facts.secretStore == "password-store") {
clan.core.facts.secretPathFunction =
secret: "${config.clan.password-store.targetDirectory}/${secret.config.name}";
clanCore.facts.secretUploadDirectory = config.clan.password-store.targetDirectory;
clanCore.facts.secretModule = "clan_cli.facts.secret_modules.password_store";
clan.core.facts.secretUploadDirectory = config.clan.password-store.targetDirectory;
clan.core.facts.secretModule = "clan_cli.facts.secret_modules.password_store";
};
}

22
nixosModules/clanCore/facts/secret/sops.nix
View File

@@ -5,8 +5,8 @@
...
}:
let
secretsDir = config.clanCore.clanDir + "/sops/secrets";
groupsDir = config.clanCore.clanDir + "/sops/groups";
secretsDir = config.clan.core.clanDir + "/sops/secrets";
groupsDir = config.clan.core.clanDir + "/sops/groups";
# My symlink is in the nixos module detected as a directory also it works in the repl. Is this because of pure evaluation?
containsSymlink =
@@ -16,7 +16,7 @@ let
containsMachine =
parent: name: type:
type == "directory" && containsSymlink "${parent}/${name}/machines/${config.clanCore.machineName}";
type == "directory" && containsSymlink "${parent}/${name}/machines/${config.clan.core.machineName}";
containsMachineOrGroups =
name: type:
@@ -34,7 +34,7 @@ let
in
{
options = {
clanCore.sops.defaultGroups = lib.mkOption {
clan.core.sops.defaultGroups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "admins" ];
@@ -42,16 +42,16 @@ in
};
};
config = lib.mkIf (config.clanCore.facts.secretStore == "sops") {
config = lib.mkIf (config.clan.core.facts.secretStore == "sops") {
# Before we generate a secret we cannot know the path yet, so we need to set it to an empty string
clanCore.facts.secretPathFunction =
clan.core.facts.secretPathFunction =
secret:
config.sops.secrets.${"${config.clanCore.machineName}-${secret.config.name}"}.path
config.sops.secrets.${"${config.clan.core.machineName}-${secret.config.name}"}.path
or "/no-such-path";
clanCore.facts.secretModule = "clan_cli.facts.secret_modules.sops";
clanCore.facts.secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix";
clan.core.facts.secretModule = "clan_cli.facts.secret_modules.sops";
clan.core.facts.secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix";
sops.secrets = builtins.mapAttrs (name: _: {
sopsFile = config.clanCore.clanDir + "/sops/secrets/${name}/secret";
sopsFile = config.clan.core.clanDir + "/sops/secrets/${name}/secret";
format = "binary";
}) secrets;
# To get proper error messages about missing secrets we need a dummy secret file that is always present
@@ -60,7 +60,7 @@ in
);
sops.age.keyFile = lib.mkIf (builtins.pathExists (
config.clanCore.clanDir + "/sops/secrets/${config.clanCore.machineName}-age.key/secret"
config.clan.core.clanDir + "/sops/secrets/${config.clan.core.machineName}-age.key/secret"
)) (lib.mkDefault "/var/lib/sops-nix/key.txt");
};
}

8
nixosModules/clanCore/facts/secret/vm.nix
View File

@@ -1,8 +1,8 @@
{ config, lib, ... }:
{
config = lib.mkIf (config.clanCore.facts.secretStore == "vm") {
clanCore.facts.secretPathFunction = secret: "/etc/secrets/${secret.config.name}";
clanCore.facts.secretUploadDirectory = "/etc/secrets";
clanCore.facts.secretModule = "clan_cli.facts.secret_modules.vm";
config = lib.mkIf (config.clan.core.facts.secretStore == "vm") {
clan.core.facts.secretPathFunction = secret: "/etc/secrets/${secret.config.name}";
clan.core.facts.secretUploadDirectory = "/etc/secrets";
clan.core.facts.secretModule = "clan_cli.facts.secret_modules.vm";
};
}

2
nixosModules/clanCore/metadata.nix
View File

@@ -1,6 +1,6 @@
{ lib, pkgs, ... }:
{
options.clanCore = {
options.clan.core = {
clanName = lib.mkOption {
type = lib.types.str;
description = ''

8
nixosModules/clanCore/options.nix
View File

@@ -5,7 +5,13 @@
...
}:
{
options.clanCore.optionsNix = lib.mkOption {
imports = [
(lib.mkRenamedOptionModule [ "clanCore" ] [
"clan"
"core"
])
];
options.clan.core.optionsNix = lib.mkOption {
type = lib.types.raw;
internal = true;
readOnly = true;

2
nixosModules/clanCore/outputs.nix
View File

@@ -66,7 +66,7 @@
config = {
system.clan.deployment.data = {
facts = {
inherit (config.clanCore.facts)
inherit (config.clan.core.facts)
secretUploadDirectory
secretModule
publicModule

4
nixosModules/clanCore/state.nix
View File

@@ -1,10 +1,10 @@
{ lib, ... }:
{
# defaults
config.clanCore.state.HOME.folders = [ "/home" ];
config.clan.core.state.HOME.folders = [ "/home" ];
# interface
options.clanCore.state = lib.mkOption {
options.clan.core.state = lib.mkOption {
default = { };
type = lib.types.attrsOf (
lib.types.submodule (

18
nixosModules/clanCore/vm.nix
View File

@@ -9,7 +9,9 @@
}:
let
# Flatten the list of state folders into a single list
stateFolders = lib.flatten (lib.mapAttrsToList (_item: attrs: attrs.folders) config.clanCore.state);
stateFolders = lib.flatten (
lib.mapAttrsToList (_item: attrs: attrs.folders) config.clan.core.state
);
vmModule = {
imports = [
@@ -86,7 +88,7 @@ let
fsType = "ext4";
};
${config.clanCore.secretsUploadDirectory} = {
${config.clan.core.secretsUploadDirectory} = {
device = "secrets";
fsType = "9p";
neededForBoot = true;
@@ -158,7 +160,7 @@ in
# All important VM config variables needed by the vm runner
# this is really just a remapping of values defined elsewhere
# and therefore not intended to be set by the user
clanCore.vm.inspect = {
clan.core.vm.inspect = {
clan_name = lib.mkOption {
type = lib.types.str;
internal = true;
@@ -228,11 +230,11 @@ in
config = {
# for clan vm inspect
clanCore.vm.inspect = {
clan_name = config.clanCore.clanName;
machine_icon = config.clanCore.machineIcon or config.clanCore.clanIcon;
machine_name = config.clanCore.machineName;
machine_description = config.clanCore.machineDescription;
clan.core.vm.inspect = {
clan_name = config.clan.core.clanName;
machine_icon = config.clan.core.machineIcon or config.clan.core.clanIcon;
machine_name = config.clan.core.machineName;
machine_description = config.clan.core.machineDescription;
memory_size = config.clan.virtualisation.memorySize;
inherit (config.clan.virtualisation) cores graphics waypipe;
};

18
nixosModules/clanCore/zerotier/default.nix
View File

@@ -6,7 +6,7 @@
}:
let
cfg = config.clan.networking.zerotier;
facts = config.clanCore.facts.services.zerotier.public or { };
facts = config.clan.core.facts.services.zerotier.public or { };
genMoonScript = pkgs.runCommand "genmoon" { nativeBuildInputs = [ pkgs.python3 ]; } ''
install -Dm755 ${./genmoon.py} $out/bin/genmoon
patchShebangs $out/bin/genmoon
@@ -23,8 +23,8 @@ in
};
name = lib.mkOption {
type = lib.types.str;
default = config.clanCore.clanName;
defaultText = "config.clanCore.clanName";
default = config.clan.core.clanName;
defaultText = "config.clan.core.clanName";
description = ''
zerotier network name
'';
@@ -111,7 +111,7 @@ in
systemd.services.zerotierone.serviceConfig.ExecStartPre = [
"+${pkgs.writeShellScript "init-zerotier" ''
cp ${config.clanCore.facts.services.zerotier.secret.zerotier-identity-secret.path} /var/lib/zerotier-one/identity.secret
cp ${config.clan.core.facts.services.zerotier.secret.zerotier-identity-secret.path} /var/lib/zerotier-one/identity.secret
zerotier-idtool getpublic /var/lib/zerotier-one/identity.secret > /var/lib/zerotier-one/identity.public
${lib.optionalString (cfg.controller.enable) ''
@@ -176,7 +176,7 @@ in
(lib.mkIf cfg.controller.enable {
# only the controller needs to have the key in the repo, the other clients can be dynamic
# we generate the zerotier code manually for the controller, since it's part of the bootstrap command
clanCore.facts.services.zerotier = {
clan.core.facts.services.zerotier = {
public.zerotier-ip = { };
public.zerotier-network-id = { };
secret.zerotier-identity-secret = { };
@@ -192,12 +192,12 @@ in
--network-id "$facts/zerotier-network-id"
'';
};
clanCore.state.zerotier.folders = [ "/var/lib/zerotier-one" ];
clan.core.state.zerotier.folders = [ "/var/lib/zerotier-one" ];
environment.systemPackages = [ config.clanCore.clanPkgs.zerotier-members ];
environment.systemPackages = [ config.clan.core.clanPkgs.zerotier-members ];
})
(lib.mkIf (!cfg.controller.enable && cfg.networkId != null) {
clanCore.facts.services.zerotier = {
clan.core.facts.services.zerotier = {
public.zerotier-ip = { };
secret.zerotier-identity-secret = { };
generator.path = [
@@ -255,7 +255,7 @@ in
environment.etc."zerotier/network-id".text = facts.zerotier-network-id.value;
systemd.services.zerotierone.serviceConfig.ExecStartPost = [
"+${pkgs.writeShellScript "whitelist-controller" ''
${config.clanCore.clanPkgs.zerotier-members}/bin/zerotier-members allow ${
${config.clan.core.clanPkgs.zerotier-members}/bin/zerotier-members allow ${
builtins.substring 0 10 cfg.networkId
}
''}"

2
nixosModules/flake-module.nix
View File

@@ -16,7 +16,7 @@
(
{ pkgs, lib, ... }:
{
clanCore.clanPkgs = lib.mkDefault self.packages.${pkgs.hostPlatform.system};
clan.core.clanPkgs = lib.mkDefault self.packages.${pkgs.hostPlatform.system};
}
)
];

4
nixosModules/iso/default.nix
View File

@@ -19,7 +19,9 @@ let
};
# Flatten the list of state folders into a single list
stateFolders = lib.flatten (lib.mapAttrsToList (_item: attrs: attrs.folders) config.clanCore.state);
stateFolders = lib.flatten (
lib.mapAttrsToList (_item: attrs: attrs.folders) config.clan.core.state
);
# A module setting up bind mounts for all state folders
stateMounts = {