vars/sops: fix loading of vars from directory structure

nixosModules/clanCore/vars/secret/sops/default.nix

@@ -0,0 +1,50 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+
+  inherit (lib) flip;
+
+  inherit (import ./funcs.nix { inherit lib; }) listVars;
+
+  varsDir = config.clan.core.clanDir + "/sops/vars";
+
+  vars = listVars varsDir;
+
+in
+{
+  config.clan.core.vars.settings = lib.mkIf (config.clan.core.vars.settings.secretStore == "sops") {
+    # Before we generate a secret we cannot know the path yet, so we need to set it to an empty string
+    fileModule = file: {
+      path = lib.mkIf file.config.secret (
+        config.sops.secrets.${"vars-${config.clan.core.machineName}-${file.config.generatorName}-${file.config.name}"}.path
+          or "/no-such-path"
+      );
+    };
+    secretModule = "clan_cli.vars.secret_modules.sops";
+    secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix";
+  };
+
+  config.sops = lib.mkIf (config.clan.core.vars.settings.secretStore == "sops") {
+    secrets = lib.listToAttrs (
+      flip map vars (secret: {
+        name = secret.name;
+        value = {
+          sopsFile =
+            config.clan.core.clanDir + "/sops/vars/${secret.machine}/${secret.generator}/${secret.name}/secret";
+          format = "binary";
+        };
+      })
+    );
+    # To get proper error messages about missing secrets we need a dummy secret file that is always present
+    defaultSopsFile = lib.mkIf config.sops.validateSopsFiles (
+      lib.mkDefault (builtins.toString (pkgs.writeText "dummy.yaml" ""))
+    );
+    age.keyFile = lib.mkIf (builtins.pathExists (
+      config.clan.core.clanDir + "/sops/secrets/${config.clan.core.machineName}-age.key/secret"
+    )) (lib.mkDefault "/var/lib/sops-nix/key.txt");
+  };
+}

nixosModules/clanCore/vars/secret/sops/eval-tests/default.nix

@@ -0,0 +1,43 @@
+{
+  lib ? import <nixpkgs/lib>,
+  pkgs ? import <nixpkgs> { },
+}:
+let
+  inherit (import ../funcs.nix { inherit lib; }) readDirNames listVars;
+
+  noVars = pkgs.runCommand "empty-dir" { } ''
+    mkdir $out
+  '';
+
+  emtpyVars = pkgs.runCommand "empty-dir" { } ''
+    mkdir -p $out/vars
+  '';
+
+in
+{
+  test_readDirNames = {
+    expr = readDirNames ./populated/vars;
+    expected = [ "my_machine" ];
+  };
+
+  test_listSecrets = {
+    expr = listVars ./populated/vars;
+    expected = [
+      {
+        machine = "my_machine";
+        generator = "my_generator";
+        name = "my_secret";
+      }
+    ];
+  };
+
+  test_listSecrets_no_vars = {
+    expr = listVars noVars;
+    expected = [ ];
+  };
+
+  test_listSecrets_empty_vars = {
+    expr = listVars emtpyVars;
+    expected = [ ];
+  };
+}

nixosModules/clanCore/vars/secret/sops/funcs.nix

@@ -0,0 +1,28 @@
+{
+  lib ? import <nixpkgs/lib>,
+  ...
+}:
+let
+  inherit (builtins) readDir;
+
+  inherit (lib) concatMap flip;
+in
+rec {
+  readDirNames =
+    dir:
+    if !(builtins.pathExists dir) then [ ] else lib.mapAttrsToList (name: _type: name) (readDir dir);
+
+  listVars =
+    varsDir:
+    flip concatMap (readDirNames varsDir) (
+      machine_name:
+      flip concatMap (readDirNames (varsDir + "/${machine_name}")) (
+        generator_name:
+        flip map (readDirNames (varsDir + "/${machine_name}/${generator_name}")) (secret_name: {
+          machine = machine_name;
+          generator = generator_name;
+          name = secret_name;
+        })
+      )
+    );
+}