refactor: rename clanCore -> clan.core
This commit is contained in:
DavHau
@@ -2,37 +2,43 @@
|
||||
{
|
||||
imports = [
|
||||
(lib.mkRemovedOptionModule [
|
||||
"clanCore"
|
||||
"clan"
|
||||
"core"
|
||||
"secretsPrefix"
|
||||
] "secretsPrefix was only used by the sops module and the code is now integrated in there")
|
||||
(lib.mkRenamedOptionModule
|
||||
[
|
||||
"clanCore"
|
||||
"clan"
|
||||
"core"
|
||||
"secretStore"
|
||||
]
|
||||
[
|
||||
"clanCore"
|
||||
"clan"
|
||||
"core"
|
||||
"facts"
|
||||
"secretStore"
|
||||
]
|
||||
)
|
||||
(lib.mkRemovedOptionModule [
|
||||
"clanCore"
|
||||
"clan"
|
||||
"core"
|
||||
"secretsDirectory"
|
||||
] "clancore.secretsDirectory was removed. Use clanCore.facts.secretPathFunction instead")
|
||||
] "clan.core.secretsDirectory was removed. Use clan.core.facts.secretPathFunction instead")
|
||||
(lib.mkRenamedOptionModule
|
||||
[
|
||||
"clanCore"
|
||||
"clan"
|
||||
"core"
|
||||
"secretsUploadDirectory"
|
||||
]
|
||||
[
|
||||
"clanCore"
|
||||
"clan"
|
||||
"core"
|
||||
"facts"
|
||||
"secretUploadDirectory"
|
||||
]
|
||||
)
|
||||
];
|
||||
options.clanCore.secrets = lib.mkOption {
|
||||
options.clan.core.secrets = lib.mkOption {
|
||||
visible = false;
|
||||
default = { };
|
||||
type = lib.types.attrsOf (
|
||||
@@ -97,14 +103,14 @@
|
||||
description = ''
|
||||
path to a secret which is generated by the generator
|
||||
'';
|
||||
default = config.clanCore.facts.secretPathFunction secret;
|
||||
defaultText = lib.literalExpression "config.clanCore.facts.secretPathFunction secret";
|
||||
default = config.clan.core.facts.secretPathFunction secret;
|
||||
defaultText = lib.literalExpression "config.clan.core.facts.secretPathFunction secret";
|
||||
};
|
||||
}
|
||||
// lib.optionalAttrs (config.clanCore.facts.secretStore == "sops") {
|
||||
// lib.optionalAttrs (config.clan.core.facts.secretStore == "sops") {
|
||||
groups = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = config.clanCore.sops.defaultGroups;
|
||||
default = config.clan.core.sops.defaultGroups;
|
||||
description = ''
|
||||
Groups to decrypt the secret for. By default we always use the user's key.
|
||||
'';
|
||||
@@ -134,12 +140,12 @@
|
||||
path to a fact which is generated by the generator
|
||||
'';
|
||||
default =
|
||||
config.clanCore.clanDir
|
||||
+ "/machines/${config.clanCore.machineName}/facts/${fact.config._module.args.name}";
|
||||
defaultText = lib.literalExpression "\${config.clanCore.clanDir}/machines/\${config.clanCore.machineName}/facts/\${fact.config._module.args.name}";
|
||||
config.clan.core.clanDir
|
||||
+ "/machines/${config.clan.core.machineName}/facts/${fact.config._module.args.name}";
|
||||
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config._module.args.name}";
|
||||
};
|
||||
value = lib.mkOption {
|
||||
defaultText = lib.literalExpression "\${config.clanCore.clanDir}/\${fact.config.path}";
|
||||
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}";
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default =
|
||||
if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null;
|
||||
@@ -152,16 +158,16 @@
|
||||
})
|
||||
);
|
||||
};
|
||||
config = lib.mkIf (config.clanCore.secrets != { }) {
|
||||
clanCore.facts.services = lib.mapAttrs' (
|
||||
config = lib.mkIf (config.clan.core.secrets != { }) {
|
||||
clan.core.facts.services = lib.mapAttrs' (
|
||||
name: service:
|
||||
lib.warn "clanCore.secrets.${name} is deprecated, use clanCore.facts.services.${name} instead" (
|
||||
lib.warn "clan.core.secrets.${name} is deprecated, use clan.core.facts.services.${name} instead" (
|
||||
lib.nameValuePair name ({
|
||||
secret = service.secrets;
|
||||
public = service.facts;
|
||||
generator = service.generator;
|
||||
})
|
||||
)
|
||||
) config.clanCore.secrets;
|
||||
) config.clan.core.secrets;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
...
|
||||
}:
|
||||
{
|
||||
options.clanCore.facts = {
|
||||
options.clan.core.facts = {
|
||||
secretStore = lib.mkOption {
|
||||
type = lib.types.enum [
|
||||
"sops"
|
||||
@@ -115,6 +115,7 @@
|
||||
type = lib.types.str;
|
||||
readOnly = true;
|
||||
internal = true;
|
||||
defaultText = "read only script";
|
||||
default = ''
|
||||
set -eu -o pipefail
|
||||
|
||||
@@ -155,13 +156,13 @@
|
||||
description = ''
|
||||
path to a secret which is generated by the generator
|
||||
'';
|
||||
default = config.clanCore.facts.secretPathFunction secret;
|
||||
default = config.clan.core.facts.secretPathFunction secret;
|
||||
};
|
||||
}
|
||||
// lib.optionalAttrs (config.clanCore.facts.secretModule == "clan_cli.facts.secret_modules.sops") {
|
||||
// lib.optionalAttrs (config.clan.core.facts.secretModule == "clan_cli.facts.secret_modules.sops") {
|
||||
groups = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = config.clanCore.sops.defaultGroups;
|
||||
default = config.clan.core.sops.defaultGroups;
|
||||
description = ''
|
||||
Groups to decrypt the secret for. By default we always use the user's key.
|
||||
'';
|
||||
@@ -190,12 +191,12 @@
|
||||
description = ''
|
||||
path to a fact which is generated by the generator
|
||||
'';
|
||||
defaultText = lib.literalExpression "\${config.clanCore.clanDir}/machines/\${config.clanCore.machineName}/facts/\${fact.config.name}";
|
||||
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config.name}";
|
||||
default =
|
||||
config.clanCore.clanDir + "/machines/${config.clanCore.machineName}/facts/${fact.config.name}";
|
||||
config.clan.core.clanDir + "/machines/${config.clan.core.machineName}/facts/${fact.config.name}";
|
||||
};
|
||||
value = lib.mkOption {
|
||||
defaultText = lib.literalExpression "\${config.clanCore.clanDir}/\${fact.config.path}";
|
||||
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}";
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default =
|
||||
if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null;
|
||||
@@ -218,5 +219,15 @@
|
||||
|
||||
./public/in_repo.nix
|
||||
./public/vm.nix
|
||||
|
||||
# (lib.mkRenamedOptionModule
|
||||
# [
|
||||
# "clanCore"
|
||||
# ]
|
||||
# [
|
||||
# "clan"
|
||||
# "core"
|
||||
# ]
|
||||
# )
|
||||
];
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
config = lib.mkIf (config.clanCore.facts.publicStore == "in_repo") {
|
||||
clanCore.facts.publicModule = "clan_cli.facts.public_modules.in_repo";
|
||||
config = lib.mkIf (config.clan.core.facts.publicStore == "in_repo") {
|
||||
clan.core.facts.publicModule = "clan_cli.facts.public_modules.in_repo";
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
config = lib.mkIf (config.clanCore.facts.publicStore == "vm") {
|
||||
clanCore.facts.publicModule = "clan_cli.facts.public_modules.vm";
|
||||
config = lib.mkIf (config.clan.core.facts.publicStore == "vm") {
|
||||
clan.core.facts.publicModule = "clan_cli.facts.public_modules.vm";
|
||||
};
|
||||
}
|
||||
|
||||
@@ -8,10 +8,10 @@
|
||||
'';
|
||||
};
|
||||
|
||||
config = lib.mkIf (config.clanCore.facts.secretStore == "password-store") {
|
||||
clanCore.facts.secretPathFunction =
|
||||
config = lib.mkIf (config.clan.core.facts.secretStore == "password-store") {
|
||||
clan.core.facts.secretPathFunction =
|
||||
secret: "${config.clan.password-store.targetDirectory}/${secret.config.name}";
|
||||
clanCore.facts.secretUploadDirectory = config.clan.password-store.targetDirectory;
|
||||
clanCore.facts.secretModule = "clan_cli.facts.secret_modules.password_store";
|
||||
clan.core.facts.secretUploadDirectory = config.clan.password-store.targetDirectory;
|
||||
clan.core.facts.secretModule = "clan_cli.facts.secret_modules.password_store";
|
||||
};
|
||||
}
|
||||
|
||||
@@ -5,8 +5,8 @@
|
||||
...
|
||||
}:
|
||||
let
|
||||
secretsDir = config.clanCore.clanDir + "/sops/secrets";
|
||||
groupsDir = config.clanCore.clanDir + "/sops/groups";
|
||||
secretsDir = config.clan.core.clanDir + "/sops/secrets";
|
||||
groupsDir = config.clan.core.clanDir + "/sops/groups";
|
||||
|
||||
# My symlink is in the nixos module detected as a directory also it works in the repl. Is this because of pure evaluation?
|
||||
containsSymlink =
|
||||
@@ -16,7 +16,7 @@ let
|
||||
|
||||
containsMachine =
|
||||
parent: name: type:
|
||||
type == "directory" && containsSymlink "${parent}/${name}/machines/${config.clanCore.machineName}";
|
||||
type == "directory" && containsSymlink "${parent}/${name}/machines/${config.clan.core.machineName}";
|
||||
|
||||
containsMachineOrGroups =
|
||||
name: type:
|
||||
@@ -34,7 +34,7 @@ let
|
||||
in
|
||||
{
|
||||
options = {
|
||||
clanCore.sops.defaultGroups = lib.mkOption {
|
||||
clan.core.sops.defaultGroups = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ ];
|
||||
example = [ "admins" ];
|
||||
@@ -42,16 +42,16 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf (config.clanCore.facts.secretStore == "sops") {
|
||||
config = lib.mkIf (config.clan.core.facts.secretStore == "sops") {
|
||||
# Before we generate a secret we cannot know the path yet, so we need to set it to an empty string
|
||||
clanCore.facts.secretPathFunction =
|
||||
clan.core.facts.secretPathFunction =
|
||||
secret:
|
||||
config.sops.secrets.${"${config.clanCore.machineName}-${secret.config.name}"}.path
|
||||
config.sops.secrets.${"${config.clan.core.machineName}-${secret.config.name}"}.path
|
||||
or "/no-such-path";
|
||||
clanCore.facts.secretModule = "clan_cli.facts.secret_modules.sops";
|
||||
clanCore.facts.secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix";
|
||||
clan.core.facts.secretModule = "clan_cli.facts.secret_modules.sops";
|
||||
clan.core.facts.secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix";
|
||||
sops.secrets = builtins.mapAttrs (name: _: {
|
||||
sopsFile = config.clanCore.clanDir + "/sops/secrets/${name}/secret";
|
||||
sopsFile = config.clan.core.clanDir + "/sops/secrets/${name}/secret";
|
||||
format = "binary";
|
||||
}) secrets;
|
||||
# To get proper error messages about missing secrets we need a dummy secret file that is always present
|
||||
@@ -60,7 +60,7 @@ in
|
||||
);
|
||||
|
||||
sops.age.keyFile = lib.mkIf (builtins.pathExists (
|
||||
config.clanCore.clanDir + "/sops/secrets/${config.clanCore.machineName}-age.key/secret"
|
||||
config.clan.core.clanDir + "/sops/secrets/${config.clan.core.machineName}-age.key/secret"
|
||||
)) (lib.mkDefault "/var/lib/sops-nix/key.txt");
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
config = lib.mkIf (config.clanCore.facts.secretStore == "vm") {
|
||||
clanCore.facts.secretPathFunction = secret: "/etc/secrets/${secret.config.name}";
|
||||
clanCore.facts.secretUploadDirectory = "/etc/secrets";
|
||||
clanCore.facts.secretModule = "clan_cli.facts.secret_modules.vm";
|
||||
config = lib.mkIf (config.clan.core.facts.secretStore == "vm") {
|
||||
clan.core.facts.secretPathFunction = secret: "/etc/secrets/${secret.config.name}";
|
||||
clan.core.facts.secretUploadDirectory = "/etc/secrets";
|
||||
clan.core.facts.secretModule = "clan_cli.facts.secret_modules.vm";
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user