yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

vars: introduce deploy=true/false for generated files

Browse Source
This commit is contained in:
DavHau
2024-09-01 14:30:13 +02:00
parent 5f5d928057
commit 62ccd0ed4b
11 changed files with 69 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
nixosModules/clanCore/vars/default.nix
View File

@@ -45,7 +45,11 @@ in
prompts
share
;
files = lib.flip lib.mapAttrs generator.files (_name: file: { inherit (file) secret; });
files = lib.flip lib.mapAttrs generator.files (
_name: file: {
inherit (file) deploy secret;
}
);
}
);
inherit (config.clan.core.vars.settings) secretUploadDirectory secretModule publicModule;

9
nixosModules/clanCore/vars/interface.nix
View File

@@ -74,6 +74,15 @@ in
readOnly = true;
default = generator.config._module.args.name;
};
deploy = {
description = ''
Whether the file should be deployed to the target machine.
Enable this if the generated file is only used as an input to other generators.
'';
type = bool;
default = true;
};
secret = {
description = ''
Whether the file should be treated as a secret.

13
nixosModules/clanCore/vars/secret/sops/default.nix
View File

@@ -6,17 +6,26 @@
}:
let
inherit (lib) flip;
inherit (lib) importJSON flip;
inherit (builtins) dirOf pathExists;
inherit (import ./funcs.nix { inherit lib; }) listVars;
inherit (config.clan.core) machineName;
metaFile = sopsFile: dirOf sopsFile + "/meta.json";
metaData = sopsFile: if pathExists (metaFile sopsFile) then importJSON (metaFile sopsFile) else { };
toDeploy = secret: (metaData secret.sopsFile).deploy or true;
varsDirMachines = config.clan.core.clanDir + "/sops/vars/per-machine/${machineName}";
varsDirShared = config.clan.core.clanDir + "/sops/vars/shared";
vars = (listVars varsDirMachines) ++ (listVars varsDirShared);
vars' = (listVars varsDirMachines) ++ (listVars varsDirShared);
vars = lib.filter (secret: toDeploy secret) vars';
in
{
config.clan.core.vars.settings = lib.mkIf (config.clan.core.vars.settings.secretStore == "sops") {