From 6dd1a7395f0efadf00eb9e056078158c646460a6 Mon Sep 17 00:00:00 2001 From: a-kenji Date: Wed, 11 Sep 2024 17:36:07 +0200 Subject: [PATCH] vars: use correct paths for value accesses Use correct paths for value accesses of vars under: - `per-machine` - `shared` --- clanModules/state-version/default.nix | 12 +++++++ nixosModules/clanCore/vars/interface.nix | 32 +++++++++++++------ nixosModules/clanCore/vars/public/in_repo.nix | 9 +++++- pkgs/clan-cli/tests/test_vars.py | 19 ++++++++++- 4 files changed, 61 insertions(+), 11 deletions(-) create mode 100644 clanModules/state-version/default.nix diff --git a/clanModules/state-version/default.nix b/clanModules/state-version/default.nix new file mode 100644 index 000000000..7370b7325 --- /dev/null +++ b/clanModules/state-version/default.nix @@ -0,0 +1,12 @@ +{ config, lib, ... }: +{ + system.stateVersion = config.clan.core.vars.generators.state-version.files.version.value; + + clan.core.vars.generators.state-version = { + files.version.secret = false; + runtimeInputs = [ ]; + script = '' + echo ${lib.versions.majorMinor lib.version} > $out/version + ''; + }; +} diff --git a/nixosModules/clanCore/vars/interface.nix b/nixosModules/clanCore/vars/interface.nix index 75d7dce62..cd97723cd 100644 --- a/nixosModules/clanCore/vars/interface.nix +++ b/nixosModules/clanCore/vars/interface.nix @@ -74,6 +74,17 @@ in readOnly = true; default = generator.config._module.args.name; }; + share = { + type = lib.types.bool; + description = '' + Whether the generated vars should be shared between machines. + Shared vars are only generated once, when the first machine using it is deployed. + Subsequent machines will re-use the already generated values. + ''; + readOnly = true; + internal = true; + default = generator.config.share; + }; deploy = { description = '' Whether the file should be deployed to the target machine. @@ -97,15 +108,18 @@ in ''; type = str; }; - value = { - description = '' - The content of the generated value. - Only available if the file is not secret. - ''; - type = str; - default = throw "Cannot access value of secret file"; - defaultText = "Throws error because the value of a secret file is not accessible"; - }; + value = + { + description = '' + The content of the generated value. + Only available if the file is not secret. + ''; + type = str; + defaultText = "Throws error because the value of a secret file is not accessible"; + } + // lib.optionalAttrs file.config.secret { + default = throw "Cannot access value of secret file"; + }; }; }) ); diff --git a/nixosModules/clanCore/vars/public/in_repo.nix b/nixosModules/clanCore/vars/public/in_repo.nix index 3533681a2..cc49a3e4e 100644 --- a/nixosModules/clanCore/vars/public/in_repo.nix +++ b/nixosModules/clanCore/vars/public/in_repo.nix @@ -6,8 +6,15 @@ publicModule = "clan_cli.vars.public_modules.in_repo"; fileModule = file: { path = lib.mkIf (file.config.secret == false) ( - config.clan.core.clanDir + "/machines/${config.clan.core.machineName}/vars/${file.config.name}" + if file.config.share then + (config.clan.core.clanDir + "/vars/shared/${file.config.generatorName}/${file.config.name}/value") + else + ( + config.clan.core.clanDir + + "/vars/per-machine/${config.clan.core.machineName}/${file.config.generatorName}/${file.config.name}/value" + ) ); + value = lib.mkIf (file.config.secret == false) (lib.readFile file.config.path); }; }; } diff --git a/pkgs/clan-cli/tests/test_vars.py b/pkgs/clan-cli/tests/test_vars.py index 24fdf0915..bad094731 100644 --- a/pkgs/clan-cli/tests/test_vars.py +++ b/pkgs/clan-cli/tests/test_vars.py @@ -1,3 +1,4 @@ +import json import subprocess from dataclasses import dataclass from io import StringIO @@ -8,7 +9,7 @@ import pytest from age_keys import SopsSetup from clan_cli.clan_uri import FlakeId from clan_cli.machines.machines import Machine -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_eval, nix_shell, run from clan_cli.vars.check import check_vars from clan_cli.vars.list import stringify_all_vars from clan_cli.vars.public_modules import in_repo @@ -102,6 +103,14 @@ def test_generate_public_var( assert store.get("my_generator", "my_value").decode() == "hello\n" vars_text = stringify_all_vars(machine) assert "my_generator/my_value: hello" in vars_text + vars_eval = run( + nix_eval( + [ + f"{flake.path}#nixosConfigurations.my_machine.config.clan.core.vars.generators.my_generator.files.my_value.value", + ] + ) + ).stdout.strip() + assert json.loads(vars_eval) == "hello\n" @pytest.mark.impure @@ -411,6 +420,14 @@ def test_share_flag( assert not in_repo_store.exists("shared_generator", "my_value", shared=False) assert in_repo_store.exists("unshared_generator", "my_value", shared=False) assert not in_repo_store.exists("unshared_generator", "my_value", shared=True) + vars_eval = run( + nix_eval( + [ + f"{flake.path}#nixosConfigurations.my_machine.config.clan.core.vars.generators.shared_generator.files.my_value.value", + ] + ) + ).stdout.strip() + assert json.loads(vars_eval) == "hello\n" @pytest.mark.impure