restore clanInternals with valid nixos config

2023-09-29 11:56:02 +02:00
parent d1cf62cc59
commit 79be9078dc
6 changed files with 52 additions and 29 deletions
--- a/nixosModules/clanCore/flake-module.nix
+++ b/nixosModules/clanCore/flake-module.nix
@@ -1,5 +1,5 @@
 { self, inputs, lib, ... }: {
-  flake.nixosModules.clanCore = { pkgs, options, ... }: {
+  flake.nixosModules.clanCore = { config, pkgs, options, ... }: {
    imports = [
      ./secrets
      ./zerotier
@@ -40,5 +40,13 @@
        utility outputs for clan management of this machine
      '';
    };
+    # optimization for faster secret generate/upload and machines update
+    config = {
+      system.clan.deployment.text = builtins.toJSON {
+        inherit (config.system.clan) uploadSecrets generateSecrets;
+        inherit (config.clan.networking) deploymentAddress;
+      };
+      system.clan.deployment.file = pkgs.writeText "deployment.json" config.system.clan.deployment.text;
+    };
  };
 }
--- a/nixosModules/clanCore/secrets/sops.nix
+++ b/nixosModules/clanCore/secrets/sops.nix
@@ -37,10 +37,12 @@ in
      uploadSecrets = pkgs.writeScript "upload-secrets" ''
        #!${pkgs.python3}/bin/python
        import json
+        import sys
        from clan_cli.secrets.sops_generate import upload_age_key_from_nix
        # the second toJSON is needed to escape the string for the python
-        args = json.loads(${builtins.toJSON (builtins.toJSON { machine_name = config.clanCore.machineName; deployment_address = config.clan.networking.deploymentAddress; age_key_file = config.sops.age.keyFile; })})
-        upload_age_key_from_nix(**args)
+        deployment_address = sys.argv[1]
+        args = json.loads(${builtins.toJSON (builtins.toJSON { machine_name = config.clanCore.machineName; age_key_file = config.sops.age.keyFile; })})
+        upload_age_key_from_nix(**args, deployment_address=deployment_address)
      '';
    };
    sops.secrets = builtins.mapAttrs