vars: remove secretsUploadDirectory from common module

2024-11-27 13:32:00 +01:00
parent e978f91209
commit 8337a3ec41
7 changed files with 28 additions and 22 deletions
--- a/nixosModules/clanCore/vars/default.nix
+++ b/nixosModules/clanCore/vars/default.nix
@@ -55,7 +55,7 @@ in
          );
        }
      );
-      inherit (config.clan.core.vars.settings) secretUploadDirectory secretModule publicModule;
+      inherit (config.clan.core.vars.settings) secretModule publicModule;
    };
    inherit (config.clan.core.networking) targetHost buildHost;
    inherit (config.clan.core.deployment) requireExplicitUpdate;
--- a/nixosModules/clanCore/vars/secret/password-store.nix
+++ b/nixosModules/clanCore/vars/secret/password-store.nix
@@ -39,7 +39,18 @@ let
    || (options.services ? userborn && config.services.userborn.enable);
 in
 {
+  options.clan.vars.password-store = {
+    secretLocation = lib.mkOption {
+      type = lib.types.path;
+      default = "/etc/secret-vars";
+      description = ''
+        location where the tarball with the password-store secrets will be uploaded to and the manifest
+      '';
+    };
+  };
  config = {
+    system.clan.deployment.data.password-store.secretLocation =
+      config.clan.vars.password-store.secretLocation;
    clan.core.vars.settings =
      lib.mkIf (config.clan.core.vars.settings.secretStore == "password-store")
        {
@@ -48,7 +59,6 @@ in
            lib.mkIf file.config.secret {
              path = "/run/secrets/${file.config.generatorName}/${file.config.name}";
            };
-          secretUploadDirectory = lib.mkDefault "/etc/secret-vars";
          secretModule = "clan_cli.vars.secret_modules.password_store";
        };
    system.activationScripts.setupSecrets =
@@ -66,13 +76,13 @@ in
            ]
            ''
              [ -e /run/current-system ] || echo setting up secrets...
-              ${installSecretTarball}/bin/install-secret-tarball ${config.clan.core.vars.settings.secretUploadDirectory}/secrets.tar.gz
+              ${installSecretTarball}/bin/install-secret-tarball ${config.clan.password-store.secretTarballLocation}/secrets.tar.gz
            ''
          // lib.optionalAttrs (config.system ? dryActivationScript) {
            supportsDryActivation = true;
          }
        );
-    systemd.services.sops-install-secrets =
+    systemd.services.pass-install-secrets =
      lib.mkIf
        (
          (config.clan.core.vars.settings.secretStore == "password-store")
@@ -86,7 +96,7 @@ in
          serviceConfig = {
            Type = "oneshot";
            ExecStart = [
-              "${installSecretTarball}/bin/install-secret-tarball ${config.clan.core.vars.settings.secretUploadDirectory}/secrets.tar.gz"
+              "${installSecretTarball}/bin/install-secret-tarball ${config.clan.password-store.secretTarballLocation}/secrets.tar.gz"
            ];
            RemainAfterExit = true;
          };
--- a/nixosModules/clanCore/vars/secret/sops/default.nix
+++ b/nixosModules/clanCore/vars/secret/sops/default.nix
@@ -32,7 +32,6 @@ in
      );
    };
    secretModule = "clan_cli.vars.secret_modules.sops";
-    secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix";
  };

  config.sops = lib.mkIf (config.clan.core.vars.settings.secretStore == "sops") {
--- a/nixosModules/clanCore/vars/settings-opts.nix
+++ b/nixosModules/clanCore/vars/settings-opts.nix
@@ -22,14 +22,6 @@
    '';
  };

-  secretUploadDirectory = lib.mkOption {
-    type = lib.types.path;
-    description = ''
-      The directory where secrets are uploaded into, This is backend specific.
-      This is usally set by the secret store backend.
-    '';
-  };
-
  # TODO: see if this is the right approach. Maybe revert to secretPathFunction
  fileModule = lib.mkOption {
    type = lib.types.deferredModule;