vars: eval finalScript lazy

2024-12-13 18:30:54 +01:00
parent 83a38909c0
commit 9cc3bdbc9f
6 changed files with 67 additions and 31 deletions
--- a/nixosModules/clanCore/vars/secret/on-machine.nix
+++ b/nixosModules/clanCore/vars/secret/on-machine.nix
@@ -0,0 +1,25 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  sortedGenerators = lib.toposort (a: b: builtins.elem a.name b.dependencies) (
+    lib.attrValues config.clan.core.vars.generators
+  );
+  generateSecrets = ''
+    ${lib.concatStringsSep "\n" (_gen: ''
+      v
+    '') sortedGenerators}
+  '';
+in
+{
+  config = lib.mkIf (config.clan.core.vars.settings.secretStore == "on-machine") {
+    environment.systemPackages = [
+      (pkgs.writeShellApplication {
+        text = generateSecrets;
+      })
+    ];
+  };
+}