yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

vars: eval finalScript lazy

Browse Source
This commit is contained in:
lassulus
2024-12-13 18:30:54 +01:00
parent 83a38909c0
commit 9cc3bdbc9f
6 changed files with 67 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
nixosModules/clanCore/vars/default.nix
View File

@@ -41,7 +41,6 @@ in
inherit (generator) inherit (generator)
name name
dependencies dependencies
finalScript
validationHash validationHash
migrateFact migrateFact
prompts prompts

6
nixosModules/clanCore/vars/generator.nix
View File

@@ -24,7 +24,8 @@ let
filePromptNames = attrNames (filterAttrs (_name: prompt: prompt.createFile) config.prompts); filePromptNames = attrNames (filterAttrs (_name: prompt: prompt.createFile) config.prompts);
in in
{ {
finalScript = mkOptionDefault '' finalScript = mkOptionDefault (
pkgs.writeScript "generator-${config.name}" ''
set -eu -o pipefail set -eu -o pipefail
export PATH="${makeBinPath config.runtimeInputs}:${pkgs.coreutils}/bin" export PATH="${makeBinPath config.runtimeInputs}:${pkgs.coreutils}/bin"
@@ -52,7 +53,8 @@ in
''} ''}
${promptsToFilesScript filePromptNames} ${promptsToFilesScript filePromptNames}
${config.script} ${config.script}
''; ''
);
files = genAttrs filePromptNames (_name: { }); files = genAttrs filePromptNames (_name: { });
} }

2
nixosModules/clanCore/vars/interface.nix
View File

@@ -322,7 +322,7 @@ in
- all required programs are in PATH - all required programs are in PATH
- sandbox is set up correctly - sandbox is set up correctly
''; '';
type = lib.types.str; type = lib.types.path;
readOnly = true; readOnly = true;
internal = true; internal = true;
}; };

25
nixosModules/clanCore/vars/secret/on-machine.nix Normal file
View File

@@ -0,0 +1,25 @@
{
config,
lib,
pkgs,
...
}:
let
sortedGenerators = lib.toposort (a: b: builtins.elem a.name b.dependencies) (
lib.attrValues config.clan.core.vars.generators
);
generateSecrets = ''
${lib.concatStringsSep "\n" (_gen: ''
v
'') sortedGenerators}
'';
in
{
config = lib.mkIf (config.clan.core.vars.settings.secretStore == "on-machine") {
environment.systemPackages = [
(pkgs.writeShellApplication {
text = generateSecrets;
})
];
};
}

6
pkgs/clan-cli/clan_cli/machines/machines.py
View File

@@ -166,7 +166,11 @@ class Machine:
generators: dict[str, Any] = clan_vars.get("generators") generators: dict[str, Any] = clan_vars.get("generators")
if generators is None: if generators is None:
return [] return []
return [Generator.from_json(gen) for gen in generators.values()] _generators = [Generator.from_json(gen) for gen in generators.values()]
for gen in _generators:
gen.machine(self)
return _generators
@property @property
def secrets_upload_directory(self) -> str: def secrets_upload_directory(self) -> str:

14
pkgs/clan-cli/clan_cli/vars/generate.py
View File

@@ -40,7 +40,6 @@ class Generator:
files: list[Var] = field(default_factory=list) files: list[Var] = field(default_factory=list)
share: bool = False share: bool = False
validation: str | None = None validation: str | None = None
final_script: str = ""
prompts: list[Prompt] = field(default_factory=list) prompts: list[Prompt] = field(default_factory=list)
dependencies: list[str] = field(default_factory=list) dependencies: list[str] = field(default_factory=list)
@@ -62,7 +61,6 @@ class Generator:
return cls( return cls(
name=data["name"], name=data["name"],
share=data["share"], share=data["share"],
final_script=data["finalScript"],
files=[Var.from_json(data["name"], f) for f in data["files"].values()], files=[Var.from_json(data["name"], f) for f in data["files"].values()],
validation=data["validationHash"], validation=data["validationHash"],
dependencies=data["dependencies"], dependencies=data["dependencies"],
@@ -70,6 +68,14 @@ class Generator:
prompts=[Prompt.from_json(p) for p in data["prompts"].values()], prompts=[Prompt.from_json(p) for p in data["prompts"].values()],
) )
@property
def final_script(self) -> Path:
assert self._machine is not None
final_script = self._machine.build_nix(
f"config.clan.core.vars.generators.{self.name}.finalScript"
)
return final_script
def bubblewrap_cmd(generator: str, tmpdir: Path) -> list[str]: def bubblewrap_cmd(generator: str, tmpdir: Path) -> list[str]:
# fmt: off # fmt: off
@@ -188,7 +194,7 @@ def execute_generator(
prompt_file.write_text(value) prompt_file.write_text(value)
if sys.platform == "linux": if sys.platform == "linux":
cmd = bubblewrap_cmd(generator.final_script, tmpdir) cmd = bubblewrap_cmd(str(generator.final_script), tmpdir)
else: else:
cmd = ["bash", "-c", generator.final_script] cmd = ["bash", "-c", generator.final_script]
run(cmd, RunOpts(env=env)) run(cmd, RunOpts(env=env))
@@ -201,7 +207,7 @@ def execute_generator(
secret_file = tmpdir_out / file.name secret_file = tmpdir_out / file.name
if not secret_file.is_file(): if not secret_file.is_file():
msg = f"did not generate a file for '{file.name}' when running the following command:\n" msg = f"did not generate a file for '{file.name}' when running the following command:\n"
msg += generator.final_script msg += str(generator.final_script)
raise ClanError(msg) raise ClanError(msg)
if file.secret: if file.secret:
file_path = secret_vars_store.set( file_path = secret_vars_store.set(