yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

treewide: reformat

Browse Source
This commit is contained in:
Michael Hoang
2025-08-08 15:27:00 +10:00
parent 6b137f21de
commit a71a5880c1
40 changed files with 738 additions and 740 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
nixosModules/clanCore/default.nix
View File

@@ -1,28 +1,27 @@
{ _class, lib, ... }:
{
imports =
[
./backups.nix
./defaults.nix
./facts
./inventory
./meta/interface.nix
./metadata.nix
./networking.nix
./nix-settings.nix
./options.nix
./outputs.nix
./sops.nix
./vars
]
++ lib.optionals (_class == "nixos") [
./nixos-facter.nix
./vm.nix
./postgresql
./machine-id
./state-version
./wayland-proxy-virtwl.nix
./zerotier
./zfs.nix
];
imports = [
./backups.nix
./defaults.nix
./facts
./inventory
./meta/interface.nix
./metadata.nix
./networking.nix
./nix-settings.nix
./options.nix
./outputs.nix
./sops.nix
./vars
]
++ lib.optionals (_class == "nixos") [
./nixos-facter.nix
./vm.nix
./postgresql
./machine-id
./state-version
./wayland-proxy-virtwl.nix
./zerotier
./zfs.nix
];
}

55
nixosModules/clanCore/facts/compat.nix
View File

@@ -90,35 +90,34 @@
default = { };
type = lib.types.attrsOf (
lib.types.submodule (secret: {
options =
{
name = lib.mkOption {
type = lib.types.str;
description = ''
name of the secret
'';
default = secret.config._module.args.name;
defaultText = "attribute name of the secret";
};
path = lib.mkOption {
type = lib.types.path;
description = ''
path to a secret which is generated by the generator
'';
default = config.clan.core.facts.secretPathFunction secret;
defaultText = lib.literalExpression "config.clan.core.facts.secretPathFunction secret";
};
}
// lib.optionalAttrs (config.clan.core.facts.secretStore == "sops") {
groups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = config.clan.core.sops.defaultGroups;
defaultText = lib.literalExpression "config.clan.core.sops.defaultGroups";
description = ''
Groups to decrypt the secret for. By default we always use the user's key.
'';
};
options = {
name = lib.mkOption {
type = lib.types.str;
description = ''
name of the secret
'';
default = secret.config._module.args.name;
defaultText = "attribute name of the secret";
};
path = lib.mkOption {
type = lib.types.path;
description = ''
path to a secret which is generated by the generator
'';
default = config.clan.core.facts.secretPathFunction secret;
defaultText = lib.literalExpression "config.clan.core.facts.secretPathFunction secret";
};
}
// lib.optionalAttrs (config.clan.core.facts.secretStore == "sops") {
groups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = config.clan.core.sops.defaultGroups;
defaultText = lib.literalExpression "config.clan.core.sops.defaultGroups";
description = ''
Groups to decrypt the secret for. By default we always use the user's key.
'';
};
};
})
);
description = ''

55
nixosModules/clanCore/facts/default.nix
View File

@@ -175,35 +175,34 @@
default = { };
type = lib.types.attrsOf (
lib.types.submodule (secret: {
options =
{
name = lib.mkOption {
type = lib.types.str;
description = ''
name of the secret
'';
default = secret.config._module.args.name;
defaultText = "attribute name of the secret";
};
path = lib.mkOption {
type = lib.types.str;
description = ''
path to a secret which is generated by the generator
'';
default = config.clan.core.facts.secretPathFunction secret;
defaultText = lib.literalExpression "config.clan.core.facts.secretPathFunction secret";
};
}
// lib.optionalAttrs (config.clan.core.facts.secretModule == "clan_cli.facts.secret_modules.sops") {
groups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = config.clan.core.sops.defaultGroups;
defaultText = lib.literalExpression "config.clan.core.sops.defaultGroups";
description = ''
Groups to decrypt the secret for. By default we always use the user's key.
'';
};
options = {
name = lib.mkOption {
type = lib.types.str;
description = ''
name of the secret
'';
default = secret.config._module.args.name;
defaultText = "attribute name of the secret";
};
path = lib.mkOption {
type = lib.types.str;
description = ''
path to a secret which is generated by the generator
'';
default = config.clan.core.facts.secretPathFunction secret;
defaultText = lib.literalExpression "config.clan.core.facts.secretPathFunction secret";
};
}
// lib.optionalAttrs (config.clan.core.facts.secretModule == "clan_cli.facts.secret_modules.sops") {
groups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = config.clan.core.sops.defaultGroups;
defaultText = lib.literalExpression "config.clan.core.sops.defaultGroups";
description = ''
Groups to decrypt the secret for. By default we always use the user's key.
'';
};
};
})
);
};

19
nixosModules/clanCore/vars/default.nix
View File

@@ -16,16 +16,15 @@ let
};
in
{
imports =
[
./public/in_repo.nix
./secret/fs.nix
./secret/sops
./secret/vm.nix
]
++ lib.optionals (_class == "nixos") [
./secret/password-store.nix
];
imports = [
./public/in_repo.nix
./secret/fs.nix
./secret/sops
./secret/vm.nix
]
++ lib.optionals (_class == "nixos") [
./secret/password-store.nix
];
options.clan.core.vars = lib.mkOption {
description = ''

251
nixosModules/clanCore/vars/interface.nix
View File

@@ -198,136 +198,135 @@ in
]
)
];
options =
{
name = mkOption {
type = str;
description = ''
name of the public fact
'';
readOnly = true;
default = file.config._module.args.name;
defaultText = "Name of the file";
};
generatorName = mkOption {
type = str;
description = ''
name of the generator
'';
readOnly = true;
default = generator.config._module.args.name;
defaultText = "Name of the generator that generates this file";
};
share = mkOption {
type = bool;
description = ''
Whether the generated vars should be shared between machines.
Shared vars are only generated once, when the first machine using it is deployed.
Subsequent machines will re-use the already generated values.
'';
readOnly = true;
internal = true;
default = generator.config.share;
defaultText = "Mirror of the share flag of the generator";
};
deploy = mkOption {
description = ''
Whether the file should be deployed to the target machine.
options = {
name = mkOption {
type = str;
description = ''
name of the public fact
'';
readOnly = true;
default = file.config._module.args.name;
defaultText = "Name of the file";
};
generatorName = mkOption {
type = str;
description = ''
name of the generator
'';
readOnly = true;
default = generator.config._module.args.name;
defaultText = "Name of the generator that generates this file";
};
share = mkOption {
type = bool;
description = ''
Whether the generated vars should be shared between machines.
Shared vars are only generated once, when the first machine using it is deployed.
Subsequent machines will re-use the already generated values.
'';
readOnly = true;
internal = true;
default = generator.config.share;
defaultText = "Mirror of the share flag of the generator";
};
deploy = mkOption {
description = ''
Whether the file should be deployed to the target machine.
Disable this if the generated file is only used as an input to other generators.
'';
type = bool;
default = true;
};
secret = mkOption {
description = ''
Whether the file should be treated as a secret.
'';
type = bool;
default = true;
};
flakePath = mkOption {
description = ''
The path to the file containing the content of the generated value.
This will be set automatically
'';
type = nullOr path;
default = null;
};
path = mkOption {
description = ''
The path to the file containing the content of the generated value.
This will be set automatically
'';
type = str;
defaultText = ''
builtins.path {
name = "$${generator.config._module.args.name}_$${file.config._module.args.name}";
path = file.config.flakePath;
}
'';
default = builtins.path {
name = "${generator.config._module.args.name}_${file.config._module.args.name}";
Disable this if the generated file is only used as an input to other generators.
'';
type = bool;
default = true;
};
secret = mkOption {
description = ''
Whether the file should be treated as a secret.
'';
type = bool;
default = true;
};
flakePath = mkOption {
description = ''
The path to the file containing the content of the generated value.
This will be set automatically
'';
type = nullOr path;
default = null;
};
path = mkOption {
description = ''
The path to the file containing the content of the generated value.
This will be set automatically
'';
type = str;
defaultText = ''
builtins.path {
name = "$${generator.config._module.args.name}_$${file.config._module.args.name}";
path = file.config.flakePath;
};
};
neededFor = mkOption {
description = ''
This option determines when the secret will be decrypted and deployed to the target machine.
By setting this to `partitioning`, the secret will be deployed prior to running `disko` allowing
you to manage filesystem encryption keys. These will only be deployed when installing the system.
By setting this to `activation`, the secret will be deployed prior to running `nixos-rebuild` or `nixos-install`.
By setting this to `user`, the secret will be deployed prior to users and groups are created, allowing
users' passwords to be managed by vars. The secret will be stored in `/run/secrets-for-users` and `owner` and `group` must be `root`.
'';
type = enum [
"partitioning"
"activation"
"users"
"services"
];
default = "services";
};
owner = mkOption {
description = "The user name or id that will own the file.";
default = "root";
};
group = mkOption {
description = "The group name or id that will own the file.";
default = if _class == "darwin" then "wheel" else "root";
defaultText = lib.literalExpression ''if _class == "darwin" then "wheel" else "root"'';
};
mode = mkOption {
type = strMatching "^[0-7]{4}$";
description = "The unix file mode of the file. Must be a 4-digit octal number.";
default = "0400";
};
value =
mkOption {
description = ''
The content of the generated value.
Only available if the file is not secret.
'';
type = str;
defaultText = "Throws error because the value of a secret file is not accessible";
}
// lib.optionalAttrs file.config.secret {
default = throw "Cannot access value of secret file";
};
}
// (lib.optionalAttrs (_class == "nixos") {
restartUnits = mkOption {
description = ''
A list of systemd units that should be restarted after the file is deployed.
This is useful for services that need to reload their configuration after the file is updated.
WARNING: currently only sops-nix implements this option.
'';
type = listOf str;
default = [ ];
'';
default = builtins.path {
name = "${generator.config._module.args.name}_${file.config._module.args.name}";
path = file.config.flakePath;
};
});
};
neededFor = mkOption {
description = ''
This option determines when the secret will be decrypted and deployed to the target machine.
By setting this to `partitioning`, the secret will be deployed prior to running `disko` allowing
you to manage filesystem encryption keys. These will only be deployed when installing the system.
By setting this to `activation`, the secret will be deployed prior to running `nixos-rebuild` or `nixos-install`.
By setting this to `user`, the secret will be deployed prior to users and groups are created, allowing
users' passwords to be managed by vars. The secret will be stored in `/run/secrets-for-users` and `owner` and `group` must be `root`.
'';
type = enum [
"partitioning"
"activation"
"users"
"services"
];
default = "services";
};
owner = mkOption {
description = "The user name or id that will own the file.";
default = "root";
};
group = mkOption {
description = "The group name or id that will own the file.";
default = if _class == "darwin" then "wheel" else "root";
defaultText = lib.literalExpression ''if _class == "darwin" then "wheel" else "root"'';
};
mode = mkOption {
type = strMatching "^[0-7]{4}$";
description = "The unix file mode of the file. Must be a 4-digit octal number.";
default = "0400";
};
value =
mkOption {
description = ''
The content of the generated value.
Only available if the file is not secret.
'';
type = str;
defaultText = "Throws error because the value of a secret file is not accessible";
}
// lib.optionalAttrs file.config.secret {
default = throw "Cannot access value of secret file";
};
}
// (lib.optionalAttrs (_class == "nixos") {
restartUnits = mkOption {
description = ''
A list of systemd units that should be restarted after the file is deployed.
This is useful for services that need to reload their configuration after the file is updated.
WARNING: currently only sops-nix implements this option.
'';
type = listOf str;
default = [ ];
};
});
})
);
};

33
nixosModules/clanCore/vars/secret/sops/default.nix
View File

@@ -43,23 +43,22 @@ in
secrets = lib.listToAttrs (
map (secret: {
name = "vars/${secret.generator}/${secret.name}";
value =
{
inherit (secret)
owner
group
mode
neededForUsers
;
sopsFile = builtins.path {
name = "${secret.generator}_${secret.name}";
path = secretPath secret;
};
format = "binary";
}
// (lib.optionalAttrs (_class == "nixos") {
inherit (secret) restartUnits;
});
value = {
inherit (secret)
owner
group
mode
neededForUsers
;
sopsFile = builtins.path {
name = "${secret.generator}_${secret.name}";
path = secretPath secret;
};
format = "binary";
}
// (lib.optionalAttrs (_class == "nixos") {
inherit (secret) restartUnits;
});
}) (builtins.filter (x: builtins.pathExists (secretPath x)) vars)
);

19
nixosModules/flake-module.nix
View File

@@ -8,16 +8,15 @@ let
...
}:
{
imports =
[
./clanCore
inputs.sops-nix."${_class}Modules".sops
]
++ lib.optionals (_class == "nixos") [
inputs.nixos-facter-modules.nixosModules.facter
inputs.disko.nixosModules.default
inputs.data-mesher.nixosModules.data-mesher
];
imports = [
./clanCore
inputs.sops-nix."${_class}Modules".sops
]
++ lib.optionals (_class == "nixos") [
inputs.nixos-facter-modules.nixosModules.facter
inputs.disko.nixosModules.default
inputs.data-mesher.nixosModules.data-mesher
];
config = {
clan.core.clanPkgs = lib.mkDefault self.packages.${pkgs.hostPlatform.system};
};