Merge pull request 'vars: use correct paths for value accesses' (#2071) from kenji/clan-core:kenji-vars/fix/values into main

2024-09-11 17:10:50 +00:00
parent cdfda2547b 6dd1a7395f
commit c3c5ba4fc5
4 changed files with 61 additions and 11 deletions
--- a/clanModules/state-version/default.nix
+++ b/clanModules/state-version/default.nix
@@ -0,0 +1,12 @@
+{ config, lib, ... }:
+{
+  system.stateVersion = config.clan.core.vars.generators.state-version.files.version.value;
+
+  clan.core.vars.generators.state-version = {
+    files.version.secret = false;
+    runtimeInputs = [ ];
+    script = ''
+      echo ${lib.versions.majorMinor lib.version} > $out/version
+    '';
+  };
+}
--- a/nixosModules/clanCore/vars/interface.nix
+++ b/nixosModules/clanCore/vars/interface.nix
@@ -74,6 +74,17 @@ in
                      readOnly = true;
                      default = generator.config._module.args.name;
                    };
+                    share = {
+                      type = lib.types.bool;
+                      description = ''
+                        Whether the generated vars should be shared between machines.
+                        Shared vars are only generated once, when the first machine using it is deployed.
+                        Subsequent machines will re-use the already generated values.
+                      '';
+                      readOnly = true;
+                      internal = true;
+                      default = generator.config.share;
+                    };
                    deploy = {
                      description = ''
                        Whether the file should be deployed to the target machine.
@@ -97,15 +108,18 @@ in
                      '';
                      type = str;
                    };
-                    value = {
-                      description = ''
-                        The content of the generated value.
-                        Only available if the file is not secret.
-                      '';
-                      type = str;
-                      default = throw "Cannot access value of secret file";
-                      defaultText = "Throws error because the value of a secret file is not accessible";
-                    };
+                    value =
+                      {
+                        description = ''
+                          The content of the generated value.
+                          Only available if the file is not secret.
+                        '';
+                        type = str;
+                        defaultText = "Throws error because the value of a secret file is not accessible";
+                      }
+                      // lib.optionalAttrs file.config.secret {
+                        default = throw "Cannot access value of secret file";
+                      };
                  };
                })
              );
--- a/nixosModules/clanCore/vars/public/in_repo.nix
+++ b/nixosModules/clanCore/vars/public/in_repo.nix
@@ -6,8 +6,15 @@
        publicModule = "clan_cli.vars.public_modules.in_repo";
        fileModule = file: {
          path = lib.mkIf (file.config.secret == false) (
-            config.clan.core.clanDir + "/machines/${config.clan.core.machineName}/vars/${file.config.name}"
+            if file.config.share then
+              (config.clan.core.clanDir + "/vars/shared/${file.config.generatorName}/${file.config.name}/value")
+            else
+              (
+                config.clan.core.clanDir
+                + "/vars/per-machine/${config.clan.core.machineName}/${file.config.generatorName}/${file.config.name}/value"
+              )
          );
+          value = lib.mkIf (file.config.secret == false) (lib.readFile file.config.path);
        };
      };
 }
--- a/pkgs/clan-cli/tests/test_vars.py
+++ b/pkgs/clan-cli/tests/test_vars.py
@@ -1,3 +1,4 @@
+import json
 import subprocess
 from dataclasses import dataclass
 from io import StringIO
@@ -8,7 +9,7 @@ import pytest
 from age_keys import SopsSetup
 from clan_cli.clan_uri import FlakeId
 from clan_cli.machines.machines import Machine
-from clan_cli.nix import nix_shell
+from clan_cli.nix import nix_eval, nix_shell, run
 from clan_cli.vars.check import check_vars
 from clan_cli.vars.list import stringify_all_vars
 from clan_cli.vars.public_modules import in_repo
@@ -102,6 +103,14 @@ def test_generate_public_var(
    assert store.get("my_generator", "my_value").decode() == "hello\n"
    vars_text = stringify_all_vars(machine)
    assert "my_generator/my_value: hello" in vars_text
+    vars_eval = run(
+        nix_eval(
+            [
+                f"{flake.path}#nixosConfigurations.my_machine.config.clan.core.vars.generators.my_generator.files.my_value.value",
+            ]
+        )
+    ).stdout.strip()
+    assert json.loads(vars_eval) == "hello\n"


@pytest.mark.impure
@@ -411,6 +420,14 @@ def test_share_flag(
    assert not in_repo_store.exists("shared_generator", "my_value", shared=False)
    assert in_repo_store.exists("unshared_generator", "my_value", shared=False)
    assert not in_repo_store.exists("unshared_generator", "my_value", shared=True)
+    vars_eval = run(
+        nix_eval(
+            [
+                f"{flake.path}#nixosConfigurations.my_machine.config.clan.core.vars.generators.shared_generator.files.my_value.value",
+            ]
+        )
+    ).stdout.strip()
+    assert json.loads(vars_eval) == "hello\n"


@pytest.mark.impure