diff --git a/lib/build-clan/default.nix b/lib/build-clan/default.nix index f48423805..4b044edbd 100644 --- a/lib/build-clan/default.nix +++ b/lib/build-clan/default.nix @@ -39,23 +39,29 @@ let nixosConfigurations = lib.mapAttrs (name: _: nixosConfiguration { inherit name; }) allMachines; # This instantiates nixos for each system that we support: - # clanInternals.machinesForAllSystems.. + # configPerSystem = ..nixosConfiguration # We need this to build nixos secret generators for each system - machinesForAllSystems = builtins.listToAttrs + configPerSystem = builtins.listToAttrs (builtins.map (system: lib.nameValuePair system (lib.mapAttrs (name: _: nixosConfiguration { inherit name system; }) allMachines)) supportedSystems); + + machinesPerSystem = lib.mapAttrs (_: machine: + let + config = { + inherit (machine.config.system.clan) uploadSecrets generateSecrets; + inherit (machine.config.clan.networking) deploymentAddress; + }; + in + config // { + json = machine.pkgs.writeText "config.json" (builtins.toJSON config); + }); in { inherit nixosConfigurations; clanInternals = { - machines = lib.mapAttrs - (_: lib.mapAttrs (_: machine: { - inherit (machine.config.system.clan) uploadSecrets generateSecrets; - inherit (machine.config.clan.networking) deploymentAddress; - })) - machinesForAllSystems; + machines = lib.mapAttrs (_: machinesPerSystem) configPerSystem; }; } diff --git a/pkgs/clan-cli/tests/test_flake.py b/pkgs/clan-cli/tests/test_flake.py index 40f919087..46120069d 100644 --- a/pkgs/clan-cli/tests/test_flake.py +++ b/pkgs/clan-cli/tests/test_flake.py @@ -22,12 +22,14 @@ def create_flake( # in the flake.nix file replace the string __CLAN_URL__ with the the clan flake # provided by get_test_flake_toplevel flake_nix = flake / "flake.nix" + # this is where we would install the sops key to, when updating + sops_key = str(flake.joinpath("sops.key")) for line in fileinput.input(flake_nix, inplace=True): line = line.replace("__NIXPKGS__", str(nixpkgs_source())) if clan_core_flake: line = line.replace("__CLAN_CORE__", str(clan_core_flake)) - print(line) - # check that an empty config is returned if no json file exists + line = line.replace("__CLAN_SOPS_KEY_PATH__", sops_key) + print(line, end="") monkeypatch.chdir(flake) monkeypatch.setenv("HOME", str(home)) yield flake diff --git a/pkgs/clan-cli/tests/test_flake_with_core/flake.nix b/pkgs/clan-cli/tests/test_flake_with_core/flake.nix index 6a645cd42..34644e422 100644 --- a/pkgs/clan-cli/tests/test_flake_with_core/flake.nix +++ b/pkgs/clan-cli/tests/test_flake_with_core/flake.nix @@ -12,8 +12,8 @@ machines = { vm1 = { lib, ... }: { clan.networking.deploymentAddress = "__CLAN_DEPLOYMENT_ADDRESS__"; - sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__"; system.stateVersion = lib.version; + sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__"; clan.networking.zerotier.controller.enable = true; diff --git a/pkgs/clan-cli/tests/test_secrets_upload.py b/pkgs/clan-cli/tests/test_secrets_upload.py index 0003b0126..1d97a811d 100644 --- a/pkgs/clan-cli/tests/test_secrets_upload.py +++ b/pkgs/clan-cli/tests/test_secrets_upload.py @@ -31,10 +31,11 @@ def test_secrets_upload( host = host_group.hosts[0] addr = f"{host.user}@{host.host}:{host.port}?StrictHostKeyChecking=no&UserKnownHostsFile=/dev/null&IdentityFile={host.key}" new_text = flake.read_text().replace("__CLAN_DEPLOYMENT_ADDRESS__", addr) - sops_key = test_flake_with_core.joinpath("sops.key") - new_text = new_text.replace("__CLAN_SOPS_KEY_PATH__", str(sops_key)) flake.write_text(new_text) cli.run(["secrets", "upload", "vm1"]) + + # the flake defines this path as the location where the sops key should be installed + sops_key = test_flake_with_core.joinpath("sops.key") assert sops_key.exists() assert sops_key.read_text() == age_keys[0].privkey