Stores now get machine context from generator objects instead of storing
it internally. This enables future machine-independent generators and
reduces coupling.
- StoreBase.__init__ only takes flake parameter
- Store methods receive machine as explicit parameter
- Fixed all callers to pass machine context
- Change Generator class to store machine name as string instead of Machine reference
- Update Generator.generators_from_flake() to only require machine name and flake
- Refactor check_vars() to accept machine name and flake instead of Machine object
- Create Machine instances only when needed for specific operations
This continues the effort to reduce dependencies on the Machine class,
making the codebase more modular and easier to refactor.
Replace all calls to machine.vars_generators() with direct calls to
Generator.generators_from_flake() to make the dependency more explicit
and remove unnecessary indirection.
This reduces coupling to the Machine class, making the codebase more
modular and easier to refactor in the future.
This adds options `invalidationData` to generators.
`invalidationData` can be used by an author of a generator to signal if a re-generation is required after updating the logic.
Whenever a generator with invalidation data is executed, a hash of that data is stored by the respective public and/or secret backends.
The stored hashes will be checked on future deployments, and a re-generation is triggered whenever a hash doesn't match what's defined in nix.
When the users of a secret change, when for example a new admin user is added, an error will be thrown when generating vars, prompting the user to pass --fix to re-encrypt the secrets
