- Replace self.filter with lib.fileset for more precise filtering
- Remove unnecessary clan-core dependency from the test
- Test only needs lib and pkgs, not the full flake context
- Prevents unnecessary rebuilds when unrelated files change
The `clan.core.vars.settings.passBackend` option has been replaced with
`clan.vars.password-store.passPackage` to provide better type safety and
clearer configuration.
Changes:
- Remove problematic mkRemovedOptionModule that caused circular dependency
- Add proper option definition with assertion-based migration
- Users setting the old option get clear migration instructions
- Normal evaluation continues to work for users not using the old option
Migration: Replace `clan.core.vars.settings.passBackend = "passage"`
with `clan.vars.password-store.passPackage = pkgs.passage`
- Remove _serialized field from vars interface to prevent serialization
errors with throwing passBackend field
- Implement direct selection of generator fields using multi-select syntax
- Refactor vars_generators() to use new Generator.from_flake() method that
selects only safe fields (avoiding non-serializable values)
- Remove unused legacy methods: Generator.from_json(), Var.from_json(),
Prompt.from_json()
- Update precaching to match new selection approach
This fixes the serialization errors that were preventing vars from working
with the new password-store implementation by avoiding the problematic
_serialized field entirely.
- Remove deployment.json file generation from outputs.nix
- Add throw for deprecated deployment.file usage with upgrade instructions
- Remove vars data from deployment.data
- Update Machine class to use direct select() calls instead of deployment property
- Update all deployment property accesses to use direct selectors
- Add precaching for frequently accessed values in update.py:
- Module paths for facts and vars
- Deployment settings (requireExplicitUpdate, nixosMobileWorkaround)
- Services and generators data
- Secret upload locations
- This removes unnecessary JSON serialization and makes the code more composable
For secrets not part of the nix store there is no other way in NixOS to
restart a service after the secret is updated. One example is changing
password in userborn, which doesn't run as a activation script but as a
systemd service.
Create a store path per in repo secret/var to be copied, this prevents
unused secrets from being leaked.
For example the `root-password` generator contains both the hashed and
unhashed password but only the hash is used.
revert vars: use writeShellApplication to shellcheck generators
Cannot re-generate the vars for data-mesher or any of our tests anymore
cc @DavHau @Qubasa Can we work together to fix this.
I like shellchecking but if we loose the ability to add tests thats unfortunate
This is blocking: the new 'restic' and 'zerotier' migrations because we need to write integration tests from the beginning.
Change `prompt.persist` default to false.
We want a consistent default that is not conditionally dependent on
other values.
This makes communication on how the functionality is used more
consistent and easier understood.
Some test were referring to the whole source code via ${self} which amde them rebuild on every single commit.
This is not mitigated by introduceing `self.filter { include = [...]; }` allowin to a content addressed subset of the source code in tests.
