yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Files
587a9eee846b8bf0f0d1a9fd6fb5736c6fa2de4e
clan-core/nixosModules/clanCore/vars/settings-opts.nix
lassulus 8302f3ffde vars/password-store: replace passBackend option with passPackage 
The `clan.core.vars.settings.passBackend` option has been replaced with
`clan.vars.password-store.passPackage` to provide better type safety and
clearer configuration.

Changes:
- Remove problematic mkRemovedOptionModule that caused circular dependency
- Add proper option definition with assertion-based migration
- Users setting the old option get clear migration instructions
- Normal evaluation continues to work for users not using the old option

Migration: Replace `clan.core.vars.settings.passBackend = "passage"`
with `clan.vars.password-store.passPackage = pkgs.passage`
2025-07-06 12:46:39 +02:00

69 lines
1.6 KiB
Nix
Raw Blame History

{ lib, ... }:
{
secretStore = lib.mkOption {
type = lib.types.enum [
"sops"
"password-store"
"vm"
"fs"
"custom"
];
default = "sops";
description = ''
method to store secret facts
custom can be used to define a custom secret var store.
'';
};
secretModule = lib.mkOption {
type = lib.types.str;
internal = true;
description = ''
the python import path to the secret module
'';
};
# TODO: see if this is the right approach. Maybe revert to secretPathFunction
fileModule = lib.mkOption {
type = lib.types.deferredModule;
internal = true;
description = ''
A module to be imported in every vars.files.<name> submodule.
Used by backends to define the `path` attribute.
'';
default = { };
};
publicStore = lib.mkOption {
type = lib.types.enum [
"in_repo"
"vm"
"custom"
];
default = "in_repo";
description = ''
method to store public vars.
custom can be used to define a custom public vars store.
'';
};
publicModule = lib.mkOption {
type = lib.types.str;
internal = true;
description = ''
the python import path to the public module
'';
};
# Legacy option that guides migration
passBackend = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
visible = false;
description = ''
DEPRECATED: This option has been removed. Use clan.vars.password-store.passPackage instead.
Set it to pkgs.pass for GPG or pkgs.passage for age encryption.
'';
};
}
Reference in New Issue View Git Blame Copy Permalink