clan-core/nixosModules/clanCore/facts/compat.nix

{ config, lib, ... }:
{
  imports = [
    (lib.mkRemovedOptionModule [
      "clan"
      "core"
      "secretsPrefix"
    ] "secretsPrefix was only used by the sops module and the code is now integrated in there")
    (lib.mkRenamedOptionModule
      [
        "clan"
        "core"
        "secretStore"
      ]
      [
        "clan"
        "core"
        "facts"
        "secretStore"
      ]
    )
    (lib.mkRemovedOptionModule [
      "clan"
      "core"
      "secretsDirectory"
    ] "clan.core.secretsDirectory was removed. Use clan.core.facts.secretPathFunction instead")
    (lib.mkRenamedOptionModule
      [
        "clan"
        "core"
        "secretsUploadDirectory"
      ]
      [
        "clan"
        "core"
        "facts"
        "secretUploadDirectory"
      ]
    )
  ];
  options.clan.core.secrets = lib.mkOption {
    visible = false;
    default = { };
    type = lib.types.attrsOf (
      lib.types.submodule (service: {
        options = {
          name = lib.mkOption {
            type = lib.types.str;
            default = service.config._module.args.name;
            description = ''
              Namespace of the service
            '';
          };
          generator = lib.mkOption {
            type = lib.types.submodule (
              { ... }:
              {
                options = {
                  path = lib.mkOption {
                    type = lib.types.listOf (lib.types.either lib.types.path lib.types.package);
                    default = [ ];
                    description = ''
                      Extra paths to add to the PATH environment variable when running the generator.
                    '';
                  };
                  prompt = lib.mkOption {
                    type = lib.types.nullOr lib.types.str;
                    default = null;
                    description = ''
                      prompt text to ask for a value.
                      This value will be passed to the script as the environment variable $prompt_value.
                    '';
                  };
                  script = lib.mkOption {
                    type = lib.types.str;
                    description = ''
                      Script to generate the secret.
                      The script will be called with the following variables:
                      - facts: path to a directory where facts can be stored
                      - secrets: path to a directory where secrets can be stored
                      The script is expected to generate all secrets and facts defined in the module.
                    '';
                  };
                };
              }
            );
          };
          secrets = lib.mkOption {
            default = { };
            type = lib.types.attrsOf (
              lib.types.submodule (secret: {
                options =
                  {
                    name = lib.mkOption {
                      type = lib.types.str;
                      description = ''
                        name of the secret
                      '';
                      default = secret.config._module.args.name;
                    };
                    path = lib.mkOption {
                      type = lib.types.path;
                      description = ''
                        path to a secret which is generated by the generator
                      '';
                      default = config.clan.core.facts.secretPathFunction secret;
                      defaultText = lib.literalExpression "config.clan.core.facts.secretPathFunction secret";
                    };
                  }
                  // lib.optionalAttrs (config.clan.core.facts.secretStore == "sops") {
                    groups = lib.mkOption {
                      type = lib.types.listOf lib.types.str;
                      default = config.clan.core.sops.defaultGroups;
                      description = ''
                        Groups to decrypt the secret for. By default we always use the user's key.
                      '';
                    };
                  };
              })
            );
            description = ''
              path where the secret is located in the filesystem
            '';
          };
          facts = lib.mkOption {
            default = { };
            type = lib.types.attrsOf (
              lib.types.submodule (fact: {
                options = {
                  name = lib.mkOption {
                    type = lib.types.str;
                    description = ''
                      name of the fact
                    '';
                    default = fact.config._module.args.name;
                  };
                  path = lib.mkOption {
                    type = lib.types.path;
                    description = ''
                      path to a fact which is generated by the generator
                    '';
                    default =
                      config.clan.core.clanDir
                      + "/machines/${config.clan.core.machineName}/facts/${fact.config._module.args.name}";
                    defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config._module.args.name}";
                  };
                  value = lib.mkOption {
                    defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}";
                    type = lib.types.nullOr lib.types.str;
                    default =
                      if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null;
                  };
                };
              })
            );
          };
        };
      })
    );
  };
  config = lib.mkIf (config.clan.core.secrets != { }) {
    clan.core.facts.services = lib.mapAttrs' (
      name: service:
      lib.warn "clan.core.secrets.${name} is deprecated, use clan.core.facts.services.${name} instead" (
        lib.nameValuePair name ({
          secret = service.secrets;
          public = service.facts;
          generator = service.generator;
        })
      )
    ) config.clan.core.secrets;
  };
}
refactor clanCore.secrets -> clanCore.facts 2024-03-25 14:55:25 +00:00			`{ config, lib, ... }:`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`{`
refactor clanCore.secrets -> clanCore.facts 2024-03-25 14:55:25 +00:00			`imports = [`
			`(lib.mkRemovedOptionModule [`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`"clan"`
			`"core"`
refactor clanCore.secrets -> clanCore.facts 2024-03-25 14:55:25 +00:00			`"secretsPrefix"`
			`] "secretsPrefix was only used by the sops module and the code is now integrated in there")`
			`(lib.mkRenamedOptionModule`
			`[`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`"clan"`
			`"core"`
refactor clanCore.secrets -> clanCore.facts 2024-03-25 14:55:25 +00:00			`"secretStore"`
			`]`
			`[`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`"clan"`
			`"core"`
refactor clanCore.secrets -> clanCore.facts 2024-03-25 14:55:25 +00:00			`"facts"`
			`"secretStore"`
			`]`
			`)`
factstore: secret backends now can return the path to a secret dynamically try to move path function out 2024-04-09 16:04:26 +00:00			`(lib.mkRemovedOptionModule [`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`"clan"`
			`"core"`
factstore: secret backends now can return the path to a secret dynamically try to move path function out 2024-04-09 16:04:26 +00:00			`"secretsDirectory"`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`] "clan.core.secretsDirectory was removed. Use clan.core.facts.secretPathFunction instead")`
refactor clanCore.secrets -> clanCore.facts 2024-03-25 14:55:25 +00:00			`(lib.mkRenamedOptionModule`
			`[`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`"clan"`
			`"core"`
refactor clanCore.secrets -> clanCore.facts 2024-03-25 14:55:25 +00:00			`"secretsUploadDirectory"`
			`]`
			`[`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`"clan"`
			`"core"`
refactor clanCore.secrets -> clanCore.facts 2024-03-25 14:55:25 +00:00			`"facts"`
			`"secretUploadDirectory"`
			`]`
			`)`
			`];`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`options.clan.core.secrets = lib.mkOption {`
docs: render module options docs fix errors while rendering some modules 2024-03-27 09:47:24 +00:00			`visible = false;`
clanCore.secrets: set default and add generate/deploy composite 2023-09-13 21:16:56 +00:00			`default = { };`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`type = lib.types.attrsOf (`
			`lib.types.submodule (service: {`
move clanCore into nixosModules, add secrets generate command 2023-08-28 09:09:05 +00:00			`options = {`
			`name = lib.mkOption {`
			`type = lib.types.str;`
clanCore secrets: rename toplevel secret to service 2024-03-02 09:25:10 +00:00			`default = service.config._module.args.name;`
move clanCore into nixosModules, add secrets generate command 2023-08-28 09:09:05 +00:00			`description = ''`
clanCore secrets: rename toplevel secret to service 2024-03-02 09:25:10 +00:00			`Namespace of the service`
move clanCore into nixosModules, add secrets generate command 2023-08-28 09:09:05 +00:00			`'';`
			`};`
			`generator = lib.mkOption {`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`type = lib.types.submodule (`
refactor clanCore.secrets -> clanCore.facts 2024-03-25 14:55:25 +00:00			`{ ... }:`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`{`
			`options = {`
			`path = lib.mkOption {`
			`type = lib.types.listOf (lib.types.either lib.types.path lib.types.package);`
			`default = [ ];`
			`description = ''`
			`Extra paths to add to the PATH environment variable when running the generator.`
			`'';`
			`};`
			`prompt = lib.mkOption {`
			`type = lib.types.nullOr lib.types.str;`
			`default = null;`
			`description = ''`
			`prompt text to ask for a value.`
			`This value will be passed to the script as the environment variable $prompt_value.`
			`'';`
			`};`
			`script = lib.mkOption {`
			`type = lib.types.str;`
			`description = ''`
			`Script to generate the secret.`
			`The script will be called with the following variables:`
			`- facts: path to a directory where facts can be stored`
			`- secrets: path to a directory where secrets can be stored`
			`The script is expected to generate all secrets and facts defined in the module.`
			`'';`
			`};`
add option to extend path for generator 2023-11-30 12:01:38 +00:00			`};`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`}`
			`);`
move clanCore into nixosModules, add secrets generate command 2023-08-28 09:09:05 +00:00			`};`
factstore: secret backends now can return the path to a secret dynamically try to move path function out 2024-04-09 16:04:26 +00:00			`secrets = lib.mkOption {`
			`default = { };`
			`type = lib.types.attrsOf (`
			`lib.types.submodule (secret: {`
			`options =`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`{`
factstore: secret backends now can return the path to a secret dynamically try to move path function out 2024-04-09 16:04:26 +00:00			`name = lib.mkOption {`
			`type = lib.types.str;`
			`description = ''`
			`name of the secret`
			`'';`
sops/compat: fix name reference 2024-04-12 11:23:52 +00:00			`default = secret.config._module.args.name;`
factstore: secret backends now can return the path to a secret dynamically try to move path function out 2024-04-09 16:04:26 +00:00			`};`
			`path = lib.mkOption {`
			`type = lib.types.path;`
			`description = ''`
			`path to a secret which is generated by the generator`
			`'';`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`default = config.clan.core.facts.secretPathFunction secret;`
			`defaultText = lib.literalExpression "config.clan.core.facts.secretPathFunction secret";`
factstore: secret backends now can return the path to a secret dynamically try to move path function out 2024-04-09 16:04:26 +00:00			`};`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`}`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`// lib.optionalAttrs (config.clan.core.facts.secretStore == "sops") {`
factstore: secret backends now can return the path to a secret dynamically try to move path function out 2024-04-09 16:04:26 +00:00			`groups = lib.mkOption {`
			`type = lib.types.listOf lib.types.str;`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`default = config.clan.core.sops.defaultGroups;`
factstore: secret backends now can return the path to a secret dynamically try to move path function out 2024-04-09 16:04:26 +00:00			`description = ''`
			`Groups to decrypt the secret for. By default we always use the user's key.`
			`'';`
			`};`
			`};`
			`})`
			`);`
			`description = ''`
			`path where the secret is located in the filesystem`
			`'';`
			`};`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`facts = lib.mkOption {`
			`default = { };`
			`type = lib.types.attrsOf (`
			`lib.types.submodule (fact: {`
move zerotier secret generation into nixos module 2023-09-26 15:31:45 +00:00			`options = {`
			`name = lib.mkOption {`
			`type = lib.types.str;`
			`description = ''`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`name of the fact`
move zerotier secret generation into nixos module 2023-09-26 15:31:45 +00:00			`'';`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`default = fact.config._module.args.name;`
move zerotier secret generation into nixos module 2023-09-26 15:31:45 +00:00			`};`
			`path = lib.mkOption {`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`type = lib.types.path;`
move zerotier secret generation into nixos module 2023-09-26 15:31:45 +00:00			`description = ''`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`path to a fact which is generated by the generator`
move zerotier secret generation into nixos module 2023-09-26 15:31:45 +00:00			`'';`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`default =`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`config.clan.core.clanDir`
			`+ "/machines/${config.clan.core.machineName}/facts/${fact.config._module.args.name}";`
			`defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config._module.args.name}";`
move zerotier secret generation into nixos module 2023-09-26 15:31:45 +00:00			`};`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`value = lib.mkOption {`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}";`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`type = lib.types.nullOr lib.types.str;`
			`default =`
			`if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null;`
add option to set defaultGroups for secrets 2024-02-16 16:03:14 +00:00			`};`
move clanCore into nixosModules, add secrets generate command 2023-08-28 09:09:05 +00:00			`};`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`})`
			`);`
move clanCore into nixosModules, add secrets generate command 2023-08-28 09:09:05 +00:00			`};`
			`};`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`})`
			`);`
move clanCore into nixosModules, add secrets generate command 2023-08-28 09:09:05 +00:00			`};`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`config = lib.mkIf (config.clan.core.secrets != { }) {`
			`clan.core.facts.services = lib.mapAttrs' (`
refactor clanCore.secrets -> clanCore.facts 2024-03-25 14:55:25 +00:00			`name: service:`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`lib.warn "clan.core.secrets.${name} is deprecated, use clan.core.facts.services.${name} instead" (`
refactor clanCore.secrets -> clanCore.facts 2024-03-25 14:55:25 +00:00			`lib.nameValuePair name ({`
			`secret = service.secrets;`
			`public = service.facts;`
			`generator = service.generator;`
			`})`
			`)`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`) config.clan.core.secrets;`
refactor clanCore.secrets -> clanCore.facts 2024-03-25 14:55:25 +00:00			`};`
move clanCore into nixosModules, add secrets generate command 2023-08-28 09:09:05 +00:00			`}`