clan-core/nixosModules/clanCore/secrets/default.nix

{ config, lib, ... }:
{
  options.clanCore.secretStore = lib.mkOption {
    type = lib.types.enum [ "sops" "password-store" "custom" ];
    default = "sops";
    description = ''
      method to store secrets
    '';
  };
  options.clanCore.secrets = lib.mkOption {
    type = lib.types.attrsOf
      (lib.types.submodule (secret: {
        options = {
          name = lib.mkOption {
            type = lib.types.str;
            default = secret.config._module.args.name;
            description = ''
              namespace of the secret
            '';
          };
          generator = lib.mkOption {
            type = lib.types.nullOr lib.types.str;
            description = ''
              script to generate the secret.
              can be set to null. then the user has to provide the secret via the clan cli
            '';
          };
          secrets = lib.mkOption {
            type = lib.types.attrsOf (lib.types.submodule (secret: {
              options = {
                name = lib.mkOption {
                  type = lib.types.str;
                  description = ''
                    name of the secret
                  '';
                  default = secret.config._module.args.name;
                };
              };
            }));
            description = ''
              path where the secret is located in the filesystem
            '';
          };
          facts = lib.mkOption {
            type = lib.types.attrsOf (lib.types.submodule (fact: {
              options = {
                name = lib.mkOption {
                  type = lib.types.str;
                  description = ''
                    name of the fact
                  '';
                  default = fact.config._module.args.name;
                };
                path = lib.mkOption {
                  type = lib.types.str;
                  description = ''
                    path to a fact which is generated by the generator
                  '';
                  default = "${config.clanCore.clanDir}/machines/${config.clanCore.machineName}/facts/${fact.config._module.args.name}";
                };
                value = lib.mkOption {
                  default = builtins.readFile fact.config.path;
                };
              };
            }));
          };
        };
      }));
  };
  imports = [
    ./sops.nix
    ./password-store.nix
  ];
}
move clanCore into nixosModules, add secrets generate command 2023-08-28 09:09:05 +00:00			`{ config, lib, ... }:`
			`{`
clanCore secrets: add secretStore option 2023-09-06 14:08:36 +00:00			`options.clanCore.secretStore = lib.mkOption {`
			`type = lib.types.enum [ "sops" "password-store" "custom" ];`
			`default = "sops";`
			`description = ''`
			`method to store secrets`
			`'';`
			`};`
Revert "rename clanCore to clan.core" This reverts commit fef796fa6e27036c4a7dfdb2a2aaec1cff18544f. 2023-08-30 13:24:33 +00:00			`options.clanCore.secrets = lib.mkOption {`
move clanCore into nixosModules, add secrets generate command 2023-08-28 09:09:05 +00:00			`type = lib.types.attrsOf`
			`(lib.types.submodule (secret: {`
			`options = {`
			`name = lib.mkOption {`
			`type = lib.types.str;`
			`default = secret.config._module.args.name;`
			`description = ''`
			`namespace of the secret`
			`'';`
			`};`
			`generator = lib.mkOption {`
			`type = lib.types.nullOr lib.types.str;`
			`description = ''`
			`script to generate the secret.`
			`can be set to null. then the user has to provide the secret via the clan cli`
			`'';`
			`};`
			`secrets = lib.mkOption {`
			`type = lib.types.attrsOf (lib.types.submodule (secret: {`
			`options = {`
			`name = lib.mkOption {`
			`type = lib.types.str;`
			`description = ''`
			`name of the secret`
			`'';`
			`default = secret.config._module.args.name;`
			`};`
			`};`
			`}));`
			`description = ''`
			`path where the secret is located in the filesystem`
			`'';`
			`};`
			`facts = lib.mkOption {`
			`type = lib.types.attrsOf (lib.types.submodule (fact: {`
			`options = {`
			`name = lib.mkOption {`
			`type = lib.types.str;`
			`description = ''`
			`name of the fact`
			`'';`
			`default = fact.config._module.args.name;`
			`};`
			`path = lib.mkOption {`
			`type = lib.types.str;`
			`description = ''`
			`path to a fact which is generated by the generator`
			`'';`
move facts to machine subdirectory This makes it easier to delete facts when removing machines 2023-09-03 06:29:15 +00:00			`default = "${config.clanCore.clanDir}/machines/${config.clanCore.machineName}/facts/${fact.config._module.args.name}";`
move clanCore into nixosModules, add secrets generate command 2023-08-28 09:09:05 +00:00			`};`
			`value = lib.mkOption {`
			`default = builtins.readFile fact.config.path;`
			`};`
			`};`
			`}));`
			`};`
			`};`
			`}));`
			`};`
			`imports = [`
secrets: add password-store implementation 2023-09-06 14:09:43 +00:00			`./sops.nix`
			`./password-store.nix`
move clanCore into nixosModules, add secrets generate command 2023-08-28 09:09:05 +00:00			`];`
			`}`