2023-12-15 12:14:55 +00:00
|
|
|
{ config, lib, pkgs, ... }: {
|
|
|
|
# TODO: factor these out into a separate interface.nix.
|
|
|
|
# Also think about moving these options out of `system.clan`.
|
|
|
|
# Maybe we should not re-use the already polluted confg.system namespace
|
|
|
|
# and instead have a separate top-level namespace like `clanOutputs`, with
|
|
|
|
# well defined options marked as `internal = true;`.
|
|
|
|
options.system.clan = lib.mkOption {
|
|
|
|
type = lib.types.submodule {
|
|
|
|
options = {
|
|
|
|
deployment.data = lib.mkOption {
|
|
|
|
type = lib.types.attrs;
|
|
|
|
description = ''
|
|
|
|
the data to be written to the deployment.json file
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
deployment.file = lib.mkOption {
|
|
|
|
type = lib.types.path;
|
|
|
|
description = ''
|
|
|
|
the location of the deployment.json file
|
|
|
|
'';
|
|
|
|
};
|
2024-02-02 04:32:48 +00:00
|
|
|
deployment.buildHost = lib.mkOption {
|
2023-12-15 12:14:55 +00:00
|
|
|
type = lib.types.str;
|
|
|
|
description = ''
|
2024-02-02 04:32:48 +00:00
|
|
|
the hostname of the build host where nixos-rebuild is run
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
deployment.targetHost = lib.mkOption {
|
|
|
|
type = lib.types.str;
|
|
|
|
description = ''
|
|
|
|
the hostname of the target host to be deployed to
|
2023-12-15 12:14:55 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
secretsUploadDirectory = lib.mkOption {
|
|
|
|
type = lib.types.path;
|
|
|
|
description = ''
|
|
|
|
the directory on the deployment server where secrets are uploaded
|
|
|
|
'';
|
|
|
|
};
|
2024-01-15 18:34:04 +00:00
|
|
|
secretsModule = lib.mkOption {
|
2024-01-17 17:00:30 +00:00
|
|
|
type = lib.types.str;
|
2024-01-15 18:34:04 +00:00
|
|
|
description = ''
|
2024-01-17 17:00:30 +00:00
|
|
|
the python import path to the secrets module
|
2024-01-15 18:34:04 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
secretsData = lib.mkOption {
|
|
|
|
type = lib.types.path;
|
|
|
|
description = ''
|
|
|
|
secret data as json for the generator
|
|
|
|
'';
|
|
|
|
default = pkgs.writers.writeJSON "secrets.json" (lib.mapAttrs
|
|
|
|
(_name: secret: {
|
|
|
|
secrets = builtins.attrNames secret.secrets;
|
|
|
|
facts = lib.mapAttrs (_: secret: secret.path) secret.facts;
|
|
|
|
generator = secret.generator.finalScript;
|
|
|
|
})
|
|
|
|
config.clanCore.secrets);
|
|
|
|
};
|
2023-12-15 12:14:55 +00:00
|
|
|
vm.create = lib.mkOption {
|
|
|
|
type = lib.types.path;
|
|
|
|
description = ''
|
|
|
|
json metadata about the vm
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
description = ''
|
|
|
|
utility outputs for clan management of this machine
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
# optimization for faster secret generate/upload and machines update
|
|
|
|
config = {
|
|
|
|
system.clan.deployment.data = {
|
2024-01-17 17:00:30 +00:00
|
|
|
inherit (config.system.clan) secretsModule secretsData;
|
2024-02-02 04:32:48 +00:00
|
|
|
inherit (config.clan.networking) targetHost buildHost;
|
2023-12-15 12:14:55 +00:00
|
|
|
inherit (config.clanCore) secretsUploadDirectory;
|
|
|
|
};
|
|
|
|
system.clan.deployment.file = pkgs.writeText "deployment.json" (builtins.toJSON config.system.clan.deployment.data);
|
|
|
|
|
2024-02-02 04:32:48 +00:00
|
|
|
};
|
2023-12-15 12:14:55 +00:00
|
|
|
}
|