clanInternals.machines: expose information as json
This commit is contained in:
parent
628fcd5e04
commit
85f7e2f2cd
|
@ -39,23 +39,29 @@ let
|
|||
nixosConfigurations = lib.mapAttrs (name: _: nixosConfiguration { inherit name; }) allMachines;
|
||||
|
||||
# This instantiates nixos for each system that we support:
|
||||
# clanInternals.machinesForAllSystems.<system>.<machine>
|
||||
# configPerSystem = <system>.<machine>.nixosConfiguration
|
||||
# We need this to build nixos secret generators for each system
|
||||
machinesForAllSystems = builtins.listToAttrs
|
||||
configPerSystem = builtins.listToAttrs
|
||||
(builtins.map
|
||||
(system: lib.nameValuePair system
|
||||
(lib.mapAttrs (name: _: nixosConfiguration { inherit name system; }) allMachines))
|
||||
supportedSystems);
|
||||
|
||||
machinesPerSystem = lib.mapAttrs (_: machine:
|
||||
let
|
||||
config = {
|
||||
inherit (machine.config.system.clan) uploadSecrets generateSecrets;
|
||||
inherit (machine.config.clan.networking) deploymentAddress;
|
||||
};
|
||||
in
|
||||
config // {
|
||||
json = machine.pkgs.writeText "config.json" (builtins.toJSON config);
|
||||
});
|
||||
in
|
||||
{
|
||||
inherit nixosConfigurations;
|
||||
|
||||
clanInternals = {
|
||||
machines = lib.mapAttrs
|
||||
(_: lib.mapAttrs (_: machine: {
|
||||
inherit (machine.config.system.clan) uploadSecrets generateSecrets;
|
||||
inherit (machine.config.clan.networking) deploymentAddress;
|
||||
}))
|
||||
machinesForAllSystems;
|
||||
machines = lib.mapAttrs (_: machinesPerSystem) configPerSystem;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -22,12 +22,14 @@ def create_flake(
|
|||
# in the flake.nix file replace the string __CLAN_URL__ with the the clan flake
|
||||
# provided by get_test_flake_toplevel
|
||||
flake_nix = flake / "flake.nix"
|
||||
# this is where we would install the sops key to, when updating
|
||||
sops_key = str(flake.joinpath("sops.key"))
|
||||
for line in fileinput.input(flake_nix, inplace=True):
|
||||
line = line.replace("__NIXPKGS__", str(nixpkgs_source()))
|
||||
if clan_core_flake:
|
||||
line = line.replace("__CLAN_CORE__", str(clan_core_flake))
|
||||
print(line)
|
||||
# check that an empty config is returned if no json file exists
|
||||
line = line.replace("__CLAN_SOPS_KEY_PATH__", sops_key)
|
||||
print(line, end="")
|
||||
monkeypatch.chdir(flake)
|
||||
monkeypatch.setenv("HOME", str(home))
|
||||
yield flake
|
||||
|
|
|
@ -12,8 +12,8 @@
|
|||
machines = {
|
||||
vm1 = { lib, ... }: {
|
||||
clan.networking.deploymentAddress = "__CLAN_DEPLOYMENT_ADDRESS__";
|
||||
sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
|
||||
system.stateVersion = lib.version;
|
||||
sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
|
||||
|
||||
clan.networking.zerotier.controller.enable = true;
|
||||
|
||||
|
|
|
@ -31,10 +31,11 @@ def test_secrets_upload(
|
|||
host = host_group.hosts[0]
|
||||
addr = f"{host.user}@{host.host}:{host.port}?StrictHostKeyChecking=no&UserKnownHostsFile=/dev/null&IdentityFile={host.key}"
|
||||
new_text = flake.read_text().replace("__CLAN_DEPLOYMENT_ADDRESS__", addr)
|
||||
sops_key = test_flake_with_core.joinpath("sops.key")
|
||||
new_text = new_text.replace("__CLAN_SOPS_KEY_PATH__", str(sops_key))
|
||||
|
||||
flake.write_text(new_text)
|
||||
cli.run(["secrets", "upload", "vm1"])
|
||||
|
||||
# the flake defines this path as the location where the sops key should be installed
|
||||
sops_key = test_flake_with_core.joinpath("sops.key")
|
||||
assert sops_key.exists()
|
||||
assert sops_key.read_text() == age_keys[0].privkey
|
||||
|
|
Loading…
Reference in New Issue
Block a user