nix secrets library functions #1868

New Issue

Qubasa · 2024-08-10T22:46:34Z

Qubasa commented

2024-08-10 22:46:34 +00:00

Currently one clan module asks for one secret prompt. However often times we want to define multiple users / wifis / whatever. For this we need to generate nix secret attrsets and merge them into the module system. Currently every module needs to do that itself. However we should define some common functions to abstract that away or possibly rethink the interface?

The iwd module currently does it 'correctly': https://git.clan.lol/clan/clan-core/src/branch/main/clanModules/iwd/default.nix

However modules like the 'user-password' should have this option too: https://git.clan.lol/clan/clan-core/src/branch/main/clanModules/user-password/default.nix

We need a function for:

Generate a secret prompt for every given attrset
Have a unique_id function that generates a unique id for every secret coming from an attrset
Have a way to collect the value of all these secret prompts and generate a config out of it.
That returns the secret attrset by using the unique_id function
How do we go about import the clan module is everything you need if every module needs submodule options?

Example: dyndns.conf

{
  "settings": [
      {
          "provider": "namecheap",
          "host": "home",
          "domain": "gchq.icu",
          "password": "mypassword"
      },
      {
          "provider": "namecheap",
          "host": "sub",
          "domain": "secretdomain.com",
          "password": "my2password"
      }
  ]
}

The problem lies in the fact that nixos modules can't be instantiated twice. If we could we wouldn't have to deal with this issue.

Currently one clan module asks for one secret prompt. However often times we want to define multiple users / wifis / whatever. For this we need to generate nix secret attrsets and merge them into the module system. Currently every module needs to do that itself. However we should define some common functions to abstract that away or possibly rethink the interface? The iwd module currently does it 'correctly': https://git.clan.lol/clan/clan-core/src/branch/main/clanModules/iwd/default.nix However modules like the 'user-password' should have this option too: https://git.clan.lol/clan/clan-core/src/branch/main/clanModules/user-password/default.nix We need a function for: - Generate a secret prompt for every given attrset - Have a unique_id function that generates a unique id for every secret coming from an attrset - Have a way to collect the value of all these secret prompts and generate a config out of it. - That returns the secret attrset by using the unique_id function - How do we go about `import the clan module is everything you need` if every module needs submodule options? Example: dyndns.conf ```json { "settings": [ { "provider": "namecheap", "host": "home", "domain": "gchq.icu", "password": "mypassword" }, { "provider": "namecheap", "host": "sub", "domain": "secretdomain.com", "password": "my2password" } ] } ``` The problem lies in the fact that nixos modules can't be instantiated twice. If we could we wouldn't have to deal with this issue.

Qubasa self-assigned this 2024-08-10 22:46:34 +00:00

DavHau was assigned by Qubasa

2024-08-10 22:46:34 +00:00

lassulus was assigned by Qubasa

2024-08-10 22:46:34 +00:00

Mic92 was assigned by Qubasa

2024-08-10 22:46:34 +00:00

Qubasa added this to the Clan_Kanban_Board project 2024-08-10 22:46:34 +00:00

Qubasa added the

needs-review

label 2024-08-10 22:48:13 +00:00

Sign in to join this conversation.