{ config, lib, ... }: { options.clanCore.secretStore = lib.mkOption { type = lib.types.enum [ "sops" "password-store" "custom" ]; default = "sops"; description = '' method to store secrets ''; }; options.clanCore.secrets = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule (secret: { options = { name = lib.mkOption { type = lib.types.str; default = secret.config._module.args.name; description = '' namespace of the secret ''; }; generator = lib.mkOption { type = lib.types.nullOr lib.types.str; description = '' script to generate the secret. can be set to null. then the user has to provide the secret via the clan cli ''; }; secrets = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule (secret: { options = { name = lib.mkOption { type = lib.types.str; description = '' name of the secret ''; default = secret.config._module.args.name; }; }; })); description = '' path where the secret is located in the filesystem ''; }; facts = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule (fact: { options = { name = lib.mkOption { type = lib.types.str; description = '' name of the fact ''; default = fact.config._module.args.name; }; path = lib.mkOption { type = lib.types.str; description = '' path to a fact which is generated by the generator ''; default = "${config.clanCore.clanDir}/machines/${config.clanCore.machineName}/facts/${fact.config._module.args.name}"; }; value = lib.mkOption { default = builtins.readFile fact.config.path; }; }; })); }; }; })); }; imports = [ ./sops.nix ./password-store.nix ]; }