Skip to content

facts

clan.core.facts.publicDirectory

The directory where public facts are stored.

Type: null or path

Default:

null

facts

clan.core.facts.publicStore

method to store public facts. custom can be used to define a custom public fact store.

Type: one of "in_repo", "vm", "custom"

Default:

"in_repo"

facts

clan.core.facts.secretPathFunction

The function to use to generate the path for a secret. The default function will use the path attribute of the secret. The function will be called with the secret submodule as an argument.

Type: raw value

facts

clan.core.facts.secretStore

method to store secret facts custom can be used to define a custom secret fact store.

Type: one of "sops", "password-store", "vm", "custom"

Default:

"sops"

facts

clan.core.facts.secretUploadDirectory

The directory where secrets are uploaded into, This is backend specific.

Type: null or path

Default:

null

facts

clan.core.facts.services

Services to generate secrets and facts for. Each service can have a generator script which generates the secrets and facts. The generator script is expected to generate all secrets and facts defined for this service.

A service does not need to be analogous to a systemd service, it can be any group of facts and secrets that need to be generated together.

Type: attribute set of (submodule)

Default:

{ }

facts

clan.core.facts.services.<name>.generator

The generator to generate the secrets and facts for this service.

Type: submodule

facts

clan.core.facts.services.<name>.generator.path

Extra paths to add to the PATH environment variable when running the generator.

Type: list of (path or package)

Default:

[ ]

facts

clan.core.facts.services.<name>.generator.prompt

prompt text to ask for a value. This value will be passed to the script as the environment variable $prompt_value.

Type: null or string

Default:

null

facts

clan.core.facts.services.<name>.generator.script

Shell script snippet to generate the secrets and facts. The script has access to the following environment variables: - prompt_value: prompted value in case a prompt was defined - facts: path to a directory where facts can be stored - secrets: path to a directory where secrets can be stored The script is expected to generate all secrets and facts defined for this service.

Type: string

facts

clan.core.facts.services.<name>.name

Namespace of the service

Type: string

Default:

"‹name›"

facts

clan.core.facts.services.<name>.public

Public facts to generate for this service.

Type: attribute set of (submodule)

Default:

{ }

facts

clan.core.facts.services.<name>.public.<name>.name

name of the public fact

Type: string

Default:

"‹name›"

facts

clan.core.facts.services.<name>.public.<name>.path

path to a fact which is generated by the generator

Type: path

Default:

${config.clan.core.clanDir}/machines/${config.clan.core.machineName}/facts/${fact.config.name}

facts

clan.core.facts.services.<name>.public.<name>.value

The value of the public fact.

Type: null or string

Default:

${config.clan.core.clanDir}/${fact.config.path}

facts

clan.core.facts.services.<name>.secret

Secret facts to generate for this service.

Type: attribute set of (submodule)

Default:

{ }

facts

clan.core.facts.services.<name>.secret.<name>.groups

Groups to decrypt the secret for. By default we always use the user's key.

Type: list of string

Default:

[ ]

facts

clan.core.facts.services.<name>.secret.<name>.name

name of the secret

Type: string

Default:

"‹name›"

facts

clan.core.facts.services.<name>.secret.<name>.path

path to a secret which is generated by the generator

Type: string

Default:

"/no-such-path"

facts