Skip to content

vars

clan.core.vars.generators

A set of generators that can be used to generate files. Generators are scripts that produce files based on the values of other generators and user input. Each generator is expected to produce a set of files under a directory.

Type: attribute set of (submodule)

Default:

{ }

interface.nix

clan.core.vars.generators.<name>.dependencies

A list of other generators that this generator depends on. The output values of these generators will be available to the generator script as files. For example, the file 'file1' of a dependency named 'dep1' will be available via $in/dep1/file1.

Type: list of string

Default:

[ ]

interface.nix

clan.core.vars.generators.<name>.files

A set of files to generate. The generator 'script' is expected to produce exactly these files under $out.

Type: attribute set of (submodule)

interface.nix

clan.core.vars.generators.<name>.files.<name>.deploy

Whether the file should be deployed to the target machine.

Enable this if the generated file is only used as an input to other generators.

Type: boolean

Default:

true

interface.nix

clan.core.vars.generators.<name>.files.<name>.generatorName

Readonly

name of the generator

Type: string

Default:

"Name of the generator that generates this file"

interface.nix

clan.core.vars.generators.<name>.files.<name>.group

The group name or id that will own the file.

Type: unspecified value

Default:

"root"

interface.nix

clan.core.vars.generators.<name>.files.<name>.mode

The unix file mode of the file. Must be a 3-digit octal number.

Type: string matching the pattern ^[0-7]{3}$

Default:

"400"

interface.nix

clan.core.vars.generators.<name>.files.<name>.name

Readonly

name of the public fact

Type: string

Default:

"Name of the file"

interface.nix

clan.core.vars.generators.<name>.files.<name>.neededFor

This option determines when the secret will be decrypted and deployed to the target machine.

By setting this to activation, the secret will be deployed prior to running nixos-rebuild or nixos-install. By setting this to user, the secret will be deployed prior to users and groups are created, allowing users' passwords to be managed by vars. The secret will be stored in /run/secrets-for-users and owner and group must be root.

Type: one of "activation", "users", "services"

Default:

"services"

interface.nix

clan.core.vars.generators.<name>.files.<name>.owner

The user name or id that will own the file.

Type: unspecified value

Default:

"root"

interface.nix

clan.core.vars.generators.<name>.files.<name>.path

The path to the file containing the content of the generated value. This will be set automatically

Type: string

interface.nix

clan.core.vars.generators.<name>.files.<name>.secret

Whether the file should be treated as a secret.

Type: boolean

Default:

true

interface.nix

clan.core.vars.generators.<name>.files.<name>.value

The content of the generated value. Only available if the file is not secret.

Type: string

Default:

"Throws error because the value of a secret file is not accessible"

interface.nix

clan.core.vars.generators.<name>.migrateFact

The fact service name to import the files from.

Use this to migrate legacy facts to the new vars system.

Type: null or string

Default:

null
Example
"my_service"

interface.nix

clan.core.vars.generators.<name>.name

Readonly

The name of the generator. This name will be used to refer to the generator in other generators.

Type: string

Default:

"Name of the generator"

interface.nix

clan.core.vars.generators.<name>.prompts

A set of prompts to ask the user for values. Prompts are available to the generator script as files. For example, a prompt named 'prompt1' will be available via $prompts/prompt1

Type: attribute set of (submodule)

Default:

{ }

interface.nix

clan.core.vars.generators.<name>.prompts.<name>.createFile

Whether the prompted value should be stored in a file with the same name as the prompt.

If enabled, the behavior is equivalent to the following configuration:

{
  files.<name>.secret = true;
  script = "cp $prompts/<name> $out/<name>";
}

Type: boolean

Default:

true

interface.nix

clan.core.vars.generators.<name>.prompts.<name>.description

The description of the prompted value

Type: string

Default:

"Name of the prompt"
Example
"SSH private key"

interface.nix

clan.core.vars.generators.<name>.prompts.<name>.name

The name of the prompt. This name will be used to refer to the prompt in the generator script.

Type: string

Default:

"Name of the prompt"

interface.nix

clan.core.vars.generators.<name>.prompts.<name>.type

The input type of the prompt. The following types are available: - hidden: A hidden text (e.g. password) - line: A single line of text - multiline: A multiline text

Type: one of "hidden", "line", "multiline"

Default:

"line"

interface.nix

clan.core.vars.generators.<name>.runtimeInputs

A list of packages that the generator script requires. These packages will be available in the PATH when the script is run.

Type: list of package

Default:

[ ]

interface.nix

clan.core.vars.generators.<name>.script

The script to run to generate the files. The script will be run with the following environment variables: - $in: The directory containing the output values of all declared dependencies - $out: The output directory to put the generated files - $prompts: The directory containing the prompted values as files The script should produce the files specified in the 'files' attribute under $out.

Type: string or path

Default:

""

interface.nix

clan.core.vars.generators.<name>.share

Whether the generated vars should be shared between machines. Shared vars are only generated once, when the first machine using it is deployed. Subsequent machines will re-use the already generated values.

Type: boolean

Default:

false

interface.nix

clan.core.vars.generators.<name>.validation

A set of values that invalidate the generated values. If any of these values change, the generated values will be re-generated. Lists are not allowed as of now due to potential ordering issues

Type: null or boolean or signed integer or string or attribute set of (boolean or signed integer or string or attribute set of (boolean or signed integer or string))

Default:

null

interface.nix

clan.core.vars.settings.publicStore

method to store public vars. custom can be used to define a custom public vars store.

Type: one of "in_repo", "vm", "custom"

Default:

"in_repo"

interface.nix

clan.core.vars.settings.secretStore

method to store secret facts custom can be used to define a custom secret var store.

Type: one of "sops", "password-store", "vm", "custom"

Default:

"sops"

interface.nix