vars
clan.core.vars.generators
A set of generators that can be used to generate files. Generators are scripts that produce files based on the values of other generators and user input. Each generator is expected to produce a set of files under a directory.
Type: attribute set of (submodule)
Default:
clan.core.vars.generators.<name>.dependencies
A list of other generators that this generator depends on. The output values of these generators will be available to the generator script as files. For example, the file 'file1' of a dependency named 'dep1' will be available via $in/dep1/file1.
Type: list of string
Default:
clan.core.vars.generators.<name>.files
A set of files to generate. The generator 'script' is expected to produce exactly these files under $out.
Type: attribute set of (submodule)
clan.core.vars.generators.<name>.files.<name>.deploy
Whether the file should be deployed to the target machine.
Enable this if the generated file is only used as an input to other generators.
Type: boolean
Default:
clan.core.vars.generators.<name>.files.<name>.generatorName
Readonly
name of the generator
Type: string
Default:
clan.core.vars.generators.<name>.files.<name>.group
The group name or id that will own the file.
Type: unspecified value
Default:
clan.core.vars.generators.<name>.files.<name>.mode
The unix file mode of the file. Must be a 3-digit octal number.
Type: string matching the pattern ^[0-7]{3}$
Default:
clan.core.vars.generators.<name>.files.<name>.name
Readonly
name of the public fact
Type: string
Default:
clan.core.vars.generators.<name>.files.<name>.neededFor
This option determines when the secret will be decrypted and deployed to the target machine.
By setting this to activation
, the secret will be deployed prior to running nixos-rebuild
or nixos-install
.
By setting this to user
, the secret will be deployed prior to users and groups are created, allowing
users' passwords to be managed by vars. The secret will be stored in /run/secrets-for-users
and owner
and group
must be root
.
Type: one of "activation", "users", "services"
Default:
clan.core.vars.generators.<name>.files.<name>.owner
The user name or id that will own the file.
Type: unspecified value
Default:
clan.core.vars.generators.<name>.files.<name>.path
The path to the file containing the content of the generated value. This will be set automatically
Type: string
clan.core.vars.generators.<name>.files.<name>.secret
Whether the file should be treated as a secret.
Type: boolean
Default:
clan.core.vars.generators.<name>.files.<name>.value
The content of the generated value. Only available if the file is not secret.
Type: string
Default:
clan.core.vars.generators.<name>.migrateFact
The fact service name to import the files from.
Use this to migrate legacy facts to the new vars system.
Type: null or string
Default:
clan.core.vars.generators.<name>.name
Readonly
The name of the generator. This name will be used to refer to the generator in other generators.
Type: string
Default:
clan.core.vars.generators.<name>.prompts
A set of prompts to ask the user for values. Prompts are available to the generator script as files. For example, a prompt named 'prompt1' will be available via $prompts/prompt1
Type: attribute set of (submodule)
Default:
clan.core.vars.generators.<name>.prompts.<name>.createFile
Whether the prompted value should be stored in a file with the same name as the prompt.
If enabled, the behavior is equivalent to the following configuration:
Type: boolean
Default:
clan.core.vars.generators.<name>.prompts.<name>.description
The description of the prompted value
Type: string
Default:
clan.core.vars.generators.<name>.prompts.<name>.name
The name of the prompt. This name will be used to refer to the prompt in the generator script.
Type: string
Default:
clan.core.vars.generators.<name>.prompts.<name>.type
The input type of the prompt. The following types are available: - hidden: A hidden text (e.g. password) - line: A single line of text - multiline: A multiline text
Type: one of "hidden", "line", "multiline"
Default:
clan.core.vars.generators.<name>.runtimeInputs
A list of packages that the generator script requires. These packages will be available in the PATH when the script is run.
Type: list of package
Default:
clan.core.vars.generators.<name>.script
The script to run to generate the files. The script will be run with the following environment variables: - $in: The directory containing the output values of all declared dependencies - $out: The output directory to put the generated files - $prompts: The directory containing the prompted values as files The script should produce the files specified in the 'files' attribute under $out.
Type: string or path
Default:
clan.core.vars.generators.<name>.share
Whether the generated vars should be shared between machines. Shared vars are only generated once, when the first machine using it is deployed. Subsequent machines will re-use the already generated values.
Type: boolean
Default:
clan.core.vars.generators.<name>.validation
A set of values that invalidate the generated values. If any of these values change, the generated values will be re-generated. Lists are not allowed as of now due to potential ordering issues
Type: null or boolean or signed integer or string or attribute set of (boolean or signed integer or string or attribute set of (boolean or signed integer or string))
Default:
clan.core.vars.settings.publicStore
method to store public vars. custom can be used to define a custom public vars store.
Type: one of "in_repo", "vm", "custom"
Default:
clan.core.vars.settings.secretStore
method to store secret facts custom can be used to define a custom secret var store.
Type: one of "sops", "password-store", "vm", "custom"
Default: