Skip to content

Vars

Manage vars

Usage: clan vars

Commands

This subcommand provides an interface to vars of clan machines. Vars are variables that a service can generate. There are public and secret vars. Public vars can be referenced by other machines directly. Public vars can include: ip addresses, public keys. Secret vars can include: passwords, private keys.

A service is an included clan-module that implements vars generation functionality. For example the zerotier module will generate private and public vars. In this case the public var will be the resulting zerotier-ip of the machine. The secret var will be the zerotier-identity-secret, which is used by zerotier to prove the machine has control of the zerotier-ip.

Examples

$ clan vars generate

Will generate vars for all machines.

$ clan vars generate --service [SERVICE] --regenerate

Will regenerate vars, if they are already generated for a specific service.
This is especially useful for resetting certain passwords while leaving the rest
of the vars for a machine in place.

For more detailed information, visit: secrets

Vars check

Usage: clan vars check

Positional arguments

  1. machine: The machine to check secrets for
Options
  • --generator, -g: the generator to check
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Vars fix

Usage: clan vars fix

Positional arguments

  1. machine: The machine to fix vars for
Options
  • --generator, -g: the generator to check
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Vars generate

Usage: clan vars generate

Positional arguments

  1. machines: machine to generate facts for. if empty, generate facts for all machines
Options
  • --generator, -g: execute only the specified generator. If unset, execute all generators
  • --regenerate, --no-regenerate, -r: whether to regenerate facts for the specified machine
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Vars get

Usage: clan vars get

Positional arguments

  1. machine: The machine to print vars for
  2. var_id: The var id to get the value for. Example: ssh-keys/pubkey
Options
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Vars keygen

Usage: clan vars keygen

Options
  • --user: The user to generate the keys for. Default: $USER
  • -f, --force: overwrite existing user
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Vars list

Usage: clan vars list

Positional arguments

  1. machine: The machine to print vars for
Options
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Vars set

Usage: clan vars set

Positional arguments

  1. machine: The machine to set a var for
  2. var_id: The var id for which to set the value. Example: ssh-keys/pubkey
Options
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Vars upload

Usage: clan vars upload

Positional arguments

  1. machine: The machine to upload secrets to
Options
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable