secrets: use CLAN_DIR instead of clanCore.clanDir for fact storage

2023-09-14 15:22:13 +02:00
parent 6b7301cefb
commit 0132abc547
6 changed files with 32 additions and 56 deletions
--- a/pkgs/clan-cli/clan_cli/nix.py
+++ b/pkgs/clan-cli/clan_cli/nix.py
@@ -1,44 +1,18 @@
-import json
 import os
 import tempfile
-from pathlib import Path

-from .dirs import get_clan_flake_toplevel, nixpkgs_flake, nixpkgs_source, unfree_nixpkgs
+from .dirs import nixpkgs_flake, nixpkgs_source, unfree_nixpkgs


-def nix_build_machine(
-    machine: str, attr: list[str], flake_url: Path | None = None
+def nix_build(
+    flags: list[str],
 ) -> list[str]:
-    if flake_url is None:
-        flake_url = get_clan_flake_toplevel()
-    payload = json.dumps(
-        dict(
-            clan_flake=flake_url.as_posix(),
-            machine=machine,
-            attr=attr,
-        )
-    )
-    escaped_payload = json.dumps(payload)
    return [
        "nix",
        "build",
        "--no-link",
-        "--impure",
        "--print-out-paths",
-        "--expr",
-        f"let args = builtins.fromJSON {escaped_payload}; in "
-        """
-          let
-            flake = builtins.getFlake args.clan_flake;
-            config = flake.nixosConfigurations.${args.machine}.extendModules {
-              modules = [{
-                clanCore.clanDir = args.clan_flake;
-              }];
-            };
-          in
-             flake.inputs.nixpkgs.lib.getAttrFromPath args.attr config
-        """,
-    ]
+    ] + flags


 def nix_eval(flags: list[str]) -> list[str]:
--- a/pkgs/clan-cli/clan_cli/secrets/generate.py
+++ b/pkgs/clan-cli/clan_cli/secrets/generate.py
@@ -1,22 +1,24 @@
 import argparse
+import os
 import subprocess
 import sys

 from clan_cli.errors import ClanError

-from ..nix import nix_build_machine
+from ..dirs import get_clan_flake_toplevel
+from ..nix import nix_build


 def generate_secrets(machine: str) -> None:
+    clan_dir = get_clan_flake_toplevel().as_posix().strip()
+    env = os.environ.copy()
+    env["CLAN_DIR"] = clan_dir
+
    proc = subprocess.run(
-        nix_build_machine(
-            machine=machine,
-            attr=[
-                "config",
-                "system",
-                "clan",
-                "generateSecrets",
-            ],
+        nix_build(
+            [
+                f'path:{clan_dir}#nixosConfigurations."{machine}".config.system.clan.generateSecrets'
+            ]
        ),
        capture_output=True,
        text=True,
@@ -29,6 +31,7 @@ def generate_secrets(machine: str) -> None:
    print(secret_generator_script)
    secret_generator = subprocess.run(
        [secret_generator_script],
+        env=env,
    )

    if secret_generator.returncode != 0:
--- a/pkgs/clan-cli/clan_cli/secrets/upload.py
+++ b/pkgs/clan-cli/clan_cli/secrets/upload.py
@@ -4,19 +4,18 @@ import sys

 from clan_cli.errors import ClanError

-from ..nix import nix_build_machine
+from ..dirs import get_clan_flake_toplevel
+from ..nix import nix_build


 def upload_secrets(machine: str) -> None:
+    clan_dir = get_clan_flake_toplevel().as_posix()
+
    proc = subprocess.run(
-        nix_build_machine(
-            machine=machine,
-            attr=[
-                "config",
-                "system",
-                "clan",
-                "uploadSecrets",
-            ],
+        nix_build(
+            [
+                f'{clan_dir}#nixosConfigurations."{machine}".config.system.clan.uploadSecrets'
+            ]
        ),
        capture_output=True,
        text=True,