while vars currently support dependent variables, from the UX perspective this can still feel a bit clunky when one just wants to use such a parent variable within a file - or closer to us, within a nix configuration.
outside nix, templating has various existing languages - typically using interpolations like {{foo}} to substitute with foo's underlying value.
to construct configuration file using structured nix, there may be some further needs to take into account.
as one use-case, NixOS allows configuring nix itself using nix.settings, which has a sensitive attribute access-tokens.
this poses some challenges and considerations:
- preventing sensitive data from hitting
/nix/store - e.g. (as per the earlier example) from config.nix's pkgs.writeTextFile
- retaining the UX of Nix and its language tooling like syntax highlighting and LSP - i.e. if possible still configure
nix.settings rather than constructing the final file as string
- avoiding awkward tricks with potential performance considerations like
extendModules
a nice way to tackle this seems templated variables/secrets, as a vars-style backend-agnostic implementation of the nix-native solutions to this for sops and age, as i originally suggested in the upstream PR.
it would be cool if vars supported such a feature as well, even if not initially upstreamed.
while vars currently support dependent variables, from the UX perspective this can still feel a bit clunky when one just wants to use such a parent variable within a file - or closer to us, within a nix configuration.
outside nix, templating has various existing languages - typically using interpolations like
{{foo}}to substitute withfoo's underlying value.to construct configuration file using structured nix, there may be some further needs to take into account.
as one use-case, NixOS allows configuring nix itself using
nix.settings, which has a sensitive attributeaccess-tokens.this poses some challenges and considerations:
/nix/store- e.g. (as per the earlier example) fromconfig.nix'spkgs.writeTextFilenix.settingsrather than constructing the final file as stringextendModulesa nice way to tackle this seems templated variables/secrets, as a vars-style backend-agnostic implementation of the nix-native solutions to this for sops and age, as i originally suggested in the upstream PR.
it would be cool if vars supported such a feature as well, even if not initially upstreamed.