one current limitation to using vars with its provided on-machine back-end is the onus it places on the user to ensure the generate-vars script is triggered.
this makes configurations using it not independently reproducible, in the sense one would need to first have the configuration loaded needed to be able to generate the secrets, then trigger their generation, only to afterwards finally be able to add configuration depending on those secret paths.
it may be useful to to alleviate this somehow. while that perhaps presumes no prompts requiring user input need to be populated still, in contexts without prompt-based generators ensuring relevant variables are generated would seem like a common need in using this back-end.
i would imagine automation here would involve perhaps a one-of service unit triggering the script, possibly using the modular services interface to prevent tight coupling with systemd.
now, in order to make this more robust, this may need a way to skip any prompt-based vars - an 'unattended' flag to the script, basically.
one current limitation to using vars with its provided
on-machineback-end is the onus it places on the user to ensure thegenerate-varsscript is triggered.this makes configurations using it not independently reproducible, in the sense one would need to first have the configuration loaded needed to be able to generate the secrets, then trigger their generation, only to afterwards finally be able to add configuration depending on those secret paths.
it may be useful to to alleviate this somehow. while that perhaps presumes no prompts requiring user input need to be populated still, in contexts without prompt-based generators ensuring relevant variables are generated would seem like a common need in using this back-end.
i would imagine automation here would involve perhaps a one-of service unit triggering the script, possibly using the modular services interface to prevent tight coupling with systemd.
now, in order to make this more robust, this may need a way to skip any
prompt-based vars - an 'unattended' flag to the script, basically.