Made secrets file configurable

.gitattributes

@@ -1 +1 @@
-secrets.yaml filter=git-crypt diff=git-crypt
+_secrets.yaml filter=git-crypt diff=git-crypt

nodes/hellas/_defaults.yaml

@@ -4,3 +4,4 @@ installDisk: /dev/sda
 cluster:
     name: hellas
     controlPlaneIp: 10.0.2.1
+    secretsFile: !realpath _secrets.yaml

nodes/testing/_defaults.yaml

@@ -4,3 +4,4 @@ installDisk: /dev/vda
 cluster:
     name: testing
     controlPlaneIp: 192.168.1.100
+    secretsFile: !realpath _secrets.yaml

templates/generate_configs.sh

@@ -1,12 +1,11 @@
 #!/usr/bin/env bash
 set -euo pipefail
-ROOT={{ root }}
+CONFIGS={{ root }}/configs
-CONFIGS=${ROOT}/configs
 
 # Generate the configuration for each node
 {% for node in nodes -%}
 talosctl gen config {{ node.cluster.name }} https://{{ node.cluster.controlPlaneIp }}:6443 -f \
-	--with-secrets ${ROOT}/secrets.yaml \
+	--with-secrets {{ node.cluster.secretsFile }} \
 	--talos-version {{ node.talosVersion }} \
 	--kubernetes-version {{ node.kubernesVersion }} \
 	--output-types {{ node.type }} \
@@ -26,7 +25,7 @@ talosctl gen config {{ node.cluster.name }} https://{{ node.cluster.controlPlane
 # Generate the talosconfig file for each cluster
 {% for cluster in clusters -%}
 talosctl gen config {{ cluster.name }} https://{{ cluster.controlPlaneIp }}:6443 -f \
-	--with-secrets ${ROOT}/secrets.yaml \
+	--with-secrets {{ cluster.secretsFile }} \
 	--output-types talosconfig \
 	-o ${CONFIGS}/{{ cluster.name }}/talosconfig
 {% endfor %}

tools/render

@@ -83,9 +83,23 @@ def template_constructor(environment: Environment):
     return inner
 
 
-def get_loader():
+def realpath_constructor(directory: pathlib.Path):
+    def inner(loader: yaml.SafeLoader, node: yaml.nodes.ScalarNode):
+        try:
+            realpath = directory.joinpath(loader.construct_scalar(node)).resolve(
+                strict=True
+            )
+            return str(realpath)
+        except Exception:
+            raise yaml.MarkedYAMLError("Failed to get real path", node.start_mark)
+
+    return inner
+
+
+def get_loader(directory: pathlib.Path):
     """Add special constructors to yaml loader"""
     loader = yaml.SafeLoader
+    loader.add_constructor("!realpath", realpath_constructor(directory))
     loader.add_constructor("!schematic", schematic_constructor)
     loader.add_constructor("!patch", template_constructor(PATCHES))
 
@@ -97,7 +111,7 @@ def get_defaults(directory: pathlib.Path, root: pathlib.Path):
     """Compute the defaults from the provided directory and parents."""
     try:
         with open(directory.joinpath("_defaults.yaml")) as fyaml:
-            yml_data = yaml.load(fyaml, Loader=get_loader())
+            yml_data = yaml.load(fyaml, Loader=get_loader(directory))
     except OSError:
         yml_data = {}
 
@@ -122,7 +136,7 @@ def main():
         filename = str(fullname.relative_to(NODES).parent) + "/" + fullname.stem
 
         with open(fullname) as fyaml:
-            yml_data = yaml.load(fyaml, Loader=get_loader())
+            yml_data = yaml.load(fyaml, Loader=get_loader(fullname.parent))
         yml_data = get_defaults(fullname.parent, NODES) | yml_data
         yml_data["hostname"] = fullname.stem
         yml_data["filename"] = filename