From 75ab1d080b42134aa62e6f82effe87b51ba03b6d Mon Sep 17 00:00:00 2001
From: Yaroslav Bolyukin <iam@lach.pw>
Date: Mon, 27 Oct 2025 03:51:10 +0000
Subject: [PATCH] feat: explicit managed marker


---
--- a/modules/nixos/secrets.nix
+++ b/modules/nixos/secrets.nix
@@ -139,7 +139,7 @@
       };
       config.parts = mkMerge [
         (mkIf (config.generator != null && config.generator ? parts) config.generator.parts)
-        (mapAttrs (_: _: {}) (removeAttrs sysConfig.data.secrets.${secretName} ["shared"]))
+        (mapAttrs (_: _: {}) (removeAttrs sysConfig.data.secrets.${secretName} ["shared" "managed"]))
       ];
     }
   );
--- a/modules/secrets-data.nix
+++ b/modules/secrets-data.nix
@@ -38,6 +38,12 @@
   sharedSecretData = {
     freeformType = attrsOf (submodule secretDataValue);
     options = {
+      managed = mkOption {
+        type = nullOr bool;
+        description = "Is current fleet data value is generated by generator";
+        default = null;
+      };
+
       createdAt = mkOption {
         type = str;
         description = "Timestamp of secret generation/last rotation.";

-- 
gitstuff