clan-core/lib/build-clan/default.nix

{
  clan-core,
  nixpkgs,
  lib,
}:
{
  directory, # The directory containing the machines subdirectory
  specialArgs ? { }, # Extra arguments to pass to nixosSystem i.e. useful to make self available
  machines ? { }, # allows to include machine-specific modules i.e. machines.${name} = { ... }
  # DEPRECATED: use meta.name instead
  clanName ? null, # Needs to be (globally) unique, as this determines the folder name where the flake gets downloaded to.
  # DEPRECATED: use meta.icon instead
  clanIcon ? null, # A path to an icon to be used for the clan, should be the same for all machines
  meta ? { }, # A set containing clan meta: name :: string, icon :: string, description :: string
  # A map from arch to pkgs, if specified this nixpkgs will be only imported once for each system.
  # This improves performance, but all nipxkgs.* options will be ignored.
  pkgsForSystem ? (_system: null),
  /*
    Distributed services configuration.

    This configures a default instance in the inventory with the name "default".

    If you need multiple instances of a service configure them via:
    inventory.services.[serviceName].[instanceName] = ...
  */
  services ? { },
  /*
    Low level inventory configuration.
    Overrides the services configuration.
  */
  inventory ? { },
}:
let
  # Internal inventory, this is the result of merging all potential inventory sources:
  # - Default instances configured via 'services'
  # - The inventory overrides
  #   - Machines that exist in inventory.machines
  # - Machines explicitly configured via 'machines' argument
  # - Machines that exist in the machines directory
  # Checks on the module level:
  # - Each service role must reference a valid machine after all machines are merged
  mergedInventory =
    (lib.evalModules {
      modules = [
        ./interface.nix
        { inherit meta; }
        # Default instances configured via 'services'
        {
          services = lib.mapAttrs (_name: value: {
            default = value // {
              meta.name = lib.mkDefault _name;
            };
          }) services;
        }
        # The inventory overrides
        inventory
        # Machines explicitly configured via 'machines' argument
        {
          # { ${name} :: meta // { name, tags } }
          machines = lib.mapAttrs (
            name: config:
            (lib.attrByPath [
              "clan"
              "meta"
            ] { } config)
            // {
              # meta.name default is the attribute name of the machine
              name = lib.mkDefault (
                lib.attrByPath [
                  "clan"
                  "meta"
                  "name"
                ] name config
              );
              tags = lib.attrByPath [
                "clan"
                "tags"
              ] [ ] config;
            }
          ) machines;
        }
        # Machines that exist in the machines directory
        { machines = lib.mapAttrs (name: _: { inherit name; }) machinesDirs; }
      ];
    }).config;

  buildInventory = import ./inventory.nix { inherit lib clan-core; };

  serviceConfigs = buildInventory mergedInventory;

  deprecationWarnings = [
    (lib.warnIf (
      clanName != null
    ) "clanName is deprecated, please use meta.name instead. ${clanName}" null)
    (lib.warnIf (clanIcon != null) "clanIcon is deprecated, please use meta.icon instead" null)
  ];

  machinesDirs = lib.optionalAttrs (builtins.pathExists "${directory}/machines") (
    builtins.readDir (directory + /machines)
  );

  mergedMeta =
    let
      metaFromFile =
        if (builtins.pathExists "${directory}/clan/meta.json") then
          let
            settings = builtins.fromJSON (builtins.readFile "${directory}/clan/meta.json");
          in
          settings
        else
          { };
      legacyMeta = lib.filterAttrs (_: v: v != null) {
        name = clanName;
        icon = clanIcon;
      };
      optionsMeta = lib.filterAttrs (_: v: v != null) meta;

      warnings =
        builtins.map (
          name:
          if
            metaFromFile.${name} or null != optionsMeta.${name} or null && optionsMeta.${name} or null != null
          then
            lib.warn "meta.${name} is set in different places. (exlicit option meta.${name} overrides ${directory}/clan/meta.json)" null
          else
            null
        ) (builtins.attrNames metaFromFile)
        ++ [ (if (res.name or null == null) then (throw "meta.name should be set") else null) ];
      res = metaFromFile // legacyMeta // optionsMeta;
    in
    # Print out warnings before returning the merged result
    builtins.deepSeq warnings res;

  machineSettings =
    machineName:
    # CLAN_MACHINE_SETTINGS_FILE allows to override the settings file temporarily
    # This is useful for doing a dry-run before writing changes into the settings.json
    # Using CLAN_MACHINE_SETTINGS_FILE requires passing --impure to nix eval
    if builtins.getEnv "CLAN_MACHINE_SETTINGS_FILE" != "" then
      builtins.fromJSON (builtins.readFile (builtins.getEnv "CLAN_MACHINE_SETTINGS_FILE"))
    else
      lib.optionalAttrs (builtins.pathExists "${directory}/machines/${machineName}/settings.json") (
        builtins.fromJSON (builtins.readFile (directory + /machines/${machineName}/settings.json))
      );

  # Read additional imports specified via a config option in settings.json
  # This is not an infinite recursion, because the imports are discovered here
  #   before calling evalModules.
  # It is still useful to have the imports as an option, as this allows for type
  #   checking and easy integration with the config frontend(s)
  machineImports =
    machineSettings: map (module: clan-core.clanModules.${module}) (machineSettings.clanImports or [ ]);

  # TODO: remove default system once we have a hardware-config mechanism
  nixosConfiguration =
    {
      system ? "x86_64-linux",
      name,
      pkgs ? null,
      extraConfig ? { },
    }:
    nixpkgs.lib.nixosSystem {
      modules =
        let
          settings = machineSettings name;
        in
        (machineImports settings)
        ++ [
          settings
          clan-core.nixosModules.clanCore
          extraConfig
          (machines.${name} or { })
          # Inherit the inventory assertions ?
          { inherit (mergedInventory) assertions; }
          { imports = serviceConfigs.${name} or { }; }
          (
            {
              # Settings
              clan.core.clanDir = directory;
              # Inherited from clan wide settings
              clan.core.clanName = meta.name or clanName;
              clan.core.clanIcon = meta.icon or clanIcon;

              # Machine specific settings
              clan.core.machineName = name;
              networking.hostName = lib.mkDefault name;
              nixpkgs.hostPlatform = lib.mkDefault system;

              # speeds up nix commands by using the nixpkgs from the host system (especially useful in VMs)
              nix.registry.nixpkgs.to = {
                type = "path";
                path = lib.mkDefault nixpkgs;
              };
            }
            // lib.optionalAttrs (pkgs != null) { nixpkgs.pkgs = lib.mkForce pkgs; }
          )
        ];
      specialArgs = {
        inherit clan-core;
      } // specialArgs;
    };

  allMachines = machinesDirs // machines;

  supportedSystems = [
    "x86_64-linux"
    "aarch64-linux"
    "riscv64-linux"
    "x86_64-darwin"
    "aarch64-darwin"
  ];

  nixosConfigurations = lib.mapAttrs (name: _: nixosConfiguration { inherit name; }) allMachines;

  # This instantiates nixos for each system that we support:
  # configPerSystem = <system>.<machine>.nixosConfiguration
  # We need this to build nixos secret generators for each system
  configsPerSystem = builtins.listToAttrs (
    builtins.map (
      system:
      lib.nameValuePair system (
        lib.mapAttrs (
          name: _:
          nixosConfiguration {
            inherit name system;
            pkgs = pkgsForSystem system;
          }
        ) allMachines
      )
    ) supportedSystems
  );

  configsFuncPerSystem = builtins.listToAttrs (
    builtins.map (
      system:
      lib.nameValuePair system (
        lib.mapAttrs (
          name: _: args:
          nixosConfiguration (
            args
            // {
              inherit name system;
              pkgs = pkgsForSystem system;
            }
          )
        ) allMachines
      )
    ) supportedSystems
  );
in
builtins.deepSeq deprecationWarnings {
  inherit nixosConfigurations;

  clanInternals = {
    # Evaluated clan meta
    # Merged /clan/meta.json with overrides from buildClan
    meta = mergedMeta;
    inventory = mergedInventory;

    # machine specifics
    machines = configsPerSystem;
    machinesFunc = configsFuncPerSystem;
    all-machines-json = lib.mapAttrs (
      system: configs:
      nixpkgs.legacyPackages.${system}.writers.writeJSON "machines.json" (
        lib.mapAttrs (_: m: m.config.system.clan.deployment.data) configs
      )
    ) configsPerSystem;
  };
}
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`{`
			`clan-core,`
			`nixpkgs,`
			`lib,`
			`}:`
			`{`
			`directory, # The directory containing the machines subdirectory`
			`specialArgs ? { }, # Extra arguments to pass to nixosSystem i.e. useful to make self available`
			`machines ? { }, # allows to include machine-specific modules i.e. machines.${name} = { ... }`
clan-core: add clan meta for ui usage 2024-05-31 15:22:38 +00:00			`# DEPRECATED: use meta.name instead`
			`clanName ? null, # Needs to be (globally) unique, as this determines the folder name where the flake gets downloaded to.`
			`# DEPRECATED: use meta.icon instead`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`clanIcon ? null, # A path to an icon to be used for the clan, should be the same for all machines`
clan-core: add clan meta for ui usage 2024-05-31 15:22:38 +00:00			`meta ? { }, # A set containing clan meta: name :: string, icon :: string, description :: string`
Extend build-clan interface 2024-06-21 20:46:12 +00:00			`# A map from arch to pkgs, if specified this nixpkgs will be only imported once for each system.`
			`# This improves performance, but all nipxkgs.* options will be ignored.`
			`pkgsForSystem ? (_system: null),`
			`/*`
			`Distributed services configuration.`

			`This configures a default instance in the inventory with the name "default".`

			`If you need multiple instances of a service configure them via:`
			`inventory.services.[serviceName].[instanceName] = ...`
			`*/`
			`services ? { },`
			`/*`
			`Low level inventory configuration.`
			`Overrides the services configuration.`
			`*/`
			`inventory ? { },`
clan template: reduce autogenerate code to a minimum 2023-08-29 13:00:03 +00:00			`}:`
			`let`
Inventory: init module merge & validation logic for inventory 2024-06-22 19:31:01 +00:00			`# Internal inventory, this is the result of merging all potential inventory sources:`
			`# - Default instances configured via 'services'`
			`# - The inventory overrides`
			`# - Machines that exist in inventory.machines`
			`# - Machines explicitly configured via 'machines' argument`
			`# - Machines that exist in the machines directory`
			`# Checks on the module level:`
			`# - Each service role must reference a valid machine after all machines are merged`
			`mergedInventory =`
			`(lib.evalModules {`
			`modules = [`
			`./interface.nix`
			`{ inherit meta; }`
			`# Default instances configured via 'services'`
			`{`
			`services = lib.mapAttrs (_name: value: {`
			`default = value // {`
			`meta.name = lib.mkDefault _name;`
			`};`
			`}) services;`
			`}`
			`# The inventory overrides`
Extend build-clan interface 2024-06-21 20:46:12 +00:00			`inventory`
Inventory: init module merge & validation logic for inventory 2024-06-22 19:31:01 +00:00			`# Machines explicitly configured via 'machines' argument`
			`{`
			`# { ${name} :: meta // { name, tags } }`
			`machines = lib.mapAttrs (`
			`name: config:`
			`(lib.attrByPath [`
Extend build-clan interface 2024-06-21 20:46:12 +00:00			`"clan"`
			`"meta"`
Inventory: init module merge & validation logic for inventory 2024-06-22 19:31:01 +00:00			`] { } config)`
			`// {`
			`# meta.name default is the attribute name of the machine`
			`name = lib.mkDefault (`
			`lib.attrByPath [`
			`"clan"`
			`"meta"`
			`"name"`
			`] name config`
			`);`
			`tags = lib.attrByPath [`
			`"clan"`
			`"tags"`
			`] [ ] config;`
			`}`
			`) machines;`
Extend build-clan interface 2024-06-21 20:46:12 +00:00			`}`
Inventory: init module merge & validation logic for inventory 2024-06-22 19:31:01 +00:00			`# Machines that exist in the machines directory`
			`{ machines = lib.mapAttrs (name: _: { inherit name; }) machinesDirs; }`
			`];`
			`}).config;`
Extend build-clan interface 2024-06-21 20:46:12 +00:00
			`buildInventory = import ./inventory.nix { inherit lib clan-core; };`

Inventory: init module merge & validation logic for inventory 2024-06-22 19:31:01 +00:00			`serviceConfigs = buildInventory mergedInventory;`
Extend build-clan interface 2024-06-21 20:46:12 +00:00
clan-core: add clan meta for ui usage 2024-05-31 15:22:38 +00:00			`deprecationWarnings = [`
			`(lib.warnIf (`
			`clanName != null`
			`) "clanName is deprecated, please use meta.name instead. ${clanName}" null)`
			`(lib.warnIf (clanIcon != null) "clanIcon is deprecated, please use meta.icon instead" null)`
			`];`

re-format with nixfmt 2024-03-17 18:48:49 +00:00			`machinesDirs = lib.optionalAttrs (builtins.pathExists "${directory}/machines") (`
			`builtins.readDir (directory + /machines)`
			`);`
clan template: reduce autogenerate code to a minimum 2023-08-29 13:00:03 +00:00
clan-core: add clan meta for ui usage 2024-05-31 15:22:38 +00:00			`mergedMeta =`
			`let`
			`metaFromFile =`
			`if (builtins.pathExists "${directory}/clan/meta.json") then`
			`let`
			`settings = builtins.fromJSON (builtins.readFile "${directory}/clan/meta.json");`
			`in`
			`settings`
			`else`
			`{ };`
			`legacyMeta = lib.filterAttrs (_: v: v != null) {`
			`name = clanName;`
			`icon = clanIcon;`
			`};`
			`optionsMeta = lib.filterAttrs (_: v: v != null) meta;`

			`warnings =`
			`builtins.map (`
			`name:`
			`if`
			`metaFromFile.${name} or null != optionsMeta.${name} or null && optionsMeta.${name} or null != null`
			`then`
			`lib.warn "meta.${name} is set in different places. (exlicit option meta.${name} overrides ${directory}/clan/meta.json)" null`
			`else`
			`null`
			`) (builtins.attrNames metaFromFile)`
			`++ [ (if (res.name or null == null) then (throw "meta.name should be set") else null) ];`
			`res = metaFromFile // legacyMeta // optionsMeta;`
			`in`
			`# Print out warnings before returning the merged result`
			`builtins.deepSeq warnings res;`

re-format with nixfmt 2024-03-17 18:48:49 +00:00			`machineSettings =`
			`machineName:`
api/machines: allow importing extra modules - add top-level option `clanImports` to clanCore - clanImports can be set and checked as any other option - buildClan resolves the clanImports from the settings.json before calling evalModules to prevent infinite recursions - new endpoint PUT machines/{name}/schema to allow getting the schema for a specific list of imports - to retrieve the currently imported modules, cimply do a GET or PU on machines/{name}/config which will return `clanImports` as part of the config Still missing: get list of available modules 2023-10-25 15:36:01 +00:00			`# CLAN_MACHINE_SETTINGS_FILE allows to override the settings file temporarily`
			`# This is useful for doing a dry-run before writing changes into the settings.json`
			`# Using CLAN_MACHINE_SETTINGS_FILE requires passing --impure to nix eval`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`if builtins.getEnv "CLAN_MACHINE_SETTINGS_FILE" != "" then`
			`builtins.fromJSON (builtins.readFile (builtins.getEnv "CLAN_MACHINE_SETTINGS_FILE"))`
PUT api/machines/{name}/config: ensure only valid config is ever written - add CLAN_MACHINE_SETTINGS_FILE variable to temporarily override the machine settings file - do a dry-run evaluation first with the new config before persisting it. 2023-10-24 17:40:48 +00:00			`else`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`lib.optionalAttrs (builtins.pathExists "${directory}/machines/${machineName}/settings.json") (`
			`builtins.fromJSON (builtins.readFile (directory + /machines/${machineName}/settings.json))`
			`);`
clan template: reduce autogenerate code to a minimum 2023-08-29 13:00:03 +00:00
api/machines: allow importing extra modules - add top-level option `clanImports` to clanCore - clanImports can be set and checked as any other option - buildClan resolves the clanImports from the settings.json before calling evalModules to prevent infinite recursions - new endpoint PUT machines/{name}/schema to allow getting the schema for a specific list of imports - to retrieve the currently imported modules, cimply do a GET or PU on machines/{name}/config which will return `clanImports` as part of the config Still missing: get list of available modules 2023-10-25 15:36:01 +00:00			`# Read additional imports specified via a config option in settings.json`
			`# This is not an infinite recursion, because the imports are discovered here`
			`# before calling evalModules.`
			`# It is still useful to have the imports as an option, as this allows for type`
			`# checking and easy integration with the config frontend(s)`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`machineImports =`
			`machineSettings: map (module: clan-core.clanModules.${module}) (machineSettings.clanImports or [ ]);`
api/machines: allow importing extra modules - add top-level option `clanImports` to clanCore - clanImports can be set and checked as any other option - buildClan resolves the clanImports from the settings.json before calling evalModules to prevent infinite recursions - new endpoint PUT machines/{name}/schema to allow getting the schema for a specific list of imports - to retrieve the currently imported modules, cimply do a GET or PU on machines/{name}/config which will return `clanImports` as part of the config Still missing: get list of available modules 2023-10-25 15:36:01 +00:00
add toplevel machines-json that can deploy all hosts 2023-09-28 12:13:23 +00:00			`# TODO: remove default system once we have a hardware-config mechanism`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`nixosConfiguration =`
			`{`
			`system ? "x86_64-linux",`
			`name,`
			`pkgs ? null,`
			`extraConfig ? { },`
			`}:`
			`nixpkgs.lib.nixosSystem {`
			`modules =`
			`let`
			`settings = machineSettings name;`
			`in`
			`(machineImports settings)`
			`++ [`
			`settings`
			`clan-core.nixosModules.clanCore`
			`extraConfig`
			`(machines.${name} or { })`
Inventory: init module merge & validation logic for inventory 2024-06-22 19:31:01 +00:00			`# Inherit the inventory assertions ?`
			`{ inherit (mergedInventory) assertions; }`
Extend build-clan interface 2024-06-21 20:46:12 +00:00			`{ imports = serviceConfigs.${name} or { }; }`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`(`
			`{`
clan-core: add clan meta for ui usage 2024-05-31 15:22:38 +00:00			`# Settings`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`clan.core.clanDir = directory;`
clan-core: add clan meta for ui usage 2024-05-31 15:22:38 +00:00			`# Inherited from clan wide settings`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`clan.core.clanName = meta.name or clanName;`
			`clan.core.clanIcon = meta.icon or clanIcon;`
clan-core: add clan meta for ui usage 2024-05-31 15:22:38 +00:00
			`# Machine specific settings`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`clan.core.machineName = name;`
clan-core: add clan meta for ui usage 2024-05-31 15:22:38 +00:00			`networking.hostName = lib.mkDefault name;`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`nixpkgs.hostPlatform = lib.mkDefault system;`
pin nixos-wide registry to nixpkgs used to build the machine itself Instead of downloading archives and filling up vm disk space we can juse the nixpkgs version we already use for evaluating 2023-11-16 12:49:35 +00:00
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`# speeds up nix commands by using the nixpkgs from the host system (especially useful in VMs)`
			`nix.registry.nixpkgs.to = {`
			`type = "path";`
			`path = lib.mkDefault nixpkgs;`
			`};`
			`}`
			`// lib.optionalAttrs (pkgs != null) { nixpkgs.pkgs = lib.mkForce pkgs; }`
			`)`
			`];`
buildClan: add clan-core to specialArgs 2024-04-02 09:03:45 +00:00			`specialArgs = {`
			`inherit clan-core;`
			`} // specialArgs;`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`};`
secrets: use clanInternal for crosscompiling, move sops generators to new file 2023-09-20 16:08:47 +00:00
clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`allMachines = machinesDirs // machines;`
secrets: use clanInternal for crosscompiling, move sops generators to new file 2023-09-20 16:08:47 +00:00
clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`supportedSystems = [`
secrets: use clanInternal for crosscompiling, move sops generators to new file 2023-09-20 16:08:47 +00:00			`"x86_64-linux"`
			`"aarch64-linux"`
			`"riscv64-linux"`
			`"x86_64-darwin"`
			`"aarch64-darwin"`
			`];`

clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`nixosConfigurations = lib.mapAttrs (name: _: nixosConfiguration { inherit name; }) allMachines;`

			`# This instantiates nixos for each system that we support:`
clanInternals.machines: expose information as json 2023-09-27 15:25:17 +00:00			`# configPerSystem = <system>.<machine>.nixosConfiguration`
clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`# We need this to build nixos secret generators for each system`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`configsPerSystem = builtins.listToAttrs (`
			`builtins.map (`
			`system:`
			`lib.nameValuePair system (`
			`lib.mapAttrs (`
			`name: _:`
			`nixosConfiguration {`
fix cross-system deploy This allows to be nixpkgs.pkgs and deploy systems of a different arch. 2024-02-21 09:44:00 +00:00			`inherit name system;`
			`pkgs = pkgsForSystem system;`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`}`
			`) allMachines`
			`)`
			`) supportedSystems`
			`);`
allow passing of extra_config into machines 2024-02-10 10:47:09 +00:00
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`configsFuncPerSystem = builtins.listToAttrs (`
			`builtins.map (`
			`system:`
			`lib.nameValuePair system (`
			`lib.mapAttrs (`
			`name: _: args:`
			`nixosConfiguration (`
			`args`
			`// {`
			`inherit name system;`
			`pkgs = pkgsForSystem system;`
			`}`
			`)`
			`) allMachines`
			`)`
			`) supportedSystems`
			`);`
clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`in`
clan-core: add clan meta for ui usage 2024-05-31 15:22:38 +00:00			`builtins.deepSeq deprecationWarnings {`
clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`inherit nixosConfigurations;`

secrets: use clanInternal for crosscompiling, move sops generators to new file 2023-09-20 16:08:47 +00:00			`clanInternals = {`
clan-core: add clan meta for ui usage 2024-05-31 15:22:38 +00:00			`# Evaluated clan meta`
			`# Merged /clan/meta.json with overrides from buildClan`
			`meta = mergedMeta;`
Inventory: init module merge & validation logic for inventory 2024-06-22 19:31:01 +00:00			`inventory = mergedInventory;`
clan-core: add clan meta for ui usage 2024-05-31 15:22:38 +00:00
			`# machine specifics`
restore clanInternals with valid nixos config 2023-09-29 09:56:02 +00:00			`machines = configsPerSystem;`
allow passing of extra_config into machines 2024-02-10 10:47:09 +00:00			`machinesFunc = configsFuncPerSystem;`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`all-machines-json = lib.mapAttrs (`
			`system: configs:`
			`nixpkgs.legacyPackages.${system}.writers.writeJSON "machines.json" (`
			`lib.mapAttrs (_: m: m.config.system.clan.deployment.data) configs`
			`)`
			`) configsPerSystem;`
secrets: use clanInternal for crosscompiling, move sops generators to new file 2023-09-20 16:08:47 +00:00			`};`
clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`}`