clan-core/lib/build-clan/default.nix

{ clan-core, nixpkgs, lib }:
{ directory  # The directory containing the machines subdirectory
, specialArgs ? { } # Extra arguments to pass to nixosSystem i.e. useful to make self available
, machines ? { } # allows to include machine-specific modules i.e. machines.${name} = { ... }
, clanName # Needs to be (globally) unique, as this determines the folder name where the flake gets downloaded to.
, clanIcon ? null # A path to an icon to be used for the clan, should be the same for all machines
, pkgsForSystem ? (_system: null) # A map from arch to pkgs, if specified this nixpkgs will be only imported once for each system.
  # This improves performance, but all nipxkgs.* options will be ignored.
}:
let
  machinesDirs = lib.optionalAttrs (builtins.pathExists "${directory}/machines") (builtins.readDir (directory + /machines));

  machineSettings = machineName:
    # CLAN_MACHINE_SETTINGS_FILE allows to override the settings file temporarily
    # This is useful for doing a dry-run before writing changes into the settings.json
    # Using CLAN_MACHINE_SETTINGS_FILE requires passing --impure to nix eval
    if builtins.getEnv "CLAN_MACHINE_SETTINGS_FILE" != ""
    then builtins.fromJSON (builtins.readFile (builtins.getEnv "CLAN_MACHINE_SETTINGS_FILE"))
    else
      lib.optionalAttrs (builtins.pathExists "${directory}/machines/${machineName}/settings.json")
        (builtins.fromJSON
          (builtins.readFile (directory + /machines/${machineName}/settings.json)));

  # Read additional imports specified via a config option in settings.json
  # This is not an infinite recursion, because the imports are discovered here
  #   before calling evalModules.
  # It is still useful to have the imports as an option, as this allows for type
  #   checking and easy integration with the config frontend(s)
  machineImports = machineSettings:
    map
      (module: clan-core.clanModules.${module})
      (machineSettings.clanImports or [ ]);

  # TODO: remove default system once we have a hardware-config mechanism
  nixosConfiguration = { system ? "x86_64-linux", name, pkgs ? null, extraConfig ? { } }: nixpkgs.lib.nixosSystem {
    modules =
      let
        settings = machineSettings name;
      in
      (machineImports settings)
      ++ [
        settings
        clan-core.nixosModules.clanCore
        extraConfig
        (machines.${name} or { })
        ({
          clanCore.clanName = clanName;
          clanCore.clanIcon = clanIcon;
          clanCore.clanDir = directory;
          clanCore.machineName = name;
          nixpkgs.hostPlatform = lib.mkDefault system;

          # speeds up nix commands by using the nixpkgs from the host system (especially useful in VMs)
          nix.registry.nixpkgs.to = {
            type = "path";
            path = lib.mkDefault nixpkgs;
          };
        } // lib.optionalAttrs (pkgs != null) {
          nixpkgs.pkgs = lib.mkForce pkgs;
        })
      ];
    inherit specialArgs;
  };

  allMachines = machinesDirs // machines;

  supportedSystems = [
    "x86_64-linux"
    "aarch64-linux"
    "riscv64-linux"
    "x86_64-darwin"
    "aarch64-darwin"
  ];

  nixosConfigurations = lib.mapAttrs (name: _: nixosConfiguration { inherit name; }) allMachines;

  # This instantiates nixos for each system that we support:
  # configPerSystem = <system>.<machine>.nixosConfiguration
  # We need this to build nixos secret generators for each system
  configsPerSystem = builtins.listToAttrs
    (builtins.map
      (system: lib.nameValuePair system
        (lib.mapAttrs
          (name: _: nixosConfiguration {
            inherit name system;
            pkgs = pkgsForSystem system;
          })
          allMachines))
      supportedSystems);

  configsFuncPerSystem = builtins.listToAttrs
    (builtins.map
      (system: lib.nameValuePair system
        (lib.mapAttrs
          (name: _: args: nixosConfiguration (args // {
            inherit name system;
            pkgs = pkgsForSystem system;
          }))
          allMachines))
      supportedSystems);
in
{
  inherit nixosConfigurations;

  clanInternals = {
    machines = configsPerSystem;
    machinesFunc = configsFuncPerSystem;
    all-machines-json = lib.mapAttrs
      (system: configs: nixpkgs.legacyPackages.${system}.writers.writeJSON "machines.json" (lib.mapAttrs (_: m: m.config.system.clan.deployment.data) configs))
      configsPerSystem;
  };
}
api/machines: allow importing extra modules - add top-level option `clanImports` to clanCore - clanImports can be set and checked as any other option - buildClan resolves the clanImports from the settings.json before calling evalModules to prevent infinite recursions - new endpoint PUT machines/{name}/schema to allow getting the schema for a specific list of imports - to retrieve the currently imported modules, cimply do a GET or PU on machines/{name}/config which will return `clanImports` as part of the config Still missing: get list of available modules 2023-10-25 15:36:01 +00:00			`{ clan-core, nixpkgs, lib }:`
clan template: reduce autogenerate code to a minimum 2023-08-29 13:00:03 +00:00			`{ directory # The directory containing the machines subdirectory`
			`, specialArgs ? { } # Extra arguments to pass to nixosSystem i.e. useful to make self available`
			`, machines ? { } # allows to include machine-specific modules i.e. machines.${name} = { ... }`
Added clanName argument to clan-core.lib.builClan 2023-10-19 21:24:58 +00:00			`, clanName # Needs to be (globally) unique, as this determines the folder name where the flake gets downloaded to.`
Added machineIcon and machineDescription to buildClan 2024-02-05 07:18:40 +00:00			`, clanIcon ? null # A path to an icon to be used for the clan, should be the same for all machines`
fix cross-system deploy This allows to be nixpkgs.pkgs and deploy systems of a different arch. 2024-02-21 09:44:00 +00:00			`, pkgsForSystem ? (_system: null) # A map from arch to pkgs, if specified this nixpkgs will be only imported once for each system.`
			`# This improves performance, but all nipxkgs.* options will be ignored.`
clan template: reduce autogenerate code to a minimum 2023-08-29 13:00:03 +00:00			`}:`
			`let`
buildClan: fix importing machines from settings 2023-09-03 13:18:29 +00:00			`machinesDirs = lib.optionalAttrs (builtins.pathExists "${directory}/machines") (builtins.readDir (directory + /machines));`
clan template: reduce autogenerate code to a minimum 2023-08-29 13:00:03 +00:00
			`machineSettings = machineName:`
api/machines: allow importing extra modules - add top-level option `clanImports` to clanCore - clanImports can be set and checked as any other option - buildClan resolves the clanImports from the settings.json before calling evalModules to prevent infinite recursions - new endpoint PUT machines/{name}/schema to allow getting the schema for a specific list of imports - to retrieve the currently imported modules, cimply do a GET or PU on machines/{name}/config which will return `clanImports` as part of the config Still missing: get list of available modules 2023-10-25 15:36:01 +00:00			`# CLAN_MACHINE_SETTINGS_FILE allows to override the settings file temporarily`
			`# This is useful for doing a dry-run before writing changes into the settings.json`
			`# Using CLAN_MACHINE_SETTINGS_FILE requires passing --impure to nix eval`
PUT api/machines/{name}/config: ensure only valid config is ever written - add CLAN_MACHINE_SETTINGS_FILE variable to temporarily override the machine settings file - do a dry-run evaluation first with the new config before persisting it. 2023-10-24 17:40:48 +00:00			`if builtins.getEnv "CLAN_MACHINE_SETTINGS_FILE" != ""`
			`then builtins.fromJSON (builtins.readFile (builtins.getEnv "CLAN_MACHINE_SETTINGS_FILE"))`
			`else`
			`lib.optionalAttrs (builtins.pathExists "${directory}/machines/${machineName}/settings.json")`
			`(builtins.fromJSON`
			`(builtins.readFile (directory + /machines/${machineName}/settings.json)));`
clan template: reduce autogenerate code to a minimum 2023-08-29 13:00:03 +00:00
api/machines: allow importing extra modules - add top-level option `clanImports` to clanCore - clanImports can be set and checked as any other option - buildClan resolves the clanImports from the settings.json before calling evalModules to prevent infinite recursions - new endpoint PUT machines/{name}/schema to allow getting the schema for a specific list of imports - to retrieve the currently imported modules, cimply do a GET or PU on machines/{name}/config which will return `clanImports` as part of the config Still missing: get list of available modules 2023-10-25 15:36:01 +00:00			`# Read additional imports specified via a config option in settings.json`
			`# This is not an infinite recursion, because the imports are discovered here`
			`# before calling evalModules.`
			`# It is still useful to have the imports as an option, as this allows for type`
			`# checking and easy integration with the config frontend(s)`
			`machineImports = machineSettings:`
			`map`
			`(module: clan-core.clanModules.${module})`
			`(machineSettings.clanImports or [ ]);`

add toplevel machines-json that can deploy all hosts 2023-09-28 12:13:23 +00:00			`# TODO: remove default system once we have a hardware-config mechanism`
allow passing of extra_config into machines 2024-02-10 10:47:09 +00:00			`nixosConfiguration = { system ? "x86_64-linux", name, pkgs ? null, extraConfig ? { } }: nixpkgs.lib.nixosSystem {`
api/machines: allow importing extra modules - add top-level option `clanImports` to clanCore - clanImports can be set and checked as any other option - buildClan resolves the clanImports from the settings.json before calling evalModules to prevent infinite recursions - new endpoint PUT machines/{name}/schema to allow getting the schema for a specific list of imports - to retrieve the currently imported modules, cimply do a GET or PU on machines/{name}/config which will return `clanImports` as part of the config Still missing: get list of available modules 2023-10-25 15:36:01 +00:00			`modules =`
			`let`
			`settings = machineSettings name;`
			`in`
			`(machineImports settings)`
			`++ [`
			`settings`
			`clan-core.nixosModules.clanCore`
vms: use vm fact/secret-store 2024-02-14 06:15:59 +00:00			`extraConfig`
api/machines: allow importing extra modules - add top-level option `clanImports` to clanCore - clanImports can be set and checked as any other option - buildClan resolves the clanImports from the settings.json before calling evalModules to prevent infinite recursions - new endpoint PUT machines/{name}/schema to allow getting the schema for a specific list of imports - to retrieve the currently imported modules, cimply do a GET or PU on machines/{name}/config which will return `clanImports` as part of the config Still missing: get list of available modules 2023-10-25 15:36:01 +00:00			`(machines.${name} or { })`
set nixpkgs.pkgs for secrets generation This allows us to use the same nixpkgs instance for all machines. 2024-02-06 15:47:57 +00:00			`({`
move clanName into nixos machine configuration 2023-12-08 15:02:54 +00:00			`clanCore.clanName = clanName;`
Changed clanIcon to be included into clanCore 2023-12-08 18:08:57 +00:00			`clanCore.clanIcon = clanIcon;`
api/machines: allow importing extra modules - add top-level option `clanImports` to clanCore - clanImports can be set and checked as any other option - buildClan resolves the clanImports from the settings.json before calling evalModules to prevent infinite recursions - new endpoint PUT machines/{name}/schema to allow getting the schema for a specific list of imports - to retrieve the currently imported modules, cimply do a GET or PU on machines/{name}/config which will return `clanImports` as part of the config Still missing: get list of available modules 2023-10-25 15:36:01 +00:00			`clanCore.clanDir = directory;`
cli,nix: Add machine_icon, machine_description 2024-02-06 12:25:34 +00:00			`clanCore.machineName = name;`
set nixpkgs.pkgs for secrets generation This allows us to use the same nixpkgs instance for all machines. 2024-02-06 15:47:57 +00:00			`nixpkgs.hostPlatform = lib.mkDefault system;`
pin nixos-wide registry to nixpkgs used to build the machine itself Instead of downloading archives and filling up vm disk space we can juse the nixpkgs version we already use for evaluating 2023-11-16 12:49:35 +00:00
			`# speeds up nix commands by using the nixpkgs from the host system (especially useful in VMs)`
			`nix.registry.nixpkgs.to = {`
			`type = "path";`
			`path = lib.mkDefault nixpkgs;`
			`};`
set nixpkgs.pkgs for secrets generation This allows us to use the same nixpkgs instance for all machines. 2024-02-06 15:47:57 +00:00			`} // lib.optionalAttrs (pkgs != null) {`
			`nixpkgs.pkgs = lib.mkForce pkgs;`
			`})`
api/machines: allow importing extra modules - add top-level option `clanImports` to clanCore - clanImports can be set and checked as any other option - buildClan resolves the clanImports from the settings.json before calling evalModules to prevent infinite recursions - new endpoint PUT machines/{name}/schema to allow getting the schema for a specific list of imports - to retrieve the currently imported modules, cimply do a GET or PU on machines/{name}/config which will return `clanImports` as part of the config Still missing: get list of available modules 2023-10-25 15:36:01 +00:00			`];`
secrets: use clanInternal for crosscompiling, move sops generators to new file 2023-09-20 16:08:47 +00:00			`inherit specialArgs;`
			`};`

clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`allMachines = machinesDirs // machines;`
secrets: use clanInternal for crosscompiling, move sops generators to new file 2023-09-20 16:08:47 +00:00
clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`supportedSystems = [`
secrets: use clanInternal for crosscompiling, move sops generators to new file 2023-09-20 16:08:47 +00:00			`"x86_64-linux"`
			`"aarch64-linux"`
			`"riscv64-linux"`
			`"x86_64-darwin"`
			`"aarch64-darwin"`
			`];`

clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`nixosConfigurations = lib.mapAttrs (name: _: nixosConfiguration { inherit name; }) allMachines;`

			`# This instantiates nixos for each system that we support:`
clanInternals.machines: expose information as json 2023-09-27 15:25:17 +00:00			`# configPerSystem = <system>.<machine>.nixosConfiguration`
clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`# We need this to build nixos secret generators for each system`
add toplevel machines-json that can deploy all hosts 2023-09-28 12:13:23 +00:00			`configsPerSystem = builtins.listToAttrs`
clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`(builtins.map`
			`(system: lib.nameValuePair system`
fix cross-system deploy This allows to be nixpkgs.pkgs and deploy systems of a different arch. 2024-02-21 09:44:00 +00:00			`(lib.mapAttrs`
			`(name: _: nixosConfiguration {`
			`inherit name system;`
			`pkgs = pkgsForSystem system;`
			`})`
			`allMachines))`
allow passing of extra_config into machines 2024-02-10 10:47:09 +00:00			`supportedSystems);`

			`configsFuncPerSystem = builtins.listToAttrs`
			`(builtins.map`
			`(system: lib.nameValuePair system`
fix cross-system deploy This allows to be nixpkgs.pkgs and deploy systems of a different arch. 2024-02-21 09:44:00 +00:00			`(lib.mapAttrs`
			`(name: _: args: nixosConfiguration (args // {`
			`inherit name system;`
			`pkgs = pkgsForSystem system;`
			`}))`
			`allMachines))`
clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`supportedSystems);`
			`in`
			`{`
			`inherit nixosConfigurations;`

secrets: use clanInternal for crosscompiling, move sops generators to new file 2023-09-20 16:08:47 +00:00			`clanInternals = {`
restore clanInternals with valid nixos config 2023-09-29 09:56:02 +00:00			`machines = configsPerSystem;`
allow passing of extra_config into machines 2024-02-10 10:47:09 +00:00			`machinesFunc = configsFuncPerSystem;`
restore possibility to update all machines without having to specify them 2023-10-04 06:27:00 +00:00			`all-machines-json = lib.mapAttrs`
			`(system: configs: nixpkgs.legacyPackages.${system}.writers.writeJSON "machines.json" (lib.mapAttrs (_: m: m.config.system.clan.deployment.data) configs))`
			`configsPerSystem;`
secrets: use clanInternal for crosscompiling, move sops generators to new file 2023-09-20 16:08:47 +00:00			`};`
clanInternals.machines: invert system and machine name 2023-09-27 15:25:17 +00:00			`}`