clan/clan-core
12
4
Fork 19
Code Issues 108 Pull Requests 2 Actions Packages Projects 1 Releases Wiki Activity

Merge pull request 'Inventory: add global imports' (#1749) from inventory-config into main
All checks were successful
deploy / deploy-docs (push) Successful in 21s
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-age Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-bash Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-app-no-breakpoints Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-bubblewrap Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-disko Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.check-for-breakpoints Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-app-pytest Build done.
Details
buildbot/nix-build .#checks.aarch64-darwin.nixos-test_install_machine Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.borgbackup Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-gui-installer-archlinux Build done.
Details
buildbot/nix-build .#checks.aarch64-darwin.nixos-test-backup Build done.
Details
buildbot/nix-build .#checks.aarch64-darwin.nixos-minimal-inventory-machine Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-gui-installer-rpm Build done.
Details
buildbot/nix-build .#checks.aarch64-darwin.nixos-flash-installer Build done.
Details
buildbot/nix-build .#checks.aarch64-linux.nixos-flash-installer Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-gui-installer-deb Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-gui-installer-apk Build done.
Details
buildbot/nix-build .#checks.aarch64-linux.nixos-test_install_machine Build done.
Details
buildbot/nix-build .#checks.aarch64-linux.nixos-minimal-inventory-machine Build done.
Details
buildbot/nix-build .#checks.aarch64-linux.nixos-test-backup Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-e2fsprogs Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-git Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-gnupg Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-mypy Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-nix Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-nixos-anywhere Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-openssh Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-rsync Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-qemu Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-sops Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-pytest-with-core Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-pytest-without-core Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.devShell-default Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.container Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.devShell-inventory-schema Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.lib-inventory-eval Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.lib-inventory-examples-cue Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.lib-jsonschema-example-valid Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-pass Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-sshpass Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-tor Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-virtiofsd Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-zbar Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.devShell-clan-cli Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.devShell-clan-app Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.deltachat Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-inventory-schema Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.nixos-minimal-inventory-machine Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-clan-ts-api Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-moonlight-sunshine-accept Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.devShell-webview-ui Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.module-clan-vars-eval Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-default Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.devShell-docs Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-clan-cli Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.flash Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-pending-reviews Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-merge-after-ci Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-clan-cli-full Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-impure-checks Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.module-schema Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-clan-cli-docs Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.nixos-test-backup Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-clan-app Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-editor Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.matrix-synapse Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.nixos-test_install_machine Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.lib-jsonschema-nix-unit-tests Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-tea-create-pr Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-webview-ui Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-zt-tcp-relay Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-zerotierone Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.renderClanOptions Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.postgresql Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-function-schema Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-module-schema Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.test-backups Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.zt-tcp-relay Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.syncthing Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-zerotier-members Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-inventory-schema-pretty Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-deploy-docs Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-docs Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.nixos-flash-installer Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-module-docs Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.secrets Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.template-minimal Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.treefmt Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.wayland-proxy-virtwl Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.test-installation Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-gui-install-test-ubuntu-22-04 Build done.
Details
buildbot/nix-eval Build done.
Details
checks / checks-impure (push) Successful in 1m59s
Details

Browse Source
This commit is contained in:
clan-bot 2024-07-16 08:45:00 +00:00
commit 08cd44ea03
6 changed files with 143 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
flakeModules/clan.nix
View File

@ -60,7 +60,8 @@ in
description = "Allows to include machine-specific modules i.e. machines.\${name} = { ... }";
};
inventory = mkOption {
type = types.submodule { imports = [ ../lib/inventory/build-inventory/interface.nix ]; };
#type = types.submodule { imports = [ ../lib/inventory/build-inventory/interface.nix ]; };
type = types.attrsOf types.raw;
default = { };
description = ''
An abstract service layer for consistently configuring distributed services across machine boundaries.
@ -117,10 +118,10 @@ in
directory
specialArgs
machines
inventory
pkgsForSystem
meta
;
inventory = (lib.traceValSeq cfg.inventory);
};
};
_file = __curPos.file;

5
lib/build-clan/default.nix
View File

@ -106,7 +106,10 @@ let
# map from machine name to service configuration
# { ${machineName} :: Config }
serviceConfigs = buildInventory mergedInventory;
serviceConfigs = buildInventory {
inventory = mergedInventory;
inherit directory;
};
machinesDirs = lib.optionalAttrs (builtins.pathExists "${directory}/machines") (
builtins.readDir (directory + /machines)

50
lib/inventory/build-inventory/default.nix
View File

@ -1,13 +1,20 @@
# Generate partial NixOS configurations for every machine in the inventory
# This function is responsible for generating the module configuration for every machine in the inventory.
{ lib, clan-core }:
inventory:
{ inventory, directory }:
let
machines = machinesFromInventory inventory;
resolveTags =
# Inventory, { machines :: [string], tags :: [string] }
inventory: members: {
{
serviceName,
instanceName,
roleName,
inventory,
members,
}:
{
machines =
members.machines or [ ]
++ (builtins.foldl' (
@ -17,14 +24,17 @@ let
availableTags = lib.foldlAttrs (
acc: _: v:
v.tags or [ ] ++ acc
) [ ] inventory.machines;
) [ ] (lib.traceValSeq inventory.machines);
tagMembers = builtins.attrNames (
lib.filterAttrs (_n: v: builtins.elem tag v.tags or [ ]) inventory.machines
);
in
if tagMembers == [ ] then
throw "Tag: '${tag}' not found. Available tags: ${builtins.toJSON (lib.unique availableTags)}"
throw ''
inventory.services.${serviceName}.${instanceName}: - ${roleName} tags: no machine with tag '${tag}' found.
Available tags: ${builtins.toJSON (lib.unique availableTags)}
''
else
acc ++ tagMembers
) [ ] members.tags or [ ]);
@ -43,7 +53,7 @@ let
machineName: machineConfig:
lib.foldlAttrs (
# [ Modules ], String, { ${instance_name} :: ServiceConfig }
acc: moduleName: serviceConfigs:
acc: serviceName: serviceConfigs:
acc
# Collect service config
++ (lib.foldlAttrs (
@ -51,7 +61,16 @@ let
acc2: instanceName: serviceConfig:
let
resolvedRoles = builtins.mapAttrs (
_roleName: members: resolveTags inventory members
roleName: members:
resolveTags {
inherit
serviceName
instanceName
roleName
inventory
members
;
}
) serviceConfig.roles;
isInService = builtins.any (members: builtins.elem machineName members.machines) (
@ -72,11 +91,17 @@ let
machineServiceConfig = (serviceConfig.machines.${machineName} or { }).config or { };
globalConfig = serviceConfig.config or { };
globalImports = serviceConfig.imports or [ ];
machineImports = serviceConfig.machines.${machineName}.imports or [ ];
roleServiceImports = builtins.foldl' (
acc: role: acc ++ serviceConfig.roles.${role}.imports or [ ]
) [ ] inverseRoles.${machineName} or [ ];
# TODO: maybe optimize this dont lookup the role in inverse roles. Imports are not lazy
roleModules = builtins.map (
role:
let
path = "${clan-core.clanModules.${moduleName}}/roles/${role}.nix";
path = "${clan-core.clanModules.${serviceName}}/roles/${role}.nix";
in
if builtins.pathExists path then
path
@ -87,13 +112,18 @@ let
roleServiceConfigs = builtins.map (
role: serviceConfig.roles.${role}.config or { }
) inverseRoles.${machineName} or [ ];
customImports = map (s: "${directory}/${s}") (
globalImports ++ machineImports ++ roleServiceImports
);
in
if isInService then
acc2
++ [
{
imports = [ clan-core.clanModules.${moduleName} ] ++ roleModules;
config.clan.${moduleName} = lib.mkMerge (
imports = [ clan-core.clanModules.${serviceName} ] ++ roleModules ++ customImports;
config.clan.${serviceName} = lib.mkMerge (
[
globalConfig
machineServiceConfig
@ -102,7 +132,7 @@ let
);
}
{
config.clan.inventory.services.${moduleName}.${instanceName} = {
config.clan.inventory.services.${serviceName}.${instanceName} = {
roles = resolvedRoles;
# TODO: Add inverseRoles to the service config if needed
# inherit inverseRoles;

69
lib/inventory/build-inventory/interface.nix
View File

@ -1,49 +1,33 @@
{ config, lib, ... }:
let
t = lib.types;
types = lib.types;
metaOptions = {
name = lib.mkOption { type = t.str; };
name = lib.mkOption { type = types.str; };
description = lib.mkOption {
default = null;
type = t.nullOr t.str;
type = types.nullOr types.str;
};
icon = lib.mkOption {
default = null;
type = t.nullOr t.str;
type = types.nullOr types.str;
};
};
machineRef = lib.mkOptionType {
name = "str";
description = "Machine :: [${builtins.concatStringsSep " | " (builtins.attrNames config.machines)}]";
check = v: lib.isString v && builtins.elem v (builtins.attrNames config.machines);
merge = lib.mergeEqualOption;
};
allTags = lib.unique (
lib.foldlAttrs (
tags: _: m:
tags ++ m.tags or [ ]
) [ ] config.machines
);
tagRef = lib.mkOptionType {
name = "str";
description = "Tags :: [${builtins.concatStringsSep " | " allTags}]";
check = v: lib.isString v && builtins.elem v allTags;
merge = lib.mergeEqualOption;
};
moduleConfig = lib.mkOption {
default = { };
type = t.attrsOf t.anything;
type = types.attrsOf types.anything;
};
importsOption = lib.mkOption {
default = [ ];
type = types.listOf types.str;
};
in
{
options = {
assertions = lib.mkOption {
type = t.listOf t.unspecified;
type = types.listOf types.unspecified;
internal = true;
visible = false;
default = [ ];
@ -52,18 +36,18 @@ in
machines = lib.mkOption {
default = { };
type = t.attrsOf (
t.submodule {
type = types.attrsOf (
types.submodule {
options = {
inherit (metaOptions) name description icon;
tags = lib.mkOption {
default = [ ];
apply = lib.unique;
type = t.listOf t.str;
type = types.listOf types.str;
};
system = lib.mkOption {
default = null;
type = t.nullOr t.str;
type = types.nullOr types.str;
};
};
}
@ -72,29 +56,36 @@ in
services = lib.mkOption {
default = { };
type = t.attrsOf (
t.attrsOf (
t.submodule {
type = types.attrsOf (
types.attrsOf (
types.submodule {
options.meta = metaOptions;
options.imports = importsOption;
options.config = moduleConfig;
options.machines = lib.mkOption {
default = { };
type = t.attrsOf (t.submodule { options.config = moduleConfig; });
type = types.attrsOf (
types.submodule {
options.imports = importsOption;
options.config = moduleConfig;
}
);
};
options.roles = lib.mkOption {
default = { };
type = t.attrsOf (
t.submodule {
type = types.attrsOf (
types.submodule {
options.machines = lib.mkOption {
default = [ ];
type = t.listOf machineRef;
type = types.listOf types.str;
};
options.tags = lib.mkOption {
default = [ ];
apply = lib.unique;
type = t.listOf tagRef;
type = types.listOf types.str;
};
options.config = moduleConfig;
options.imports = importsOption;
}
);
};

110
lib/inventory/tests/default.nix
View File

@ -2,25 +2,31 @@
{
test_inventory_empty = {
# Empty inventory should return an empty module
expr = buildInventory { };
expr = buildInventory {
inventory = { };
directory = ./.;
};
expected = { };
};
test_inventory_role_imports =
let
configs = buildInventory {
services = {
borgbackup.instance_1 = {
roles.server.machines = [ "backup_server" ];
roles.client.machines = [
"client_1_machine"
"client_2_machine"
];
directory = ./.;
inventory = {
services = {
borgbackup.instance_1 = {
roles.server.machines = [ "backup_server" ];
roles.client.machines = [
"client_1_machine"
"client_2_machine"
];
};
};
machines = {
"backup_server" = { };
"client_1_machine" = { };
"client_2_machine" = { };
};
};
machines = {
"backup_server" = { };
"client_1_machine" = { };
"client_2_machine" = { };
};
};
in
@ -49,18 +55,21 @@
test_inventory_tag_resolve =
let
configs = buildInventory {
services = {
borgbackup.instance_1 = {
roles.client.tags = [ "backup" ];
directory = ./.;
inventory = {
services = {
borgbackup.instance_1 = {
roles.client.tags = [ "backup" ];
};
};
};
machines = {
"not_used_machine" = { };
"client_1_machine" = {
tags = [ "backup" ];
};
"client_2_machine" = {
tags = [ "backup" ];
machines = {
"not_used_machine" = { };
"client_1_machine" = {
tags = [ "backup" ];
};
"client_2_machine" = {
tags = [ "backup" ];
};
};
};
};
@ -85,14 +94,17 @@
test_inventory_multiple_roles =
let
configs = buildInventory {
services = {
borgbackup.instance_1 = {
roles.client.machines = [ "machine_1" ];
roles.server.machines = [ "machine_1" ];
directory = ./.;
inventory = {
services = {
borgbackup.instance_1 = {
roles.client.machines = [ "machine_1" ];
roles.server.machines = [ "machine_1" ];
};
};
machines = {
"machine_1" = { };
};
};
machines = {
"machine_1" = { };
};
};
in
@ -112,13 +124,16 @@
test_inventory_role_doesnt_exist =
let
configs = buildInventory {
services = {
borgbackup.instance_1 = {
roles.roleXYZ.machines = [ "machine_1" ];
directory = ./.;
inventory = {
services = {
borgbackup.instance_1 = {
roles.roleXYZ.machines = [ "machine_1" ];
};
};
machines = {
"machine_1" = { };
};
};
machines = {
"machine_1" = { };
};
};
in
@ -132,15 +147,18 @@
test_inventory_tag_doesnt_exist =
let
configs = buildInventory {
services = {
borgbackup.instance_1 = {
roles.client.machines = [ "machine_1" ];
roles.client.tags = [ "tagXYZ" ];
directory = ./.;
inventory = {
services = {
borgbackup.instance_1 = {
roles.client.machines = [ "machine_1" ];
roles.client.tags = [ "tagXYZ" ];
};
};
};
machines = {
"machine_1" = {
tags = [ "tagABC" ];
machines = {
"machine_1" = {
tags = [ "tagABC" ];
};
};
};
};
@ -149,7 +167,7 @@
expr = configs;
expectedError = {
type = "ThrownError";
msg = "Tag: '\\w+' not found";
msg = "no machine with tag '\\w+' found";
};
};
}

4
nixosModules/clanCore/vars/default.nix
View File

@ -45,7 +45,7 @@ in
);
inherit (config.clan.core.vars.settings) secretUploadDirectory secretModule publicModule;
};
inherit (config.clan.networking) targetHost buildHost;
inherit (config.clan.deployment) requireExplicitUpdate;
inherit (config.clan.core.networking) targetHost buildHost;
inherit (config.clan.core.deployment) requireExplicitUpdate;
};
}