clan/clan-core
11
2
Fork 13
Code Issues 91 Pull Requests 5 Actions Packages Projects 1 Releases Wiki Activity

Fix template. Improve docu. Add disko as default imported module.
All checks were successful
buildbot/nix-build .#checks.x86_64-linux.clan-dep-nix Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-bash Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-fakeroot Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-e2fsprogs Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-age Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-git Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.check-for-breakpoints Build done.
Details
buildbot/nix-build .#checks.aarch64-darwin.nixos-test_install_machine Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.borgbackup Build done.
Details
buildbot/nix-build .#checks.aarch64-darwin.nixos-test-backup Build done.
Details
buildbot/nix-build .#checks.aarch64-linux.nixos-test_install_machine Build done.
Details
buildbot/nix-build .#checks.aarch64-darwin.nixos-installer Build done.
Details
buildbot/nix-build .#checks.aarch64-linux.nixos-test-backup Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-openssh Build done.
Details
buildbot/nix-build .#checks.x86_64-linux."clan-dep-python3.11-qemu" Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-rsync Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-sops Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-sshpass Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-tor Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-dep-zbar Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-pytest-with-core Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-vm-manager-no-breakpoints Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-vm-manager-pytest Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-pytest-without-core Build done.
Details
buildbot/nix-build .#checks.x86_64-linux."clan-dep-python3.11-mypy" Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.devShell-clan-cli Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.container Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.devShell-clan-vm-manager Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.devShell-default Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.lib-jsonschema-example-valid Build done.
Details
buildbot/nix-build .#checks.aarch64-linux.nixos-installer Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.deltachat Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-merge-after-ci Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-moonlight-sunshine-accept Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-pending-reviews Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-zt-tcp-relay Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-clan-vm-manager Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-zerotierone Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-docs Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-function-schema Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.devShell-docs Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.matrix-synapse Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-clan-cli Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-default Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.nixos-test_install_machine Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-clan-cli-docs Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.nixos-test-backup Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-impure-checks Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.flash Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.lib-jsonschema-nix-unit-tests Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.module-schema Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-wayland-proxy-virtwl Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-zerotier-members Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-tea-create-pr Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-deploy-docs Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.treefmt Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-module-schema Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.secrets Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.nixos-installer Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.test-backups Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.wayland-proxy-virtwl Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-install-iso Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.syncthing Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.test-installation Build done.
Details
buildbot/nix-eval Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.renderClanOptions Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-module-docs Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.zt-tcp-relay Build done.
Details
checks / checks-impure (pull_request) Successful in 2m6s
Details

Browse Source
This commit is contained in:
Luis Hebendanz 2024-05-10 15:39:46 +02:00
parent cad492e830
commit 82fa89b57e
9 changed files with 46 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
clanModules/flake-module.nix
View File

@ -1,11 +1,8 @@
{ inputs, ... }:
{ ... }:
{
flake.clanModules = {
disk-layouts = {
imports = [
./disk-layouts
inputs.disko.nixosModules.default
];
imports = [ ./disk-layouts ];
};
borgbackup = ./borgbackup;
ergochat = ./ergochat;

2
docs/mkdocs.yml
View File

@ -27,6 +27,8 @@ markdown_extensions:
- pymdownx.details
- pymdownx.highlight:
use_pygments: true
anchor_linenums: true
linenums: true
- toc:
title: On this page

10
docs/site/getting-started/configure.md
View File

@ -63,12 +63,12 @@ Adding or configuring a new machine requires two simple steps:
1. Find the remote disk id by executing:
```bash title="setup computer"
ssh root@<target-computer> lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
ssh root@flash-installer.local lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
```
Which should show something like:
```bash
```bash hl_lines="6"
NAME ID-LINK FSTYPE SIZE MOUNTPOINT
sda usb-ST_16GB_AA6271026J1000000509-0:0 14.9G
├─sda1 usb-ST_16GB_AA6271026J1000000509-0:0-part1 1M
@ -84,7 +84,7 @@ Adding or configuring a new machine requires two simple steps:
=== "**buildClan**"
```nix title="clan-core.lib.buildClan"
```nix title="clan-core.lib.buildClan" hl_lines="17 13"
buildClan {
# ...
machines = {
@ -114,7 +114,7 @@ Adding or configuring a new machine requires two simple steps:
```nix title="clan-core.flakeModules.default"
```nix title="clan-core.flakeModules.default" hl_lines="17,13"
clan = {
# ...
machines = {
@ -148,7 +148,7 @@ Adding or configuring a new machine requires two simple steps:
1. Generate a `hardware-configuration.nix` for your target computer
```bash
ssh root@<target-computer> nixos-generate-config --no-filesystems --show-hardware-config > machines/jon/hardware-configuration.nix
ssh root@flash-installer.local nixos-generate-config --no-filesystems --show-hardware-config > machines/jon/hardware-configuration.nix
```
### Initialize the facts

2
docs/site/getting-started/machines.md
View File

@ -25,7 +25,7 @@ This process involves preparing a suitable hardware and disk partitioning config
2. Boot the target machine and connect it to a network that makes it reachable from your setup computer.
=== "**Baremetal Machines**"
=== "**Remote Machines**"
- [x] **Two Computers**: You need one computer that you're getting ready (we'll call this the Target Computer) and another one to set it up from (we'll call this the Setup Computer). Make sure both can talk to each other over the network using SSH.
- [x] **Machine configuration**: See our basic [configuration guide](./configure.md)

2
nixosModules/flake-module.nix
View File

@ -5,10 +5,10 @@
installer.imports = [
./installer
self.nixosModules.hidden-ssh-announce
inputs.disko.nixosModules.disko
];
clanCore.imports = [
inputs.sops-nix.nixosModules.sops
inputs.disko.nixosModules.default
./clanCore
./iso
(

37
pkgs/clan-cli/clan_cli/secrets/key.py
View File

@ -1,19 +1,44 @@
import argparse
import logging
from pathlib import Path
from clan_cli.git import commit_files
from .. import tty
from ..errors import ClanError
from .secrets import update_secrets
from .sops import default_sops_key_path, generate_private_key, get_public_key
log = logging.getLogger(__name__)
def extract_public_key(filepath: Path) -> str:
"""
Extracts the public key from a given text file.
"""
try:
with open(filepath) as file:
for line in file:
# Check if the line contains the public key
if line.startswith("# public key:"):
# Extract and return the public key part after the prefix
return line.strip().split(": ")[1]
except FileNotFoundError:
raise ClanError(f"The file at {filepath} was not found.")
except Exception as e:
raise ClanError(f"An error occurred while extracting the public key: {e}")
raise ClanError(f"Could not find the public key in the file at {filepath}.")
def generate_key() -> str:
path = default_sops_key_path()
if path.exists():
raise ClanError(f"Key already exists at {path}")
log.info(f"Key already exists at {path}")
return extract_public_key(path)
priv_key, pub_key = generate_private_key(out_file=path)
log.info(
f"Generated age private key at '{default_sops_key_path()}' for your user. Please back it up on a secure location or you will lose access to your secrets."
)
return pub_key
@ -23,13 +48,9 @@ def show_key() -> str:
def generate_command(args: argparse.Namespace) -> None:
pub_key = generate_key()
tty.info(
f"Generated age private key at '{default_sops_key_path()}' for your user. Please back it up on a secure location or you will lose access to your secrets."
log.info(
f"Also add your age public key to the repository with: \nclan secrets users add <username> {pub_key}"
)
tty.info(
f"Also add your age public key to the repository with 'clan secrets users add youruser {pub_key}' (replace youruser with your user name)"
)
pass
def show_command(args: argparse.Namespace) -> None:

3
pkgs/installer/flake-module.nix
View File

@ -1,7 +1,7 @@
{ self, lib, ... }:
let
installerModule =
{ config, pkgs, ... }:
{ config, ... }:
{
imports = [
self.nixosModules.installer
@ -29,6 +29,7 @@ let
installer = lib.nixosSystem {
modules = [
self.inputs.disko.nixosModules.default
installerModule
{ disko.memSize = 4096; } # FIXME: otherwise the image builder goes OOM
];

8
templates/new-clan/flake.nix
View File

@ -35,8 +35,8 @@
# TODO: Example how to use disko for more complicated setups
# remote> lsblk --output NAME,PTUUID,FSTYPE,SIZE,MOUNTPOINT
clan.disk-layouts.singleDiskExt4 = {
# ssh root@flash-installer.local lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
disko.devices.disk.main = {
device = "/dev/disk/by-id/__CHANGE_ME__";
};
@ -59,8 +59,8 @@
# local> clan facts generate
# remote> lsblk --output NAME,PTUUID,FSTYPE,SIZE,MOUNTPOINT
clan.disk-layouts.singleDiskExt4 = {
# ssh root@flash-installer.local lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
disko.devices.disk.main = {
device = "/dev/disk/by-id/__CHANGE_ME__";
};
/*

1
templates/new-clan/modules/shared.nix
View File

@ -2,7 +2,6 @@
{
imports = [
clan-core.clanModules.sshd
clan-core.clanModules.disk-layouts
clan-core.clanModules.root-password
];
}