clanInternals.machines: expose information as json

lib/build-clan/default.nix

@@ -39,23 +39,29 @@ let
   nixosConfigurations = lib.mapAttrs (name: _: nixosConfiguration { inherit name; }) allMachines;
 
   # This instantiates nixos for each system that we support:
-  # clanInternals.machinesForAllSystems.<system>.<machine>
+  # configPerSystem = <system>.<machine>.nixosConfiguration
   # We need this to build nixos secret generators for each system
-  machinesForAllSystems = builtins.listToAttrs
+  configPerSystem = builtins.listToAttrs
     (builtins.map
       (system: lib.nameValuePair system
         (lib.mapAttrs (name: _: nixosConfiguration { inherit name system; }) allMachines))
       supportedSystems);
+
+  machinesPerSystem = lib.mapAttrs (_: machine:
+    let
+      config = {
+        inherit (machine.config.system.clan) uploadSecrets generateSecrets;
+        inherit (machine.config.clan.networking) deploymentAddress;
+      };
+    in
+    config // {
+      json = machine.pkgs.writeText "config.json" (builtins.toJSON config);
+    });
 in
 {
   inherit nixosConfigurations;
 
   clanInternals = {
-    machines = lib.mapAttrs
-      (_: lib.mapAttrs (_: machine: {
-        inherit (machine.config.system.clan) uploadSecrets generateSecrets;
-        inherit (machine.config.clan.networking) deploymentAddress;
-      }))
-      machinesForAllSystems;
+    machines = lib.mapAttrs (_: machinesPerSystem) configPerSystem;
   };
 }

pkgs/clan-cli/tests/test_flake.py

@@ -22,12 +22,14 @@ def create_flake(
         # in the flake.nix file replace the string __CLAN_URL__ with the the clan flake
         # provided by get_test_flake_toplevel
         flake_nix = flake / "flake.nix"
+        # this is where we would install the sops key to, when updating
+        sops_key = str(flake.joinpath("sops.key"))
         for line in fileinput.input(flake_nix, inplace=True):
             line = line.replace("__NIXPKGS__", str(nixpkgs_source()))
             if clan_core_flake:
                 line = line.replace("__CLAN_CORE__", str(clan_core_flake))
-            print(line)
-        # check that an empty config is returned if no json file exists
+            line = line.replace("__CLAN_SOPS_KEY_PATH__", sops_key)
+            print(line, end="")
         monkeypatch.chdir(flake)
         monkeypatch.setenv("HOME", str(home))
         yield flake

pkgs/clan-cli/tests/test_flake_with_core/flake.nix

@@ -12,8 +12,8 @@
         machines = {
           vm1 = { lib, ... }: {
             clan.networking.deploymentAddress = "__CLAN_DEPLOYMENT_ADDRESS__";
-            sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
             system.stateVersion = lib.version;
+            sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
 
             clan.networking.zerotier.controller.enable = true;
 

pkgs/clan-cli/tests/test_secrets_upload.py

@@ -31,10 +31,11 @@ def test_secrets_upload(
     host = host_group.hosts[0]
     addr = f"{host.user}@{host.host}:{host.port}?StrictHostKeyChecking=no&UserKnownHostsFile=/dev/null&IdentityFile={host.key}"
     new_text = flake.read_text().replace("__CLAN_DEPLOYMENT_ADDRESS__", addr)
-    sops_key = test_flake_with_core.joinpath("sops.key")
-    new_text = new_text.replace("__CLAN_SOPS_KEY_PATH__", str(sops_key))
 
     flake.write_text(new_text)
     cli.run(["secrets", "upload", "vm1"])
+
+    # the flake defines this path as the location where the sops key should be installed
+    sops_key = test_flake_with_core.joinpath("sops.key")
     assert sops_key.exists()
     assert sops_key.read_text() == age_keys[0].privkey