make bubblewrap in fact generation optional

nixosModules/clanCore/facts/default.nix

@@ -121,26 +121,27 @@
 
                         export PATH="${lib.makeBinPath config.path}:${pkgs.coreutils}/bin"
 
-                        # prepare sandbox user
-                        mkdir -p /etc
+                        ${lib.optionalString (pkgs.stdenv.hostPlatform.isLinux) ''
+                          # prepare sandbox user on platforms where this is supported
+                          mkdir -p /etc
 
-                        cat > /etc/group <<EOF
-                        root:x:0:
-                        nixbld:!:$(id -g):
-                        nogroup:x:65534:
-                        EOF
+                          cat > /etc/group <<EOF
+                          root:x:0:
+                          nixbld:!:$(id -g):
+                          nogroup:x:65534:
+                          EOF
 
-                        cat > /etc/passwd <<EOF
-                        root:x:0:0:Nix build user:/build:/noshell
-                        nixbld:x:$(id -u):$(id -g):Nix build user:/build:/noshell
-                        nobody:x:65534:65534:Nobody:/:/noshell
-                        EOF
-
-                        cat > /etc/hosts <<EOF
-                        127.0.0.1 localhost
-                        ::1 localhost
-                        EOF
+                          cat > /etc/passwd <<EOF
+                          root:x:0:0:Nix build user:/build:/noshell
+                          nixbld:x:$(id -u):$(id -g):Nix build user:/build:/noshell
+                          nobody:x:65534:65534:Nobody:/:/noshell
+                          EOF
 
+                          cat > /etc/hosts <<EOF
+                          127.0.0.1 localhost
+                          ::1 localhost
+                          EOF
+                        ''}
                         ${config.script}
                       '';
                     };

pkgs/clan-cli/clan_cli/facts/generate.py

@@ -36,6 +36,30 @@ def read_multiline_input(prompt: str = "Finish with Ctrl-D") -> str:
     return proc.stdout
 
 
+def bubblewrap_cmd(generator: str, facts_dir: Path, secrets_dir: Path) -> list[str]:
+    # fmt: off
+    return nix_shell(
+        [
+            "nixpkgs#bash",
+            "nixpkgs#bubblewrap",
+        ],
+        [
+            "bwrap",
+            "--ro-bind", "/nix/store", "/nix/store",
+            "--tmpfs",  "/usr/lib/systemd",
+            "--dev", "/dev",
+            "--bind", str(facts_dir), str(facts_dir),
+            "--bind", str(secrets_dir), str(secrets_dir),
+            "--unshare-all",
+            "--unshare-user",
+            "--uid", "1000",
+            "--",
+            "bash", "-c", generator
+        ],
+    )
+    # fmt: on
+
+
 def generate_service_facts(
     machine: Machine,
     service: str,
@@ -70,27 +94,10 @@ def generate_service_facts(
         if machine.facts_data[service]["generator"]["prompt"]:
             prompt_value = prompt(machine.facts_data[service]["generator"]["prompt"])
             env["prompt_value"] = prompt_value
-    # fmt: off
-    cmd = nix_shell(
-        [
-            "nixpkgs#bash",
-            "nixpkgs#bubblewrap",
-        ],
-        [
-            "bwrap",
-            "--ro-bind", "/nix/store", "/nix/store",
-            "--tmpfs",  "/usr/lib/systemd",
-            "--dev", "/dev",
-            "--bind", str(facts_dir), str(facts_dir),
-            "--bind", str(secrets_dir), str(secrets_dir),
-            "--unshare-all",
-            "--unshare-user",
-            "--uid", "1000",
-            "--",
-            "bash", "-c", generator
-        ],
-    )
-    # fmt: on
+    if sys.platform == "linux":
+        cmd = bubblewrap_cmd(generator, facts_dir, secrets_dir)
+    else:
+        cmd = ["bash", "-c", generator]
     run(
         cmd,
         env=env,