clan/clan-core
11
2
Fork 13
Code Issues 91 Pull Requests 6 Actions Packages Projects 1 Releases Wiki Activity

refactor: rename clanCore -> clan.core #1629

Merged
clan-bot merged 1 commits from DavHau/clan-core:DavHau-rename-clanCore into main 2024-06-18 11:35:58 +00:00
Conversation 0 Commits 1 Files Changed 68 +237 -202
68 changed files with 237 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
checks/backups/flake-module.nix
View File

@ -68,7 +68,7 @@
};
};
};
clanCore.facts.secretStore = "vm";
clan.core.facts.secretStore = "vm";
DavHau marked this conversation as resolved Outdated
Mic92 commented 2024-06-17 11:01:59 +00:00
Outdated
Review
Copy Link

Before merging this, please make sure there is an alias to clanCore. Accessing clanCore is also needed for secrets, so users that have written their own modules are using this.

Before merging this, please make sure there is an alias to `clanCore`. Accessing clanCore is also needed for secrets, so users that have written their own modules are using this.
environment.systemPackages = [
self.packages.${pkgs.system}.clan-cli
@ -87,9 +87,9 @@
flake-registry = pkgs.writeText "flake-registry" ''{"flakes":[],"version":2}'';
};
system.extraDependencies = dependencies;
clanCore.state.test-backups.folders = [ "/var/test-backups" ];
clan.core.state.test-backups.folders = [ "/var/test-backups" ];
clanCore.state.test-service = {
clan.core.state.test-service = {
preBackupCommand = ''
touch /var/test-service/pre-backup-command
'';

8
checks/borgbackup/default.nix
View File

@ -16,9 +16,9 @@
};
}
{
clanCore.machineName = "machine";
clanCore.clanDir = ./.;
clanCore.state.testState.folders = [ "/etc/state" ];
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
clan.core.state.testState.folders = [ "/etc/state" ];
environment.etc.state.text = "hello world";
systemd.tmpfiles.settings."vmsecrets" = {
"/etc/secrets/borgbackup.ssh" = {
@ -36,7 +36,7 @@
};
};
};
clanCore.facts.secretStore = "vm";
clan.core.facts.secretStore = "vm";
clan.borgbackup.destinations.test.repo = "borg@localhost:.";
}

4
checks/deltachat/default.nix
View File

@ -10,8 +10,8 @@
self.clanModules.deltachat
self.nixosModules.clanCore
{
clanCore.machineName = "machine";
clanCore.clanDir = ./.;
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
}
];
};

2
checks/flake-module.nix
View File

@ -23,7 +23,7 @@
options =
(pkgs.nixos {
imports = [ self.nixosModules.clanCore ];
clanCore.clanDir = ./.;
clan.core.clanDir = ./.;
}).options;
warningsAreErrors = false;
};

6
checks/matrix-synapse/default.nix
View File

@ -15,8 +15,8 @@
self.clanModules.matrix-synapse
self.nixosModules.clanCore
{
clanCore.machineName = "machine";
clanCore.clanDir = ./.;
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
services.nginx.virtualHosts."matrix.clan.test" = {
enableACME = lib.mkForce false;
@ -26,7 +26,7 @@
clan.matrix-synapse.users.admin.admin = true;
clan.matrix-synapse.users.someuser = { };
clanCore.facts.secretStore = "vm";
clan.core.facts.secretStore = "vm";
# because we use systemd-tmpfiles to copy the secrets, we need to a seperate systemd-tmpfiles call to provison them.
boot.postBootCommands = "${config.systemd.package}/bin/systemd-tmpfiles --create /etc/tmpfiles.d/00-vmsecrets.conf";

2
checks/postgresql/default.nix
View File

@ -50,7 +50,7 @@
machine.succeed("""
set -x
${nodes.machine.clanCore.state.postgresql-test.postRestoreCommand}
${nodes.machine.clan.core.state.postgresql-test.postRestoreCommand}
""")
machine.succeed("runuser -u postgres -- /run/current-system/sw/bin/psql -l >&2")
machine.succeed("runuser -u postgres -- /run/current-system/sw/bin/psql -d test -c '\dt' >&2")

4
checks/secrets/default.nix
View File

@ -10,8 +10,8 @@
environment.etc."group-secret".source = config.sops.secrets.group-secret.path;
sops.age.keyFile = "/etc/privkey.age";
clanCore.clanDir = "${./.}";
clanCore.machineName = "machine";
clan.core.clanDir = "${./.}";
clan.core.machineName = "machine";
networking.hostName = "machine";
};

14
checks/syncthing/default.nix
View File

@ -12,14 +12,14 @@
self.clanModules.syncthing
self.nixosModules.clanCore
{
clanCore.machineName = "introducer";
clanCore.clanDir = ./.;
clan.core.machineName = "introducer";
clan.core.clanDir = ./.;
environment.etc = {
"syncthing.pam".source = ./introducer/introducer_test_cert;
"syncthing.key".source = ./introducer/introducer_test_key;
"syncthing.api".source = ./introducer/introducer_test_api;
};
clanCore.facts.services.syncthing.secret."syncthing.api".path = "/etc/syncthing.api";
clan.core.facts.services.syncthing.secret."syncthing.api".path = "/etc/syncthing.api";
services.syncthing.cert = "/etc/syncthing.pam";
services.syncthing.key = "/etc/syncthing.key";
# Doesn't test zerotier!
@ -53,8 +53,8 @@
self.clanModules.syncthing
self.nixosModules.clanCore
{
clanCore.machineName = "peer1";
clanCore.clanDir = ./.;
clan.core.machineName = "peer1";
clan.core.clanDir = ./.;
clan.syncthing.introducer = lib.strings.removeSuffix "\n" (
builtins.readFile ./introducer/introducer_device_id
);
@ -75,8 +75,8 @@
self.clanModules.syncthing
self.nixosModules.clanCore
{
clanCore.machineName = "peer2";
clanCore.clanDir = ./.;
clan.core.machineName = "peer2";
clan.core.clanDir = ./.;
clan.syncthing.introducer = lib.strings.removeSuffix "\n" (
builtins.readFile ./introducer/introducer_device_id
);

4
checks/wayland-proxy-virtwl/default.nix
View File

@ -14,8 +14,8 @@ import ../lib/test-base.nix (
imports = [
self.nixosModules.clanCore
{
clanCore.machineName = "machine";
clanCore.clanDir = ./.;
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
}
];
services.wayland-proxy-virtwl.enable = true;

4
checks/zt-tcp-relay/default.nix
View File

@ -10,8 +10,8 @@
self.nixosModules.clanCore
self.clanModules.zt-tcp-relay
{
clanCore.machineName = "machine";
clanCore.clanDir = ./.;
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
}
];
};

14
clanModules/borgbackup-static/default.nix
View File

@ -1,6 +1,6 @@
{ lib, config, ... }:
let
clanDir = config.clanCore.clanDir;
clanDir = config.clan.core.clanDir;
machineDir = clanDir + "/machines/";
in
{
@ -9,7 +9,7 @@ in
options.clan.borgbackup-static = {
excludeMachines = lib.mkOption {
type = lib.types.listOf lib.types.str;
example = [ config.clanCore.machineName ];
example = [ config.clan.core.machineName ];
default = [ ];
description = ''
Machines that should not be backuped.
@ -20,7 +20,7 @@ in
};
includeMachines = lib.mkOption {
type = lib.types.listOf lib.types.str;
example = [ config.clanCore.machineName ];
example = [ config.clan.core.machineName ];
default = [ ];
description = ''
Machines that should be backuped.
@ -62,7 +62,9 @@ in
}) machinesWithKey;
in
lib.mkIf
(builtins.any (target: target == config.clanCore.machineName) config.clan.borgbackup-static.targets)
(builtins.any (
target: target == config.clan.core.machineName
) config.clan.borgbackup-static.targets)
(if (builtins.listToAttrs hosts) != null then builtins.listToAttrs hosts else { });
config.clan.borgbackup.destinations =
@ -70,12 +72,12 @@ in
destinations = builtins.map (d: {
name = d;
value = {
repo = "borg@${d}:/var/lib/borgbackup/${config.clanCore.machineName}";
repo = "borg@${d}:/var/lib/borgbackup/${config.clan.core.machineName}";
};
}) config.clan.borgbackup-static.targets;
in
lib.mkIf (builtins.any (
target: target == config.clanCore.machineName
target: target == config.clan.core.machineName
) config.clan.borgbackup-static.includeMachines) (builtins.listToAttrs destinations);
config.assertions = [

14
clanModules/borgbackup/default.nix
View File

@ -17,7 +17,7 @@ let
preCommandErrors["${state.name}"]=1
fi
''
) (lib.attrValues config.clanCore.state)}
) (lib.attrValues config.clan.core.state)}
if [[ ''${#preCommandErrors[@]} -gt 0 ]]; then
echo "PreBackupCommand failed for the following services:"
@ -47,9 +47,9 @@ in
rsh = lib.mkOption {
type = lib.types.str;
default = "ssh -i ${
config.clanCore.facts.services.borgbackup.secret."borgbackup.ssh".path
config.clan.core.facts.services.borgbackup.secret."borgbackup.ssh".path
} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=Yes";
defaultText = "ssh -i \${config.clanCore.facts.services.borgbackup.secret.\"borgbackup.ssh\".path} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
defaultText = "ssh -i \${config.clan.core.facts.services.borgbackup.secret.\"borgbackup.ssh\".path} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
description = "the rsh to use for the backup";
};
};
@ -83,7 +83,7 @@ in
services.borgbackup.jobs = lib.mapAttrs (_: dest: {
paths = lib.unique (
lib.flatten (map (state: state.folders) (lib.attrValues config.clanCore.state))
lib.flatten (map (state: state.folders) (lib.attrValues config.clan.core.state))
);
exclude = [ "*.pyc" ];
repo = dest.repo;
@ -94,7 +94,7 @@ in
encryption = {
mode = "repokey";
passCommand = "cat ${config.clanCore.facts.services.borgbackup.secret."borgbackup.repokey".path}";
passCommand = "cat ${config.clan.core.facts.services.borgbackup.secret."borgbackup.repokey".path}";
};
prune.keep = {
@ -105,7 +105,7 @@ in
};
}) cfg.destinations;
clanCore.facts.services.borgbackup = {
clan.core.facts.services.borgbackup = {
public."borgbackup.ssh.pub" = { };
secret."borgbackup.ssh" = { };
secret."borgbackup.repokey" = { };
@ -152,7 +152,7 @@ in
'')
];
clanCore.backups.providers.borgbackup = {
clan.core.backups.providers.borgbackup = {
list = "borgbackup-list";
create = "borgbackup-create";
restore = "borgbackup-restore";

2
clanModules/deltachat/default.nix
View File

@ -5,7 +5,7 @@
services.maddy =
let
domain = "${config.clanCore.machineName}.local";
domain = "${config.clan.core.machineName}.local";
in
{
enable = true;

2
clanModules/ergochat/default.nix
View File

@ -10,5 +10,5 @@ _: {
};
};
clanCore.state.ergochat.folders = [ "/var/lib/ergo" ];
clan.core.state.ergochat.folders = [ "/var/lib/ergo" ];
}

6
clanModules/localbackup/default.nix
View File

@ -7,7 +7,7 @@
let
cfg = config.clan.localbackup;
uniqueFolders = lib.unique (
lib.flatten (lib.mapAttrsToList (_name: state: state.folders) config.clanCore.state)
lib.flatten (lib.mapAttrsToList (_name: state: state.folders) config.clan.core.state)
);
rsnapshotConfig = target: ''
config_version 1.2
@ -143,7 +143,7 @@ in
preCommandErrors["${state.name}"]=1
fi
''
) (builtins.attrValues config.clanCore.state)}
) (builtins.attrValues config.clan.core.state)}
rsnapshot -c "${pkgs.writeText "rsnapshot.conf" (rsnapshotConfig target)}" sync
rsnapshot -c "${pkgs.writeText "rsnapshot.conf" (rsnapshotConfig target)}" snapshot
@ -233,7 +233,7 @@ in
''
) cfg.targets;
clanCore.backups.providers.localbackup = {
clan.core.backups.providers.localbackup = {
# TODO list needs to run locally or on the remote machine
list = "localbackup-list";
create = "localbackup-create";

2
clanModules/localsend/default.nix
View File

@ -18,7 +18,7 @@
};
config = lib.mkIf config.clan.localsend.enable {
clanCore.state.localsend.folders = [
clan.core.state.localsend.folders = [
"/var/localsend"
config.clan.localsend.defaultLocation
];

4
clanModules/matrix-synapse/default.nix
View File

@ -131,7 +131,7 @@ in
systemd.tmpfiles.settings."01-matrix" = {
"/run/synapse-registration-shared-secret" = {
C.argument =
config.clanCore.facts.services.matrix-synapse.secret.synapse-registration_shared_secret.path;
config.clan.core.facts.services.matrix-synapse.secret.synapse-registration_shared_secret.path;
z = {
mode = "0400";
user = "matrix-synapse";
@ -149,7 +149,7 @@ in
};
clan.postgresql.databases.matrix-synapse.restore.stopOnRestore = [ "matrix-synapse" ];
clanCore.facts.services =
clan.core.facts.services =
{
"matrix-synapse" = {
secret."synapse-registration_shared_secret" = { };

8
clanModules/moonlight/default.nix
View File

@ -13,10 +13,10 @@ in
systemd.tmpfiles.rules = [
"d '/var/lib/moonlight' 0770 'user' 'users' - -"
"C '/var/lib/moonlight/moonlight.cert' 0644 'user' 'users' - ${
config.clanCore.facts.services.moonlight.secret."moonlight.cert".path or ""
config.clan.core.facts.services.moonlight.secret."moonlight.cert".path or ""
}"
"C '/var/lib/moonlight/moonlight.key' 0644 'user' 'users' - ${
config.clanCore.facts.services.moonlight.secret."moonlight.key".path or ""
config.clan.core.facts.services.moonlight.secret."moonlight.key".path or ""
}"
];
@ -45,7 +45,7 @@ in
systemd.user.services.moonlight-join = {
description = "Join sunshine hosts";
script = ''${ms-accept}/bin/moonlight-sunshine-accept moonlight join --port ${builtins.toString defaultPort} --cert '${
config.clanCore.facts.services.moonlight.public."moonlight.cert".value or ""
config.clan.core.facts.services.moonlight.public."moonlight.cert".value or ""
}' --host fd2e:25da:6035:c98f:cd99:93e0:b9b8:9ca1'';
serviceConfig = {
Type = "oneshot";
@ -68,7 +68,7 @@ in
};
};
clanCore.facts.services.moonlight = {
clan.core.facts.services.moonlight = {
secret."moonlight.key" = { };
secret."moonlight.cert" = { };
public."moonlight.cert" = { };

2
clanModules/postgresql/default.nix
View File

@ -128,7 +128,7 @@ in
${lib.concatStringsSep "\n" databaseClauses}
'';
clanCore.state = lib.mapAttrs' (
clan.core.state = lib.mapAttrs' (
_: db: lib.nameValuePair "postgresql-${db.name}" (createDatatbaseState db)
) config.clan.postgresql.databases;

6
clanModules/root-password/default.nix
View File

@ -2,9 +2,9 @@
{
users.mutableUsers = false;
users.users.root.hashedPasswordFile =
config.clanCore.facts.services.root-password.secret.password-hash.path;
sops.secrets."${config.clanCore.machineName}-password-hash".neededForUsers = true;
clanCore.facts.services.root-password = {
config.clan.core.facts.services.root-password.secret.password-hash.path;
sops.secrets."${config.clan.core.machineName}-password-hash".neededForUsers = true;
clan.core.facts.services.root-password = {
secret.password = { };
secret.password-hash = { };
generator.path = with pkgs; [

4
clanModules/sshd/default.nix
View File

@ -5,12 +5,12 @@
services.openssh.hostKeys = [
{
path = config.clanCore.facts.services.openssh.secret."ssh.id_ed25519".path;
path = config.clan.core.facts.services.openssh.secret."ssh.id_ed25519".path;
type = "ed25519";
}
];
clanCore.facts.services.openssh = {
clan.core.facts.services.openssh = {
secret."ssh.id_ed25519" = { };
public."ssh.id_ed25519.pub" = { };
generator.path = [

4
clanModules/static-hosts/default.nix
View File

@ -4,7 +4,7 @@
excludeHosts = lib.mkOption {
type = lib.types.listOf lib.types.str;
default =
if config.clan.static-hosts.topLevelDomain != "" then [ ] else [ config.clanCore.machineName ];
if config.clan.static-hosts.topLevelDomain != "" then [ ] else [ config.clan.core.machineName ];
description = "Hosts that should be excluded";
};
topLevelDomain = lib.mkOption {
@ -16,7 +16,7 @@
config.networking.hosts =
let
clanDir = config.clanCore.clanDir;
clanDir = config.clan.core.clanDir;
machineDir = clanDir + "/machines/";
zerotierIpMachinePath = machines: machineDir + machines + "/facts/zerotier-ip";
machinesFileSet = builtins.readDir machineDir;

16
clanModules/sunshine/default.nix
View File

@ -97,10 +97,10 @@ in
systemd.tmpfiles.rules = [
"d '/var/lib/sunshine' 0770 'user' 'users' - -"
"C '/var/lib/sunshine/sunshine.cert' 0644 'user' 'users' - ${
config.clanCore.facts.services.sunshine.secret."sunshine.cert".path or ""
config.clan.core.facts.services.sunshine.secret."sunshine.cert".path or ""
}"
"C '/var/lib/sunshine/sunshine.key' 0644 'user' 'users' - ${
config.clanCore.facts.services.sunshine.secret."sunshine.key".path or ""
config.clan.core.facts.services.sunshine.secret."sunshine.key".path or ""
}"
];
@ -117,8 +117,8 @@ in
RestartSec = "5s";
ReadWritePaths = [ "/var/lib/sunshine" ];
ReadOnlyPaths = [
(config.clanCore.facts.services.sunshine.secret."sunshine.key".path or "")
(config.clanCore.facts.services.sunshine.secret."sunshine.cert".path or "")
(config.clan.core.facts.services.sunshine.secret."sunshine.key".path or "")
(config.clan.core.facts.services.sunshine.secret."sunshine.cert".path or "")
];
};
wantedBy = [ "graphical-session.target" ];
@ -137,7 +137,7 @@ in
startLimitIntervalSec = 500;
script = ''
${ms-accept}/bin/moonlight-sunshine-accept sunshine init-state --uuid ${
config.clanCore.facts.services.sunshine.public.sunshine-uuid.value or null
config.clan.core.facts.services.sunshine.public.sunshine-uuid.value or null
} --state-file /var/lib/sunshine/state.json
'';
serviceConfig = {
@ -173,9 +173,9 @@ in
startLimitIntervalSec = 500;
script = ''
${ms-accept}/bin/moonlight-sunshine-accept sunshine listen --port ${builtins.toString listenPort} --uuid ${
config.clanCore.facts.services.sunshine.public.sunshine-uuid.value or null
config.clan.core.facts.services.sunshine.public.sunshine-uuid.value or null
} --state /var/lib/sunshine/state.json --cert '${
config.clanCore.facts.services.sunshine.public."sunshine.cert".value or null
config.clan.core.facts.services.sunshine.public."sunshine.cert".value or null
}'
'';
serviceConfig = {
@ -187,7 +187,7 @@ in
wantedBy = [ "graphical-session.target" ];
};
clanCore.facts.services.ergochat = {
clan.core.facts.services.ergochat = {
secret."sunshine.key" = { };
secret."sunshine.cert" = { };
public."sunshine-uuid" = { };

10
clanModules/syncthing-static-peers/default.nix
View File

@ -5,7 +5,7 @@
...
}:
let
clanDir = config.clanCore.clanDir;
clanDir = config.clan.core.clanDir;
machineDir = clanDir + "/machines/";
syncthingPublicKeyPath = machines: machineDir + machines + "/facts/syncthing.pub";
machinesFileSet = builtins.readDir machineDir;
@ -47,7 +47,7 @@ in
options.clan.syncthing-static-peers = {
excludeMachines = lib.mkOption {
type = lib.types.listOf lib.types.str;
example = [ config.clanCore.machineName ];
example = [ config.clan.core.machineName ];
default = [ ];
description = ''
Machines that should not be added.
@ -83,11 +83,11 @@ in
configDir = "/var/lib/syncthing";
group = "syncthing";
key = lib.mkDefault config.clanCore.facts.services.syncthing.secret."syncthing.key".path or null;
cert = lib.mkDefault config.clanCore.facts.services.syncthing.secret."syncthing.cert".path or null;
key = lib.mkDefault config.clan.core.facts.services.syncthing.secret."syncthing.key".path or null;
cert = lib.mkDefault config.clan.core.facts.services.syncthing.secret."syncthing.cert".path or null;
};
clanCore.facts.services.syncthing = {
clan.core.facts.services.syncthing = {
secret."syncthing.key" = { };
secret."syncthing.cert" = { };
public."syncthing.pub" = { };

10
clanModules/syncthing/default.nix
View File

@ -9,8 +9,8 @@
id = lib.mkOption {
type = lib.types.nullOr lib.types.str;
example = "BABNJY4-G2ICDLF-QQEG7DD-N3OBNGF-BCCOFK6-MV3K7QJ-2WUZHXS-7DTW4AS";
default = config.clanCore.facts.services.syncthing.public."syncthing.pub".value or null;
defaultText = "config.clanCore.facts.services.syncthing.public.\"syncthing.pub\".value";
default = config.clan.core.facts.services.syncthing.public."syncthing.pub".value or null;
defaultText = "config.clan.core.facts.services.syncthing.public.\"syncthing.pub\".value";
};
introducer = lib.mkOption {
description = ''
@ -119,7 +119,7 @@
getPendingDevices = "/rest/cluster/pending/devices";
postNewDevice = "/rest/config/devices";
SharedFolderById = "/rest/config/folders/";
apiKey = config.clanCore.facts.services.syncthing.secret."syncthing.api".path or null;
apiKey = config.clan.core.facts.services.syncthing.secret."syncthing.api".path or null;
in
lib.mkIf config.clan.syncthing.autoAcceptDevices {
description = "Syncthing auto accept devices";
@ -161,7 +161,7 @@
systemd.services.syncthing-init-api-key =
let
apiKey = config.clanCore.facts.services.syncthing.secret."syncthing.api".path or null;
apiKey = config.clan.core.facts.services.syncthing.secret."syncthing.api".path or null;
in
lib.mkIf config.clan.syncthing.autoAcceptDevices {
description = "Set the api key";
@ -183,7 +183,7 @@
};
};
clanCore.facts.services.syncthing = {
clan.core.facts.services.syncthing = {
secret."syncthing.key" = { };
secret."syncthing.cert" = { };
secret."syncthing.api" = { };

2
clanModules/thelounge/default.nix
View File

@ -11,5 +11,5 @@ _: {
};
};
clanCore.state.thelounde.folders = [ "/var/lib/thelounge" ];
clan.core.state.thelounde.folders = [ "/var/lib/thelounge" ];
}

6
clanModules/user-password/default.nix
View File

@ -22,9 +22,9 @@
config = {
users.mutableUsers = false;
users.users.${config.clan.user-password.user}.hashedPasswordFile =
config.clanCore.facts.services.user-password.secret.user-password-hash.path;
sops.secrets."${config.clanCore.machineName}-user-password-hash".neededForUsers = true;
clanCore.facts.services.user-password = {
config.clan.core.facts.services.user-password.secret.user-password-hash.path;
sops.secrets."${config.clan.core.machineName}-user-password-hash".neededForUsers = true;
clan.core.facts.services.user-password = {
secret.user-password = { };
secret.user-password-hash = { };
generator.prompt = (

4
clanModules/zerotier-static-peers/default.nix
View File

@ -6,7 +6,7 @@
...
}:
let
clanDir = config.clanCore.clanDir;
clanDir = config.clan.core.clanDir;
machineDir = clanDir + "/machines/";
machinesFileSet = builtins.readDir machineDir;
machines = lib.mapAttrsToList (name: _: name) machinesFileSet;
@ -28,7 +28,7 @@ in
options.clan.zerotier-static-peers = {
excludeHosts = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ config.clanCore.machineName ];
default = [ config.clan.core.machineName ];
description = "Hosts that should be excluded";
};
};

2
docs/nix/flake-module.nix
View File

@ -50,7 +50,7 @@
};
module-docs = pkgs.runCommand "rendered" { nativeBuildInputs = [ pkgs.python3 ]; } ''
export CLAN_CORE=${jsonDocs.clanCore}/share/doc/nixos/options.json
export CLAN_CORE=${jsonDocs.clanCore}/share/doc/nixos/options.json
# A file that contains the links to all clanModule docs
export CLAN_MODULES=${clanModulesFileInfo}
export CLAN_MODULES_READMES=${clanModulesReadmes}

8
docs/nix/get-module-docs.nix
View File

@ -13,7 +13,7 @@ let
clanCoreNixosModules = [
clanCore
{ clanCore.clanDir = ./.; }
{ clan.core.clanDir = ./.; }
] ++ allNixosModules;
# TODO: optimally we would not have to evaluate all nixos modules for every page
@ -25,6 +25,8 @@ let
# improves eval performance slightly (10%)
getOptions = modules: (clanCoreNixos.extendModules { inherit modules; }).options;
getOptionsWithoutCore = modules: builtins.removeAttrs (getOptions modules) [ "core" ];
evalDocs =
options:
pkgs.nixosOptionsDoc {
@ -34,7 +36,7 @@ let
# clanModules docs
clanModulesDocs = builtins.mapAttrs (
name: module: (evalDocs ((getOptions [ module ]).clan.${name} or { })).optionsJSON
name: module: (evalDocs ((getOptionsWithoutCore [ module ]).clan.${name} or { })).optionsJSON
) clanModules;
clanModulesReadmes = builtins.mapAttrs (
@ -42,7 +44,7 @@ let
) clanModules;
# clanCore docs
clanCoreDocs = (evalDocs (getOptions [ ]).clanCore).optionsJSON;
clanCoreDocs = (evalDocs (getOptions [ ]).clan.core).optionsJSON;
in
{
inherit clanModulesReadmes;

6
docs/nix/scripts/renderOptions.py
View File

@ -137,7 +137,7 @@ To use this module, import it like this:
"""
clan_core_descr = """ClanCore delivers all the essential features for every clan.
clan_core_descr = """ClanCore delivers all the essential features for every clan.
It's always included in your setup, and you can customize your clan's behavior with the configuration [options](#module-options) provided below.
"""
@ -163,7 +163,7 @@ def produce_clan_core_docs() -> None:
outfile = f"{module_name}/index.md"
# Create separate files for nested options
if len(option_name.split(".")) <= 2:
if len(option_name.split(".")) <= 3:
# i.e. clan-core.clanDir
output = core_outputs.get(
outfile,
@ -174,7 +174,7 @@ def produce_clan_core_docs() -> None:
core_outputs[outfile] = output
else:
# Clan sub-options
[_, sub] = option_name.split(".")[0:2]
[_, sub] = option_name.split(".")[1:3]
outfile = f"{module_name}/{sub}.md"
# Get the content or write the header
output = core_outputs.get(outfile, render_option_header(sub))

4
docs/site/getting-started/backups.md
View File

@ -98,7 +98,7 @@ Start by indicating where your backup data should be sent. Replace `hostname` wi
Decide which folders you want to back up. For example, to backup your home and root directories:
```nix
{ clanCore.state.userdata.folders = [ "/home" "/root" ]; }
{ clan.core.state.userdata.folders = [ "/home" "/root" ]; }
```
3. **Generate Backup Credentials:**
@ -116,7 +116,7 @@ On the server where backups will be stored, enable the SSH daemon and set up a r
services.borgbackup.repos.myhostname = {
path = "/var/lib/borgbackup/myhostname";
authorizedKeys = [
(builtins.readFile (config.clanCore.clanDir + "/machines/myhostname/facts/borgbackup.ssh.pub"))
(builtins.readFile (config.clan.core.clanDir + "/machines/myhostname/facts/borgbackup.ssh.pub"))
];
};
}

2
docs/site/getting-started/mesh-vpn.md
View File

@ -48,7 +48,7 @@ To introduce a new machine to the VPN, adhere to the following steps:
configuration, substituting `<CONTROLLER>` with the controller machine name:
```nix
{ config, ... }: {
clan.networking.zerotier.networkId = builtins.readFile (config.clanCore.clanDir + "/machines/<CONTROLLER>/facts/zerotier-network-id");
clan.networking.zerotier.networkId = builtins.readFile (config.clan.core.clanDir + "/machines/<CONTROLLER>/facts/zerotier-network-id");
}
```
1. **Update the New Machine**: Execute:

8
lib/build-clan/default.nix
View File

@ -101,13 +101,13 @@ let
(
{
# Settings
clanCore.clanDir = directory;
clan.core.clanDir = directory;
# Inherited from clan wide settings
clanCore.clanName = meta.name or clanName;
clanCore.clanIcon = meta.icon or clanIcon;
clan.core.clanName = meta.name or clanName;
clan.core.clanIcon = meta.icon or clanIcon;
# Machine specific settings
clanCore.machineName = name;
clan.core.machineName = name;
networking.hostName = lib.mkDefault name;
nixpkgs.hostPlatform = lib.mkDefault system;

2
nixosModules/clanCore/backups.nix
View File

@ -1,7 +1,7 @@
{ lib, ... }:
{
imports = [ ./state.nix ];
options.clanCore.backups = {
options.clan.core.backups = {
providers = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule (

46
nixosModules/clanCore/facts/compat.nix
View File

@ -2,37 +2,43 @@
{
imports = [
(lib.mkRemovedOptionModule [
"clanCore"
"clan"
"core"
"secretsPrefix"
] "secretsPrefix was only used by the sops module and the code is now integrated in there")
(lib.mkRenamedOptionModule
[
"clanCore"
"clan"
"core"
"secretStore"
]
[
"clanCore"
"clan"
"core"
"facts"
"secretStore"
]
)
(lib.mkRemovedOptionModule [
"clanCore"
"clan"
"core"
"secretsDirectory"
] "clancore.secretsDirectory was removed. Use clanCore.facts.secretPathFunction instead")
] "clan.core.secretsDirectory was removed. Use clan.core.facts.secretPathFunction instead")
(lib.mkRenamedOptionModule
[
"clanCore"
"clan"
"core"
"secretsUploadDirectory"
]
[
"clanCore"
"clan"
"core"
"facts"
"secretUploadDirectory"
]
)
];
options.clanCore.secrets = lib.mkOption {
options.clan.core.secrets = lib.mkOption {
visible = false;
default = { };
type = lib.types.attrsOf (
@ -97,14 +103,14 @@
description = ''
path to a secret which is generated by the generator
'';
default = config.clanCore.facts.secretPathFunction secret;
defaultText = lib.literalExpression "config.clanCore.facts.secretPathFunction secret";
default = config.clan.core.facts.secretPathFunction secret;
defaultText = lib.literalExpression "config.clan.core.facts.secretPathFunction secret";
};
}
// lib.optionalAttrs (config.clanCore.facts.secretStore == "sops") {
// lib.optionalAttrs (config.clan.core.facts.secretStore == "sops") {
groups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = config.clanCore.sops.defaultGroups;
default = config.clan.core.sops.defaultGroups;
description = ''
Groups to decrypt the secret for. By default we always use the user's key.
'';
@ -134,12 +140,12 @@
path to a fact which is generated by the generator
'';
default =
config.clanCore.clanDir
+ "/machines/${config.clanCore.machineName}/facts/${fact.config._module.args.name}";
defaultText = lib.literalExpression "\${config.clanCore.clanDir}/machines/\${config.clanCore.machineName}/facts/\${fact.config._module.args.name}";
config.clan.core.clanDir
+ "/machines/${config.clan.core.machineName}/facts/${fact.config._module.args.name}";
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config._module.args.name}";
};
value = lib.mkOption {
defaultText = lib.literalExpression "\${config.clanCore.clanDir}/\${fact.config.path}";
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}";
type = lib.types.nullOr lib.types.str;
default =
if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null;
@ -152,16 +158,16 @@
})
);
};
config = lib.mkIf (config.clanCore.secrets != { }) {
clanCore.facts.services = lib.mapAttrs' (
config = lib.mkIf (config.clan.core.secrets != { }) {
clan.core.facts.services = lib.mapAttrs' (
name: service:
lib.warn "clanCore.secrets.${name} is deprecated, use clanCore.facts.services.${name} instead" (
lib.warn "clan.core.secrets.${name} is deprecated, use clan.core.facts.services.${name} instead" (
lib.nameValuePair name ({
secret = service.secrets;
public = service.facts;
generator = service.generator;
})
)
) config.clanCore.secrets;
) config.clan.core.secrets;
};
}

25
nixosModules/clanCore/facts/default.nix
View File

@ -5,7 +5,7 @@
...
}:
{
options.clanCore.facts = {
options.clan.core.facts = {
secretStore = lib.mkOption {
type = lib.types.enum [
"sops"
@ -115,6 +115,7 @@
type = lib.types.str;
readOnly = true;
internal = true;
defaultText = "read only script";
default = ''
set -eu -o pipefail
@ -155,13 +156,13 @@
description = ''
path to a secret which is generated by the generator
'';
default = config.clanCore.facts.secretPathFunction secret;
default = config.clan.core.facts.secretPathFunction secret;
};
}
// lib.optionalAttrs (config.clanCore.facts.secretModule == "clan_cli.facts.secret_modules.sops") {
// lib.optionalAttrs (config.clan.core.facts.secretModule == "clan_cli.facts.secret_modules.sops") {
groups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = config.clanCore.sops.defaultGroups;
default = config.clan.core.sops.defaultGroups;
description = ''
Groups to decrypt the secret for. By default we always use the user's key.
'';
@ -190,12 +191,12 @@
description = ''
path to a fact which is generated by the generator
'';
defaultText = lib.literalExpression "\${config.clanCore.clanDir}/machines/\${config.clanCore.machineName}/facts/\${fact.config.name}";
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config.name}";
default =
config.clanCore.clanDir + "/machines/${config.clanCore.machineName}/facts/${fact.config.name}";
config.clan.core.clanDir + "/machines/${config.clan.core.machineName}/facts/${fact.config.name}";
};
value = lib.mkOption {
defaultText = lib.literalExpression "\${config.clanCore.clanDir}/\${fact.config.path}";
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}";
type = lib.types.nullOr lib.types.str;
default =
if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null;
@ -218,5 +219,15 @@
./public/in_repo.nix
./public/vm.nix
# (lib.mkRenamedOptionModule
# [
# "clanCore"
# ]
# [
# "clan"
# "core"
# ]
# )
];
}

4
nixosModules/clanCore/facts/public/in_repo.nix
View File

@ -1,6 +1,6 @@
{ config, lib, ... }:
{
config = lib.mkIf (config.clanCore.facts.publicStore == "in_repo") {
clanCore.facts.publicModule = "clan_cli.facts.public_modules.in_repo";
config = lib.mkIf (config.clan.core.facts.publicStore == "in_repo") {
clan.core.facts.publicModule = "clan_cli.facts.public_modules.in_repo";
};
}

4
nixosModules/clanCore/facts/public/vm.nix
View File

@ -1,6 +1,6 @@
{ config, lib, ... }:
{
config = lib.mkIf (config.clanCore.facts.publicStore == "vm") {
clanCore.facts.publicModule = "clan_cli.facts.public_modules.vm";
config = lib.mkIf (config.clan.core.facts.publicStore == "vm") {
clan.core.facts.publicModule = "clan_cli.facts.public_modules.vm";
};
}

8
nixosModules/clanCore/facts/secret/password-store.nix
View File

@ -8,10 +8,10 @@
'';
};
config = lib.mkIf (config.clanCore.facts.secretStore == "password-store") {
clanCore.facts.secretPathFunction =
config = lib.mkIf (config.clan.core.facts.secretStore == "password-store") {
clan.core.facts.secretPathFunction =
secret: "${config.clan.password-store.targetDirectory}/${secret.config.name}";
clanCore.facts.secretUploadDirectory = config.clan.password-store.targetDirectory;
clanCore.facts.secretModule = "clan_cli.facts.secret_modules.password_store";
clan.core.facts.secretUploadDirectory = config.clan.password-store.targetDirectory;
clan.core.facts.secretModule = "clan_cli.facts.secret_modules.password_store";
};
}

22
nixosModules/clanCore/facts/secret/sops.nix
View File

@ -5,8 +5,8 @@
...
}:
let
secretsDir = config.clanCore.clanDir + "/sops/secrets";
groupsDir = config.clanCore.clanDir + "/sops/groups";
secretsDir = config.clan.core.clanDir + "/sops/secrets";
groupsDir = config.clan.core.clanDir + "/sops/groups";
# My symlink is in the nixos module detected as a directory also it works in the repl. Is this because of pure evaluation?
containsSymlink =
@ -16,7 +16,7 @@ let
containsMachine =
parent: name: type:
type == "directory" && containsSymlink "${parent}/${name}/machines/${config.clanCore.machineName}";
type == "directory" && containsSymlink "${parent}/${name}/machines/${config.clan.core.machineName}";
containsMachineOrGroups =
name: type:
@ -34,7 +34,7 @@ let
in
{
options = {
clanCore.sops.defaultGroups = lib.mkOption {
clan.core.sops.defaultGroups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "admins" ];
@ -42,16 +42,16 @@ in
};
};
config = lib.mkIf (config.clanCore.facts.secretStore == "sops") {
config = lib.mkIf (config.clan.core.facts.secretStore == "sops") {
# Before we generate a secret we cannot know the path yet, so we need to set it to an empty string
clanCore.facts.secretPathFunction =
clan.core.facts.secretPathFunction =
secret:
config.sops.secrets.${"${config.clanCore.machineName}-${secret.config.name}"}.path
config.sops.secrets.${"${config.clan.core.machineName}-${secret.config.name}"}.path
or "/no-such-path";
clanCore.facts.secretModule = "clan_cli.facts.secret_modules.sops";
clanCore.facts.secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix";
clan.core.facts.secretModule = "clan_cli.facts.secret_modules.sops";
clan.core.facts.secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix";
sops.secrets = builtins.mapAttrs (name: _: {
sopsFile = config.clanCore.clanDir + "/sops/secrets/${name}/secret";
sopsFile = config.clan.core.clanDir + "/sops/secrets/${name}/secret";
format = "binary";
}) secrets;
# To get proper error messages about missing secrets we need a dummy secret file that is always present
@ -60,7 +60,7 @@ in
);
sops.age.keyFile = lib.mkIf (builtins.pathExists (
config.clanCore.clanDir + "/sops/secrets/${config.clanCore.machineName}-age.key/secret"
config.clan.core.clanDir + "/sops/secrets/${config.clan.core.machineName}-age.key/secret"
)) (lib.mkDefault "/var/lib/sops-nix/key.txt");
};
}

8
nixosModules/clanCore/facts/secret/vm.nix
View File

@ -1,8 +1,8 @@
{ config, lib, ... }:
{
config = lib.mkIf (config.clanCore.facts.secretStore == "vm") {
clanCore.facts.secretPathFunction = secret: "/etc/secrets/${secret.config.name}";
clanCore.facts.secretUploadDirectory = "/etc/secrets";
clanCore.facts.secretModule = "clan_cli.facts.secret_modules.vm";
config = lib.mkIf (config.clan.core.facts.secretStore == "vm") {
clan.core.facts.secretPathFunction = secret: "/etc/secrets/${secret.config.name}";
clan.core.facts.secretUploadDirectory = "/etc/secrets";
clan.core.facts.secretModule = "clan_cli.facts.secret_modules.vm";
};
}

2
nixosModules/clanCore/metadata.nix
View File

@ -1,6 +1,6 @@
{ lib, pkgs, ... }:
{
options.clanCore = {
options.clan.core = {
clanName = lib.mkOption {
type = lib.types.str;
description = ''

8
nixosModules/clanCore/options.nix
View File

@ -5,7 +5,13 @@
...
}:
{
options.clanCore.optionsNix = lib.mkOption {
imports = [
(lib.mkRenamedOptionModule [ "clanCore" ] [
"clan"
"core"
])
];
options.clan.core.optionsNix = lib.mkOption {
type = lib.types.raw;
internal = true;
readOnly = true;

2
nixosModules/clanCore/outputs.nix
View File

@ -66,7 +66,7 @@
config = {
system.clan.deployment.data = {
facts = {
inherit (config.clanCore.facts)
inherit (config.clan.core.facts)
secretUploadDirectory
secretModule
publicModule

4
nixosModules/clanCore/state.nix
View File

@ -1,10 +1,10 @@
{ lib, ... }:
{
# defaults
config.clanCore.state.HOME.folders = [ "/home" ];
config.clan.core.state.HOME.folders = [ "/home" ];
# interface
options.clanCore.state = lib.mkOption {
options.clan.core.state = lib.mkOption {
default = { };
type = lib.types.attrsOf (
lib.types.submodule (

18
nixosModules/clanCore/vm.nix
View File

@ -9,7 +9,9 @@
}:
let
# Flatten the list of state folders into a single list
stateFolders = lib.flatten (lib.mapAttrsToList (_item: attrs: attrs.folders) config.clanCore.state);
stateFolders = lib.flatten (
lib.mapAttrsToList (_item: attrs: attrs.folders) config.clan.core.state
);
vmModule = {
imports = [
@ -86,7 +88,7 @@ let
fsType = "ext4";
};
${config.clanCore.secretsUploadDirectory} = {
${config.clan.core.secretsUploadDirectory} = {
device = "secrets";
fsType = "9p";
neededForBoot = true;
@ -158,7 +160,7 @@ in
# All important VM config variables needed by the vm runner
# this is really just a remapping of values defined elsewhere
# and therefore not intended to be set by the user
clanCore.vm.inspect = {
clan.core.vm.inspect = {
clan_name = lib.mkOption {
type = lib.types.str;
internal = true;
@ -228,11 +230,11 @@ in
config = {
# for clan vm inspect
clanCore.vm.inspect = {
clan_name = config.clanCore.clanName;
machine_icon = config.clanCore.machineIcon or config.clanCore.clanIcon;
machine_name = config.clanCore.machineName;
machine_description = config.clanCore.machineDescription;
clan.core.vm.inspect = {
clan_name = config.clan.core.clanName;
machine_icon = config.clan.core.machineIcon or config.clan.core.clanIcon;
machine_name = config.clan.core.machineName;
machine_description = config.clan.core.machineDescription;
memory_size = config.clan.virtualisation.memorySize;
inherit (config.clan.virtualisation) cores graphics waypipe;
};

18
nixosModules/clanCore/zerotier/default.nix
View File

@ -6,7 +6,7 @@
}:
let
cfg = config.clan.networking.zerotier;
facts = config.clanCore.facts.services.zerotier.public or { };
facts = config.clan.core.facts.services.zerotier.public or { };
genMoonScript = pkgs.runCommand "genmoon" { nativeBuildInputs = [ pkgs.python3 ]; } ''
install -Dm755 ${./genmoon.py} $out/bin/genmoon
patchShebangs $out/bin/genmoon
@ -23,8 +23,8 @@ in
};
name = lib.mkOption {
type = lib.types.str;
default = config.clanCore.clanName;
defaultText = "config.clanCore.clanName";
default = config.clan.core.clanName;
defaultText = "config.clan.core.clanName";
description = ''
zerotier network name
'';
@ -111,7 +111,7 @@ in
systemd.services.zerotierone.serviceConfig.ExecStartPre = [
"+${pkgs.writeShellScript "init-zerotier" ''
cp ${config.clanCore.facts.services.zerotier.secret.zerotier-identity-secret.path} /var/lib/zerotier-one/identity.secret
cp ${config.clan.core.facts.services.zerotier.secret.zerotier-identity-secret.path} /var/lib/zerotier-one/identity.secret
zerotier-idtool getpublic /var/lib/zerotier-one/identity.secret > /var/lib/zerotier-one/identity.public
${lib.optionalString (cfg.controller.enable) ''
@ -176,7 +176,7 @@ in
(lib.mkIf cfg.controller.enable {
# only the controller needs to have the key in the repo, the other clients can be dynamic
# we generate the zerotier code manually for the controller, since it's part of the bootstrap command
clanCore.facts.services.zerotier = {
clan.core.facts.services.zerotier = {
public.zerotier-ip = { };
public.zerotier-network-id = { };
secret.zerotier-identity-secret = { };
@ -192,12 +192,12 @@ in
--network-id "$facts/zerotier-network-id"
'';
};
clanCore.state.zerotier.folders = [ "/var/lib/zerotier-one" ];
clan.core.state.zerotier.folders = [ "/var/lib/zerotier-one" ];
environment.systemPackages = [ config.clanCore.clanPkgs.zerotier-members ];
environment.systemPackages = [ config.clan.core.clanPkgs.zerotier-members ];
})
(lib.mkIf (!cfg.controller.enable && cfg.networkId != null) {
clanCore.facts.services.zerotier = {
clan.core.facts.services.zerotier = {
public.zerotier-ip = { };
secret.zerotier-identity-secret = { };
generator.path = [
@ -255,7 +255,7 @@ in
environment.etc."zerotier/network-id".text = facts.zerotier-network-id.value;
systemd.services.zerotierone.serviceConfig.ExecStartPost = [
"+${pkgs.writeShellScript "whitelist-controller" ''
${config.clanCore.clanPkgs.zerotier-members}/bin/zerotier-members allow ${
${config.clan.core.clanPkgs.zerotier-members}/bin/zerotier-members allow ${
builtins.substring 0 10 cfg.networkId
}
''}"

2
nixosModules/flake-module.nix
View File

@ -16,7 +16,7 @@
(
{ pkgs, lib, ... }:
{
clanCore.clanPkgs = lib.mkDefault self.packages.${pkgs.hostPlatform.system};
clan.core.clanPkgs = lib.mkDefault self.packages.${pkgs.hostPlatform.system};
}
)
];

4
nixosModules/iso/default.nix
View File

@ -19,7 +19,9 @@ let
};
# Flatten the list of state folders into a single list
stateFolders = lib.flatten (lib.mapAttrsToList (_item: attrs: attrs.folders) config.clanCore.state);
stateFolders = lib.flatten (
lib.mapAttrsToList (_item: attrs: attrs.folders) config.clan.core.state
);
# A module setting up bind mounts for all state folders
stateMounts = {

2
pkgs/clan-cli/clan_cli/backups/create.py
View File

@ -15,7 +15,7 @@ log = logging.getLogger(__name__)
def create_backup(machine: Machine, provider: str | None = None) -> None:
log.info(f"creating backup for {machine.name}")
backup_scripts = json.loads(machine.eval_nix("config.clanCore.backups"))
backup_scripts = json.loads(machine.eval_nix("config.clan.core.backups"))
if provider is None:
for provider in backup_scripts["providers"]:
proc = machine.target_host.run(

4
pkgs/clan-cli/clan_cli/backups/list.py
View File

@ -20,7 +20,7 @@ class Backup:
def list_provider(machine: Machine, provider: str) -> list[Backup]:
results = []
backup_metadata = json.loads(machine.eval_nix("config.clanCore.backups"))
backup_metadata = json.loads(machine.eval_nix("config.clan.core.backups"))
proc = machine.target_host.run(
[backup_metadata["providers"][provider]["list"]],
stdout=subprocess.PIPE,
@ -40,7 +40,7 @@ def list_provider(machine: Machine, provider: str) -> list[Backup]:
def list_backups(machine: Machine, provider: str | None = None) -> list[Backup]:
backup_metadata = json.loads(machine.eval_nix("config.clanCore.backups"))
backup_metadata = json.loads(machine.eval_nix("config.clan.core.backups"))
results = []
if provider is None:
for _provider in backup_metadata["providers"]:

6
pkgs/clan-cli/clan_cli/backups/restore.py
View File

@ -12,8 +12,8 @@ from ..machines.machines import Machine
def restore_service(machine: Machine, name: str, provider: str, service: str) -> None:
backup_metadata = json.loads(machine.eval_nix("config.clanCore.backups"))
backup_folders = json.loads(machine.eval_nix("config.clanCore.state"))
backup_metadata = json.loads(machine.eval_nix("config.clan.core.backups"))
backup_folders = json.loads(machine.eval_nix("config.clan.core.state"))
if service not in backup_folders:
msg = f"Service {service} not found in configuration. Available services are: {', '.join(backup_folders.keys())}"
@ -66,7 +66,7 @@ def restore_backup(
) -> None:
errors = []
if service is None:
backup_folders = json.loads(machine.eval_nix("config.clanCore.state"))
backup_folders = json.loads(machine.eval_nix("config.clan.core.state"))
for _service in backup_folders:
try:
restore_service(machine, name, provider, _service)

6
pkgs/clan-cli/clan_cli/clan/inspect.py
View File

@ -56,7 +56,7 @@ def inspect_flake(flake_url: str | Path, machine_name: str) -> FlakeConfig:
# Get the Clan name
cmd = nix_eval(
[
f'{flake_url}#clanInternals.machines."{system}"."{machine_name}".config.clanCore.clanName'
f'{flake_url}#clanInternals.machines."{system}"."{machine_name}".config.clan.core.clanName'
]
)
res = run_cmd(cmd)
@ -65,7 +65,7 @@ def inspect_flake(flake_url: str | Path, machine_name: str) -> FlakeConfig:
# Get the clan icon path
cmd = nix_eval(
[
f'{flake_url}#clanInternals.machines."{system}"."{machine_name}".config.clanCore.clanIcon'
f'{flake_url}#clanInternals.machines."{system}"."{machine_name}".config.clan.core.clanIcon'
]
)
res = run_cmd(cmd)
@ -78,7 +78,7 @@ def inspect_flake(flake_url: str | Path, machine_name: str) -> FlakeConfig:
cmd = nix_build(
[
f'{flake_url}#clanInternals.machines."{system}"."{machine_name}".config.clanCore.clanIcon'
f'{flake_url}#clanInternals.machines."{system}"."{machine_name}".config.clan.core.clanIcon'
],
machine_gcroot(flake_url=str(flake_url)) / "clanIcon",
)

4
pkgs/clan-cli/clan_cli/completions.py
View File

@ -95,7 +95,7 @@ def complete_services_for_machine(
run(
nix_eval(
flags=[
f"{flake}#nixosConfigurations.{machines[0]}.config.clanCore.facts.services",
f"{flake}#nixosConfigurations.{machines[0]}.config.clan.core.facts.services",
"--apply",
"builtins.attrNames",
],
@ -137,7 +137,7 @@ def complete_backup_providers_for_machine(
run(
nix_eval(
flags=[
f"{flake}#nixosConfigurations.{machine}.config.clanCore.backups.providers",
f"{flake}#nixosConfigurations.{machine}.config.clan.core.backups.providers",
"--apply",
"builtins.attrNames",
],

2
pkgs/clan-cli/clan_cli/config/__init__.py
View File

@ -114,7 +114,7 @@ def options_for_machine(
if show_trace:
flags.append("--show-trace")
flags.append(
f"{clan_dir}#nixosConfigurations.{machine_name}.config.clanCore.optionsNix"
f"{clan_dir}#nixosConfigurations.{machine_name}.config.clan.core.optionsNix"
)
cmd = nix_eval(flags=flags)
proc = run(

2
pkgs/clan-cli/clan_cli/config/machine.py
View File

@ -50,7 +50,7 @@ def verify_machine_config(
# potentially the config might affect submodule options,
# therefore we need to import it
config
{{clanCore.clanDir = {flake};}}
{{clan.core.clanDir = {flake};}}
]
# add all clan modules specified via clanImports
++ (map (name: clan-core.clanModules.${{name}}) config.clanImports or []);

2
pkgs/clan-cli/clan_cli/config/schema.py
View File

@ -84,7 +84,7 @@ def machine_schema(
# potentially the config might affect submodule options,
# therefore we need to import it
config
{{ clanCore.clanName = "fakeClan"; }}
{{ clan.core.clanName = "fakeClan"; }}
]
# add all clan modules specified via clanImports
++ (map (name: clan-core.clanModules.${{name}}) config.clanImports or []);

2
pkgs/clan-cli/clan_cli/machines/show.py
View File

@ -29,7 +29,7 @@ def show_machine(flake_url: str | Path, machine_name: str) -> MachineInfo:
[
f"{flake_url}#clanInternals.machines.{system}.{machine_name}",
"--apply",
"machine: { inherit (machine.config.clanCore) machineDescription machineIcon machineName; }",
"machine: { inherit (machine.config.clan.core) machineDescription machineIcon machineName; }",
"--json",
]
)

2
pkgs/clan-cli/clan_cli/vms/inspect.py
View File

@ -22,7 +22,7 @@ class VmConfig:
def inspect_vm(machine: Machine) -> VmConfig:
data = json.loads(machine.eval_nix("config.clanCore.vm.inspect"))
data = json.loads(machine.eval_nix("config.clan.core.vm.inspect"))
return VmConfig(flake_url=str(machine.flake), **data)

10
pkgs/clan-cli/tests/fixtures_flakes.py
View File

@ -47,6 +47,8 @@ def generate_flake(
substitutions: dict[str, str] = {
"__CHANGE_ME__": "_test_vm_persistence",
"git+https://git.clan.lol/clan/clan-core": "path://" + str(CLAN_CORE),
"https://git.clan.lol/clan/clan-core/archive/main.tar.gz": "path://"
+ str(CLAN_CORE),
},
# define the machines directly including their config
machine_configs: dict[str, dict] = {},
@ -58,9 +60,11 @@ def generate_flake(
Example:
machine_configs = dict(
my_machine=dict(
clanCore=dict(
backups=dict(
...
clan=dict(
core=dict(
backups=dict(
...
)
)
)
)

2
pkgs/clan-cli/tests/machines/vm1/default.nix
View File

@ -3,7 +3,7 @@
clan.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
system.stateVersion = lib.version;
sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
clanCore.secretsUploadDirectory = "__CLAN_SOPS_KEY_DIR__";
clan.core.secretsUploadDirectory = "__CLAN_SOPS_KEY_DIR__";
clan.virtualisation.graphics = false;
clan.networking.zerotier.controller.enable = true;

2
pkgs/clan-cli/tests/machines/vm_with_secrets/default.nix
View File

@ -3,7 +3,7 @@
clan.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
system.stateVersion = lib.version;
sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
clanCore.secretsUploadDirectory = "__CLAN_SOPS_KEY_DIR__";
clan.core.secretsUploadDirectory = "__CLAN_SOPS_KEY_DIR__";
clan.virtualisation.graphics = false;
clan.networking.zerotier.controller.enable = true;

2
pkgs/clan-cli/tests/test_flake/flake.nix
View File

@ -43,7 +43,7 @@
nixpkgs.pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
documentation.enable = false;
};
options.clanCore.optionsNix = lib.mkOption {
options.clan.core.optionsNix = lib.mkOption {
type = lib.types.raw;
internal = true;
readOnly = true;

6
pkgs/clan-cli/tests/test_flake_with_core/flake.nix
View File

@ -18,8 +18,8 @@
clan.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
system.stateVersion = lib.version;
sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
clanCore.secretsUploadDirectory = "__CLAN_SOPS_KEY_DIR__";
clanCore.sops.defaultGroups = [ "admins" ];
clan.core.secretsUploadDirectory = "__CLAN_SOPS_KEY_DIR__";
clan.core.sops.defaultGroups = [ "admins" ];
clan.virtualisation.graphics = false;
clan.networking.zerotier.controller.enable = true;
@ -41,7 +41,7 @@
clan.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
system.stateVersion = lib.version;
sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
clanCore.secretsUploadDirectory = "__CLAN_SOPS_KEY_DIR__";
clan.core.secretsUploadDirectory = "__CLAN_SOPS_KEY_DIR__";
clan.networking.zerotier.networkId = "82b44b162ec6c013";
};
};

4
pkgs/clan-cli/tests/test_flake_with_core_and_pass/flake.nix
View File

@ -17,8 +17,8 @@
{
clan.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
system.stateVersion = lib.version;
clanCore.secretStore = "password-store";
clanCore.secretsUploadDirectory = lib.mkForce "__CLAN_SOPS_KEY_DIR__/secrets";
clan.core.secretStore = "password-store";
clan.core.secretsUploadDirectory = lib.mkForce "__CLAN_SOPS_KEY_DIR__/secrets";
clan.networking.zerotier.controller.enable = true;

2
pkgs/clan-cli/tests/test_vms_cli.py
View File

@ -40,7 +40,7 @@ def run_vm_in_thread(machine_name: str) -> None:
# wait for qmp socket to exist
def wait_vm_up(state_dir: Path) -> None:
socket_file = state_dir / "qga.sock"
timeout: float = 300
timeout: float = 20
while True:
if timeout <= 0:
raise TimeoutError(

2
pkgs/schemas/flake-module.nix
View File

@ -14,7 +14,7 @@
imports = (import (pkgs.path + "/nixos/modules/module-list.nix")) ++ [
{
nixpkgs.hostPlatform = "x86_64-linux";
clanCore.clanName = "dummy";
clan.core.clanName = "dummy";
}
];
};