dafitt/schallerclan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
464 Commits 1 Branch 0 Tags
main
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Upstream

Apart from the following, the rest of this repository is intended for viewing only. It will not work because secrets and sensitive information have been filtered out. e.g. folder sops and vars, IP addresses, keys

clanServices Usage

# flake.nix
inputs = {
  schallerclan.url = "git+https://git.clan.lol/dafitt/schallerclan";
};

# clan.nix
inventory.instances.<service> = {
  module.name = "@schallerclan/<service>";
  module.input = "schallerclan";
};

Local

Requirements

  • Machines (and the admin machine) need to have a standard internet connection to reach services like the first tor relay, the wireguard-controller's endpoint, the machine's direct address, etc... -> Machines need to be behind a working router.

Usage

Add user key

  1. Create a new age keypair for your new user. Back it up at a secure location.

    mkdir -p $XDG_CONFIG_HOME/sops/age/
nix shell nixpkgs#age -c age-keygen --output $XDG_CONFIG_HOME/sops/age/keys.txt

  2. Copy the public key and add it to clan:

    clan secrets users add $USER --age-key <age...> # OR edit sops/users/<user>/key.json
clan secrets key update

Create an installer

  • Flash image to a physical USB

    clan flash write --flake https://git.clan.lol/clan/clan-core/archive/main.tar.gz \
--ssh-pubkey $HOME/.ssh/id_ed25519.pub \
--keymap de-latin1-nodeadkeys \
--language de_DE.UTF-8 \
--disk main /dev/sdX \
flash-installer

  • Iso image: Download nixos-installer-linux.iso from https://github.com/nix-community/nixos-images/releases

Deploy (Install) new machines

  1. Add a new machine to the local clan repository ✍ clan.nix

    clan machines create <machine>

  2. Get the IP address of the target machine (Run the installer/liveOS on physical machines)

  3. Generate hardware report

    clan machines install <machine> \
--update-hardware-config nixos-facter \
--phases kexec \
--target-host root@<ip>

  4. Define disk layout

    Let it fail, with empty disk first.

    clan templates apply disk single-disk <machine> --set mainDisk ""

  5. Deploy (Install)

    clan machines install <machine> --target-host root@<ip>

  6. (fix as of 2025-11-29) Update machine at least once, to upload all clan vars to it

    clan machines update <machine> --target-host root@<ip>

Fixes for cloud provider

  • Linode: Configurations > Edit > Boot Settings > Kernel > "Direct Disk"

  • Calibour: Add static static network interface configuration before deploying:

      networking.interfaces = lib.mkForce { };
  systemd.network.networks."40-ens18" = {
    matchConfig.Name = "ens18";
    address = [
      "45.86.153.248/26"
      "2a0f:85c1:8d2:2fe::1/64"
    ];
    routes = [
      { Gateway = "45.86.153.193"; }
      { Gateway = "fe80::2"; }
    ];
    dns = [
      "[2620:fe::9]:853#dns.quad9.net"
      "[2620:fe::fe]:853#dns.quad9.net"
      "[2606:4700:4700::1111]:853#cloudflare-dns.com"
      "[2606:4700:4700::1001]:853#cloudflare-dns.com"
    ];
    linkConfig.RequiredForOnline = "routable";
  };

Rebuild machines

clan machines update [<machine>]
# OR
nixos-rebuild --flake .#<machine> --build-host root@<ip> --target-host root@<ip> switch

Update hardware configuration

The hardware has changed?

clan machines update-hardware-config <machine>

(Re-) generate vars

clan vars generate [<machine>] [--generator [SERVICE]] [--regenerate]

Backups

List current state:

clan state list <machine>

Creating backups manually:

clan backups create <machine>

Restoring backups:

clan backups list <machine>
clan backups restore [--service <SERVICE>] <machine> <backup>
Reference in New Issue View Git Blame Copy Permalink
S
Description
How I use clan.lol
Readme 3.5 MiB
Languages
Nix 97.1%
Shell 2.9%