From c39aa89e290042a45aced8fb0a11ab7dd206fac2 Mon Sep 17 00:00:00 2001 From: Qubasa Date: Thu, 31 Jul 2025 15:38:14 +0700 Subject: [PATCH 1/4] docs: Add a nixos-anywhere debugging hint --- docs/site/guides/contributing/debugging.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/site/guides/contributing/debugging.md b/docs/site/guides/contributing/debugging.md index a20ea8bca..32bc9bc8b 100644 --- a/docs/site/guides/contributing/debugging.md +++ b/docs/site/guides/contributing/debugging.md @@ -24,6 +24,10 @@ pkgs.mkShell { } ``` +## Debugging nixos-anywhere + +If you encounter a bug in a complex shell script such as `nixos-anywhere`, start by replacing the `nixos-anywhere` command with a local checkout of the project, look in the [contribution](./CONTRIBUTING.md) section for an example. + ## The Debug Flag You can enhance your debugging process with the `--debug` flag in the `clan` command. When you add this flag to any command, it displays all subprocess commands initiated by `clan` in a readable format, along with the source code position that triggered them. This feature makes it easier to understand and trace what's happening under the hood. From 62a35039874745fecfbb53c43abf4a157f7e1f12 Mon Sep 17 00:00:00 2001 From: Qubasa Date: Thu, 31 Jul 2025 16:57:54 +0700 Subject: [PATCH 2/4] clan-lib: Always set a static private key for nixos-anywhere, to make --phases work properly --- pkgs/clan-cli/clan_cli/machines/install.py | 3 ++ pkgs/clan-cli/clan_lib/dirs/__init__.py | 6 +++ pkgs/clan-cli/clan_lib/machines/install.py | 14 ++++- pkgs/clan-cli/clan_lib/ssh/create.py | 61 ++++++++++++++++++++++ pkgs/clan-cli/clan_lib/ssh/create_test.py | 28 ++++++++++ 5 files changed, 111 insertions(+), 1 deletion(-) create mode 100644 pkgs/clan-cli/clan_lib/ssh/create.py create mode 100644 pkgs/clan-cli/clan_lib/ssh/create_test.py diff --git a/pkgs/clan-cli/clan_cli/machines/install.py b/pkgs/clan-cli/clan_cli/machines/install.py index c020473d9..e5375f728 100644 --- a/pkgs/clan-cli/clan_cli/machines/install.py +++ b/pkgs/clan-cli/clan_cli/machines/install.py @@ -58,6 +58,9 @@ def install_command(args: argparse.Namespace) -> None: else: target_host = machine.target_host().override(host_key_check=host_key_check) + if args.identity_file: + target_host = target_host.override(private_key=args.identity_file) + if machine._class_ == "darwin": msg = "Installing macOS machines is not yet supported" raise ClanError(msg) diff --git a/pkgs/clan-cli/clan_lib/dirs/__init__.py b/pkgs/clan-cli/clan_lib/dirs/__init__.py index 4eec08ab9..1b3593d28 100644 --- a/pkgs/clan-cli/clan_lib/dirs/__init__.py +++ b/pkgs/clan-cli/clan_lib/dirs/__init__.py @@ -120,6 +120,12 @@ def user_cache_dir() -> Path: return Path("~/.cache").expanduser() +def user_nixos_anywhere_dir() -> Path: + p = user_config_dir() / "clan" / "nixos-anywhere" + p.mkdir(parents=True, exist_ok=True) + return p + + def user_gcroot_dir() -> Path: p = user_config_dir() / "clan" / "gcroots" p.mkdir(parents=True, exist_ok=True) diff --git a/pkgs/clan-cli/clan_lib/machines/install.py b/pkgs/clan-cli/clan_lib/machines/install.py index 6a758a1b2..ce43d8c04 100644 --- a/pkgs/clan-cli/clan_lib/machines/install.py +++ b/pkgs/clan-cli/clan_lib/machines/install.py @@ -13,6 +13,7 @@ from clan_lib.api import API from clan_lib.cmd import Log, RunOpts, run from clan_lib.machines.machines import Machine from clan_lib.nix import nix_shell +from clan_lib.ssh.create import create_nixos_anywhere_ssh_key from clan_lib.ssh.remote import Remote log = logging.getLogger(__name__) @@ -25,6 +26,7 @@ BuildOn = Literal["auto", "local", "remote"] class InstallOptions: machine: Machine kexec: str | None = None + anywhere_priv_key: Path | None = None debug: bool = False no_reboot: bool = False phases: str | None = None @@ -115,8 +117,18 @@ def run_machine_install(opts: InstallOptions, target_host: Remote) -> None: "IdentitiesOnly=yes", ] + # Always set a nixos-anywhere private key to prevent failures when running + # 'clan install --phases kexec' followed by 'clan install --phases disko,install,reboot'. + # The kexec phase requires an authorized key, and if not specified, + # nixos-anywhere defaults to a key in a temporary directory. + if opts.anywhere_priv_key is None: + key_pair = create_nixos_anywhere_ssh_key() + opts.anywhere_priv_key = key_pair.private + cmd += ["-i", str(opts.anywhere_priv_key)] + + # If we need a different private key for being able to kexec, we can specify it here. if target_host.private_key: - cmd += ["-i", str(target_host.private_key)] + cmd += ["--ssh-option", f"IdentityFile={target_host.private_key}"] if opts.build_on: cmd += ["--build-on", opts.build_on] diff --git a/pkgs/clan-cli/clan_lib/ssh/create.py b/pkgs/clan-cli/clan_lib/ssh/create.py new file mode 100644 index 000000000..e80971ff2 --- /dev/null +++ b/pkgs/clan-cli/clan_lib/ssh/create.py @@ -0,0 +1,61 @@ +import logging +from dataclasses import dataclass +from pathlib import Path + +from clan_lib.api import API +from clan_lib.cmd import Log, RunOpts, run +from clan_lib.dirs import user_nixos_anywhere_dir + +log = logging.getLogger(__name__) + + +@dataclass(frozen=True) +class SSHKeyPair: + private: Path + public: Path + + +@API.register +def create_nixos_anywhere_ssh_key() -> SSHKeyPair: + """ + Create a new SSH key pair for NixOS Anywhere. + The keys are stored in ~/.config/clan/nixos-anywhere/keys/id_ed25519 and id_ed25519.pub. + """ + private_key_dir = user_nixos_anywhere_dir() + + key_pair = generate_ssh_key(private_key_dir) + + return key_pair + + +def generate_ssh_key(root_dir: Path) -> SSHKeyPair: + """ + Generate a new SSH key pair at root_dir/keys/id_ed25519 and id_ed25519.pub. + If the key already exists, it will not be regenerated. + """ + key_dir = root_dir / "keys" + key_dir.mkdir(parents=True, exist_ok=True) + key_dir.chmod(0o700) + priv_key = key_dir / "id_ed25519" + + keypair = SSHKeyPair( + private=priv_key, + public=key_dir / "id_ed25519.pub", + ) + + if priv_key.exists(): + return keypair + + log.info(f"Generating nixos-anywhere SSH key pair at {priv_key}") + cmd = [ + "ssh-keygen", + "-N", + "", + "-t", + "ed25519", + "-f", + str(priv_key), + ] + run(cmd, RunOpts(log=Log.BOTH)) + + return keypair diff --git a/pkgs/clan-cli/clan_lib/ssh/create_test.py b/pkgs/clan-cli/clan_lib/ssh/create_test.py new file mode 100644 index 000000000..5cc6c51ca --- /dev/null +++ b/pkgs/clan-cli/clan_lib/ssh/create_test.py @@ -0,0 +1,28 @@ +from pathlib import Path + +from clan_lib.ssh.create import create_nixos_anywhere_ssh_key + + +def test_clan_generate_sshkeys(temporary_home: Path) -> None: + keypair = create_nixos_anywhere_ssh_key() + + assert keypair.private.exists() + assert keypair.public.exists() + assert keypair.private.is_file() + assert keypair.public.is_file() + assert ( + keypair.private.parent + == Path("~/.config/clan/nixos-anywhere/keys").expanduser() + ) + assert ( + keypair.public.parent == Path("~/.config/clan/nixos-anywhere/keys").expanduser() + ) + assert keypair.private.name == "id_ed25519" + assert keypair.public.name == "id_ed25519.pub" + assert "PRIVATE KEY" in keypair.private.read_text() + assert "ssh-ed25519" in keypair.public.read_text() + + new_keypair = create_nixos_anywhere_ssh_key() + + assert new_keypair.private == keypair.private + assert new_keypair.public == keypair.public From d2529704d5d80bb56a020ef4ce763a9fbc8d343d Mon Sep 17 00:00:00 2001 From: Qubasa Date: Thu, 31 Jul 2025 16:58:43 +0700 Subject: [PATCH 3/4] docs: Split up getting-started guide in a Physical and Virtual installation, and properly document how to install on non-NixOS machines docs: git add docs --- docs/mkdocs.yml | 10 +- .../guides/getting-started/choose-disk.md | 54 ++++ .../{installer.md => create-installer.md} | 4 +- docs/site/guides/getting-started/deploy.md | 275 ------------------ .../{check.md => flake-check.md} | 0 .../hardware-report-physical.md | 115 ++++++++ .../hardware-report-virtual.md | 29 ++ docs/site/guides/getting-started/index.md | 14 - docs/site/guides/getting-started/update.md | 84 ++++++ 9 files changed, 291 insertions(+), 294 deletions(-) create mode 100644 docs/site/guides/getting-started/choose-disk.md rename docs/site/guides/getting-started/{installer.md => create-installer.md} (95%) delete mode 100644 docs/site/guides/getting-started/deploy.md rename docs/site/guides/getting-started/{check.md => flake-check.md} (100%) create mode 100644 docs/site/guides/getting-started/hardware-report-physical.md create mode 100644 docs/site/guides/getting-started/hardware-report-virtual.md create mode 100644 docs/site/guides/getting-started/update.md diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index bf54acfd1..bf23c93c3 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -49,12 +49,16 @@ nav: - Guides: - Getting Started: - Creating Your First Clan: guides/getting-started/index.md - - Create USB Installer: guides/getting-started/installer.md - Add Machines: guides/getting-started/add-machines.md - Add User: guides/getting-started/add-user.md - Add Services: guides/getting-started/add-services.md - - Deploy Machine: guides/getting-started/deploy.md - - Continuous Integration: guides/getting-started/check.md + - Deploy to Physical Machine: + - Create USB Installer: guides/getting-started/create-installer.md + - Deploy Physical Machine: guides/getting-started/hardware-report-physical.md + - Deploy to Virtual Machine: guides/getting-started/hardware-report-virtual.md + - Configure Disk Config: guides/getting-started/choose-disk.md + - Update Machine: guides/getting-started/update.md + - Continuous Integration: guides/getting-started/flake-check.md - Using Services: guides/clanServices.md - Backup & Restore: guides/backups.md - Disk Encryption: guides/disk-encryption.md diff --git a/docs/site/guides/getting-started/choose-disk.md b/docs/site/guides/getting-started/choose-disk.md new file mode 100644 index 000000000..a44c19834 --- /dev/null +++ b/docs/site/guides/getting-started/choose-disk.md @@ -0,0 +1,54 @@ +# Configure Disk Config + +By default clan uses [disko](https://github.com/nix-community/disko) which allows for declarative disk partitioning. + +To setup a disk schema for a machine run + +```bash +clan templates apply disk single-disk jon --set mainDisk "" +``` + +Which should fail and give the valid options for the specific hardware: + +```shellSession +Invalid value for placeholder mainDisk - Valid options: +/dev/disk/by-id/nvme-WD_PC_SN740_SDDQNQD-512G-1201_232557804368 +``` + +Re-run the command with the correct disk: + +```bash +clan templates apply disk single-disk jon --set mainDisk "/dev/disk/by-id/nvme-WD_PC_SN740_SDDQNQD-512G-1201_232557804368" +``` + +Should now be successful + +```shellSession +Applied disk template 'single-disk' to machine 'jon' +``` + +A disko.nix file should be created in `machines/jon` +You can have a look and customize it if needed. + +!!! tip + For advanced partitioning, see [Disko templates](https://github.com/nix-community/disko-templates) or [Disko examples](https://github.com/nix-community/disko/tree/master/example). + +!!! Danger + Don't change the `disko.nix` after the machine is installed for the first time. + + Changing disko configuration requires wiping and reinstalling the machine. + + Unless you really know what you are doing. + +## Deploy the machine + +**Finally deployment time!** + +This command is destructive and will format your disk and install NixOS on it! It is equivalent to appending `--phases kexec,disko,install,reboot`. + + +```bash +clan machines install [MACHINE] --target-host root@ +``` + + diff --git a/docs/site/guides/getting-started/installer.md b/docs/site/guides/getting-started/create-installer.md similarity index 95% rename from docs/site/guides/getting-started/installer.md rename to docs/site/guides/getting-started/create-installer.md index 485e750f7..22d8a7ade 100644 --- a/docs/site/guides/getting-started/installer.md +++ b/docs/site/guides/getting-started/create-installer.md @@ -1,9 +1,9 @@ -# USB Installer Image for Physical Machines (optional) +# USB Installer Image for Physical Machines To install Clan on physical machines, you need to use our custom installer image. This is necessary for proper installation and operation. !!! note "Using a Cloud VM?" - If you're using a cloud provider's virtual machine (VM), you can skip this section and go directly to the [Add Machines](add-machines.md) step. In this scenario, we automatically use [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) to replace the kernel during runtime. + If you're using a cloud provider's virtual machine (VM), you can skip this section and go directly to the [Deploy Virtual Machine](./hardware-report-virtual.md) step. In this scenario, we automatically use [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) to replace the kernel during runtime. ??? info "Why nixos-anywhere Doesn't Work on Physical Hardware?" nixos-anywhere relies on [kexec](https://wiki.archlinux.org/title/Kexec) to replace the running kernel with our custom one. This method often has compatibility issues with real hardware, especially systems with dedicated graphics cards like laptops and servers, leading to crashes and black screens. diff --git a/docs/site/guides/getting-started/deploy.md b/docs/site/guides/getting-started/deploy.md deleted file mode 100644 index a400411a4..000000000 --- a/docs/site/guides/getting-started/deploy.md +++ /dev/null @@ -1,275 +0,0 @@ -# Deploy a machine - -Now that you have created a machines, added some services and setup secrets. This guide will walk through how to deploy it. - -## Prerequisites - -!!! important "General Requirements" - - [x] RAM > 2GB - - [x] **Two Computers**: You need one computer that you're getting ready (we'll call this the Target Computer) and another one to set it up from (we'll call this the Setup Computer). Make sure both can talk to each other over the network using SSH. - - [x] **Machine configuration**: See our basic [adding and configuring machine guide](./add-machines.md) - -## Physical Hardware - -!!! note "skip this if using a cloud VM" - -Steps: - -- Create a NixOS installer image and transfer it to a bootable USB drive as described in the [installer](./installer.md). -- Boot the target machine and connect it to a network that makes it reachable from your setup computer. -- Note down a reachable ip address (*ipv4*, *ipv6* or *tor*) - ---- - -The installer will generate a password and local addresses on boot, then run ssh with these preconfigured. -The installer shows it's deployment relevant information in two formats, a text form, as well as a QR code. - -Sample boot screen shows: - -- Root password -- IP address -- Optional Tor and mDNS details - -```{ .bash .annotate .no-copy .nohighlight} -┌─────────────────────────────────────────────────────────────────────────────────────┐ -│ ┌───────────────────────────┐ │ -│ │███████████████████████████│ # This is the QR Code (1) │ -│ │██ ▄▄▄▄▄ █▀▄█▀█▀▄█ ▄▄▄▄▄ ██│ │ -│ │██ █ █ █▀▄▄▄█ ▀█ █ █ ██│ │ -│ │██ █▄▄▄█ █▀▄ ▀▄▄▄█ █▄▄▄█ ██│ │ -│ │██▄▄▄▄▄▄▄█▄▀ ▀▄▀▄█▄▄▄▄▄▄▄██│ │ -│ │███▀▀▀ █▄▄█ ▀▄ ▄▀▄█ ███│ │ -│ │██▄██▄▄█▄▄▀▀██▄▀ ▄▄▄ ▄▀█▀██│ │ -│ │██ ▄▄▄▄▄ █▄▄▄▄ █ █▄█ █▀ ███│ │ -│ │██ █ █ █ █ █ ▄▄▄ ▄▀▀ ██│ │ -│ │██ █▄▄▄█ █ ▄ ▄ ▄ ▀█ ▄███│ │ -│ │██▄▄▄▄▄▄▄█▄▄▄▄▄▄█▄▄▄▄▄█▄███│ │ -│ │███████████████████████████│ │ -│ └───────────────────────────┘ │ -│ ┌─────────────────────────────────────────────────────────────────────────────────┐ │ -│ │Root password: cheesy-capital-unwell # password (2) │ │ -│ │Local network addresses: │ │ -│ │enp1s0 UP 192.168.178.169/24 metric 1024 fe80::21e:6ff:fe45:3c92/64 │ │ -│ │enp2s0 DOWN │ │ -│ │wlan0 DOWN # connect to wlan (3) │ │ -│ │Onion address: 6evxy5yhzytwpnhc2vpscrbti3iktxdhpnf6yim6bbs25p4v6beemzyd.onion │ │ -│ │Multicast DNS: nixos-installer.local │ │ -│ └─────────────────────────────────────────────────────────────────────────────────┘ │ -│ Press 'Ctrl-C' for console access │ -│ │ -└─────────────────────────────────────────────────────────────────────────────────────┘ -``` - -1. This is not an actual QR code, because it is displayed rather poorly on text sites. - This would be the actual content of this specific QR code prettified: - ```json - { - "pass": "cheesy-capital-unwell", - "tor": "6evxy5yhzytwpnhc2vpscrbti3iktxdhpnf6yim6bbs25p4v6beemzyd.onion", - "addrs": [ - "2001:9e8:347:ca00:21e:6ff:fe45:3c92" - ] - } - ``` - - To generate the actual QR code, that would be displayed use: - ```shellSession - echo '{"pass":"cheesy-capital-unwell","tor":"6evxy5yhzytwpnhc2vpscrbti3iktxdhpnf6yim6bbs25p4v6beemzyd.onion","addrs":["2001:9e8:347:ca00:21e:6ff:fe45:3c92"]}' | nix run nixpkgs#qrencode -- -s 2 -m 2 -t utf8 - ``` -2. The root password for the installer medium. - This password is autogenerated and meant to be easily typeable. -3. See [how to connect to wlan](./installer.md#optional-connect-to-wifi-manually). - -!!! tip - Use [KDE Connect](https://apps.kde.org/de/kdeconnect/) for easyily sharing QR codes from phone to desktop - -## Cloud VMs - -!!! note "skip this if using a physical machine" - -Clan supports any cloud machine if it is reachable via SSH and supports `kexec`. - -Steps: - -- Go to the configuration panel and note down how to connect to the machine via ssh. - -!!! tip "NixOS can cause strange issues when booting in certain cloud environments." - If on Linode: Make sure that the system uses "Direct Disk boot kernel" (found in the configuration panel) - -## Setting `targetHost` - -In your nix files set the targetHost (reachable ip) that you retrieved in the previous step. - -```{.nix title="clan.nix" hl_lines="9"} -{ - # Ensure this is unique among all clans you want to use. - meta.name = "my-clan"; - - inventory.machines = { - # Define machines here. - # The machine name will be used as the hostname. - jon = { - deploy.targetHost = "root@192.168.192.4"; # (1) - }; - }; - # ... - # elided -} -``` - -1. Use the ip address of your targetMachine that you want to deploy. If using the [flash-installer](./installer.md) it should display its local ip-address when booted. - -!!! warning - The use of `root@` in the target address implies SSH access as the `root` user. - Ensure that the root login is secured and only used when necessary. - -See also [how to set TargetHost](../target-host.md) for other methods. - -## Retrieve the hardware report - -By default clan uses [nixos-facter](https://github.com/nix-community/nixos-facter) which captures detailed information about the machine or virtual environment. - -To generate the hardware-report (`facter.json`) run: - -```bash -clan machines update-hardware-config -``` - -Example output: - -```shell-session -$ clan machines update-hardware-config jon -[jon] $ nixos-facter -Successfully generated: ./machines/jon/facter.json -``` - -See [update-hardware-config cli reference](../../reference/cli/machines.md#machines-update-hardware-config) for further configuration possibilities if needed. - -## Configure your disk schema - -By default clan uses [disko](https://github.com/nix-community/disko) which allows for declarative disk partitioning. - -To setup a disk schema for a machine run - -```bash -clan templates apply disk single-disk jon --set mainDisk "" -``` - -Which should fail and give the valid options for the specific hardware: - -```shellSession -Invalid value for placeholder mainDisk - Valid options: -/dev/disk/by-id/nvme-WD_PC_SN740_SDDQNQD-512G-1201_232557804368 -``` - -Re-run the command with the correct disk: - -```bash -clan templates apply disk single-disk jon --set mainDisk "/dev/disk/by-id/nvme-WD_PC_SN740_SDDQNQD-512G-1201_232557804368" -``` - -Should now be successful - -```shellSession -Applied disk template 'single-disk' to machine 'jon' -``` - -A disko.nix file should be created in `machines/jon` -You can have a look and customize it if needed. - -!!! tip - For advanced partitioning, see [Disko templates](https://github.com/nix-community/disko-templates) or [Disko examples](https://github.com/nix-community/disko/tree/master/example). - -!!! Danger - Don't change the `disko.nix` after the machine is installed for the first time. - - Changing disko configuration requires wiping and reinstalling the machine. - - Unless you really know what you are doing. - -## Deploy the machine - -**Finally deployment time!** Use one of the following commands to build and deploy the image via SSH onto your machine. - -### Deployment Commands - -#### Using password auth - -```bash -clan machines install [MACHINE] --target-host -``` - -#### Using QR JSON - -```bash -clan machines install [MACHINE] --json "[JSON]" -``` - -#### Using QR image file - -```bash -clan machines install [MACHINE] --png [PATH] -``` - -#### Option B: Cloud VM - -```bash -clan machines install [MACHINE] --target-host -``` - -!!! success - Your machine is all set up. 🎉 🚀 - -## Post-Deployment: Updating Machines - -### Updating - -Update a single machine: - -```bash -clan machines update jon -``` - -Update all machines: - -```bash -clan machines update -``` - -### Build Host Configuration - -If a machine is too resource-limited, use another host. - -If the machine does not have enough resources to run the NixOS evaluation or build itself, -it is also possible to specify a build host. - -During an update, the CLI will SSH into the build host and run `nixos-rebuild` from there. - -```{.nix hl_lines="5" .no-copy} -clan { - # ... - machines = { - "jon" = { - clan.core.networking.buildHost = "root@"; - }; - }; -}; -``` - -### Excluding from Automatic Updates - -To exclude machines from being updated when running `clan machines update` without any machines specified, -one can set the `clan.deployment.requireExplicitUpdate` option to true: - -```{.nix hl_lines="5" .no-copy} -clan { - # ... - machines = { - "jon" = { - clan.deployment.requireExplicitUpdate = true; - }; - }; -}; -``` - -This is useful for machines that are not always online or are not part of the regular update cycle. diff --git a/docs/site/guides/getting-started/check.md b/docs/site/guides/getting-started/flake-check.md similarity index 100% rename from docs/site/guides/getting-started/check.md rename to docs/site/guides/getting-started/flake-check.md diff --git a/docs/site/guides/getting-started/hardware-report-physical.md b/docs/site/guides/getting-started/hardware-report-physical.md new file mode 100644 index 000000000..71fa82867 --- /dev/null +++ b/docs/site/guides/getting-started/hardware-report-physical.md @@ -0,0 +1,115 @@ +# Installing a Physical Machine + +Now that you have created a machines, added some services and setup secrets. This guide will walk through how to deploy it. + +### Step 0. Prerequisites +- [x] RAM > 2GB +- [x] **Two Computers**: You need one computer that you're getting ready (we'll call this the Target Computer) and another one to set it up from (we'll call this the Setup Computer). Make sure both can talk to each other over the network using SSH. +- [x] **Machine configuration**: See our basic [adding and configuring machine guide](./add-machines.md) +- [x] **Initialized secrets**: See [secrets](secrets.md) for how to initialize your secrets. +- [x] **USB Flash Drive**: See [Clan Installer](./create-installer.md) + + +### Image Installer +This method makes use of the [image installers](./create-installer.md). + +The installer will randomly generate a password and local addresses on boot, then run ssh with these preconfigured. +The installer shows it's deployment relevant information in two formats, a text form, as well as a QR code. + + +This is an example of the booted installer. + +```{ .bash .annotate .no-copy .nohighlight} +┌─────────────────────────────────────────────────────────────────────────────────────┐ +│ ┌───────────────────────────┐ │ +│ │███████████████████████████│ # This is the QR Code (1) │ +│ │██ ▄▄▄▄▄ █▀▄█▀█▀▄█ ▄▄▄▄▄ ██│ │ +│ │██ █ █ █▀▄▄▄█ ▀█ █ █ ██│ │ +│ │██ █▄▄▄█ █▀▄ ▀▄▄▄█ █▄▄▄█ ██│ │ +│ │██▄▄▄▄▄▄▄█▄▀ ▀▄▀▄█▄▄▄▄▄▄▄██│ │ +│ │███▀▀▀ █▄▄█ ▀▄ ▄▀▄█ ███│ │ +│ │██▄██▄▄█▄▄▀▀██▄▀ ▄▄▄ ▄▀█▀██│ │ +│ │██ ▄▄▄▄▄ █▄▄▄▄ █ █▄█ █▀ ███│ │ +│ │██ █ █ █ █ █ ▄▄▄ ▄▀▀ ██│ │ +│ │██ █▄▄▄█ █ ▄ ▄ ▄ ▀█ ▄███│ │ +│ │██▄▄▄▄▄▄▄█▄▄▄▄▄▄█▄▄▄▄▄█▄███│ │ +│ │███████████████████████████│ │ +│ └───────────────────────────┘ │ +│ ┌─────────────────────────────────────────────────────────────────────────────────┐ │ +│ │Root password: cheesy-capital-unwell # password (2) │ │ +│ │Local network addresses: │ │ +│ │enp1s0 UP 192.168.178.169/24 metric 1024 fe80::21e:6ff:fe45:3c92/64 │ │ +│ │enp2s0 DOWN │ │ +│ │wlan0 DOWN # connect to wlan (3) │ │ +│ │Onion address: 6evxy5yhzytwpnhc2vpscrbti3iktxdhpnf6yim6bbs25p4v6beemzyd.onion │ │ +│ │Multicast DNS: nixos-installer.local │ │ +│ └─────────────────────────────────────────────────────────────────────────────────┘ │ +│ Press 'Ctrl-C' for console access │ +│ │ +└─────────────────────────────────────────────────────────────────────────────────────┘ +``` + +1. This is not an actual QR code, because it is displayed rather poorly on text sites. + This would be the actual content of this specific QR code prettified: + ```json + { + "pass": "cheesy-capital-unwell", + "tor": "6evxy5yhzytwpnhc2vpscrbti3iktxdhpnf6yim6bbs25p4v6beemzyd.onion", + "addrs": [ + "2001:9e8:347:ca00:21e:6ff:fe45:3c92" + ] + } + ``` + + To generate the actual QR code, that would be displayed use: + ```shellSession + echo '{"pass":"cheesy-capital-unwell","tor":"6evxy5yhzytwpnhc2vpscrbti3iktxdhpnf6yim6bbs25p4v6beemzyd.onion","addrs":["2001:9e8:347:ca00:21e:6ff:fe45:3c92"]}' | nix run nixpkgs#qrencode -- -s 2 -m 2 -t utf8 + ``` +2. The root password for the installer medium. + This password is autogenerated and meant to be easily typeable. +3. See how to connect the installer medium to wlan [here](./installer.md#optional-connect-to-wifi). +4. :man_raising_hand: I'm a code annotation! I can contain `code`, __formatted + text__, images, ... basically anything that can be written in Markdown. + +!!!tip + For easy sharing of deployment information via QR code, we highly recommend using [KDE Connect](https://apps.kde.org/de/kdeconnect/). + +There are two ways to deploy your machine: + + +=== "Password" + ### Generating a Hardware Report + + The following command will generate a hardware report with [nixos-facter](https://github.com/nix-community/nixos-facter) and writes it back into your machine folder. The `--phases kexec` flag makes sure we are not yet formatting anything, instead if the target system is not a NixOS machine it will use [kexec](https://wiki.archlinux.org/title/Kexec) to switch to a NixOS kernel. + + + ```terminal + clan machines install [MACHINE] \ + --update-hardware-config nixos-facter \ + --phases kexec \ + --target-host root@192.168.178.169 + ``` + +=== "QR Code" + ### Generating a Hardware Report + + The following command will generate a hardware report with [nixos-facter](https://github.com/nix-community/nixos-facter) and writes it back into your machine folder. The `--phases kexec` flag makes sure we are not yet formatting anything, instead if the target system is not a NixOS machine it will use [kexec](https://wiki.archlinux.org/title/Kexec) to switch to a NixOS kernel. + + #### Using a JSON String or File Path + Copy the JSON string contained in the QR Code and provide its path or paste it directly: + ```terminal + clan machines install [MACHINE] --json [JSON] \ + --update-hardware-config nixos-facter \ + --phases kexec + ``` + + #### Using an Image Containing the QR Code + Provide the path to an image file containing the QR code displayed by the installer: + ```terminal + clan machines install [MACHINE] --png [PATH] \ + --update-hardware-config nixos-facter \ + --phases kexec + ``` + + +If you are using our template `[MACHINE]` would be `jon` diff --git a/docs/site/guides/getting-started/hardware-report-virtual.md b/docs/site/guides/getting-started/hardware-report-virtual.md new file mode 100644 index 000000000..6eb9af47f --- /dev/null +++ b/docs/site/guides/getting-started/hardware-report-virtual.md @@ -0,0 +1,29 @@ +# Generate a VM Hardware Report + +Now that you have created a machines, added some services and setup secrets. This guide will walk through how to deploy it. + +## Prerequisites +- [x] RAM > 2GB +- [x] **Two Computers**: You need one computer that you're getting ready (we'll call this the Target Computer) and another one to set it up from (we'll call this the Setup Computer). Make sure both can talk to each other over the network using SSH. +- [x] **Machine configuration**: See our basic [adding and configuring machine guide](./add-machines.md) + + +Clan supports any cloud machine if it is reachable via SSH and supports `kexec`. + + +??? tip "NixOS can cause strange issues when booting in certain cloud environments." + If on Linode: Make sure that the system uses "Direct Disk boot kernel" (found in the configuration panel) + + +The following command will generate a hardware report with [nixos-facter](https://github.com/nix-community/nixos-facter) and writes it back into your machine folder. The `--phases kexec` flag makes sure we are not yet formatting anything, instead if the target system is not a NixOS machine it will use [kexec](https://wiki.archlinux.org/title/Kexec) to switch to a NixOS kernel. + + +```terminal +clan machines install [MACHINE] \ + --update-hardware-config nixos-facter \ + --phases kexec \ + --target-host myuser@ +``` + +!!! Warning + After running the above command, be aware that the SSH login user changes from `myuser` to `root`. For subsequent SSH connections to the target machine, use `root` as the login user. This change occurs because the system switches to the NixOS kernel using `kexec`. diff --git a/docs/site/guides/getting-started/index.md b/docs/site/guides/getting-started/index.md index a61a51749..20b123b91 100644 --- a/docs/site/guides/getting-started/index.md +++ b/docs/site/guides/getting-started/index.md @@ -118,17 +118,3 @@ To change the name of your clan edit `meta.name` in the `clan.nix` or `flake.nix } ``` ---- - -## Next Steps - -You can continue with **any** of the following steps at your own pace: - -- [x] [Install Nix & Clan CLI](./index.md) -- [x] [Initialize Clan](./index.md#add-clan-cli-to-your-shell) -- [ ] [Create USB Installer (optional)](./installer.md) -- [ ] [Add Machines](./add-machines.md) -- [ ] [Add a User](./add-user.md) -- [ ] [Add Services](./add-services.md) -- [ ] [Deploy](./deploy.md) - Requires configured secrets -- [ ] [Setup CI (optional)](./check.md) diff --git a/docs/site/guides/getting-started/update.md b/docs/site/guides/getting-started/update.md new file mode 100644 index 000000000..4ce1aacb7 --- /dev/null +++ b/docs/site/guides/getting-started/update.md @@ -0,0 +1,84 @@ + +# Update Your Machines + +Clan CLI enables you to remotely update your machines over SSH. This requires setting up a target address for each target machine. + +### Setting `targetHost` + +In your nix files set the targetHost (reachable ip) that your new machine now has. This removes the need to add `--targetHost` to every command. + + +```{.nix title="clan.nix" hl_lines="9"} +{ +# Ensure this is unique among all clans you want to use. +meta.name = "my-clan"; + +inventory.machines = { + # Define machines here. + # The machine name will be used as the hostname. + jon = { + deploy.targetHost = "root@192.168.192.4"; # (1) + }; +}; +# [...] +} +``` +The use of `root@` in the target address implies SSH access as the `root` user. +Ensure that the root login is secured and only used when necessary. + + +### Setting a Build Host + +If the machine does not have enough resources to run the NixOS evaluation or build itself, +it is also possible to specify a build host instead. +During an update, the cli will ssh into the build host and run `nixos-rebuild` from there. + + +```{.nix hl_lines="5" .no-copy} +buildClan { + # ... + machines = { + "jon" = { + clan.core.networking.buildHost = "root@"; + }; + }; +}; +``` + +!!! Note + Make sure that the CPU architecture is the same for the buildHost as for the targetHost. + Example: + If you want to deploy to a macOS machine, your architecture is an ARM64-Darwin, that means you need a second macOS machine to build it. + +### Updating Machine Configurations + +Execute the following command to update the specified machine: + +```bash +clan machines update jon +``` + +You can also update all configured machines simultaneously by omitting the machine name: + +```bash +clan machines update +``` + + +### Excluding a machine from `clan machine update` + +To exclude machines from being updated when running `clan machines update` without any machines specified, +one can set the `clan.deployment.requireExplicitUpdate` option to true: + +```{.nix hl_lines="5" .no-copy} +buildClan { + # ... + machines = { + "jon" = { + clan.deployment.requireExplicitUpdate = true; + }; + }; +}; +``` + +This is useful for machines that are not always online or are not part of the regular update cycle. From 0b05b0b1ec4e927fded3f5a87f7757a6b48d4d8f Mon Sep 17 00:00:00 2001 From: Qubasa Date: Thu, 31 Jul 2025 17:04:15 +0700 Subject: [PATCH 4/4] docs: review fixups docs: review fixups docs: review fixups docs: fixup links in cli docs: fixup links in cli --- docs/site/guides/getting-started/add-user.md | 2 +- .../guides/getting-started/choose-disk.md | 36 +++++++++++++++---- .../getting-started/create-installer.md | 4 +-- .../hardware-report-physical.md | 13 ++++--- .../hardware-report-virtual.md | 3 +- docs/site/guides/getting-started/update.md | 2 +- pkgs/clan-cli/clan_cli/cli.py | 6 ++-- pkgs/clan-cli/clan_cli/machines/cli.py | 6 ++-- pkgs/clan-cli/clan_lib/machines/install.py | 4 +-- pkgs/clan-cli/clan_lib/machines/machines.py | 2 +- pkgs/clan-cli/clan_lib/ssh/create.py | 4 +-- pkgs/clan-cli/clan_lib/ssh/create_test.py | 6 ++-- 12 files changed, 54 insertions(+), 34 deletions(-) diff --git a/docs/site/guides/getting-started/add-user.md b/docs/site/guides/getting-started/add-user.md index 33048e744..46d6a50ec 100644 --- a/docs/site/guides/getting-started/add-user.md +++ b/docs/site/guides/getting-started/add-user.md @@ -49,7 +49,7 @@ The example shows how to add a user called `jon`: 2. Add this user to `all` machines 3. Define the `name` of the user to be `jon` -The `users` service creates a `/home/jon` directory, allows `jon` to sign in and will take care of the users password as part of [deployment](./deploy.md). +The `users` service creates a `/home/jon` directory, allows `jon` to sign in and will take care of the user's password. For more information see [clanService/users](../../reference/clanServices/users.md) diff --git a/docs/site/guides/getting-started/choose-disk.md b/docs/site/guides/getting-started/choose-disk.md index a44c19834..2533a426f 100644 --- a/docs/site/guides/getting-started/choose-disk.md +++ b/docs/site/guides/getting-started/choose-disk.md @@ -2,6 +2,34 @@ By default clan uses [disko](https://github.com/nix-community/disko) which allows for declarative disk partitioning. +To see what disk templates are available run: +```{.shellSession hl_lines="10" .no-copy} +$ clan templates list + +Available 'clan' template +├── +│ ├── default: Initialize a new clan flake +│ ├── flake-parts: Flake-parts +│ └── minimal: for clans managed via (G)UI +Available 'disko' templates +├── +│ └── single-disk: A simple ext4 disk with a single partition +Available 'machine' templates +├── +│ ├── demo-template: Demo machine for the CLAN project +│ ├── flash-installer: Initialize a new flash-installer machine +│ ├── new-machine: Initialize a new machine +│ └── test-morph-template: Morph a machine +``` + + +For this guide we will select the `single-disk` template, that uses `A simple ext4 disk with a single partition`. + +!!! tip + For advanced partitioning, see [Disko templates](https://github.com/nix-community/disko-templates) or [Disko examples](https://github.com/nix-community/disko/tree/master/example). + You can also [contribute a disk template to clan core](https://docs.clan.lol/guides/disko-templates/community/) + + To setup a disk schema for a machine run ```bash @@ -30,16 +58,10 @@ Applied disk template 'single-disk' to machine 'jon' A disko.nix file should be created in `machines/jon` You can have a look and customize it if needed. -!!! tip - For advanced partitioning, see [Disko templates](https://github.com/nix-community/disko-templates) or [Disko examples](https://github.com/nix-community/disko/tree/master/example). - !!! Danger - Don't change the `disko.nix` after the machine is installed for the first time. - + Don't change the `disko.nix` after the machine is installed for the first time, unless you really know what you are doing. Changing disko configuration requires wiping and reinstalling the machine. - Unless you really know what you are doing. - ## Deploy the machine **Finally deployment time!** diff --git a/docs/site/guides/getting-started/create-installer.md b/docs/site/guides/getting-started/create-installer.md index 22d8a7ade..66b10ad7a 100644 --- a/docs/site/guides/getting-started/create-installer.md +++ b/docs/site/guides/getting-started/create-installer.md @@ -2,8 +2,8 @@ To install Clan on physical machines, you need to use our custom installer image. This is necessary for proper installation and operation. -!!! note "Using a Cloud VM?" - If you're using a cloud provider's virtual machine (VM), you can skip this section and go directly to the [Deploy Virtual Machine](./hardware-report-virtual.md) step. In this scenario, we automatically use [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) to replace the kernel during runtime. +!!! note "Deploying to a Virtual Machine?" + If you're deploying to a virtual machine (VM), you can skip this section and go directly to the [Deploy Virtual Machine](./hardware-report-virtual.md) step. In this scenario, we automatically use [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) to replace the kernel during runtime. ??? info "Why nixos-anywhere Doesn't Work on Physical Hardware?" nixos-anywhere relies on [kexec](https://wiki.archlinux.org/title/Kexec) to replace the running kernel with our custom one. This method often has compatibility issues with real hardware, especially systems with dedicated graphics cards like laptops and servers, leading to crashes and black screens. diff --git a/docs/site/guides/getting-started/hardware-report-physical.md b/docs/site/guides/getting-started/hardware-report-physical.md index 71fa82867..b0462f8c7 100644 --- a/docs/site/guides/getting-started/hardware-report-physical.md +++ b/docs/site/guides/getting-started/hardware-report-physical.md @@ -1,20 +1,21 @@ # Installing a Physical Machine -Now that you have created a machines, added some services and setup secrets. This guide will walk through how to deploy it. +Now that you have created a machine, added some services, and set up secrets, this guide will walk you through how to deploy it. + ### Step 0. Prerequisites - [x] RAM > 2GB - [x] **Two Computers**: You need one computer that you're getting ready (we'll call this the Target Computer) and another one to set it up from (we'll call this the Setup Computer). Make sure both can talk to each other over the network using SSH. - [x] **Machine configuration**: See our basic [adding and configuring machine guide](./add-machines.md) -- [x] **Initialized secrets**: See [secrets](secrets.md) for how to initialize your secrets. +- [x] **Initialized secrets**: See [secrets](../secrets.md) for how to initialize your secrets. - [x] **USB Flash Drive**: See [Clan Installer](./create-installer.md) ### Image Installer This method makes use of the [image installers](./create-installer.md). -The installer will randomly generate a password and local addresses on boot, then run ssh with these preconfigured. -The installer shows it's deployment relevant information in two formats, a text form, as well as a QR code. +The installer will randomly generate a password and local addresses on boot, then run a SSH server with these preconfigured. +The installer shows its deployment relevant information in two formats, a text form, as well as a QR code. This is an example of the booted installer. @@ -67,9 +68,7 @@ This is an example of the booted installer. ``` 2. The root password for the installer medium. This password is autogenerated and meant to be easily typeable. -3. See how to connect the installer medium to wlan [here](./installer.md#optional-connect-to-wifi). -4. :man_raising_hand: I'm a code annotation! I can contain `code`, __formatted - text__, images, ... basically anything that can be written in Markdown. +3. See how to connect the installer medium to wlan [here](./create-installer.md). !!!tip For easy sharing of deployment information via QR code, we highly recommend using [KDE Connect](https://apps.kde.org/de/kdeconnect/). diff --git a/docs/site/guides/getting-started/hardware-report-virtual.md b/docs/site/guides/getting-started/hardware-report-virtual.md index 6eb9af47f..957528d89 100644 --- a/docs/site/guides/getting-started/hardware-report-virtual.md +++ b/docs/site/guides/getting-started/hardware-report-virtual.md @@ -1,6 +1,7 @@ # Generate a VM Hardware Report -Now that you have created a machines, added some services and setup secrets. This guide will walk through how to deploy it. +Now that you have created a machine, added some services, and set up secrets, this guide will walk you through how to deploy it. + ## Prerequisites - [x] RAM > 2GB diff --git a/docs/site/guides/getting-started/update.md b/docs/site/guides/getting-started/update.md index 4ce1aacb7..dfa63990f 100644 --- a/docs/site/guides/getting-started/update.md +++ b/docs/site/guides/getting-started/update.md @@ -5,7 +5,7 @@ Clan CLI enables you to remotely update your machines over SSH. This requires se ### Setting `targetHost` -In your nix files set the targetHost (reachable ip) that your new machine now has. This removes the need to add `--targetHost` to every command. +In your Nix files, set the `targetHost` to the reachable IP address of your new machine. This eliminates the need to specify `--target-host` with every command. ```{.nix title="clan.nix" hl_lines="9"} diff --git a/pkgs/clan-cli/clan_cli/cli.py b/pkgs/clan-cli/clan_cli/cli.py index ee6ba5fb9..c9990fa25 100644 --- a/pkgs/clan-cli/clan_cli/cli.py +++ b/pkgs/clan-cli/clan_cli/cli.py @@ -244,7 +244,7 @@ Examples: $ clan flash write mymachine --disk main /dev/sd --ssh-pubkey ~/.ssh/id_rsa.pub Will flash the machine 'mymachine' to the disk '/dev/sd' with the ssh public key '~/.ssh/id_rsa.pub'. -For more detailed information, visit: {help_hyperlink("getting-started", "https://docs.clan.lol/guides/getting-started/installer")} +For more detailed information, visit: {help_hyperlink("getting-started", "https://docs.clan.lol/guides/getting-started/create-installer")} """ ), formatter_class=argparse.RawTextHelpFormatter, @@ -271,7 +271,7 @@ Examples: the json string. [JSON] can either be a json formatted string itself, or point towards a file containing the deployment information -For more detailed information, visit: {help_hyperlink("deploy", "https://docs.clan.lol/guides/getting-started/deploy")} +For more detailed information, visit: {help_hyperlink("deploy", "https://docs.clan.lol/guides/getting-started/hardware-report-physical")} """ ), formatter_class=argparse.RawTextHelpFormatter, @@ -402,7 +402,7 @@ Examples: If the `--target-host` flag is omitted will try to find host information by checking the deployment configuration inside the specified machine. -For more detailed information, visit: {help_hyperlink("deploy", "https://docs.clan.lol/guides/getting-started/deploy")} +For more detailed information, visit: {help_hyperlink("deploy", "https://docs.clan.lol/guides/getting-started/update")} """ ), formatter_class=argparse.RawTextHelpFormatter, diff --git a/pkgs/clan-cli/clan_cli/machines/cli.py b/pkgs/clan-cli/clan_cli/machines/cli.py index 708291dfe..e3575638d 100644 --- a/pkgs/clan-cli/clan_cli/machines/cli.py +++ b/pkgs/clan-cli/clan_cli/machines/cli.py @@ -47,7 +47,7 @@ Examples: $ clan machines update machine1 machine2 --tags production Will update only machine1 and machine2 if they both have the "production" tag. -For more detailed information, visit: https://docs.clan.lol/guides/getting-started/deploy +For more detailed information, visit: https://docs.clan.lol/guides/getting-started/update """ ), formatter_class=argparse.RawTextHelpFormatter, @@ -133,8 +133,8 @@ Examples: Will install the specified machine [MACHINE] to the host exposed by the deployment information of the [JSON] deployment string. -For information on how to set up the installer see: https://docs.clan.lol/guides/getting-started/installer/ -For more detailed information, visit: https://docs.clan.lol/guides/getting-started/deploy +For information on how to set up the installer see: https://docs.clan.lol/guides/getting-started/create-installer/ +For more detailed information, visit: https://docs.clan.lol/guides/getting-started/hardware-report-physical """ ), formatter_class=argparse.RawTextHelpFormatter, diff --git a/pkgs/clan-cli/clan_lib/machines/install.py b/pkgs/clan-cli/clan_lib/machines/install.py index ce43d8c04..f0393fdce 100644 --- a/pkgs/clan-cli/clan_lib/machines/install.py +++ b/pkgs/clan-cli/clan_lib/machines/install.py @@ -13,7 +13,7 @@ from clan_lib.api import API from clan_lib.cmd import Log, RunOpts, run from clan_lib.machines.machines import Machine from clan_lib.nix import nix_shell -from clan_lib.ssh.create import create_nixos_anywhere_ssh_key +from clan_lib.ssh.create import create_secret_key_nixos_anywhere from clan_lib.ssh.remote import Remote log = logging.getLogger(__name__) @@ -122,7 +122,7 @@ def run_machine_install(opts: InstallOptions, target_host: Remote) -> None: # The kexec phase requires an authorized key, and if not specified, # nixos-anywhere defaults to a key in a temporary directory. if opts.anywhere_priv_key is None: - key_pair = create_nixos_anywhere_ssh_key() + key_pair = create_secret_key_nixos_anywhere() opts.anywhere_priv_key = key_pair.private cmd += ["-i", str(opts.anywhere_priv_key)] diff --git a/pkgs/clan-cli/clan_lib/machines/machines.py b/pkgs/clan-cli/clan_lib/machines/machines.py index 179fc055a..96bf57cc4 100644 --- a/pkgs/clan-cli/clan_lib/machines/machines.py +++ b/pkgs/clan-cli/clan_lib/machines/machines.py @@ -133,7 +133,7 @@ class Machine: msg = f"'targetHost' is not set for machine '{self.name}'" raise ClanError( msg, - description="See https://docs.clan.lol/guides/getting-started/deploy/#setting-the-target-host for more information.", + description="See https://docs.clan.lol/guides/getting-started/update/#setting-the-target-host for more information.", ) data = remote.data return data diff --git a/pkgs/clan-cli/clan_lib/ssh/create.py b/pkgs/clan-cli/clan_lib/ssh/create.py index e80971ff2..1239d5ee2 100644 --- a/pkgs/clan-cli/clan_lib/ssh/create.py +++ b/pkgs/clan-cli/clan_lib/ssh/create.py @@ -2,7 +2,6 @@ import logging from dataclasses import dataclass from pathlib import Path -from clan_lib.api import API from clan_lib.cmd import Log, RunOpts, run from clan_lib.dirs import user_nixos_anywhere_dir @@ -15,8 +14,7 @@ class SSHKeyPair: public: Path -@API.register -def create_nixos_anywhere_ssh_key() -> SSHKeyPair: +def create_secret_key_nixos_anywhere() -> SSHKeyPair: """ Create a new SSH key pair for NixOS Anywhere. The keys are stored in ~/.config/clan/nixos-anywhere/keys/id_ed25519 and id_ed25519.pub. diff --git a/pkgs/clan-cli/clan_lib/ssh/create_test.py b/pkgs/clan-cli/clan_lib/ssh/create_test.py index 5cc6c51ca..3d76a31f2 100644 --- a/pkgs/clan-cli/clan_lib/ssh/create_test.py +++ b/pkgs/clan-cli/clan_lib/ssh/create_test.py @@ -1,10 +1,10 @@ from pathlib import Path -from clan_lib.ssh.create import create_nixos_anywhere_ssh_key +from clan_lib.ssh.create import create_secret_key_nixos_anywhere def test_clan_generate_sshkeys(temporary_home: Path) -> None: - keypair = create_nixos_anywhere_ssh_key() + keypair = create_secret_key_nixos_anywhere() assert keypair.private.exists() assert keypair.public.exists() @@ -22,7 +22,7 @@ def test_clan_generate_sshkeys(temporary_home: Path) -> None: assert "PRIVATE KEY" in keypair.private.read_text() assert "ssh-ed25519" in keypair.public.read_text() - new_keypair = create_nixos_anywhere_ssh_key() + new_keypair = create_secret_key_nixos_anywhere() assert new_keypair.private == keypair.private assert new_keypair.public == keypair.public