diff --git a/checks/impure/flake-module.nix b/checks/impure/flake-module.nix index 9add525bf..d8018061b 100644 --- a/checks/impure/flake-module.nix +++ b/checks/impure/flake-module.nix @@ -5,9 +5,13 @@ check-clan-template = pkgs.writeShellScriptBin "check-clan-template" '' #!${pkgs.bash}/bin/bash set -euo pipefail + export TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) trap "${pkgs.coreutils}/bin/chmod -R +w '$TMPDIR'; ${pkgs.coreutils}/bin/rm -rf '$TMPDIR'" EXIT + export PATH="${lib.makeBinPath [ + pkgs.coreutils + pkgs.curl pkgs.gitMinimal pkgs.gnugrep pkgs.jq @@ -35,6 +39,9 @@ echo check machine1 appears in nixosConfigurations nix flake show --json | jq '.nixosConfigurations' | grep -q machine1 + + echo check machine1 jsonschema can be evaluated + nix eval .#nixosConfigurations.machine1.config.clanSchema ''; }; in diff --git a/lib/build-clan/default.nix b/lib/build-clan/default.nix index 4da48dafd..6539a366c 100644 --- a/lib/build-clan/default.nix +++ b/lib/build-clan/default.nix @@ -1,4 +1,4 @@ -{ nixpkgs, clan, lib }: +{ nixpkgs, self, lib }: { directory # The directory containing the machines subdirectory , specialArgs ? { } # Extra arguments to pass to nixosSystem i.e. useful to make self available , machines ? { } # allows to include machine-specific modules i.e. machines.${name} = { ... } @@ -18,9 +18,12 @@ let (name: _: nixpkgs.lib.nixosSystem { modules = [ - clan.nixosModules.clanCore + self.nixosModules.clanCore (machineSettings name) (machines.${name} or { }) + { clanCore.clanDir = directory; } + # TODO: remove this once we have a hardware-config mechanism + { nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } ]; specialArgs = specialArgs; }) diff --git a/lib/default.nix b/lib/default.nix index 89ac0cc3f..dcd09edb7 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,4 +1,4 @@ -{ lib, clan, nixpkgs, ... }: +{ lib, self, nixpkgs, ... }: { findNixFiles = folder: lib.mapAttrs' @@ -14,5 +14,5 @@ jsonschema = import ./jsonschema { inherit lib; }; - buildClan = import ./build-clan { inherit lib clan nixpkgs; }; + buildClan = import ./build-clan { inherit lib self nixpkgs; }; } diff --git a/lib/flake-module.nix b/lib/flake-module.nix index 13855fbc6..1062e92c1 100644 --- a/lib/flake-module.nix +++ b/lib/flake-module.nix @@ -1,5 +1,6 @@ { lib , inputs +, self , ... }: { imports = [ @@ -7,6 +8,7 @@ ]; flake.lib = import ./default.nix { inherit lib; - inherit (inputs) nixpkgs clan; + inherit self; + inherit (inputs) nixpkgs; }; } diff --git a/nixosModules/clanCore/flake-module.nix b/nixosModules/clanCore/flake-module.nix index da8fa0e63..437f54874 100644 --- a/nixosModules/clanCore/flake-module.nix +++ b/nixosModules/clanCore/flake-module.nix @@ -1,8 +1,18 @@ { self, inputs, lib, ... }: { - flake.nixosModules.clanCore = { pkgs, ... }: { + flake.nixosModules.clanCore = { pkgs, options, ... }: { + imports = [ + ./secrets + ./zerotier.nix + inputs.sops-nix.nixosModules.sops + ]; + options.clanSchema = lib.mkOption { + type = lib.types.attrs; + description = "The json schema for the .clan options namespace"; + default = self.lib.jsonschema.parseOptions options.clan; + }; options.clanCore = { clanDir = lib.mkOption { - type = lib.types.str; + type = lib.types.either lib.types.path lib.types.str; description = '' the location of the flake repo, used to calculate the location of facts and secrets ''; @@ -23,10 +33,5 @@ utility outputs for clan management of this machine ''; }; - imports = [ - ./secrets - ./zerotier.nix - inputs.sops-nix.nixosModules.sops - ]; }; } diff --git a/nixosModules/clanCore/secrets/sops.nix b/nixosModules/clanCore/secrets/sops.nix index 7df0b31d2..2c1042f98 100644 --- a/nixosModules/clanCore/secrets/sops.nix +++ b/nixosModules/clanCore/secrets/sops.nix @@ -45,13 +45,17 @@ ''; sops.secrets = let + secretsDir = config.clanCore.clanDir + "/sops/secrets"; encryptedForThisMachine = name: type: let - symlink = config.clanCore.clanDir + "/sops/secrets/${name}/machines/${config.clanCore.machineName}"; + symlink = secretsDir + "/${name}/machines/${config.clanCore.machineName}"; in # WTF, nix bug, my symlink is in the nixos module detected as a directory also it works in the repl type == "directory" && (builtins.readFileType symlink == "directory" || builtins.readFileType symlink == "symlink"); - secrets = lib.filterAttrs encryptedForThisMachine (builtins.readDir (config.clanCore.clanDir + "/sops/secrets")); + secrets = + if !builtins.pathExists secretsDir + then { } + else lib.filterAttrs encryptedForThisMachine (builtins.readDir secretsDir); in builtins.mapAttrs (name: _: { diff --git a/pkgs/clan-cli/clan_cli/machines/create.py b/pkgs/clan-cli/clan_cli/machines/create.py index adc1ee9fa..54b70705a 100644 --- a/pkgs/clan-cli/clan_cli/machines/create.py +++ b/pkgs/clan-cli/clan_cli/machines/create.py @@ -6,6 +6,9 @@ from .folders import machine_folder def create_machine(name: str) -> None: folder = machine_folder(name) folder.mkdir(parents=True, exist_ok=True) + # create empty settings.json file inside the folder + with open(folder / "settings.json", "w") as f: + f.write("{}") def create_command(args: argparse.Namespace) -> None: diff --git a/pkgs/clan-cli/clan_cli/machines/delete.py b/pkgs/clan-cli/clan_cli/machines/delete.py index 20dc3c087..6fd5cf6ec 100644 --- a/pkgs/clan-cli/clan_cli/machines/delete.py +++ b/pkgs/clan-cli/clan_cli/machines/delete.py @@ -1,4 +1,5 @@ import argparse +import shutil from ..errors import ClanError from .folders import machine_folder @@ -7,7 +8,7 @@ from .folders import machine_folder def delete_command(args: argparse.Namespace) -> None: folder = machine_folder(args.host) if folder.exists(): - folder.rmdir() + shutil.rmtree(folder) else: raise ClanError(f"Machine {args.host} does not exist")