From 03808d9fbcb8500d4e672e0d149be5fa373b4d32 Mon Sep 17 00:00:00 2001 From: DavHau Date: Sat, 2 Sep 2023 18:24:34 +0200 Subject: [PATCH 1/6] buildClan: fix missing argument clan --- lib/default.nix | 4 ++-- lib/flake-module.nix | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/default.nix b/lib/default.nix index 89ac0cc3f..dcd09edb7 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,4 +1,4 @@ -{ lib, clan, nixpkgs, ... }: +{ lib, self, nixpkgs, ... }: { findNixFiles = folder: lib.mapAttrs' @@ -14,5 +14,5 @@ jsonschema = import ./jsonschema { inherit lib; }; - buildClan = import ./build-clan { inherit lib clan nixpkgs; }; + buildClan = import ./build-clan { inherit lib self nixpkgs; }; } diff --git a/lib/flake-module.nix b/lib/flake-module.nix index 13855fbc6..1062e92c1 100644 --- a/lib/flake-module.nix +++ b/lib/flake-module.nix @@ -1,5 +1,6 @@ { lib , inputs +, self , ... }: { imports = [ @@ -7,6 +8,7 @@ ]; flake.lib = import ./default.nix { inherit lib; - inherit (inputs) nixpkgs clan; + inherit self; + inherit (inputs) nixpkgs; }; } From ac7e3f6407e9cedc69d0b3114d1b76e7730b2667 Mon Sep 17 00:00:00 2001 From: DavHau Date: Sat, 2 Sep 2023 18:25:27 +0200 Subject: [PATCH 2/6] sops: fix module to accept missing ./sops dir --- nixosModules/clanCore/secrets/sops.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/nixosModules/clanCore/secrets/sops.nix b/nixosModules/clanCore/secrets/sops.nix index 7df0b31d2..2c1042f98 100644 --- a/nixosModules/clanCore/secrets/sops.nix +++ b/nixosModules/clanCore/secrets/sops.nix @@ -45,13 +45,17 @@ ''; sops.secrets = let + secretsDir = config.clanCore.clanDir + "/sops/secrets"; encryptedForThisMachine = name: type: let - symlink = config.clanCore.clanDir + "/sops/secrets/${name}/machines/${config.clanCore.machineName}"; + symlink = secretsDir + "/${name}/machines/${config.clanCore.machineName}"; in # WTF, nix bug, my symlink is in the nixos module detected as a directory also it works in the repl type == "directory" && (builtins.readFileType symlink == "directory" || builtins.readFileType symlink == "symlink"); - secrets = lib.filterAttrs encryptedForThisMachine (builtins.readDir (config.clanCore.clanDir + "/sops/secrets")); + secrets = + if !builtins.pathExists secretsDir + then { } + else lib.filterAttrs encryptedForThisMachine (builtins.readDir secretsDir); in builtins.mapAttrs (name: _: { From 75cfd8494982675e51a596e72cdc578f63eea21e Mon Sep 17 00:00:00 2001 From: DavHau Date: Sat, 2 Sep 2023 18:26:45 +0200 Subject: [PATCH 3/6] buildClan: set clanCore.directory and hostPlatform --- lib/build-clan/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/build-clan/default.nix b/lib/build-clan/default.nix index 4da48dafd..6539a366c 100644 --- a/lib/build-clan/default.nix +++ b/lib/build-clan/default.nix @@ -1,4 +1,4 @@ -{ nixpkgs, clan, lib }: +{ nixpkgs, self, lib }: { directory # The directory containing the machines subdirectory , specialArgs ? { } # Extra arguments to pass to nixosSystem i.e. useful to make self available , machines ? { } # allows to include machine-specific modules i.e. machines.${name} = { ... } @@ -18,9 +18,12 @@ let (name: _: nixpkgs.lib.nixosSystem { modules = [ - clan.nixosModules.clanCore + self.nixosModules.clanCore (machineSettings name) (machines.${name} or { }) + { clanCore.clanDir = directory; } + # TODO: remove this once we have a hardware-config mechanism + { nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } ]; specialArgs = specialArgs; }) From a0d1b09b1da1f5a2165b9e4ee9c5c6e05925c615 Mon Sep 17 00:00:00 2001 From: DavHau Date: Sat, 2 Sep 2023 18:28:31 +0200 Subject: [PATCH 4/6] clanCore module: add clanSchema top level option --- checks/impure/flake-module.nix | 7 +++++++ nixosModules/clanCore/flake-module.nix | 19 ++++++++++++------- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/checks/impure/flake-module.nix b/checks/impure/flake-module.nix index 9add525bf..d8018061b 100644 --- a/checks/impure/flake-module.nix +++ b/checks/impure/flake-module.nix @@ -5,9 +5,13 @@ check-clan-template = pkgs.writeShellScriptBin "check-clan-template" '' #!${pkgs.bash}/bin/bash set -euo pipefail + export TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) trap "${pkgs.coreutils}/bin/chmod -R +w '$TMPDIR'; ${pkgs.coreutils}/bin/rm -rf '$TMPDIR'" EXIT + export PATH="${lib.makeBinPath [ + pkgs.coreutils + pkgs.curl pkgs.gitMinimal pkgs.gnugrep pkgs.jq @@ -35,6 +39,9 @@ echo check machine1 appears in nixosConfigurations nix flake show --json | jq '.nixosConfigurations' | grep -q machine1 + + echo check machine1 jsonschema can be evaluated + nix eval .#nixosConfigurations.machine1.config.clanSchema ''; }; in diff --git a/nixosModules/clanCore/flake-module.nix b/nixosModules/clanCore/flake-module.nix index da8fa0e63..437f54874 100644 --- a/nixosModules/clanCore/flake-module.nix +++ b/nixosModules/clanCore/flake-module.nix @@ -1,8 +1,18 @@ { self, inputs, lib, ... }: { - flake.nixosModules.clanCore = { pkgs, ... }: { + flake.nixosModules.clanCore = { pkgs, options, ... }: { + imports = [ + ./secrets + ./zerotier.nix + inputs.sops-nix.nixosModules.sops + ]; + options.clanSchema = lib.mkOption { + type = lib.types.attrs; + description = "The json schema for the .clan options namespace"; + default = self.lib.jsonschema.parseOptions options.clan; + }; options.clanCore = { clanDir = lib.mkOption { - type = lib.types.str; + type = lib.types.either lib.types.path lib.types.str; description = '' the location of the flake repo, used to calculate the location of facts and secrets ''; @@ -23,10 +33,5 @@ utility outputs for clan management of this machine ''; }; - imports = [ - ./secrets - ./zerotier.nix - inputs.sops-nix.nixosModules.sops - ]; }; } From 2a11b1c5d1dfa90c505b2e470bd363a9473b3b85 Mon Sep 17 00:00:00 2001 From: DavHau Date: Sat, 2 Sep 2023 18:29:12 +0200 Subject: [PATCH 5/6] machines api: always create empty settings.json --- pkgs/clan-cli/clan_cli/machines/create.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/clan-cli/clan_cli/machines/create.py b/pkgs/clan-cli/clan_cli/machines/create.py index adc1ee9fa..54b70705a 100644 --- a/pkgs/clan-cli/clan_cli/machines/create.py +++ b/pkgs/clan-cli/clan_cli/machines/create.py @@ -6,6 +6,9 @@ from .folders import machine_folder def create_machine(name: str) -> None: folder = machine_folder(name) folder.mkdir(parents=True, exist_ok=True) + # create empty settings.json file inside the folder + with open(folder / "settings.json", "w") as f: + f.write("{}") def create_command(args: argparse.Namespace) -> None: From a56073b0519264aae0b9af01f2a1540b140fb363 Mon Sep 17 00:00:00 2001 From: DavHau Date: Sat, 2 Sep 2023 18:37:40 +0200 Subject: [PATCH 6/6] machines delete: fix - delete all existing files --- pkgs/clan-cli/clan_cli/machines/delete.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/clan-cli/clan_cli/machines/delete.py b/pkgs/clan-cli/clan_cli/machines/delete.py index 20dc3c087..6fd5cf6ec 100644 --- a/pkgs/clan-cli/clan_cli/machines/delete.py +++ b/pkgs/clan-cli/clan_cli/machines/delete.py @@ -1,4 +1,5 @@ import argparse +import shutil from ..errors import ClanError from .folders import machine_folder @@ -7,7 +8,7 @@ from .folders import machine_folder def delete_command(args: argparse.Namespace) -> None: folder = machine_folder(args.host) if folder.exists(): - folder.rmdir() + shutil.rmtree(folder) else: raise ClanError(f"Machine {args.host} does not exist")