Merge pull request 'fixes for sops, buildClan, clanCore module, machines api' (#234) from DavHau-api-config into main

2023-09-02 16:39:29 +00:00
parent d30f640321 a56073b051
commit 16e1ca9a90
8 changed files with 40 additions and 15 deletions
--- a/checks/impure/flake-module.nix
+++ b/checks/impure/flake-module.nix
@@ -5,9 +5,13 @@
        check-clan-template = pkgs.writeShellScriptBin "check-clan-template" ''
          #!${pkgs.bash}/bin/bash
          set -euo pipefail
+
          export TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
          trap "${pkgs.coreutils}/bin/chmod -R +w '$TMPDIR'; ${pkgs.coreutils}/bin/rm -rf '$TMPDIR'" EXIT
+
          export PATH="${lib.makeBinPath [
+            pkgs.coreutils
+            pkgs.curl
            pkgs.gitMinimal
            pkgs.gnugrep
            pkgs.jq
@@ -35,6 +39,9 @@

          echo check machine1 appears in nixosConfigurations
          nix flake show --json | jq '.nixosConfigurations' | grep -q machine1
+
+          echo check machine1 jsonschema can be evaluated
+          nix eval .#nixosConfigurations.machine1.config.clanSchema
        '';
      };
    in
--- a/lib/build-clan/default.nix
+++ b/lib/build-clan/default.nix
@@ -1,4 +1,4 @@
-{ nixpkgs, clan, lib }:
+{ nixpkgs, self, lib }:
 { directory  # The directory containing the machines subdirectory
 , specialArgs ? { } # Extra arguments to pass to nixosSystem i.e. useful to make self available
 , machines ? { } # allows to include machine-specific modules i.e. machines.${name} = { ... }
@@ -18,9 +18,12 @@ let
    (name: _:
      nixpkgs.lib.nixosSystem {
        modules = [
-          clan.nixosModules.clanCore
+          self.nixosModules.clanCore
          (machineSettings name)
          (machines.${name} or { })
+          { clanCore.clanDir = directory; }
+          # TODO: remove this once we have a hardware-config mechanism
+          { nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; }
        ];
        specialArgs = specialArgs;
      })
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,4 +1,4 @@
-{ lib, clan, nixpkgs, ... }:
+{ lib, self, nixpkgs, ... }:
 {
  findNixFiles = folder:
    lib.mapAttrs'
@@ -14,5 +14,5 @@

  jsonschema = import ./jsonschema { inherit lib; };

-  buildClan = import ./build-clan { inherit lib clan nixpkgs; };
+  buildClan = import ./build-clan { inherit lib self nixpkgs; };
 }
--- a/lib/flake-module.nix
+++ b/lib/flake-module.nix
@@ -1,5 +1,6 @@
 { lib
 , inputs
+, self
 , ...
 }: {
  imports = [
@@ -7,6 +8,7 @@
  ];
  flake.lib = import ./default.nix {
    inherit lib;
-    inherit (inputs) nixpkgs clan;
+    inherit self;
+    inherit (inputs) nixpkgs;
  };
 }
--- a/nixosModules/clanCore/flake-module.nix
+++ b/nixosModules/clanCore/flake-module.nix
@@ -1,8 +1,18 @@
 { self, inputs, lib, ... }: {
-  flake.nixosModules.clanCore = { pkgs, ... }: {
+  flake.nixosModules.clanCore = { pkgs, options, ... }: {
+    imports = [
+      ./secrets
+      ./zerotier.nix
+      inputs.sops-nix.nixosModules.sops
+    ];
+    options.clanSchema = lib.mkOption {
+      type = lib.types.attrs;
+      description = "The json schema for the .clan options namespace";
+      default = self.lib.jsonschema.parseOptions options.clan;
+    };
    options.clanCore = {
      clanDir = lib.mkOption {
-        type = lib.types.str;
+        type = lib.types.either lib.types.path lib.types.str;
        description = ''
          the location of the flake repo, used to calculate the location of facts and secrets
        '';
@@ -23,10 +33,5 @@
        utility outputs for clan management of this machine
      '';
    };
-    imports = [
-      ./secrets
-      ./zerotier.nix
-      inputs.sops-nix.nixosModules.sops
-    ];
  };
 }
--- a/nixosModules/clanCore/secrets/sops.nix
+++ b/nixosModules/clanCore/secrets/sops.nix
@@ -45,13 +45,17 @@
    '';
    sops.secrets =
      let
+        secretsDir = config.clanCore.clanDir + "/sops/secrets";
        encryptedForThisMachine = name: type:
          let
-            symlink = config.clanCore.clanDir + "/sops/secrets/${name}/machines/${config.clanCore.machineName}";
+            symlink = secretsDir + "/${name}/machines/${config.clanCore.machineName}";
          in
          # WTF, nix bug, my symlink is in the nixos module detected as a directory also it works in the repl
          type == "directory" && (builtins.readFileType symlink == "directory" || builtins.readFileType symlink == "symlink");
-        secrets = lib.filterAttrs encryptedForThisMachine (builtins.readDir (config.clanCore.clanDir + "/sops/secrets"));
+        secrets =
+          if !builtins.pathExists secretsDir
+          then { }
+          else lib.filterAttrs encryptedForThisMachine (builtins.readDir secretsDir);
      in
      builtins.mapAttrs
        (name: _: {
--- a/pkgs/clan-cli/clan_cli/machines/create.py
+++ b/pkgs/clan-cli/clan_cli/machines/create.py
@@ -6,6 +6,9 @@ from .folders import machine_folder
 def create_machine(name: str) -> None:
    folder = machine_folder(name)
    folder.mkdir(parents=True, exist_ok=True)
+    # create empty settings.json file inside the folder
+    with open(folder / "settings.json", "w") as f:
+        f.write("{}")


 def create_command(args: argparse.Namespace) -> None:
--- a/pkgs/clan-cli/clan_cli/machines/delete.py
+++ b/pkgs/clan-cli/clan_cli/machines/delete.py
@@ -1,4 +1,5 @@
 import argparse
+import shutil

 from ..errors import ClanError
 from .folders import machine_folder
@@ -7,7 +8,7 @@ from .folders import machine_folder
 def delete_command(args: argparse.Namespace) -> None:
    folder = machine_folder(args.host)
    if folder.exists():
-        folder.rmdir()
+        shutil.rmtree(folder)
    else:
        raise ClanError(f"Machine {args.host} does not exist")