yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Chore: init settings submdule, move clanDir into settings submodule

Browse Source
This commit is contained in:
Johannes Kirschbauer
2024-12-31 14:08:25 +01:00
parent 5ba0dff53a
commit 318a4f2d86
31 changed files with 111 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
checks/backups/flake-module.nix
View File

@@ -147,7 +147,7 @@
self.nixosModules.test-backup
];
virtualisation.emptyDiskImages = [ 256 ];
clan.core.clanDir = ./.;
clan.core.settings.directory = ./.;
};
testScript = ''

2
checks/borgbackup/default.nix
View File

@@ -17,7 +17,7 @@
}
{
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
clan.core.settings.directory = ./.;
clan.core.state.testState.folders = [ "/etc/state" ];
environment.etc.state.text = "hello world";
systemd.tmpfiles.settings."vmsecrets" = {

2
checks/deltachat/default.nix
View File

@@ -11,7 +11,7 @@
self.nixosModules.clanCore
{
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
clan.core.settings.directory = ./.;
}
];
};

2
checks/matrix-synapse/default.nix
View File

@@ -16,7 +16,7 @@
self.nixosModules.clanCore
{
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
clan.core.settings.directory = ./.;
services.nginx.virtualHosts."matrix.clan.test" = {
enableACME = lib.mkForce false;

18
checks/mumble/default.nix
View File

@@ -12,7 +12,7 @@
self.nixosModules.clanCore
(self.inputs.nixpkgs + "/nixos/tests/common/x11.nix")
{
clan.core.clanDir = ./.;
clan.core.settings.directory = ./.;
environment.systemPackages = [ pkgs.killall ];
clan.core.facts.services.mumble.secret."mumble-key".path = "/etc/mumble-key";
clan.core.facts.services.mumble.public."mumble-cert".path = "/etc/mumble-cert";
@@ -111,12 +111,12 @@
with subtest("Wait for certificate creation"):
peer1.wait_for_window(r"^Mumble$")
peer1.sleep(3) # mumble is slow to register handlers
peer1.send_chars("\n")
peer1.send_chars("\n")
peer1.send_chars("\n")
peer1.send_chars("\n")
peer2.wait_for_window(r"^Mumble$")
peer2.sleep(3) # mumble is slow to register handlers
peer2.send_chars("\n")
peer2.send_chars("\n")
peer2.send_chars("\n")
peer2.send_chars("\n")
with subtest("Wait for server connect"):
peer1.wait_for_window(r"^Mumble Server Connect$")
@@ -128,8 +128,8 @@
peer1.execute("mumble mumble://peer2 >&2 &")
peer1.wait_for_window(r"^Mumble$")
peer1.sleep(3) # mumble is slow to register handlers
peer1.send_chars("\n")
peer1.send_chars("\n")
peer1.send_chars("\n")
peer1.send_chars("\n")
peer1.wait_for_text("Connected.")
peer2.execute("killall .mumble-wrapped")
@@ -137,8 +137,8 @@
peer2.execute("mumble mumble://peer1 >&2 &")
peer2.wait_for_window(r"^Mumble$")
peer2.sleep(3) # mumble is slow to register handlers
peer2.send_chars("\n")
peer2.send_chars("\n")
peer2.send_chars("\n")
peer2.send_chars("\n")
peer2.wait_for_text("Connected.")
'';
}

2
checks/nixos-documentation/flake-module.nix
View File

@@ -8,7 +8,7 @@ let
self.nixosModules.clanCore
# This is the only option that is not part of the
# module because it is usually set by flake-parts
{ clan.core.clanDir = ./.; }
{ clan.core.settings.directory = ./.; }
];
};
in

2
checks/postgresql/default.nix
View File

@@ -13,7 +13,7 @@
clan.postgresql.databases.test.create.options.OWNER = "test";
clan.postgresql.databases.test.restore.stopOnRestore = [ "sample-service" ];
clan.localbackup.targets.hdd.directory = "/mnt/external-disk";
clan.core.clanDir = ./.;
clan.core.settings.directory = ./.;
systemd.services.sample-service = {
wantedBy = [ "multi-user.target" ];

2
checks/secrets/default.nix
View File

@@ -10,7 +10,7 @@
environment.etc."group-secret".source = config.sops.secrets.group-secret.path;
sops.age.keyFile = "/etc/privkey.age";
clan.core.clanDir = "${./.}";
clan.core.settings.directory = "${./.}";
clan.core.machineName = "machine";
networking.hostName = "machine";

6
checks/syncthing/default.nix
View File

@@ -13,7 +13,7 @@
self.nixosModules.clanCore
{
clan.core.machineName = "introducer";
clan.core.clanDir = ./.;
clan.core.settings.directory = ./.;
environment.etc = {
"syncthing.pam".source = ./introducer/introducer_test_cert;
"syncthing.key".source = ./introducer/introducer_test_key;
@@ -54,7 +54,7 @@
self.nixosModules.clanCore
{
clan.core.machineName = "peer1";
clan.core.clanDir = ./.;
clan.core.settings.directory = ./.;
clan.syncthing.introducer = lib.strings.removeSuffix "\n" (
builtins.readFile ./introducer/introducer_device_id
);
@@ -76,7 +76,7 @@
self.nixosModules.clanCore
{
clan.core.machineName = "peer2";
clan.core.clanDir = ./.;
clan.core.settings.directory = ./.;
clan.syncthing.introducer = lib.strings.removeSuffix "\n" (
builtins.readFile ./introducer/introducer_device_id
);

2
checks/wayland-proxy-virtwl/default.nix
View File

@@ -15,7 +15,7 @@ import ../lib/test-base.nix (
self.nixosModules.clanCore
{
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
clan.core.settings.directory = ./.;
}
];
services.wayland-proxy-virtwl.enable = true;

2
checks/zt-tcp-relay/default.nix
View File

@@ -11,7 +11,7 @@
self.clanModules.zt-tcp-relay
{
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
clan.core.settings.directory = ./.;
}
];
};

4
clanModules/borgbackup-static/default.nix
View File

@@ -1,7 +1,7 @@
{ lib, config, ... }:
let
clanDir = config.clan.core.clanDir;
machineDir = clanDir + "/machines/";
dir = config.clan.core.settings.directory;
machineDir = dir + "/machines/";
in
{
imports = [ ../borgbackup ];

4
clanModules/borgbackup/roles/server.nix
View File

@@ -1,7 +1,7 @@
{ config, lib, ... }:
let
clanDir = config.clan.core.clanDir;
machineDir = clanDir + "/machines/";
dir = config.clan.core.settings.directory;
machineDir = dir + "/machines/";
inherit (config.clan.core) machineName;
# Instances might be empty, if the module is not used via the inventory

4
clanModules/mumble/default.nix
View File

@@ -5,8 +5,8 @@
...
}:
let
clanDir = config.clan.core.clanDir;
machineDir = clanDir + "/machines/";
dir = config.clan.core.settings.directory;
machineDir = dir + "/machines/";
machinesFileSet = builtins.readDir machineDir;
machines = lib.mapAttrsToList (name: _: name) machinesFileSet;
machineJson = builtins.toJSON machines;

4
clanModules/mumble/test.nix
View File

@@ -10,7 +10,7 @@ pkgs.nixosTest {
{
config = {
clan.core.machineName = "peer1";
clan.core.clanDir = ./.;
clan.core.settings.directory = ./.;
documentation.enable = false;
};
@@ -27,7 +27,7 @@ pkgs.nixosTest {
config = {
clan.core.machineName = "peer2";
clan.core.clanDir = ./.;
clan.core.settings.directory = ./.;
documentation.enable = false;
};

4
clanModules/static-hosts/default.nix
View File

@@ -16,8 +16,8 @@
config.networking.hosts =
let
clanDir = config.clan.core.clanDir;
machineDir = clanDir + "/machines/";
dir = config.clan.core.settings.directory;
machineDir = dir + "/machines/";
zerotierIpMachinePath = machines: machineDir + machines + "/facts/zerotier-ip";
machinesFileSet = builtins.readDir machineDir;
machines = lib.mapAttrsToList (name: _: name) machinesFileSet;

4
clanModules/syncthing-static-peers/default.nix
View File

@@ -5,8 +5,8 @@
...
}:
let
clanDir = config.clan.core.clanDir;
machineDir = clanDir + "/machines/";
dir = config.clan.core.settings.directory;
machineDir = dir + "/machines/";
syncthingPublicKeyPath = machines: machineDir + machines + "/facts/syncthing.pub";
machinesFileSet = builtins.readDir machineDir;
machines = lib.mapAttrsToList (name: _: name) machinesFileSet;

4
clanModules/zerotier-static-peers/default.nix
View File

@@ -5,8 +5,8 @@
...
}:
let
clanDir = config.clan.core.clanDir;
machineDir = clanDir + "/machines/";
dir = config.clan.core.settings.directory;
machineDir = dir + "/machines/";
machinesFileSet = builtins.readDir machineDir;
machines = lib.mapAttrsToList (name: _: name) machinesFileSet;

6
clanModules/zerotier/roles/controller.nix
View File

@@ -22,10 +22,12 @@ in
machines = uniqueStrings (roles.moon.machines ++ roles.controller.machines ++ roles.peer.machines);
networkIps = builtins.foldl' (
ips: name:
if builtins.pathExists "${config.clan.core.clanDir}/machines/${name}/facts/zerotier-ip" then
if
builtins.pathExists "${config.clan.core.settings.directory}/machines/${name}/facts/zerotier-ip"
then
ips
++ [
(builtins.readFile "${config.clan.core.clanDir}/machines/${name}/facts/zerotier-ip")
(builtins.readFile "${config.clan.core.settings.directory}/machines/${name}/facts/zerotier-ip")
]
else
ips

8
clanModules/zerotier/shared.nix
View File

@@ -10,15 +10,17 @@ let
zeroTierInstance = config.clan.inventory.services.zerotier.${instanceName};
roles = zeroTierInstance.roles;
controllerMachine = builtins.head roles.controller.machines;
networkIdPath = "${config.clan.core.clanDir}/machines/${controllerMachine}/facts/zerotier-network-id";
networkIdPath = "${config.clan.core.settings.directory}/machines/${controllerMachine}/facts/zerotier-network-id";
networkId = if builtins.pathExists networkIdPath then builtins.readFile networkIdPath else null;
moons = roles.moon.machines;
moonIps = builtins.foldl' (
ips: name:
if builtins.pathExists "${config.clan.core.clanDir}/machines/${name}/facts/zerotier-ip" then
if
builtins.pathExists "${config.clan.core.settings.directory}/machines/${name}/facts/zerotier-ip"
then
ips
++ [
(builtins.readFile "${config.clan.core.clanDir}/machines/${name}/facts/zerotier-ip")
(builtins.readFile "${config.clan.core.settings.directory}/machines/${name}/facts/zerotier-ip")
]
else
ips

2
docs/site/getting-started/backups.md
View File

@@ -116,7 +116,7 @@ On the server where backups will be stored, enable the SSH daemon and set up a r
services.borgbackup.repos.myhostname = {
path = "/var/lib/borgbackup/myhostname";
authorizedKeys = [
(builtins.readFile (config.clan.core.clanDir + "/machines/myhostname/facts/borgbackup.ssh.pub"))
(builtins.readFile (config.clan.core.settings.directory + "/machines/myhostname/facts/borgbackup.ssh.pub"))
];
};
}

8
docs/site/getting-started/mesh-vpn.md
View File

@@ -10,7 +10,7 @@ include a new machine into the VPN.
By default all machines within one clan are connected via a chosen network technology.
```{.no-copy}
Clan
Clan
Node A
<-> (zerotier / mycelium / ...)
Node B
@@ -48,7 +48,7 @@ To introduce a new machine to the VPN, adhere to the following steps:
configuration, substituting `<CONTROLLER>` with the controller machine name:
```nix
{ config, ... }: {
clan.core.networking.zerotier.networkId = builtins.readFile (config.clan.core.clanDir + "/machines/<CONTROLLER>/facts/zerotier-network-id");
clan.core.networking.zerotier.networkId = builtins.readFile (config.clan.core.settings.directory + "/machines/<CONTROLLER>/facts/zerotier-network-id");
}
```
1. **Update the New Machine**: Execute:
@@ -73,13 +73,13 @@ To introduce a new machine to the VPN, adhere to the following steps:
```bash
$ sudo zerotier-cli info
```
Example Output:
Example Output:
```{.console, .no-copy}
200 info d2c71971db 1.12.1 OFFLINE
```
, where `d2c71971db` is the ZeroTier ID.
2. **Authorize the New Machine on the Controller**: On the controller machine,
execute:

5
lib/build-clan/module.nix
View File

@@ -80,7 +80,10 @@ let
(
{
# Settings
clan.core.clanDir = directory;
clan.core.settings = {
inherit directory;
};
# clan.core.settings.directory = directory;
# Inherited from clan wide settings
# TODO: remove these
clan.core.name = config.inventory.meta.name;

4
lib/eval-clan-modules/default.nix
View File

@@ -23,7 +23,7 @@ let
modules = [
baseModule
{
clan.core.clanDir = clan-core;
clan.core.settings.directory = clan-core;
}
clan-core.nixosModules.clanCore
] ++ modules;
@@ -75,7 +75,7 @@ let
baseModule
clan-core.nixosModules.clanCore
{
clan.core.clanDir = clan-core;
clan.core.settings.directory = clan-core;
}
# Role interface
(module + "/roles/${role}.nix")

6
nixosModules/clanCore/facts/compat.nix
View File

@@ -140,12 +140,12 @@
path to a fact which is generated by the generator
'';
default =
config.clan.core.clanDir
config.clan.core.settings.directory
+ "/machines/${config.clan.core.machineName}/facts/${fact.config._module.args.name}";
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config._module.args.name}";
defaultText = lib.literalExpression "\${config.clan.core.settings.directory}/machines/\${config.clan.core.machineName}/facts/\${fact.config._module.args.name}";
};
value = lib.mkOption {
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}";
defaultText = lib.literalExpression "\${config.clan.core.settings.directory}/\${fact.config.path}";
type = lib.types.nullOr lib.types.str;
default =
if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null;

7
nixosModules/clanCore/facts/default.nix
View File

@@ -219,15 +219,16 @@
description = ''
path to a fact which is generated by the generator
'';
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config.name}";
defaultText = lib.literalExpression "\${config.clan.core.settings.directory}/machines/\${config.clan.core.machineName}/facts/\${fact.config.name}";
default =
config.clan.core.clanDir + "/machines/${config.clan.core.machineName}/facts/${fact.config.name}";
config.clan.core.settings.directory
+ "/machines/${config.clan.core.machineName}/facts/${fact.config.name}";
};
value = lib.mkOption {
description = ''
The value of the public fact.
'';
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}";
defaultText = lib.literalExpression "\${config.clan.core.settings.directory}/\${fact.config.path}";
type = lib.types.nullOr lib.types.str;
default =
if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null;

8
nixosModules/clanCore/facts/secret/sops.nix
View File

@@ -5,8 +5,8 @@
...
}:
let
secretsDir = config.clan.core.clanDir + "/sops/secrets";
groupsDir = config.clan.core.clanDir + "/sops/groups";
secretsDir = config.clan.core.settings.directory + "/sops/secrets";
groupsDir = config.clan.core.settings.directory + "/sops/groups";
# My symlink is in the nixos module detected as a directory also it works in the repl. Is this because of pure evaluation?
containsSymlink =
@@ -42,7 +42,7 @@ in
clan.core.facts.secretModule = "clan_cli.facts.secret_modules.sops";
clan.core.facts.secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix";
sops.secrets = builtins.mapAttrs (name: _: {
sopsFile = config.clan.core.clanDir + "/sops/secrets/${name}/secret";
sopsFile = config.clan.core.settings.directory + "/sops/secrets/${name}/secret";
format = "binary";
}) secrets;
# To get proper error messages about missing secrets we need a dummy secret file that is always present
@@ -51,7 +51,7 @@ in
);
sops.age.keyFile = lib.mkIf (builtins.pathExists (
config.clan.core.clanDir + "/sops/secrets/${config.clan.core.machineName}-age.key/secret"
config.clan.core.settings.directory + "/sops/secrets/${config.clan.core.machineName}-age.key/secret"
)) (lib.mkDefault "/var/lib/sops-nix/key.txt");
};
}

47
nixosModules/clanCore/metadata.nix
View File

@@ -1,4 +1,7 @@
{ lib, pkgs, ... }:
let
inherit (lib) mkOption types;
in
{
imports = [
(lib.mkRemovedOptionModule [
@@ -11,8 +14,41 @@
"core"
"clanIcon"
] "clanIcon has been removed. Use clan.core.icon instead.")
(lib.mkRenamedOptionModule
[ "clan" "core" "clanDir" ]
[
"clan"
"core"
"settings"
"directory"
]
)
];
options.clan.core = {
settings = mkOption {
description = ''
Settings of the clan.
This is a read-only attribute-set available to the machines of the clan.
'';
type = types.submodule {
options = {
directory = lib.mkOption {
type = lib.types.path;
# documentation.nixos.extraModules = [
# ...
# clan-core.nixosModules.clanCore
# { clan.core.settings.directory = ./path/to/flake; }
# ];
description = ''
the location of the flake repo, used to calculate the location of facts and secrets
'';
};
};
};
};
name = lib.mkOption {
type = lib.types.str;
description = ''
@@ -43,17 +79,6 @@
the description of the machine
'';
};
clanDir = lib.mkOption {
type = lib.types.path;
# documentation.nixos.extraModules = [
# ...
# clan-core.nixosModules.clanCore
# { clan.core.clanDir = ./path/to/flake; }
# ];
description = ''
the location of the flake repo, used to calculate the location of facts and secrets
'';
};
machineName = lib.mkOption {
type = lib.types.str;
default = "nixos";

2
nixosModules/clanCore/nixos-facter.nix
View File

@@ -1,6 +1,6 @@
{ lib, config, ... }:
let
directory = config.clan.core.clanDir;
directory = config.clan.core.settings.directory;
inherit (config.clan.core) machineName;
facterJson = "${directory}/machines/${machineName}/facter.json";
hwConfig = "${directory}/machines/${machineName}/hardware-configuration.nix";

7
nixosModules/clanCore/vars/public/in_repo.nix
View File

@@ -13,10 +13,13 @@ in
fileModule = file: {
path = mkIf (file.config.secret == false) (
if file.config.share then
(config.clan.core.clanDir + "/vars/shared/${file.config.generatorName}/${file.config.name}/value")
(
config.clan.core.settings.directory
+ "/vars/shared/${file.config.generatorName}/${file.config.name}/value"
)
else
(
config.clan.core.clanDir
config.clan.core.settings.directory
+ "/vars/per-machine/${config.clan.core.machineName}/${file.config.generatorName}/${file.config.name}/value"
)
);

6
nixosModules/clanCore/vars/secret/sops/default.nix
View File

@@ -15,9 +15,9 @@ let
secretPath =
secret:
if secret.share then
config.clan.core.clanDir + "/vars/shared/${secret.generator}/${secret.name}/secret"
config.clan.core.settings.directory + "/vars/shared/${secret.generator}/${secret.name}/secret"
else
config.clan.core.clanDir
config.clan.core.settings.directory
+ "/vars/per-machine/${machineName}/${secret.generator}/${secret.name}/secret";
vars = collectFiles config.clan.core.vars;
@@ -53,7 +53,7 @@ in
lib.mkDefault (builtins.toString (pkgs.writeText "dummy.yaml" ""))
);
age.keyFile = lib.mkIf (builtins.pathExists (
config.clan.core.clanDir + "/sops/secrets/${machineName}-age.key/secret"
config.clan.core.settings.directory + "/sops/secrets/${machineName}-age.key/secret"
)) (lib.mkDefault "/var/lib/sops-nix/key.txt");
};
}