yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

lib/modules: move modules out of lib

Browse Source
This commit is contained in:
Johannes Kirschbauer
2025-10-21 19:35:50 +02:00
parent 0d088cac7e
commit 346e3d816a
42 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
modules/clan/computed-tags.nix Normal file
View File

@@ -0,0 +1,23 @@
{
lib,
...
}:
{
# Add the computed tags to machine tags for displaying them
inventory = {
tags = (
{ machines, ... }:
{
# Only compute the default value
# The option MUST be defined in inventoryClass/interface.nix
all = lib.mkDefault (builtins.attrNames machines);
nixos = lib.mkDefault (
builtins.attrNames (lib.filterAttrs (_n: m: m.machineClass == "nixos") machines)
);
darwin = lib.mkDefault (
builtins.attrNames (lib.filterAttrs (_n: m: m.machineClass == "darwin") machines)
);
}
);
};
}

12
modules/clan/default.nix Normal file
View File

@@ -0,0 +1,12 @@
{ clan-core }:
{
_class = "clan";
_module.args = {
inherit clan-core;
inherit (clan-core) clanLib;
};
imports = [
./module.nix
./interface.nix
];
}

4
modules/clan/flake-module.nix Normal file
View File

@@ -0,0 +1,4 @@
{ self, lib, ... }:
{
flake.modules.clan.default = lib.modules.importApply ./default.nix { clan-core = self; };
}

391
modules/clan/interface.nix Normal file
View File

@@ -0,0 +1,391 @@
{
lib,
clanLib,
self,
config,
# TODO: Use dependency injection to allow for testing
# inventoryInterface,
...
}:
let
types = lib.types;
checkType = types.attrsOf (
types.submodule {
# Skip entire evaluation of this check
options.ignore = lib.mkOption {
type = types.bool;
default = false;
description = "Ignores this check entirely";
};
# Can only be defined once
options.assertion = lib.mkOption {
type = types.bool;
readOnly = true;
description = ''
The assertion that must hold true.
If false, the message is shown.
'';
};
# Message shown when the assertion is false
options.message = lib.mkOption {
type = types.str;
description = "Message shown when the assertion is false";
};
# TODO: add severity levels?
# Fail, Warn, Log
}
);
in
{
options = {
_prefix = lib.mkOption {
type = types.listOf types.str;
internal = true;
visible = false;
default = [ ];
};
# id :: { assertion, message }
checks = lib.mkOption {
type = checkType;
default = { };
description = ''
Assertions that must hold true when evaluating the clan.
When the assertion fails, the message is shown and the evaluation is aborted.
'';
};
self = lib.mkOption {
type = types.raw;
default = self;
defaultText = "Reference to the current flake";
description = ''
This is used to import external clan modules.
'';
# Workaround for lib.clan
apply =
s:
if lib.isAttrs s then
s
// {
inputs = (s.inputs or { }) // {
self.clan = config;
};
}
else
s;
};
directory = lib.mkOption {
type = types.coercedTo lib.types.raw (
v:
if lib.isAttrs v then
lib.warn "It appears you set 'clan.directory = self'. Instead set 'clan.self = self'. 'clan.directory' expects a path" v
else if v == null then
throw "Please set either clan.self or clan.directory"
else
v
) lib.types.path;
default = builtins.toString self;
defaultText = "Root directory of the flake";
description = ''
The directory containing the clan.
A typical directory structure could look like this:
```
.
flake.nix
assets
machines
modules
sops
```
'';
};
# TODO: make this writable by moving the options from inventoryClass into clan.
exports = lib.mkOption {
readOnly = true;
visible = false;
internal = true;
};
exportsModule = lib.mkOption {
internal = true;
visible = false;
type = types.deferredModule;
default = {
options.networking = lib.mkOption {
default = null;
type = lib.types.nullOr (
lib.types.submodule {
options = {
priority = lib.mkOption {
type = lib.types.int;
default = 1000;
description = ''
priority with which this network should be tried.
higher priority means it gets used earlier in the chain
'';
};
module = lib.mkOption {
# type = lib.types.enum [
# "clan_lib.network.direct"
# "clan_lib.network.tor"
# ];
type = lib.types.str;
default = "clan_lib.network.direct";
description = ''
the technology this network uses to connect to the target
This is used for userspace networking with socks proxies.
'';
};
# should we call this machines? hosts?
peers = lib.mkOption {
# <name>
type = lib.types.attrsOf (
lib.types.submodule (
{ name, ... }:
{
options = {
name = lib.mkOption {
type = lib.types.str;
default = name;
};
SSHOptions = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
host = lib.mkOption {
description = '''';
type = lib.types.attrTag {
plain = lib.mkOption {
type = lib.types.str;
description = ''
a plain value, which can be read directly from the config
'';
};
var = lib.mkOption {
type = lib.types.submodule {
options = {
machine = lib.mkOption {
type = lib.types.str;
example = "jon";
};
generator = lib.mkOption {
type = lib.types.str;
example = "tor-ssh";
};
file = lib.mkOption {
type = lib.types.str;
example = "hostname";
};
};
};
};
};
};
};
}
)
);
};
};
}
);
};
};
description = ''
A module that is used to define the module of flake level exports -
such as 'exports.machines.<name>' and 'exports.instances.<name>'
Example:
```nix
{
options.vars.generators = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submoduleWith {
modules = [
{
options.script = lib.mkOption { type = lib.types.str; };
}
];
}
);
default = { };
};
}
```
'';
};
specialArgs = lib.mkOption {
type = types.attrsOf types.raw;
default = { };
description = "Extra arguments to pass to nixosSystem i.e. useful to make self available";
};
# Optional
machines = lib.mkOption {
type = types.attrsOf types.deferredModule;
default = { };
description = ''
A mapping of machine names to their nixos configuration.
???+ example
```nix
machines = {
my-machine = {
# Your nixos configuration
};
};
```
'';
};
modules = lib.mkOption {
# Correct type would be `types.attrsOf types.deferredModule` but that allows for
# Merging and transforms the value, which add eval overhead.
type = types.attrsOf types.raw;
default = { };
description = ''
An attribute set of exported modules.
'';
};
templates = lib.mkOption {
type = types.submodule { imports = [ ./templates.nix ]; };
default = { };
description = ''
Define Clan templates.
'';
};
inventory = lib.mkOption {
type = types.submoduleWith {
modules = [
clanLib.inventory.inventoryModule
];
};
description = ''
The `Inventory` submodule.
For details see the [Inventory](/reference/options/clan_inventory.md) documentation.
'';
};
# Meta
meta = lib.mkOption {
description = ''
Global information about the clan.
'';
type = types.deferredModuleWith {
staticModules = [ ../inventoryClass/meta-interface.nix ];
};
default = { };
};
secrets = lib.mkOption {
type = types.submodule { imports = [ ./secrets.nix ]; };
description = ''
Secrets related options such as AGE plugins required to encrypt/decrypt secrets using the CLI.
'';
default = { };
};
pkgsForSystem = lib.mkOption {
type = types.functionTo (types.nullOr types.attrs);
default = _system: null;
defaultText = "system: null";
description = ''
A function that maps from architecture to pkg. `( string -> pkgs )`
If specified this nixpkgs will be only imported once for each system.
This improves performance, but all `nixpkgs.*` options will be ignored.
Returning `null` for a system will fallback to the default behavior of respecting the `nixpkgs.*` options.
'';
};
# Outputs
darwinConfigurations = lib.mkOption {
# Hide from documentation.
# Exposed at the top-level of the flake, clan.darwinConfigurations should not used by the user.
# Instead, the user should use the `.#darwinConfigurations` attribute of the flake output.
visible = false;
type = types.lazyAttrsOf types.raw;
default = { };
};
nixosConfigurations = lib.mkOption {
# Hide from documentation.
# Exposed at the top-level of the flake, clan.nixosConfigurations should not used by the user.
# Instead, the user should use the `.#nixosConfigurations` attribute of the flake output.
visible = false;
type = types.lazyAttrsOf types.raw;
default = { };
};
nixosModules = lib.mkOption {
# Hide from documentation.
# Exposed at the top-level of the flake, clan.nixosModules should not used by the user.
# Instead, the user should use the `.#nixosModules` attribute of the flake output.
visible = false;
type = types.lazyAttrsOf types.raw;
default = { };
description = ''
NixOS modules that are generated by clan.
These are used to generate the `nixosConfigurations`.
'';
};
darwinModules = lib.mkOption {
# Hide from documentation.
# Exposed at the top-level of the flake, clan.darwinModules should not used by the user.
# Instead, the user should use the `.#darwinModules` attribute of the flake output.
visible = false;
type = types.lazyAttrsOf types.raw;
default = { };
description = ''
Darwin modules that are generated by clan.
These are used to generate the `darwinConfigurations`.
'';
};
# flake.clanInternals
clanInternals = lib.mkOption {
# Hide from documentation. Exposes internals to the cli.
visible = false;
# ClanInternals
type = types.submodule {
# Uncomment this if you want to add more stuff while debugging
# freeformType = types.attrsOf types.raw;
options = {
# Those options are interfaced by the CLI
# We don't specify the type here, for better performance.
# The machine 'imports' generated by the inventory per machine
inventoryClass = lib.mkOption {
type = types.submoduleWith {
modules = [ ];
};
};
secrets = lib.mkOption { type = lib.types.raw; };
templates = lib.mkOption { type = lib.types.raw; };
machines = lib.mkOption { type = lib.types.raw; };
};
};
};
};
}

271
modules/clan/module.nix Normal file
View File

@@ -0,0 +1,271 @@
{
config,
clan-core,
nixpkgs,
nix-darwin,
lib,
...
}:
let
inherit (lib)
mapAttrs'
;
inherit (config)
directory
inventory
pkgsForSystem
specialArgs
;
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"riscv64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
/*
An attrset with nixpkgs instantiated for each platform.
This is important, as:
1. We don't want to call `pkgsForSystem system` multiple times
2. We need to fall back to `nixpkgs.legacyPackages.${system}` in case pkgsForSystem returns null
*/
pkgsFor = lib.genAttrs supportedSystems (
system:
let
pkgs = pkgsForSystem system;
in
if pkgs != null then pkgs else nixpkgs.legacyPackages.${system}
);
inherit (clan-core) clanLib;
moduleSystemConstructor = {
# TODO: remove default system once we have a hardware-config mechanism
nixos = nixpkgs.lib.nixosSystem;
darwin = nix-darwin.lib.darwinSystem;
};
allMachines = config.clanInternals.inventoryClass.machines; # <- inventory.machines <- clan.machines
machineClasses = lib.mapAttrs (name: _: inventory.machines.${name}.machineClass) allMachines;
configurations = lib.mapAttrs (
name: _:
moduleSystemConstructor.${machineClasses.${name}} {
# ATTENTION!: Dont add any modules here.
# Add them to 'outputs.moduleForMachine.${name}' instead.
modules = [ (config.outputs.moduleForMachine.${name} or { }) ];
specialArgs = {
inherit clan-core;
}
// specialArgs;
}
) allMachines;
# Expose reusable modules these can be imported or wrapped or instantiated
# - by the user
# - by some test frameworks
# IMPORTANT!: It is utterly important that we don't add any logic outside of these modules, as it would get tested.
nixosModules' = lib.filterAttrs (name: _: inventory.machines.${name}.machineClass == "nixos") (
config.outputs.moduleForMachine
);
darwinModules' = lib.filterAttrs (name: _: inventory.machines.${name}.machineClass == "darwin") (
config.outputs.moduleForMachine
);
nixosModules = mapAttrs' (name: machineModule: {
name = "clan-machine-${name}";
value = machineModule;
}) nixosModules';
darwinModules = mapAttrs' (name: machineModule: {
name = "clan-machine-${name}";
value = machineModule;
}) darwinModules';
nixosConfigurations = lib.filterAttrs (name: _: machineClasses.${name} == "nixos") configurations;
darwinConfigurations = lib.filterAttrs (name: _: machineClasses.${name} == "darwin") configurations;
# This instantiates NixOS for each system that we support:
# configPerSystem = <system>.<machine>.nixosConfiguration
# We need this to build nixos secret generators for each system
configsPerSystem = builtins.listToAttrs (
builtins.map (
system:
lib.nameValuePair system (
lib.mapAttrs (
_: machine:
machine.extendModules {
modules = [
(lib.modules.importApply ../machineModules/overridePkgs.nix {
pkgs = pkgsFor.${system};
})
];
}
) configurations
)
) supportedSystems
);
in
{
imports = [
(
{ ... }:
let
file = "${directory}/inventory.json";
inventoryLoaded =
if builtins.pathExists file then (builtins.fromJSON (builtins.readFile file)) else { };
in
{
imports = [
{
inventory._inventoryFile = file;
}
];
# Weirdly this works only if it is a function
# This seems to be a bug in nixpkgs
inventory = _: lib.setDefaultModuleLocation file inventoryLoaded;
}
)
{
# Note: we use clanLib.fs here, so that we can override it in tests
inventory = lib.optionalAttrs (clanLib.fs.pathExists "${directory}/machines") ({
imports = lib.mapAttrsToList (name: _t: {
_file = "${directory}/machines/${name}";
machines.${name} = { };
}) ((lib.filterAttrs (_: t: t == "directory") (clanLib.fs.readDir "${directory}/machines")));
});
}
{
inventory.machines = lib.mapAttrs (_n: _: { }) config.machines;
}
# config.inventory.meta <- config.meta
# Set default for computed tags
./computed-tags.nix
];
options.outputs.moduleForMachine = lib.mkOption {
type = lib.types.attrsOf lib.types.deferredModule;
};
config = {
inventory.meta = config.meta;
outputs.moduleForMachine = lib.mkMerge [
# Create some modules for each machine
# These can depend on the 'name' and
# everything that can be derived from the machine 'name'
# i.e. by looking up the corresponding information in the 'inventory' or 'clan' submodule
(lib.mapAttrs (
name: v:
(
{ ... }@args:
let
_class =
args._class or (throw ''
Your version of nixpkgs is incompatible with the latest clan.
Please update nixpkgs input to the latest nixos-unstable or nixpkgs-unstable.
Run:
nix flake update nixpkgs
'');
in
{
imports = [
(lib.modules.importApply ../machineModules/forName.nix {
inherit (config.inventory) meta;
inherit
name
directory
;
})
# Import the correct 'core' module
# We assume either:
# - nixosModules (_class = nixos)
# - darwinModules (_class = darwin)
(lib.optionalAttrs (clan-core ? "${_class}Modules") clan-core."${_class}Modules".clanCore)
]
++ lib.optionals (_class == "nixos") (v.machineImports or [ ]);
# default hostname
networking.hostName = lib.mkDefault name;
}
)
) config.clanInternals.inventoryClass.machines)
# The user can define some machine config here
# i.e. 'clan.machines.jon = ...'
config.machines
];
specialArgs = {
self = lib.mkDefault config.self;
};
# expose all machines as modules for re-use
inherit nixosModules;
inherit darwinModules;
# Ready to use configurations
# These are only shallow wrapping the 'nixosModules' or 'darwinModules' with
# lib.nixosSystem
inherit nixosConfigurations;
inherit darwinConfigurations;
exports = config.clanInternals.inventoryClass.distributedServices.servicesEval.config.exports;
clanInternals = {
inventoryClass =
let
flakeInputs = config.self.inputs;
in
{
_module.args = {
inherit clanLib;
};
imports = [
../inventoryClass/builder/default.nix
(lib.modules.importApply ../inventoryClass/service-list-from-inputs.nix {
inherit flakeInputs clanLib;
})
{
inherit inventory directory;
}
(
let
clanConfig = config;
in
{ config, ... }:
{
staticModules = clan-core.clan.modules;
distributedServices = clanLib.inventory.mapInstances {
inherit (clanConfig) inventory exportsModule;
inherit flakeInputs directory;
clanCoreModules = clan-core.clan.modules;
prefix = [ "distributedServices" ];
};
machines = config.distributedServices.allMachines;
}
)
../inventoryClass/inventory-introspection.nix
];
};
# TODO: unify this interface
# We should have only clan.modules. (consistent with clan.templates)
# Statically export the predefined clan modules
templates = clan-core.clan.templates;
secrets = config.secrets;
# machine specifics
machines = configsPerSystem;
};
};
}

18
modules/clan/secrets.nix Normal file
View File

@@ -0,0 +1,18 @@
{
lib,
...
}:
let
inherit (lib) types;
in
{
options = {
age.plugins = lib.mkOption {
type = types.listOf (types.strMatching "age-plugin-.*");
default = [ ];
description = ''
A list of age plugins which must be available in the shell when encrypting and decrypting secrets.
'';
};
};
}

57
modules/clan/templates.nix Normal file
View File

@@ -0,0 +1,57 @@
{
lib,
...
}:
let
inherit (lib) types;
templateType = types.submodule (
{ name, ... }:
{
options.description = lib.mkOption {
type = types.str;
default = name;
description = ''
The name of the template.
'';
};
options.path = lib.mkOption {
type = types.path;
description = ''
Holds the path to the clan template.
'';
};
}
);
in
{
options = {
# clan.templates.clan
clan = lib.mkOption {
type = types.attrsOf templateType;
default = { };
description = ''
Holds the different clan templates.
'';
};
# clan.templates.disko
disko = lib.mkOption {
type = types.attrsOf templateType;
default = { };
description = ''
Holds different disko templates.
'';
};
# clan.templates.machine
machine = lib.mkOption {
type = types.attrsOf templateType;
default = { };
description = ''
Holds the different machine templates.
'';
};
};
}