refactor: remove deployment.json and use direct selectors

- Remove deployment.json file generation from outputs.nix
- Add throw for deprecated deployment.file usage with upgrade instructions
- Remove vars data from deployment.data
- Update Machine class to use direct select() calls instead of deployment property
- Update all deployment property accesses to use direct selectors
- Add precaching for frequently accessed values in update.py:
  - Module paths for facts and vars
  - Deployment settings (requireExplicitUpdate, nixosMobileWorkaround)
  - Services and generators data
  - Secret upload locations
- This removes unnecessary JSON serialization and makes the code more composable

pkgs/clan-cli/clan_cli/vars/generate.py

@@ -535,7 +535,6 @@ def generate_command(args: argparse.Namespace) -> None:
     args.flake.precache(
         [
             f"clanInternals.machines.{system}.{{{','.join(machine_names)}}}.config.clan.core.vars.generators.*.validationHash",
-            f"clanInternals.machines.{system}.{{{','.join(machine_names)}}}.config.system.clan.deployment.file",
         ]
     )
     has_changed = generate_vars(

pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py

@@ -153,7 +153,7 @@ class SecretStore(StoreBase):
             # TODO get the path to the secrets from the machine
             [
                 "cat",
-                f"{self.machine.deployment['password-store']['secretLocation']}/.{self._store_backend}_info",
+                f"{self.machine.select('config.clan.vars.password-store.secretLocation')}/.{self._store_backend}_info",
             ],
             RunOpts(log=Log.STDERR, check=False),
         ).stdout.strip()
@@ -237,6 +237,6 @@ class SecretStore(StoreBase):
             pass_dir = Path(_tempdir).resolve()
             self.populate_dir(pass_dir, phases)
             upload_dir = Path(
-                self.machine.deployment["password-store"]["secretLocation"]
+                self.machine.select("config.clan.vars.password-store.secretLocation")
             )
             upload(host, pass_dir, upload_dir)

pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py

@@ -71,7 +71,7 @@ class SecretStore(StoreBase):
             sops_secrets_folder(self.machine.flake_dir)
             / f"{self.machine.name}-age.key",
             priv_key,
-            add_groups=self.machine.deployment["sops"]["defaultGroups"],
+            add_groups=self.machine.select("config.clan.core.sops.defaultGroups"),
             age_plugins=load_age_plugins(self.machine.flake),
         )
         add_machine(self.machine.flake_dir, self.machine.name, pub_key, False)
@@ -158,7 +158,7 @@ class SecretStore(StoreBase):
             secret_folder,
             value,
             add_machines=[self.machine.name] if var.deploy else [],
-            add_groups=self.machine.deployment["sops"]["defaultGroups"],
+            add_groups=self.machine.select("config.clan.core.sops.defaultGroups"),
             git_commit=False,
             age_plugins=load_age_plugins(self.machine.flake),
         )
@@ -259,7 +259,7 @@ class SecretStore(StoreBase):
         )
 
         keys = collect_keys_for_path(path)
-        for group in self.machine.deployment["sops"]["defaultGroups"]:
+        for group in self.machine.select("config.clan.core.sops.defaultGroups"):
             keys.update(
                 collect_keys_for_type(
                     self.machine.flake_dir / "sops" / "groups" / group / "machines"
@@ -314,7 +314,7 @@ class SecretStore(StoreBase):
 
                 age_plugins = load_age_plugins(self.machine.flake)
 
-                for group in self.machine.deployment["sops"]["defaultGroups"]:
+                for group in self.machine.select("config.clan.core.sops.defaultGroups"):
                     allow_member(
                         groups_folder(secret_path),
                         sops_groups_folder(self.machine.flake_dir),