clanCore: init machine_id.nix with clan.core.machine.{id,diskId}

2024-09-06 18:05:40 +02:00
parent bab7084246
commit 4171d5ea4e
28 changed files with 219 additions and 48 deletions
--- a/checks/backups/flake-module.nix
+++ b/checks/backups/flake-module.nix
@@ -134,6 +134,10 @@
            ];
            virtualisation.emptyDiskImages = [ 256 ];
            clan.core.clanDir = ./.;
+            clan.core.machine = {
+              id = "a73f5245cdba4576ab6cfef3145ac9ec";
+              diskId = "c4c47b";
+            };
          };

          testScript = ''
--- a/checks/borgbackup/default.nix
+++ b/checks/borgbackup/default.nix
@@ -18,6 +18,10 @@
          {
            clan.core.machineName = "machine";
            clan.core.clanDir = ./.;
+            clan.core.machine = {
+              id = "a73f5245cdba4576ab6cfef3145ac9ec";
+              diskId = "c4c47b";
+            };
            clan.core.state.testState.folders = [ "/etc/state" ];
            environment.etc.state.text = "hello world";
            systemd.tmpfiles.settings."vmsecrets" = {
--- a/checks/container/default.nix
+++ b/checks/container/default.nix
@@ -9,6 +9,7 @@
        networking.hostName = "machine";
        services.openssh.enable = true;
        services.openssh.startWhenNeeded = false;
+
      };
    testScript = ''
      start_all()
--- a/checks/deltachat/default.nix
+++ b/checks/deltachat/default.nix
@@ -12,6 +12,10 @@
          {
            clan.core.machineName = "machine";
            clan.core.clanDir = ./.;
+            clan.core.machine = {
+              id = "a73f5245cdba4576ab6cfef3145ac9ec";
+              diskId = "c4c47b";
+            };
          }
        ];
      };
--- a/checks/flash/flake-module.nix
+++ b/checks/flash/flake-module.nix
@@ -10,6 +10,7 @@
    let
      dependencies = [
        pkgs.disko
+        pkgs.age
        self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine.config.system.build.toplevel
        self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine.config.system.build.diskoScript
        self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine.config.system.build.diskoScript.drvPath
@@ -25,9 +26,11 @@
          nodes.target = {
            virtualisation.emptyDiskImages = [ 4096 ];
            virtualisation.memorySize = 3000;
-            environment.systemPackages = [ self.packages.${pkgs.system}.clan-cli ];
+            environment.systemPackages = [
+              self.packages.${pkgs.system}.clan-cli
+            ] ++ self.packages.${pkgs.system}.clan-cli.runtimeDependencies;
+            environment.variables."SOPS_AGE_KEY" = builtins.readFile ../lib/age/privkey;
            environment.etc."install-closure".source = "${closureInfo}/store-paths";
-
            nix.settings = {
              substituters = lib.mkForce [ ];
              hashed-mirrors = null;
@@ -38,11 +41,15 @@
                "flakes"
              ];
            };
+            system.extraDependencies = dependencies;
          };
          testScript = ''
            start_all()

-            machine.succeed("clan flash --debug --flake ${../..} --yes --disk main /dev/vdb test-install-machine")
+            machine.succeed("cp -r ${../..} test-flake && chmod -R +w test-flake")
+            machine.succeed("clan secrets key generate")
+            machine.succeed("clan secrets users add --debug --flake test-flake testuser '${builtins.readFile ../lib/age/pubkey}'")
+            machine.succeed("clan flash --debug --flake test-flake --yes --disk main /dev/vdb test-install-machine")
          '';
        } { inherit pkgs self; };
      };
--- a/checks/installation/flake-module.nix
+++ b/checks/installation/flake-module.nix
@@ -1,7 +1,12 @@
 { self, lib, ... }:
+
 {
  clan.machines.test-install-machine = {
    clan.core.networking.targetHost = "test-install-machine";
+    clan.core.machine = {
+      id = "a73f5245cdba4576ab6cfef3145ac9ec";
+      diskId = "c4c47b";
+    };
    fileSystems."/".device = lib.mkDefault "/dev/vdb";
    boot.loader.grub.device = lib.mkDefault "/dev/vdb";

@@ -17,7 +22,10 @@
          (modulesPath + "/profiles/qemu-guest.nix")
        ];
        clan.single-disk.device = "/dev/vdb";
-
+        clan.core.machine = {
+          id = "a73f5245cdba4576ab6cfef3145ac9ec";
+          diskId = "c4c47b";
+        };
        environment.etc."install-successful".text = "ok";

        boot.consoleLogLevel = lib.mkForce 100;
@@ -34,8 +42,10 @@
    let
      dependencies = [
        self
+        pkgs.age
        self.nixosConfigurations.test-install-machine.config.system.build.toplevel
        self.nixosConfigurations.test-install-machine.config.system.build.diskoScript
+        self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine.config.system.build.diskoScript.drvPath
        self.nixosConfigurations.test-install-machine.config.system.clan.deployment.file
        pkgs.stdenv.drvPath
        pkgs.nixos-anywhere
@@ -50,6 +60,7 @@
            services.openssh.enable = true;
            users.users.root.openssh.authorizedKeys.keyFiles = [ ../lib/ssh/pubkey ];
            system.nixos.variant_id = "installer";
+
            virtualisation.emptyDiskImages = [ 4096 ];
            nix.settings = {
              substituters = lib.mkForce [ ];
@@ -67,6 +78,7 @@
              self.packages.${pkgs.system}.clan-cli
            ] ++ self.packages.${pkgs.system}.clan-cli.runtimeDependencies;
            environment.etc."install-closure".source = "${closureInfo}/store-paths";
+            environment.variables."SOPS_AGE_KEY" = builtins.readFile ../lib/age/privkey;
            virtualisation.memorySize = 2048;
            nix.settings = {
              substituters = lib.mkForce [ ];
@@ -99,9 +111,11 @@
            client.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v root@target hostname")
            client.succeed("cp -r ${../..} test-flake && chmod -R +w test-flake")
            client.fail("test -f test-flake/machines/test-install-machine/hardware-configuration.nix")
-            client.succeed("clan machines hw-generate --flake test-flake test-install-machine root@target>&2")
+            client.succeed("clan secrets key generate")
+            client.succeed("clan secrets users add --debug --flake test-flake testuser '${builtins.readFile ../lib/age/pubkey}'")
+            client.succeed("clan machines hw-generate --debug --flake test-flake test-install-machine root@target>&2")
            client.succeed("test -f test-flake/machines/test-install-machine/hardware-configuration.nix")
-            client.succeed("clan machines install --debug --flake ${../..} --yes test-install-machine root@target >&2")
+            client.succeed("clan machines install --debug --flake test-flake --yes test-install-machine root@target >&2")
            try:
              target.shutdown()
            except BrokenPipeError:
--- a/checks/lib/age/privkey
+++ b/checks/lib/age/privkey
@@ -0,0 +1 @@
+AGE-SECRET-KEY-1KF8E3SR3TTGL6M476SKF7EEMR4H9NF7ZWYSLJUAK8JX276JC7KUSSURKFK
--- a/checks/lib/age/pubkey
+++ b/checks/lib/age/pubkey
@@ -0,0 +1 @@
+age1dhwqzkah943xzc34tc3dlmfayyevcmdmxzjezdgdy33euxwf59vsp3vk3c
--- a/checks/matrix-synapse/default.nix
+++ b/checks/matrix-synapse/default.nix
@@ -17,7 +17,10 @@
          {
            clan.core.machineName = "machine";
            clan.core.clanDir = ./.;
-
+            clan.core.machine = {
+              id = "a73f5245cdba4576ab6cfef3145ac9ec";
+              diskId = "c4c47b";
+            };
            services.nginx.virtualHosts."matrix.clan.test" = {
              enableACME = lib.mkForce false;
              forceSSL = lib.mkForce false;
--- a/checks/mumble/default.nix
+++ b/checks/mumble/default.nix
@@ -32,6 +32,10 @@
          common
          {
            clan.core.machineName = "peer1";
+            clan.core.machine = {
+              id = "df97124f09da48e3a22d77ce30ee8da6";
+              diskId = "c9c52c";
+            };
            environment.etc = {
              "mumble-key".source = ./peer_1/peer_1_test_key;
              "mumble-cert".source = ./peer_1/peer_1_test_cert;
@@ -65,6 +69,10 @@
        imports = [
          common
          {
+            clan.core.machine = {
+              id = "a73f5245cdba4576ab6cfef3145ac9ec";
+              diskId = "c4c47b";
+            };
            clan.core.machineName = "peer2";
            environment.etc = {
              "mumble-key".source = ./peer_2/peer_2_test_key;
--- a/checks/nixos-documentation/flake-module.nix
+++ b/checks/nixos-documentation/flake-module.nix
@@ -8,7 +8,13 @@ let
      self.nixosModules.clanCore
      # This is the only option that is not part of the
      # module because it is usually set by flake-parts
-      { clan.core.clanDir = ./.; }
+      {
+        clan.core.clanDir = ./.;
+        clan.core.machine = {
+          id = "df97124f09da48e3a22d77ce30ee8da6";
+          diskId = "c9c52c";
+        };
+      }
    ];
  };
 in
--- a/checks/postgresql/default.nix
+++ b/checks/postgresql/default.nix
@@ -15,6 +15,11 @@
      clan.localbackup.targets.hdd.directory = "/mnt/external-disk";
      clan.core.clanDir = ./.;

+      clan.core.machine = {
+        id = "df97124f09da48e3a22d77ce30ee8da6";
+        diskId = "c9c52c";
+      };
+
      systemd.services.sample-service = {
        wantedBy = [ "multi-user.target" ];
        script = ''
--- a/checks/secrets/default.nix
+++ b/checks/secrets/default.nix
@@ -12,6 +12,10 @@

      clan.core.clanDir = "${./.}";
      clan.core.machineName = "machine";
+      clan.core.machine = {
+        id = "df97124f09da48e3a22d77ce30ee8da6";
+        diskId = "c9c52c";
+      };

      networking.hostName = "machine";
    };
--- a/checks/syncthing/default.nix
+++ b/checks/syncthing/default.nix
@@ -14,6 +14,10 @@
          {
            clan.core.machineName = "introducer";
            clan.core.clanDir = ./.;
+            clan.core.machine = {
+              id = "df97124f09da48e3a22d77ce30ee8da6";
+              diskId = "c9c52c";
+            };
            environment.etc = {
              "syncthing.pam".source = ./introducer/introducer_test_cert;
              "syncthing.key".source = ./introducer/introducer_test_key;
@@ -55,6 +59,10 @@
          {
            clan.core.machineName = "peer1";
            clan.core.clanDir = ./.;
+            clan.core.machine = {
+              id = "645a43ad1d6f456aa2d623464efed096";
+              diskId = "9404bf2fb28343cba82e64d1a9131ea4";
+            };
            clan.syncthing.introducer = lib.strings.removeSuffix "\n" (
              builtins.readFile ./introducer/introducer_device_id
            );
@@ -77,6 +85,10 @@
          {
            clan.core.machineName = "peer2";
            clan.core.clanDir = ./.;
+            clan.core.machine = {
+              id = "dd0927b2113b4fa58a94a4be15b0408e";
+              diskId = "05d6d08214d14261b001782b417ca2a3";
+            };
            clan.syncthing.introducer = lib.strings.removeSuffix "\n" (
              builtins.readFile ./introducer/introducer_device_id
            );
--- a/checks/wayland-proxy-virtwl/default.nix
+++ b/checks/wayland-proxy-virtwl/default.nix
@@ -16,6 +16,10 @@ import ../lib/test-base.nix (
          {
            clan.core.machineName = "machine";
            clan.core.clanDir = ./.;
+            clan.core.machine = {
+              id = "df97124f09da48e3a22d77ce30ee8da6";
+              diskId = "c9c52c";
+            };
          }
        ];
        services.wayland-proxy-virtwl.enable = true;
--- a/checks/zt-tcp-relay/default.nix
+++ b/checks/zt-tcp-relay/default.nix
@@ -12,6 +12,10 @@
          {
            clan.core.machineName = "machine";
            clan.core.clanDir = ./.;
+            clan.core.machine = {
+              id = "df97124f09da48e3a22d77ce30ee8da6";
+              diskId = "c9c52c";
+            };
          }
        ];
      };
				`@@ -0,0 +1 @@`
				`AGE-SECRET-KEY-1KF8E3SR3TTGL6M476SKF7EEMR4H9NF7ZWYSLJUAK8JX276JC7KUSSURKFK`
				`@@ -0,0 +1 @@`
				`age1dhwqzkah943xzc34tc3dlmfayyevcmdmxzjezdgdy33euxwf59vsp3vk3c`