yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'Chore: init settings submdule, move options into settings submodule' (#2677) from hsjobeki/clan-core:hsjobeki-main into main

Browse Source
This commit is contained in:
clan-bot
2024-12-31 14:28:31 +00:00
parent 5ba0dff53a ba76a372cf
commit 44b5327be9
39 changed files with 265 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
checks/backups/flake-module.nix
View File

@@ -147,7 +147,7 @@
self.nixosModules.test-backup self.nixosModules.test-backup
]; ];
virtualisation.emptyDiskImages = [ 256 ]; virtualisation.emptyDiskImages = [ 256 ];
clan.core.clanDir = ./.; clan.core.settings.directory = ./.;
}; };
testScript = '' testScript = ''

4
checks/borgbackup/default.nix
View File

@@ -16,8 +16,8 @@
}; };
} }
{ {
clan.core.machineName = "machine"; clan.core.settings.machine.name = "machine";
clan.core.clanDir = ./.; clan.core.settings.directory = ./.;
clan.core.state.testState.folders = [ "/etc/state" ]; clan.core.state.testState.folders = [ "/etc/state" ];
environment.etc.state.text = "hello world"; environment.etc.state.text = "hello world";
systemd.tmpfiles.settings."vmsecrets" = { systemd.tmpfiles.settings."vmsecrets" = {

4
checks/deltachat/default.nix
View File

@@ -10,8 +10,8 @@
self.clanModules.deltachat self.clanModules.deltachat
self.nixosModules.clanCore self.nixosModules.clanCore
{ {
clan.core.machineName = "machine"; clan.core.settings.machine.name = "machine";
clan.core.clanDir = ./.; clan.core.settings.directory = ./.;
} }
]; ];
}; };

4
checks/matrix-synapse/default.nix
View File

@@ -15,8 +15,8 @@
self.clanModules.matrix-synapse self.clanModules.matrix-synapse
self.nixosModules.clanCore self.nixosModules.clanCore
{ {
clan.core.machineName = "machine"; clan.core.settings.machine.name = "machine";
clan.core.clanDir = ./.; clan.core.settings.directory = ./.;
services.nginx.virtualHosts."matrix.clan.test" = { services.nginx.virtualHosts."matrix.clan.test" = {
enableACME = lib.mkForce false; enableACME = lib.mkForce false;

22
checks/mumble/default.nix
View File

@@ -12,7 +12,7 @@
self.nixosModules.clanCore self.nixosModules.clanCore
(self.inputs.nixpkgs + "/nixos/tests/common/x11.nix") (self.inputs.nixpkgs + "/nixos/tests/common/x11.nix")
{ {
clan.core.clanDir = ./.; clan.core.settings.directory = ./.;
environment.systemPackages = [ pkgs.killall ]; environment.systemPackages = [ pkgs.killall ];
clan.core.facts.services.mumble.secret."mumble-key".path = "/etc/mumble-key"; clan.core.facts.services.mumble.secret."mumble-key".path = "/etc/mumble-key";
clan.core.facts.services.mumble.public."mumble-cert".path = "/etc/mumble-cert"; clan.core.facts.services.mumble.public."mumble-cert".path = "/etc/mumble-cert";
@@ -32,7 +32,7 @@
imports = [ imports = [
common common
{ {
clan.core.machineName = "peer1"; clan.core.settings.machine.name = "peer1";
environment.etc = { environment.etc = {
"mumble-key".source = ./peer_1/peer_1_test_key; "mumble-key".source = ./peer_1/peer_1_test_key;
"mumble-cert".source = ./peer_1/peer_1_test_cert; "mumble-cert".source = ./peer_1/peer_1_test_cert;
@@ -64,7 +64,7 @@
imports = [ imports = [
common common
{ {
clan.core.machineName = "peer2"; clan.core.settings.machine.name = "peer2";
environment.etc = { environment.etc = {
"mumble-key".source = ./peer_2/peer_2_test_key; "mumble-key".source = ./peer_2/peer_2_test_key;
"mumble-cert".source = ./peer_2/peer_2_test_cert; "mumble-cert".source = ./peer_2/peer_2_test_cert;
@@ -111,12 +111,12 @@
with subtest("Wait for certificate creation"): with subtest("Wait for certificate creation"):
peer1.wait_for_window(r"^Mumble$") peer1.wait_for_window(r"^Mumble$")
peer1.sleep(3) # mumble is slow to register handlers peer1.sleep(3) # mumble is slow to register handlers
peer1.send_chars("\n") peer1.send_chars("\n")
peer1.send_chars("\n") peer1.send_chars("\n")
peer2.wait_for_window(r"^Mumble$") peer2.wait_for_window(r"^Mumble$")
peer2.sleep(3) # mumble is slow to register handlers peer2.sleep(3) # mumble is slow to register handlers
peer2.send_chars("\n") peer2.send_chars("\n")
peer2.send_chars("\n") peer2.send_chars("\n")
with subtest("Wait for server connect"): with subtest("Wait for server connect"):
peer1.wait_for_window(r"^Mumble Server Connect$") peer1.wait_for_window(r"^Mumble Server Connect$")
@@ -128,8 +128,8 @@
peer1.execute("mumble mumble://peer2 >&2 &") peer1.execute("mumble mumble://peer2 >&2 &")
peer1.wait_for_window(r"^Mumble$") peer1.wait_for_window(r"^Mumble$")
peer1.sleep(3) # mumble is slow to register handlers peer1.sleep(3) # mumble is slow to register handlers
peer1.send_chars("\n") peer1.send_chars("\n")
peer1.send_chars("\n") peer1.send_chars("\n")
peer1.wait_for_text("Connected.") peer1.wait_for_text("Connected.")
peer2.execute("killall .mumble-wrapped") peer2.execute("killall .mumble-wrapped")
@@ -137,8 +137,8 @@
peer2.execute("mumble mumble://peer1 >&2 &") peer2.execute("mumble mumble://peer1 >&2 &")
peer2.wait_for_window(r"^Mumble$") peer2.wait_for_window(r"^Mumble$")
peer2.sleep(3) # mumble is slow to register handlers peer2.sleep(3) # mumble is slow to register handlers
peer2.send_chars("\n") peer2.send_chars("\n")
peer2.send_chars("\n") peer2.send_chars("\n")
peer2.wait_for_text("Connected.") peer2.wait_for_text("Connected.")
''; '';
} }

2
checks/nixos-documentation/flake-module.nix
View File

@@ -8,7 +8,7 @@ let
self.nixosModules.clanCore self.nixosModules.clanCore
# This is the only option that is not part of the # This is the only option that is not part of the
# module because it is usually set by flake-parts # module because it is usually set by flake-parts
{ clan.core.clanDir = ./.; } { clan.core.settings.directory = ./.; }
]; ];
}; };
in in

2
checks/postgresql/default.nix
View File

@@ -13,7 +13,7 @@
clan.postgresql.databases.test.create.options.OWNER = "test"; clan.postgresql.databases.test.create.options.OWNER = "test";
clan.postgresql.databases.test.restore.stopOnRestore = [ "sample-service" ]; clan.postgresql.databases.test.restore.stopOnRestore = [ "sample-service" ];
clan.localbackup.targets.hdd.directory = "/mnt/external-disk"; clan.localbackup.targets.hdd.directory = "/mnt/external-disk";
clan.core.clanDir = ./.; clan.core.settings.directory = ./.;
systemd.services.sample-service = { systemd.services.sample-service = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];

4
checks/secrets/default.nix
View File

@@ -10,8 +10,8 @@
environment.etc."group-secret".source = config.sops.secrets.group-secret.path; environment.etc."group-secret".source = config.sops.secrets.group-secret.path;
sops.age.keyFile = "/etc/privkey.age"; sops.age.keyFile = "/etc/privkey.age";
clan.core.clanDir = "${./.}"; clan.core.settings.directory = "${./.}";
clan.core.machineName = "machine"; clan.core.settings.machine.name = "machine";
networking.hostName = "machine"; networking.hostName = "machine";
}; };

12
checks/syncthing/default.nix
View File

@@ -12,8 +12,8 @@
self.clanModules.syncthing self.clanModules.syncthing
self.nixosModules.clanCore self.nixosModules.clanCore
{ {
clan.core.machineName = "introducer"; clan.core.settings.machine.name = "introducer";
clan.core.clanDir = ./.; clan.core.settings.directory = ./.;
environment.etc = { environment.etc = {
"syncthing.pam".source = ./introducer/introducer_test_cert; "syncthing.pam".source = ./introducer/introducer_test_cert;
"syncthing.key".source = ./introducer/introducer_test_key; "syncthing.key".source = ./introducer/introducer_test_key;
@@ -53,8 +53,8 @@
self.clanModules.syncthing self.clanModules.syncthing
self.nixosModules.clanCore self.nixosModules.clanCore
{ {
clan.core.machineName = "peer1"; clan.core.settings.machine.name = "peer1";
clan.core.clanDir = ./.; clan.core.settings.directory = ./.;
clan.syncthing.introducer = lib.strings.removeSuffix "\n" ( clan.syncthing.introducer = lib.strings.removeSuffix "\n" (
builtins.readFile ./introducer/introducer_device_id builtins.readFile ./introducer/introducer_device_id
); );
@@ -75,8 +75,8 @@
self.clanModules.syncthing self.clanModules.syncthing
self.nixosModules.clanCore self.nixosModules.clanCore
{ {
clan.core.machineName = "peer2"; clan.core.settings.machine.name = "peer2";
clan.core.clanDir = ./.; clan.core.settings.directory = ./.;
clan.syncthing.introducer = lib.strings.removeSuffix "\n" ( clan.syncthing.introducer = lib.strings.removeSuffix "\n" (
builtins.readFile ./introducer/introducer_device_id builtins.readFile ./introducer/introducer_device_id
); );

4
checks/wayland-proxy-virtwl/default.nix
View File

@@ -14,8 +14,8 @@ import ../lib/test-base.nix (
imports = [ imports = [
self.nixosModules.clanCore self.nixosModules.clanCore
{ {
clan.core.machineName = "machine"; clan.core.settings.machine.name = "machine";
clan.core.clanDir = ./.; clan.core.settings.directory = ./.;
} }
]; ];
services.wayland-proxy-virtwl.enable = true; services.wayland-proxy-virtwl.enable = true;

4
checks/zt-tcp-relay/default.nix
View File

@@ -10,8 +10,8 @@
self.nixosModules.clanCore self.nixosModules.clanCore
self.clanModules.zt-tcp-relay self.clanModules.zt-tcp-relay
{ {
clan.core.machineName = "machine"; clan.core.settings.machine.name = "machine";
clan.core.clanDir = ./.; clan.core.settings.directory = ./.;
} }
]; ];
}; };

14
clanModules/borgbackup-static/default.nix
View File

@@ -1,7 +1,7 @@
{ lib, config, ... }: { lib, config, ... }:
let let
clanDir = config.clan.core.clanDir; dir = config.clan.core.settings.directory;
machineDir = clanDir + "/machines/"; machineDir = dir + "/machines/";
in in
{ {
imports = [ ../borgbackup ]; imports = [ ../borgbackup ];
@@ -9,7 +9,7 @@ in
options.clan.borgbackup-static = { options.clan.borgbackup-static = {
excludeMachines = lib.mkOption { excludeMachines = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
example = [ config.clan.core.machineName ]; example = [ config.clan.core.settings.machine.name ];
default = [ ]; default = [ ];
description = '' description = ''
Machines that should not be backuped. Machines that should not be backuped.
@@ -20,7 +20,7 @@ in
}; };
includeMachines = lib.mkOption { includeMachines = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
example = [ config.clan.core.machineName ]; example = [ config.clan.core.settings.machine.name ];
default = [ ]; default = [ ];
description = '' description = ''
Machines that should be backuped. Machines that should be backuped.
@@ -63,7 +63,7 @@ in
in in
lib.mkIf lib.mkIf
(builtins.any ( (builtins.any (
target: target == config.clan.core.machineName target: target == config.clan.core.settings.machine.name
) config.clan.borgbackup-static.targets) ) config.clan.borgbackup-static.targets)
(if (builtins.listToAttrs hosts) != null then builtins.listToAttrs hosts else { }); (if (builtins.listToAttrs hosts) != null then builtins.listToAttrs hosts else { });
@@ -72,12 +72,12 @@ in
destinations = builtins.map (d: { destinations = builtins.map (d: {
name = d; name = d;
value = { value = {
repo = "borg@${d}:/var/lib/borgbackup/${config.clan.core.machineName}"; repo = "borg@${d}:/var/lib/borgbackup/${config.clan.core.settings.machine.name}";
}; };
}) config.clan.borgbackup-static.targets; }) config.clan.borgbackup-static.targets;
in in
lib.mkIf (builtins.any ( lib.mkIf (builtins.any (
target: target == config.clan.core.machineName target: target == config.clan.core.settings.machine.name
) config.clan.borgbackup-static.includeMachines) (builtins.listToAttrs destinations); ) config.clan.borgbackup-static.includeMachines) (builtins.listToAttrs destinations);
config.assertions = [ config.assertions = [

2
clanModules/borgbackup/roles/client.nix
View File

@@ -19,7 +19,7 @@ let
) )
) [ ] instances; ) [ ] instances;
inherit (config.clan.core) machineName; machineName = config.clan.core.settings.machine.name;
cfg = config.clan.borgbackup; cfg = config.clan.borgbackup;
preBackupScript = '' preBackupScript = ''

6
clanModules/borgbackup/roles/server.nix
View File

@@ -1,8 +1,8 @@
{ config, lib, ... }: { config, lib, ... }:
let let
clanDir = config.clan.core.clanDir; dir = config.clan.core.settings.directory;
machineDir = clanDir + "/machines/"; machineDir = dir + "/machines/";
inherit (config.clan.core) machineName; machineName = config.clan.core.settings.machine.name;
# Instances might be empty, if the module is not used via the inventory # Instances might be empty, if the module is not used via the inventory
# #

2
clanModules/deltachat/default.nix
View File

@@ -5,7 +5,7 @@
services.maddy = services.maddy =
let let
domain = "${config.clan.core.machineName}.local"; domain = "${config.clan.core.settings.machine.name}.local";
in in
{ {
enable = true; enable = true;

10
clanModules/mumble/default.nix
View File

@@ -5,8 +5,8 @@
... ...
}: }:
let let
clanDir = config.clan.core.clanDir; dir = config.clan.core.settings.directory;
machineDir = clanDir + "/machines/"; machineDir = dir + "/machines/";
machinesFileSet = builtins.readDir machineDir; machinesFileSet = builtins.readDir machineDir;
machines = lib.mapAttrsToList (name: _: name) machinesFileSet; machines = lib.mapAttrsToList (name: _: name) machinesFileSet;
machineJson = builtins.toJSON machines; machineJson = builtins.toJSON machines;
@@ -39,7 +39,7 @@ in
services.murmur = { services.murmur = {
enable = true; enable = true;
logDays = -1; logDays = -1;
registerName = config.clan.core.machineName; registerName = config.clan.core.settings.machine.name;
openFirewall = true; openFirewall = true;
bonjour = true; bonjour = true;
sslKey = "/var/lib/murmur/sslKey"; sslKey = "/var/lib/murmur/sslKey";
@@ -97,8 +97,8 @@ in
XDG_DATA_DIR=${mumbleCfgDir} XDG_DATA_DIR=${mumbleCfgDir}
${populate-channels} --ensure-config '${mumbleCfgPath}' --db-location ${mumbleDatabasePath} ${populate-channels} --ensure-config '${mumbleCfgPath}' --db-location ${mumbleDatabasePath}
echo ${machineCertJson} echo ${machineCertJson}
${populate-channels} --machines '${machineJson}' --username ${config.clan.core.machineName} --db-location ${mumbleDatabasePath} ${populate-channels} --machines '${machineJson}' --username ${config.clan.core.settings.machine.name} --db-location ${mumbleDatabasePath}
${populate-channels} --servers '${machineCertJson}' --username ${config.clan.core.machineName} --db-location ${mumbleDatabasePath} --cert True ${populate-channels} --servers '${machineCertJson}' --username ${config.clan.core.settings.machine.name} --db-location ${mumbleDatabasePath} --cert True
${pkgs.mumble}/bin/mumble --config ${mumbleCfgPath} "$@" ${pkgs.mumble}/bin/mumble --config ${mumbleCfgPath} "$@"
popd popd
''; '';

8
clanModules/mumble/test.nix
View File

@@ -9,8 +9,8 @@ pkgs.nixosTest {
self.inputs.clan-core.nixosModules.clanCore self.inputs.clan-core.nixosModules.clanCore
{ {
config = { config = {
clan.core.machineName = "peer1"; clan.core.settings.machine.name = "peer1";
clan.core.clanDir = ./.; clan.core.settings.directory = ./.;
documentation.enable = false; documentation.enable = false;
}; };
@@ -26,8 +26,8 @@ pkgs.nixosTest {
{ {
config = { config = {
clan.core.machineName = "peer2"; clan.core.settings.machine.name = "peer2";
clan.core.clanDir = ./.; clan.core.settings.directory = ./.;
documentation.enable = false; documentation.enable = false;
}; };

2
clanModules/root-password/default.nix
View File

@@ -10,7 +10,7 @@
config.clan.core.facts.services.root-password.secret.password-hash.path; config.clan.core.facts.services.root-password.secret.password-hash.path;
sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") { sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") {
"${config.clan.core.machineName}-password-hash".neededForUsers = true; "${config.clan.core.settings.machine.name}-password-hash".neededForUsers = true;
}; };
clan.core.facts.services.root-password = { clan.core.facts.services.root-password = {

6
clanModules/sshd/roles/server.nix
View File

@@ -69,7 +69,7 @@ in
"openssh-ca" "openssh-ca"
]; ];
validation = { validation = {
name = config.clan.core.machineName; name = config.clan.core.settings.machine.name;
domains = lib.genAttrs config.clan.sshd.certificate.searchDomains lib.id; domains = lib.genAttrs config.clan.sshd.certificate.searchDomains lib.id;
}; };
runtimeInputs = [ runtimeInputs = [
@@ -79,9 +79,9 @@ in
script = '' script = ''
ssh-keygen \ ssh-keygen \
-s $in/openssh-ca/id_ed25519 \ -s $in/openssh-ca/id_ed25519 \
-I ${config.clan.core.machineName} \ -I ${config.clan.core.settings.machine.name} \
-h \ -h \
-n ${lib.concatMapStringsSep "," (d: "${config.clan.core.machineName}.${d}") domains} \ -n ${lib.concatMapStringsSep "," (d: "${config.clan.core.settings.machine.name}.${d}") domains} \
$in/openssh/ssh.id_ed25519.pub $in/openssh/ssh.id_ed25519.pub
mv $in/openssh/ssh.id_ed25519-cert.pub $out/ssh.id_ed25519-cert.pub mv $in/openssh/ssh.id_ed25519-cert.pub $out/ssh.id_ed25519-cert.pub
''; '';

9
clanModules/static-hosts/default.nix
View File

@@ -4,7 +4,10 @@
excludeHosts = lib.mkOption { excludeHosts = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
default = default =
if config.clan.static-hosts.topLevelDomain != "" then [ ] else [ config.clan.core.machineName ]; if config.clan.static-hosts.topLevelDomain != "" then
[ ]
else
[ config.clan.core.settings.machine.name ];
description = "Hosts that should be excluded"; description = "Hosts that should be excluded";
}; };
topLevelDomain = lib.mkOption { topLevelDomain = lib.mkOption {
@@ -16,8 +19,8 @@
config.networking.hosts = config.networking.hosts =
let let
clanDir = config.clan.core.clanDir; dir = config.clan.core.settings.directory;
machineDir = clanDir + "/machines/"; machineDir = dir + "/machines/";
zerotierIpMachinePath = machines: machineDir + machines + "/facts/zerotier-ip"; zerotierIpMachinePath = machines: machineDir + machines + "/facts/zerotier-ip";
machinesFileSet = builtins.readDir machineDir; machinesFileSet = builtins.readDir machineDir;
machines = lib.mapAttrsToList (name: _: name) machinesFileSet; machines = lib.mapAttrsToList (name: _: name) machinesFileSet;

6
clanModules/syncthing-static-peers/default.nix
View File

@@ -5,8 +5,8 @@
... ...
}: }:
let let
clanDir = config.clan.core.clanDir; dir = config.clan.core.settings.directory;
machineDir = clanDir + "/machines/"; machineDir = dir + "/machines/";
syncthingPublicKeyPath = machines: machineDir + machines + "/facts/syncthing.pub"; syncthingPublicKeyPath = machines: machineDir + machines + "/facts/syncthing.pub";
machinesFileSet = builtins.readDir machineDir; machinesFileSet = builtins.readDir machineDir;
machines = lib.mapAttrsToList (name: _: name) machinesFileSet; machines = lib.mapAttrsToList (name: _: name) machinesFileSet;
@@ -47,7 +47,7 @@ in
options.clan.syncthing-static-peers = { options.clan.syncthing-static-peers = {
excludeMachines = lib.mkOption { excludeMachines = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
example = [ config.clan.core.machineName ]; example = [ config.clan.core.settings.machine.name ];
default = [ ]; default = [ ];
description = '' description = ''
Machines that should not be added. Machines that should not be added.

2
clanModules/user-password/default.nix
View File

@@ -30,7 +30,7 @@ in
}; };
sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") { sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") {
"${config.clan.core.machineName}-user-password-hash".neededForUsers = true; "${config.clan.core.settings.machine.name}-user-password-hash".neededForUsers = true;
}; };
clan.core.facts.services.user-password = { clan.core.facts.services.user-password = {

6
clanModules/zerotier-static-peers/default.nix
View File

@@ -5,8 +5,8 @@
... ...
}: }:
let let
clanDir = config.clan.core.clanDir; dir = config.clan.core.settings.directory;
machineDir = clanDir + "/machines/"; machineDir = dir + "/machines/";
machinesFileSet = builtins.readDir machineDir; machinesFileSet = builtins.readDir machineDir;
machines = lib.mapAttrsToList (name: _: name) machinesFileSet; machines = lib.mapAttrsToList (name: _: name) machinesFileSet;
@@ -27,7 +27,7 @@ in
options.clan.zerotier-static-peers = { options.clan.zerotier-static-peers = {
excludeHosts = lib.mkOption { excludeHosts = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
default = [ config.clan.core.machineName ]; default = [ config.clan.core.settings.machine.name ];
description = "Hosts that should be excluded"; description = "Hosts that should be excluded";
}; };
networkIps = lib.mkOption { networkIps = lib.mkOption {

6
clanModules/zerotier/roles/controller.nix
View File

@@ -22,10 +22,12 @@ in
machines = uniqueStrings (roles.moon.machines ++ roles.controller.machines ++ roles.peer.machines); machines = uniqueStrings (roles.moon.machines ++ roles.controller.machines ++ roles.peer.machines);
networkIps = builtins.foldl' ( networkIps = builtins.foldl' (
ips: name: ips: name:
if builtins.pathExists "${config.clan.core.clanDir}/machines/${name}/facts/zerotier-ip" then if
builtins.pathExists "${config.clan.core.settings.directory}/machines/${name}/facts/zerotier-ip"
then
ips ips
++ [ ++ [
(builtins.readFile "${config.clan.core.clanDir}/machines/${name}/facts/zerotier-ip") (builtins.readFile "${config.clan.core.settings.directory}/machines/${name}/facts/zerotier-ip")
] ]
else else
ips ips

12
clanModules/zerotier/shared.nix
View File

@@ -10,15 +10,17 @@ let
zeroTierInstance = config.clan.inventory.services.zerotier.${instanceName}; zeroTierInstance = config.clan.inventory.services.zerotier.${instanceName};
roles = zeroTierInstance.roles; roles = zeroTierInstance.roles;
controllerMachine = builtins.head roles.controller.machines; controllerMachine = builtins.head roles.controller.machines;
networkIdPath = "${config.clan.core.clanDir}/machines/${controllerMachine}/facts/zerotier-network-id"; networkIdPath = "${config.clan.core.settings.directory}/machines/${controllerMachine}/facts/zerotier-network-id";
networkId = if builtins.pathExists networkIdPath then builtins.readFile networkIdPath else null; networkId = if builtins.pathExists networkIdPath then builtins.readFile networkIdPath else null;
moons = roles.moon.machines; moons = roles.moon.machines;
moonIps = builtins.foldl' ( moonIps = builtins.foldl' (
ips: name: ips: name:
if builtins.pathExists "${config.clan.core.clanDir}/machines/${name}/facts/zerotier-ip" then if
builtins.pathExists "${config.clan.core.settings.directory}/machines/${name}/facts/zerotier-ip"
then
ips ips
++ [ ++ [
(builtins.readFile "${config.clan.core.clanDir}/machines/${name}/facts/zerotier-ip") (builtins.readFile "${config.clan.core.settings.directory}/machines/${name}/facts/zerotier-ip")
] ]
else else
ips ips
@@ -32,7 +34,7 @@ in
{ {
excludeHosts = lib.mkOption { excludeHosts = lib.mkOption {
type = listOf str; type = listOf str;
default = [ config.clan.core.machineName ]; default = [ config.clan.core.settings.machine.name ];
description = "Hosts that should be excluded"; description = "Hosts that should be excluded";
}; };
networkIps = lib.mkOption { networkIps = lib.mkOption {
@@ -52,7 +54,7 @@ in
# TODO: This should also be checked via frontmatter constraints # TODO: This should also be checked via frontmatter constraints
{ {
assertion = builtins.length instanceNames == 1; assertion = builtins.length instanceNames == 1;
message = "The zerotier module currently only supports one instance per machine, but found ${builtins.toString instanceNames} on machine ${config.clan.core.machineName}"; message = "The zerotier module currently only supports one instance per machine, but found ${builtins.toString instanceNames} on machine ${config.clan.core.settings.machine.name}";
} }
]; ];

5
docs/mkdocs.yml
View File

@@ -127,11 +127,12 @@ nav:
- reference/clan-core/index.md - reference/clan-core/index.md
- reference/clan-core/backups.md - reference/clan-core/backups.md
- reference/clan-core/deployment.md
- reference/clan-core/facts.md - reference/clan-core/facts.md
- reference/clan-core/networking.md
- reference/clan-core/settings.md
- reference/clan-core/sops.md - reference/clan-core/sops.md
- reference/clan-core/state.md - reference/clan-core/state.md
- reference/clan-core/deployment.md
- reference/clan-core/networking.md
- reference/clan-core/vars.md - reference/clan-core/vars.md
- Nix API: - Nix API:
- buildClan: reference/nix-api/buildclan.md - buildClan: reference/nix-api/buildclan.md

2
docs/site/getting-started/backups.md
View File

@@ -116,7 +116,7 @@ On the server where backups will be stored, enable the SSH daemon and set up a r
services.borgbackup.repos.myhostname = { services.borgbackup.repos.myhostname = {
path = "/var/lib/borgbackup/myhostname"; path = "/var/lib/borgbackup/myhostname";
authorizedKeys = [ authorizedKeys = [
(builtins.readFile (config.clan.core.clanDir + "/machines/myhostname/facts/borgbackup.ssh.pub")) (builtins.readFile (config.clan.core.settings.directory + "/machines/myhostname/facts/borgbackup.ssh.pub"))
]; ];
}; };
} }

8
docs/site/getting-started/mesh-vpn.md
View File

@@ -10,7 +10,7 @@ include a new machine into the VPN.
By default all machines within one clan are connected via a chosen network technology. By default all machines within one clan are connected via a chosen network technology.
```{.no-copy} ```{.no-copy}
Clan Clan
Node A Node A
<-> (zerotier / mycelium / ...) <-> (zerotier / mycelium / ...)
Node B Node B
@@ -48,7 +48,7 @@ To introduce a new machine to the VPN, adhere to the following steps:
configuration, substituting `<CONTROLLER>` with the controller machine name: configuration, substituting `<CONTROLLER>` with the controller machine name:
```nix ```nix
{ config, ... }: { { config, ... }: {
clan.core.networking.zerotier.networkId = builtins.readFile (config.clan.core.clanDir + "/machines/<CONTROLLER>/facts/zerotier-network-id"); clan.core.networking.zerotier.networkId = builtins.readFile (config.clan.core.settings.directory + "/machines/<CONTROLLER>/facts/zerotier-network-id");
} }
``` ```
1. **Update the New Machine**: Execute: 1. **Update the New Machine**: Execute:
@@ -73,13 +73,13 @@ To introduce a new machine to the VPN, adhere to the following steps:
```bash ```bash
$ sudo zerotier-cli info $ sudo zerotier-cli info
``` ```
Example Output: Example Output:
```{.console, .no-copy} ```{.console, .no-copy}
200 info d2c71971db 1.12.1 OFFLINE 200 info d2c71971db 1.12.1 OFFLINE
``` ```
, where `d2c71971db` is the ZeroTier ID. , where `d2c71971db` is the ZeroTier ID.
2. **Authorize the New Machine on the Controller**: On the controller machine, 2. **Authorize the New Machine on the Controller**: On the controller machine,
execute: execute:

14
lib/build-clan/module.nix
View File

@@ -80,14 +80,20 @@ let
( (
{ {
# Settings # Settings
clan.core.clanDir = directory; clan.core.settings = {
inherit directory;
inherit (config.inventory.meta) name icon;
machine = {
inherit name;
};
};
# Inherited from clan wide settings # Inherited from clan wide settings
# TODO: remove these # TODO: remove these
clan.core.name = config.inventory.meta.name;
clan.core.icon = config.inventory.meta.icon;
# Machine specific settings # Machine specific settings
clan.core.machineName = name; # clan.core.settings.machine.name = name;
networking.hostName = lib.mkDefault name; networking.hostName = lib.mkDefault name;
# speeds up nix commands by using the nixpkgs from the host system (especially useful in VMs) # speeds up nix commands by using the nixpkgs from the host system (especially useful in VMs)

4
lib/eval-clan-modules/default.nix
View File

@@ -23,7 +23,7 @@ let
modules = [ modules = [
baseModule baseModule
{ {
clan.core.clanDir = clan-core; clan.core.settings.directory = clan-core;
} }
clan-core.nixosModules.clanCore clan-core.nixosModules.clanCore
] ++ modules; ] ++ modules;
@@ -75,7 +75,7 @@ let
baseModule baseModule
clan-core.nixosModules.clanCore clan-core.nixosModules.clanCore
{ {
clan.core.clanDir = clan-core; clan.core.settings.directory = clan-core;
} }
# Role interface # Role interface
(module + "/roles/${role}.nix") (module + "/roles/${role}.nix")

8
nixosModules/clanCore/facts/compat.nix
View File

@@ -140,12 +140,12 @@
path to a fact which is generated by the generator path to a fact which is generated by the generator
''; '';
default = default =
config.clan.core.clanDir config.clan.core.settings.directory
+ "/machines/${config.clan.core.machineName}/facts/${fact.config._module.args.name}"; + "/machines/${config.clan.core.settings.machine.name}/facts/${fact.config._module.args.name}";
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config._module.args.name}"; defaultText = lib.literalExpression "\${config.clan.core.settings.directory}/machines/\${config.clan.core.settings.machine.name}/facts/\${fact.config._module.args.name}";
}; };
value = lib.mkOption { value = lib.mkOption {
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}"; defaultText = lib.literalExpression "\${config.clan.core.settings.directory}/\${fact.config.path}";
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;
default = default =
if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null; if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null;

7
nixosModules/clanCore/facts/default.nix
View File

@@ -219,15 +219,16 @@
description = '' description = ''
path to a fact which is generated by the generator path to a fact which is generated by the generator
''; '';
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config.name}"; defaultText = lib.literalExpression "\${config.clan.core.settings.directory}/machines/\${config.clan.core.settings.machine.name}/facts/\${fact.config.name}";
default = default =
config.clan.core.clanDir + "/machines/${config.clan.core.machineName}/facts/${fact.config.name}"; config.clan.core.settings.directory
+ "/machines/${config.clan.core.settings.machine.name}/facts/${fact.config.name}";
}; };
value = lib.mkOption { value = lib.mkOption {
description = '' description = ''
The value of the public fact. The value of the public fact.
''; '';
defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}"; defaultText = lib.literalExpression "\${config.clan.core.settings.directory}/\${fact.config.path}";
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;
default = default =
if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null; if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null;

14
nixosModules/clanCore/facts/secret/sops.nix
View File

@@ -5,8 +5,8 @@
... ...
}: }:
let let
secretsDir = config.clan.core.clanDir + "/sops/secrets"; secretsDir = config.clan.core.settings.directory + "/sops/secrets";
groupsDir = config.clan.core.clanDir + "/sops/groups"; groupsDir = config.clan.core.settings.directory + "/sops/groups";
# My symlink is in the nixos module detected as a directory also it works in the repl. Is this because of pure evaluation? # My symlink is in the nixos module detected as a directory also it works in the repl. Is this because of pure evaluation?
containsSymlink = containsSymlink =
@@ -16,7 +16,8 @@ let
containsMachine = containsMachine =
parent: name: type: parent: name: type:
type == "directory" && containsSymlink "${parent}/${name}/machines/${config.clan.core.machineName}"; type == "directory"
&& containsSymlink "${parent}/${name}/machines/${config.clan.core.settings.machine.name}";
containsMachineOrGroups = containsMachineOrGroups =
name: type: name: type:
@@ -37,12 +38,12 @@ in
# Before we generate a secret we cannot know the path yet, so we need to set it to an empty string # Before we generate a secret we cannot know the path yet, so we need to set it to an empty string
clan.core.facts.secretPathFunction = clan.core.facts.secretPathFunction =
secret: secret:
config.sops.secrets.${"${config.clan.core.machineName}-${secret.config.name}"}.path config.sops.secrets.${"${config.clan.core.settings.machine.name}-${secret.config.name}"}.path
or "/no-such-path"; or "/no-such-path";
clan.core.facts.secretModule = "clan_cli.facts.secret_modules.sops"; clan.core.facts.secretModule = "clan_cli.facts.secret_modules.sops";
clan.core.facts.secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix"; clan.core.facts.secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix";
sops.secrets = builtins.mapAttrs (name: _: { sops.secrets = builtins.mapAttrs (name: _: {
sopsFile = config.clan.core.clanDir + "/sops/secrets/${name}/secret"; sopsFile = config.clan.core.settings.directory + "/sops/secrets/${name}/secret";
format = "binary"; format = "binary";
}) secrets; }) secrets;
# To get proper error messages about missing secrets we need a dummy secret file that is always present # To get proper error messages about missing secrets we need a dummy secret file that is always present
@@ -51,7 +52,8 @@ in
); );
sops.age.keyFile = lib.mkIf (builtins.pathExists ( sops.age.keyFile = lib.mkIf (builtins.pathExists (
config.clan.core.clanDir + "/sops/secrets/${config.clan.core.machineName}-age.key/secret" config.clan.core.settings.directory
+ "/sops/secrets/${config.clan.core.settings.machine.name}-age.key/secret"
)) (lib.mkDefault "/var/lib/sops-nix/key.txt"); )) (lib.mkDefault "/var/lib/sops-nix/key.txt");
}; };
} }

178
nixosModules/clanCore/metadata.nix
View File

@@ -1,66 +1,150 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
let
inherit (lib) mkOption types;
in
{ {
imports = [ imports = [
(lib.mkRemovedOptionModule [ (lib.mkRemovedOptionModule [
"clan" "clan"
"core" "core"
"clanName" "clanName"
] "clanName has been removed. Use clan.core.name instead.") ] "clanName has been removed. Use clan.core.settings.name instead.")
(lib.mkRemovedOptionModule [ (lib.mkRemovedOptionModule [
"clan" "clan"
"core" "core"
"clanIcon" "clanIcon"
] "clanIcon has been removed. Use clan.core.icon instead.") ] "clanIcon has been removed. Use clan.core.settings.icon instead.")
# The following options have been moved into clan.core.settings
(lib.mkRenamedOptionModule
[ "clan" "core" "clanDir" ]
[
"clan"
"core"
"settings"
"directory"
]
)
(lib.mkRenamedOptionModule
[ "clan" "core" "name" ]
[
"clan"
"core"
"settings"
"name"
]
)
(lib.mkRenamedOptionModule
[ "clan" "core" "icon" ]
[
"clan"
"core"
"settings"
"icon"
]
)
# The following options have been moved into clan.core.settings.machine
(lib.mkRenamedOptionModule
[ "clan" "core" "machineName" ]
[
"clan"
"core"
"settings"
"machine"
"name"
]
)
(lib.mkRenamedOptionModule
[ "clan" "core" "machineDescription" ]
[
"clan"
"core"
"settings"
"machine"
"description"
]
)
(lib.mkRenamedOptionModule
[ "clan" "core" "machineIcon" ]
[
"clan"
"core"
"settings"
"machine"
"icon"
]
)
]; ];
options.clan.core = { options.clan.core = {
name = lib.mkOption { settings = mkOption {
type = lib.types.str;
description = '' description = ''
the name of the clan Settings of the clan.
'';
# Set by the flake, so it's read-only in the maschine This is a read-only attribute-set available to the machines of the clan.
readOnly = true;
};
icon = lib.mkOption {
type = lib.types.nullOr lib.types.path;
description = ''
the location of the clan icon
'';
# Set by the flake, so it's read-only in the maschine
readOnly = true;
};
machineIcon = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
the location of the machine icon
'';
};
machineDescription = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = ''
the description of the machine
'';
};
clanDir = lib.mkOption {
type = lib.types.path;
# documentation.nixos.extraModules = [
# ...
# clan-core.nixosModules.clanCore
# { clan.core.clanDir = ./path/to/flake; }
# ];
description = ''
the location of the flake repo, used to calculate the location of facts and secrets
'';
};
machineName = lib.mkOption {
type = lib.types.str;
default = "nixos";
description = ''
the name of the machine
''; '';
type = types.submodule {
options = {
directory = mkOption {
type = types.path;
description = ''
the location of the flake repo, used to calculate the location of facts and secrets
'';
};
name = lib.mkOption {
type = lib.types.str;
description = ''
the name of the clan
'';
# Set by the flake, so it's read-only in the maschine
readOnly = true;
};
icon = lib.mkOption {
type = lib.types.nullOr lib.types.path;
description = ''
the location of the clan icon
'';
# Set by the flake, so it's read-only in the maschine
readOnly = true;
};
machine = mkOption {
description = ''
Settings of the machine.
This is a read-only attribute-set available to the machines of the clan.
'';
default = { };
type = types.submodule {
options = {
name = mkOption {
type = types.str;
default = "nixos";
description = ''
the name of the machine
'';
};
icon = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
the location of the machine icon
'';
};
description = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = ''
the description of the machine
'';
};
};
};
};
};
};
}; };
# TODO: Move this into settings.clanPkgs ?
# This could also be part of the public interface to allow users to override the internal packages
clanPkgs = lib.mkOption { clanPkgs = lib.mkOption {
defaultText = "self.packages.${pkgs.system}"; defaultText = "self.packages.${pkgs.system}";
internal = true; internal = true;

4
nixosModules/clanCore/nixos-facter.nix
View File

@@ -1,7 +1,7 @@
{ lib, config, ... }: { lib, config, ... }:
let let
directory = config.clan.core.clanDir; directory = config.clan.core.settings.directory;
inherit (config.clan.core) machineName; machineName = config.clan.core.settings.machine.name;
facterJson = "${directory}/machines/${machineName}/facter.json"; facterJson = "${directory}/machines/${machineName}/facter.json";
hwConfig = "${directory}/machines/${machineName}/hardware-configuration.nix"; hwConfig = "${directory}/machines/${machineName}/hardware-configuration.nix";
in in

9
nixosModules/clanCore/vars/public/in_repo.nix
View File

@@ -13,11 +13,14 @@ in
fileModule = file: { fileModule = file: {
path = mkIf (file.config.secret == false) ( path = mkIf (file.config.secret == false) (
if file.config.share then if file.config.share then
(config.clan.core.clanDir + "/vars/shared/${file.config.generatorName}/${file.config.name}/value") (
config.clan.core.settings.directory
+ "/vars/shared/${file.config.generatorName}/${file.config.name}/value"
)
else else
( (
config.clan.core.clanDir config.clan.core.settings.directory
+ "/vars/per-machine/${config.clan.core.machineName}/${file.config.generatorName}/${file.config.name}/value" + "/vars/per-machine/${config.clan.core.settings.machine.name}/${file.config.generatorName}/${file.config.name}/value"
) )
); );
value = mkIf (file.config.secret == false) ( value = mkIf (file.config.secret == false) (

8
nixosModules/clanCore/vars/secret/sops/default.nix
View File

@@ -10,14 +10,14 @@ let
inherit (import ./funcs.nix { inherit lib; }) collectFiles; inherit (import ./funcs.nix { inherit lib; }) collectFiles;
inherit (config.clan.core) machineName; machineName = config.clan.core.settings.machine.name;
secretPath = secretPath =
secret: secret:
if secret.share then if secret.share then
config.clan.core.clanDir + "/vars/shared/${secret.generator}/${secret.name}/secret" config.clan.core.settings.directory + "/vars/shared/${secret.generator}/${secret.name}/secret"
else else
config.clan.core.clanDir config.clan.core.settings.directory
+ "/vars/per-machine/${machineName}/${secret.generator}/${secret.name}/secret"; + "/vars/per-machine/${machineName}/${secret.generator}/${secret.name}/secret";
vars = collectFiles config.clan.core.vars; vars = collectFiles config.clan.core.vars;
@@ -53,7 +53,7 @@ in
lib.mkDefault (builtins.toString (pkgs.writeText "dummy.yaml" "")) lib.mkDefault (builtins.toString (pkgs.writeText "dummy.yaml" ""))
); );
age.keyFile = lib.mkIf (builtins.pathExists ( age.keyFile = lib.mkIf (builtins.pathExists (
config.clan.core.clanDir + "/sops/secrets/${machineName}-age.key/secret" config.clan.core.settings.directory + "/sops/secrets/${machineName}-age.key/secret"
)) (lib.mkDefault "/var/lib/sops-nix/key.txt"); )) (lib.mkDefault "/var/lib/sops-nix/key.txt");
}; };
} }

8
nixosModules/clanCore/vm.nix
View File

@@ -250,10 +250,10 @@ in
config = { config = {
# for clan vm inspect # for clan vm inspect
clan.core.vm.inspect = { clan.core.vm.inspect = {
clan_name = config.clan.core.name; clan_name = config.clan.core.settings.name;
machine_icon = config.clan.core.machineIcon or config.clan.core.icon; machine_icon = config.clan.core.settings.machine.icon or config.clan.core.settings.icon;
machine_name = config.clan.core.machineName; machine_name = config.clan.core.settings.machine.name;
machine_description = config.clan.core.machineDescription; machine_description = config.clan.core.settings.machine.description;
memory_size = config.clan.virtualisation.memorySize; memory_size = config.clan.virtualisation.memorySize;
inherit (config.clan.virtualisation) cores graphics waypipe; inherit (config.clan.virtualisation) cores graphics waypipe;
}; };

2
nixosModules/clanCore/zerotier/default.nix
View File

@@ -23,7 +23,7 @@ in
}; };
name = lib.mkOption { name = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = config.clan.core.name; default = config.clan.core.settings.name;
defaultText = "config.clan.core.name"; defaultText = "config.clan.core.name";
description = '' description = ''
zerotier network name zerotier network name