add requireExplicitUpdate option for mobile devices

docs/admins/machines.md

@@ -101,16 +101,6 @@ $ clan config --machine my-machine clan.networking.targetHost root@host_or_ip
 _Note: The use of `root@` in the target address implies SSH access as the root user.
 Ensure that the root login is secured and only used when necessary._
 
-### Setting the Build Host
-
-If the machine does not have enough resources to run the NixOS evaluation or build itself,
-it is also possible to specify a build host instead.
-During an update, the cli will ssh into the build host and run `nixos-rebuild` from there.
-
-```shellSession
-$ clan config --machine my-machine clan.networking.buildHost root@host_or_ip
-```
-
 ### Updating Machine Configurations
 
 Execute the following command to update the specified machine:
@@ -124,3 +114,25 @@ You can also update all configured machines simultaneously by omitting the machi
 ```shellSession
 $ clan machines update
 ```
+
+### Setting a Build Host
+
+If the machine does not have enough resources to run the NixOS evaluation or build itself,
+it is also possible to specify a build host instead.
+During an update, the cli will ssh into the build host and run `nixos-rebuild` from there.
+
+```shellSession
+$ clan config --machine my-machine clan.networking.buildHost root@host_or_ip
+```
+
+### Excluding a machine from `clan machine update`
+
+To exclude machines from beeing updated when running `clan machines update` without any machines specified,
+one can set the `clan.deployment.requireExplicitUpdate` option to true:
+
+
+```shellSession
+$ clan config --machine my-machine clan.deployment.requireExplicitUpdate true
+```
+
+This is useful for machines that are not always online or are not part of the regular update cycle.

nixosModules/clanCore/networking.nix

@@ -1,38 +1,53 @@
 { config, lib, ... }:
 {
-  options.clan.networking = {
+  options.clan = {
-    targetHost = lib.mkOption {
+    networking = {
-      description = ''
+      targetHost = lib.mkOption {
-        The target SSH node for deployment.
+        description = ''
+          The target SSH node for deployment.
 
-        By default, the node's attribute name will be used.
+          By default, the node's attribute name will be used.
-        If set to null, only local deployment will be supported.
+          If set to null, only local deployment will be supported.
 
-        format: user@host:port&SSH_OPTION=SSH_VALUE
+          format: user@host:port&SSH_OPTION=SSH_VALUE
-        examples:
+          examples:
-          - machine.example.com
+            - machine.example.com
-          - user@machine2.example.com
+            - user@machine2.example.com
-          - root@example.com:2222&IdentityFile=/path/to/private/key
+            - root@example.com:2222&IdentityFile=/path/to/private/key
-      '';
+        '';
-      default = null;
+        default = null;
-      type = lib.types.nullOr lib.types.str;
+        type = lib.types.nullOr lib.types.str;
+      };
+      buildHost = lib.mkOption {
+        description = ''
+          The build SSH node where nixos-rebuild will be executed.
+
+          If set to null, the targetHost will be used.
+
+          format: user@host:port&SSH_OPTION=SSH_VALUE
+          examples:
+            - machine.example.com
+            - user@machine2.example.com
+            - root@example.com:2222&IdentityFile=/path/to/private/key
+        '';
+        type = lib.types.nullOr lib.types.str;
+        default = null;
+      };
     };
-    buildHost = lib.mkOption {
-      description = ''
-        The build SSH node where nixos-rebuild will be executed.
 
-        If set to null, the targetHost will be used.
+    deployment = {
+      requireExplicitUpdate = lib.mkOption {
+        description = ''
+          Do not update this machine when running `clan machines update` without any machines specified.
 
-        format: user@host:port&SSH_OPTION=SSH_VALUE
+          This is useful for machines that are not always online or are not part of the regular update cycle.
-        examples:
+        '';
-          - machine.example.com
+        type = lib.types.bool;
-          - user@machine2.example.com
+        default = false;
-          - root@example.com:2222&IdentityFile=/path/to/private/key
+      };
-      '';
-      type = lib.types.nullOr lib.types.str;
-      default = null;
     };
   };
+
   imports = [
     (lib.mkRenamedOptionModule [ "clan" "networking" "deploymentAddress" ] [ "clan" "networking" "targetHost" ])
   ];

nixosModules/clanCore/outputs.nix

@@ -31,6 +31,13 @@
             the hostname of the target host to be deployed to
           '';
         };
+        deployment.requireExplicitUpdate = lib.mkOption {
+          type = lib.types.bool;
+          description = ''
+            if true, the deployment will not be updated automatically.
+          '';
+          default = false;
+        };
         secretsUploadDirectory = lib.mkOption {
           type = lib.types.path;
           description = ''
@@ -73,6 +80,7 @@
     system.clan.deployment.data = {
       inherit (config.system.clan) secretsModule secretsData;
       inherit (config.clan.networking) targetHost buildHost;
+      inherit (config.clan.deployment) requireExplicitUpdate;
       inherit (config.clanCore) secretsUploadDirectory;
     };
     system.clan.deployment.file = pkgs.writeText "deployment.json" (builtins.toJSON config.system.clan.deployment.data);

pkgs/clan-cli/clan_cli/machines/update.py

@@ -151,6 +151,9 @@ def get_all_machines(clan_dir: Path) -> HostGroup:
     hosts = []
     ignored_machines = []
     for name, machine_data in machines.items():
+        if machine_data.get("requireExplicitUpdate", False):
+            continue
+
         machine = Machine(name=name, flake=clan_dir, deployment_info=machine_data)
         try:
             hosts.append(machine.build_host)