diff --git a/checks/backups/flake-module.nix b/checks/backups/flake-module.nix index 9220163d5..a46f2c0aa 100644 --- a/checks/backups/flake-module.nix +++ b/checks/backups/flake-module.nix @@ -147,7 +147,7 @@ self.nixosModules.test-backup ]; virtualisation.emptyDiskImages = [ 256 ]; - clan.core.clanDir = ./.; + clan.core.settings.directory = ./.; }; testScript = '' diff --git a/checks/borgbackup/default.nix b/checks/borgbackup/default.nix index d376b354b..c3b3fb9f9 100644 --- a/checks/borgbackup/default.nix +++ b/checks/borgbackup/default.nix @@ -16,8 +16,8 @@ }; } { - clan.core.machineName = "machine"; - clan.core.clanDir = ./.; + clan.core.settings.machine.name = "machine"; + clan.core.settings.directory = ./.; clan.core.state.testState.folders = [ "/etc/state" ]; environment.etc.state.text = "hello world"; systemd.tmpfiles.settings."vmsecrets" = { diff --git a/checks/deltachat/default.nix b/checks/deltachat/default.nix index 04ad3ad64..857132414 100644 --- a/checks/deltachat/default.nix +++ b/checks/deltachat/default.nix @@ -10,8 +10,8 @@ self.clanModules.deltachat self.nixosModules.clanCore { - clan.core.machineName = "machine"; - clan.core.clanDir = ./.; + clan.core.settings.machine.name = "machine"; + clan.core.settings.directory = ./.; } ]; }; diff --git a/checks/matrix-synapse/default.nix b/checks/matrix-synapse/default.nix index 9e6143e3f..5a28efe3b 100644 --- a/checks/matrix-synapse/default.nix +++ b/checks/matrix-synapse/default.nix @@ -15,8 +15,8 @@ self.clanModules.matrix-synapse self.nixosModules.clanCore { - clan.core.machineName = "machine"; - clan.core.clanDir = ./.; + clan.core.settings.machine.name = "machine"; + clan.core.settings.directory = ./.; services.nginx.virtualHosts."matrix.clan.test" = { enableACME = lib.mkForce false; diff --git a/checks/mumble/default.nix b/checks/mumble/default.nix index 627e21416..7b3382127 100644 --- a/checks/mumble/default.nix +++ b/checks/mumble/default.nix @@ -12,7 +12,7 @@ self.nixosModules.clanCore (self.inputs.nixpkgs + "/nixos/tests/common/x11.nix") { - clan.core.clanDir = ./.; + clan.core.settings.directory = ./.; environment.systemPackages = [ pkgs.killall ]; clan.core.facts.services.mumble.secret."mumble-key".path = "/etc/mumble-key"; clan.core.facts.services.mumble.public."mumble-cert".path = "/etc/mumble-cert"; @@ -32,7 +32,7 @@ imports = [ common { - clan.core.machineName = "peer1"; + clan.core.settings.machine.name = "peer1"; environment.etc = { "mumble-key".source = ./peer_1/peer_1_test_key; "mumble-cert".source = ./peer_1/peer_1_test_cert; @@ -64,7 +64,7 @@ imports = [ common { - clan.core.machineName = "peer2"; + clan.core.settings.machine.name = "peer2"; environment.etc = { "mumble-key".source = ./peer_2/peer_2_test_key; "mumble-cert".source = ./peer_2/peer_2_test_cert; @@ -111,12 +111,12 @@ with subtest("Wait for certificate creation"): peer1.wait_for_window(r"^Mumble$") peer1.sleep(3) # mumble is slow to register handlers - peer1.send_chars("\n") - peer1.send_chars("\n") + peer1.send_chars("\n") + peer1.send_chars("\n") peer2.wait_for_window(r"^Mumble$") peer2.sleep(3) # mumble is slow to register handlers - peer2.send_chars("\n") - peer2.send_chars("\n") + peer2.send_chars("\n") + peer2.send_chars("\n") with subtest("Wait for server connect"): peer1.wait_for_window(r"^Mumble Server Connect$") @@ -128,8 +128,8 @@ peer1.execute("mumble mumble://peer2 >&2 &") peer1.wait_for_window(r"^Mumble$") peer1.sleep(3) # mumble is slow to register handlers - peer1.send_chars("\n") - peer1.send_chars("\n") + peer1.send_chars("\n") + peer1.send_chars("\n") peer1.wait_for_text("Connected.") peer2.execute("killall .mumble-wrapped") @@ -137,8 +137,8 @@ peer2.execute("mumble mumble://peer1 >&2 &") peer2.wait_for_window(r"^Mumble$") peer2.sleep(3) # mumble is slow to register handlers - peer2.send_chars("\n") - peer2.send_chars("\n") + peer2.send_chars("\n") + peer2.send_chars("\n") peer2.wait_for_text("Connected.") ''; } diff --git a/checks/nixos-documentation/flake-module.nix b/checks/nixos-documentation/flake-module.nix index b8351ac67..c7671e3b0 100644 --- a/checks/nixos-documentation/flake-module.nix +++ b/checks/nixos-documentation/flake-module.nix @@ -8,7 +8,7 @@ let self.nixosModules.clanCore # This is the only option that is not part of the # module because it is usually set by flake-parts - { clan.core.clanDir = ./.; } + { clan.core.settings.directory = ./.; } ]; }; in diff --git a/checks/postgresql/default.nix b/checks/postgresql/default.nix index 595e00203..aba573c28 100644 --- a/checks/postgresql/default.nix +++ b/checks/postgresql/default.nix @@ -13,7 +13,7 @@ clan.postgresql.databases.test.create.options.OWNER = "test"; clan.postgresql.databases.test.restore.stopOnRestore = [ "sample-service" ]; clan.localbackup.targets.hdd.directory = "/mnt/external-disk"; - clan.core.clanDir = ./.; + clan.core.settings.directory = ./.; systemd.services.sample-service = { wantedBy = [ "multi-user.target" ]; diff --git a/checks/secrets/default.nix b/checks/secrets/default.nix index 034625de2..e3d542d0d 100644 --- a/checks/secrets/default.nix +++ b/checks/secrets/default.nix @@ -10,8 +10,8 @@ environment.etc."group-secret".source = config.sops.secrets.group-secret.path; sops.age.keyFile = "/etc/privkey.age"; - clan.core.clanDir = "${./.}"; - clan.core.machineName = "machine"; + clan.core.settings.directory = "${./.}"; + clan.core.settings.machine.name = "machine"; networking.hostName = "machine"; }; diff --git a/checks/syncthing/default.nix b/checks/syncthing/default.nix index 75d9447c4..063498e70 100644 --- a/checks/syncthing/default.nix +++ b/checks/syncthing/default.nix @@ -12,8 +12,8 @@ self.clanModules.syncthing self.nixosModules.clanCore { - clan.core.machineName = "introducer"; - clan.core.clanDir = ./.; + clan.core.settings.machine.name = "introducer"; + clan.core.settings.directory = ./.; environment.etc = { "syncthing.pam".source = ./introducer/introducer_test_cert; "syncthing.key".source = ./introducer/introducer_test_key; @@ -53,8 +53,8 @@ self.clanModules.syncthing self.nixosModules.clanCore { - clan.core.machineName = "peer1"; - clan.core.clanDir = ./.; + clan.core.settings.machine.name = "peer1"; + clan.core.settings.directory = ./.; clan.syncthing.introducer = lib.strings.removeSuffix "\n" ( builtins.readFile ./introducer/introducer_device_id ); @@ -75,8 +75,8 @@ self.clanModules.syncthing self.nixosModules.clanCore { - clan.core.machineName = "peer2"; - clan.core.clanDir = ./.; + clan.core.settings.machine.name = "peer2"; + clan.core.settings.directory = ./.; clan.syncthing.introducer = lib.strings.removeSuffix "\n" ( builtins.readFile ./introducer/introducer_device_id ); diff --git a/checks/wayland-proxy-virtwl/default.nix b/checks/wayland-proxy-virtwl/default.nix index e09e85cc6..33f57a162 100644 --- a/checks/wayland-proxy-virtwl/default.nix +++ b/checks/wayland-proxy-virtwl/default.nix @@ -14,8 +14,8 @@ import ../lib/test-base.nix ( imports = [ self.nixosModules.clanCore { - clan.core.machineName = "machine"; - clan.core.clanDir = ./.; + clan.core.settings.machine.name = "machine"; + clan.core.settings.directory = ./.; } ]; services.wayland-proxy-virtwl.enable = true; diff --git a/checks/zt-tcp-relay/default.nix b/checks/zt-tcp-relay/default.nix index 08f616bfc..93edab62a 100644 --- a/checks/zt-tcp-relay/default.nix +++ b/checks/zt-tcp-relay/default.nix @@ -10,8 +10,8 @@ self.nixosModules.clanCore self.clanModules.zt-tcp-relay { - clan.core.machineName = "machine"; - clan.core.clanDir = ./.; + clan.core.settings.machine.name = "machine"; + clan.core.settings.directory = ./.; } ]; }; diff --git a/clanModules/borgbackup-static/default.nix b/clanModules/borgbackup-static/default.nix index 05853276a..a6c529b92 100644 --- a/clanModules/borgbackup-static/default.nix +++ b/clanModules/borgbackup-static/default.nix @@ -1,7 +1,7 @@ { lib, config, ... }: let - clanDir = config.clan.core.clanDir; - machineDir = clanDir + "/machines/"; + dir = config.clan.core.settings.directory; + machineDir = dir + "/machines/"; in { imports = [ ../borgbackup ]; @@ -9,7 +9,7 @@ in options.clan.borgbackup-static = { excludeMachines = lib.mkOption { type = lib.types.listOf lib.types.str; - example = [ config.clan.core.machineName ]; + example = [ config.clan.core.settings.machine.name ]; default = [ ]; description = '' Machines that should not be backuped. @@ -20,7 +20,7 @@ in }; includeMachines = lib.mkOption { type = lib.types.listOf lib.types.str; - example = [ config.clan.core.machineName ]; + example = [ config.clan.core.settings.machine.name ]; default = [ ]; description = '' Machines that should be backuped. @@ -63,7 +63,7 @@ in in lib.mkIf (builtins.any ( - target: target == config.clan.core.machineName + target: target == config.clan.core.settings.machine.name ) config.clan.borgbackup-static.targets) (if (builtins.listToAttrs hosts) != null then builtins.listToAttrs hosts else { }); @@ -72,12 +72,12 @@ in destinations = builtins.map (d: { name = d; value = { - repo = "borg@${d}:/var/lib/borgbackup/${config.clan.core.machineName}"; + repo = "borg@${d}:/var/lib/borgbackup/${config.clan.core.settings.machine.name}"; }; }) config.clan.borgbackup-static.targets; in lib.mkIf (builtins.any ( - target: target == config.clan.core.machineName + target: target == config.clan.core.settings.machine.name ) config.clan.borgbackup-static.includeMachines) (builtins.listToAttrs destinations); config.assertions = [ diff --git a/clanModules/borgbackup/roles/client.nix b/clanModules/borgbackup/roles/client.nix index bb4439d84..1a8e14d6a 100644 --- a/clanModules/borgbackup/roles/client.nix +++ b/clanModules/borgbackup/roles/client.nix @@ -19,7 +19,7 @@ let ) ) [ ] instances; - inherit (config.clan.core) machineName; + machineName = config.clan.core.settings.machine.name; cfg = config.clan.borgbackup; preBackupScript = '' diff --git a/clanModules/borgbackup/roles/server.nix b/clanModules/borgbackup/roles/server.nix index c891fd4e7..cb510ad29 100644 --- a/clanModules/borgbackup/roles/server.nix +++ b/clanModules/borgbackup/roles/server.nix @@ -1,8 +1,8 @@ { config, lib, ... }: let - clanDir = config.clan.core.clanDir; - machineDir = clanDir + "/machines/"; - inherit (config.clan.core) machineName; + dir = config.clan.core.settings.directory; + machineDir = dir + "/machines/"; + machineName = config.clan.core.settings.machine.name; # Instances might be empty, if the module is not used via the inventory # diff --git a/clanModules/deltachat/default.nix b/clanModules/deltachat/default.nix index 33cc6554b..5b68f083b 100644 --- a/clanModules/deltachat/default.nix +++ b/clanModules/deltachat/default.nix @@ -5,7 +5,7 @@ services.maddy = let - domain = "${config.clan.core.machineName}.local"; + domain = "${config.clan.core.settings.machine.name}.local"; in { enable = true; diff --git a/clanModules/mumble/default.nix b/clanModules/mumble/default.nix index 065bf7315..ba3302219 100644 --- a/clanModules/mumble/default.nix +++ b/clanModules/mumble/default.nix @@ -5,8 +5,8 @@ ... }: let - clanDir = config.clan.core.clanDir; - machineDir = clanDir + "/machines/"; + dir = config.clan.core.settings.directory; + machineDir = dir + "/machines/"; machinesFileSet = builtins.readDir machineDir; machines = lib.mapAttrsToList (name: _: name) machinesFileSet; machineJson = builtins.toJSON machines; @@ -39,7 +39,7 @@ in services.murmur = { enable = true; logDays = -1; - registerName = config.clan.core.machineName; + registerName = config.clan.core.settings.machine.name; openFirewall = true; bonjour = true; sslKey = "/var/lib/murmur/sslKey"; @@ -97,8 +97,8 @@ in XDG_DATA_DIR=${mumbleCfgDir} ${populate-channels} --ensure-config '${mumbleCfgPath}' --db-location ${mumbleDatabasePath} echo ${machineCertJson} - ${populate-channels} --machines '${machineJson}' --username ${config.clan.core.machineName} --db-location ${mumbleDatabasePath} - ${populate-channels} --servers '${machineCertJson}' --username ${config.clan.core.machineName} --db-location ${mumbleDatabasePath} --cert True + ${populate-channels} --machines '${machineJson}' --username ${config.clan.core.settings.machine.name} --db-location ${mumbleDatabasePath} + ${populate-channels} --servers '${machineCertJson}' --username ${config.clan.core.settings.machine.name} --db-location ${mumbleDatabasePath} --cert True ${pkgs.mumble}/bin/mumble --config ${mumbleCfgPath} "$@" popd ''; diff --git a/clanModules/mumble/test.nix b/clanModules/mumble/test.nix index d2d115810..ec18db977 100644 --- a/clanModules/mumble/test.nix +++ b/clanModules/mumble/test.nix @@ -9,8 +9,8 @@ pkgs.nixosTest { self.inputs.clan-core.nixosModules.clanCore { config = { - clan.core.machineName = "peer1"; - clan.core.clanDir = ./.; + clan.core.settings.machine.name = "peer1"; + clan.core.settings.directory = ./.; documentation.enable = false; }; @@ -26,8 +26,8 @@ pkgs.nixosTest { { config = { - clan.core.machineName = "peer2"; - clan.core.clanDir = ./.; + clan.core.settings.machine.name = "peer2"; + clan.core.settings.directory = ./.; documentation.enable = false; }; diff --git a/clanModules/root-password/default.nix b/clanModules/root-password/default.nix index a340730e3..932e76d69 100644 --- a/clanModules/root-password/default.nix +++ b/clanModules/root-password/default.nix @@ -10,7 +10,7 @@ config.clan.core.facts.services.root-password.secret.password-hash.path; sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") { - "${config.clan.core.machineName}-password-hash".neededForUsers = true; + "${config.clan.core.settings.machine.name}-password-hash".neededForUsers = true; }; clan.core.facts.services.root-password = { diff --git a/clanModules/sshd/roles/server.nix b/clanModules/sshd/roles/server.nix index e7d409722..bf02fe306 100644 --- a/clanModules/sshd/roles/server.nix +++ b/clanModules/sshd/roles/server.nix @@ -69,7 +69,7 @@ in "openssh-ca" ]; validation = { - name = config.clan.core.machineName; + name = config.clan.core.settings.machine.name; domains = lib.genAttrs config.clan.sshd.certificate.searchDomains lib.id; }; runtimeInputs = [ @@ -79,9 +79,9 @@ in script = '' ssh-keygen \ -s $in/openssh-ca/id_ed25519 \ - -I ${config.clan.core.machineName} \ + -I ${config.clan.core.settings.machine.name} \ -h \ - -n ${lib.concatMapStringsSep "," (d: "${config.clan.core.machineName}.${d}") domains} \ + -n ${lib.concatMapStringsSep "," (d: "${config.clan.core.settings.machine.name}.${d}") domains} \ $in/openssh/ssh.id_ed25519.pub mv $in/openssh/ssh.id_ed25519-cert.pub $out/ssh.id_ed25519-cert.pub ''; diff --git a/clanModules/static-hosts/default.nix b/clanModules/static-hosts/default.nix index 89e443a57..2e2f25ccc 100644 --- a/clanModules/static-hosts/default.nix +++ b/clanModules/static-hosts/default.nix @@ -4,7 +4,10 @@ excludeHosts = lib.mkOption { type = lib.types.listOf lib.types.str; default = - if config.clan.static-hosts.topLevelDomain != "" then [ ] else [ config.clan.core.machineName ]; + if config.clan.static-hosts.topLevelDomain != "" then + [ ] + else + [ config.clan.core.settings.machine.name ]; description = "Hosts that should be excluded"; }; topLevelDomain = lib.mkOption { @@ -16,8 +19,8 @@ config.networking.hosts = let - clanDir = config.clan.core.clanDir; - machineDir = clanDir + "/machines/"; + dir = config.clan.core.settings.directory; + machineDir = dir + "/machines/"; zerotierIpMachinePath = machines: machineDir + machines + "/facts/zerotier-ip"; machinesFileSet = builtins.readDir machineDir; machines = lib.mapAttrsToList (name: _: name) machinesFileSet; diff --git a/clanModules/syncthing-static-peers/default.nix b/clanModules/syncthing-static-peers/default.nix index 137aa340c..dd0b3ea6a 100644 --- a/clanModules/syncthing-static-peers/default.nix +++ b/clanModules/syncthing-static-peers/default.nix @@ -5,8 +5,8 @@ ... }: let - clanDir = config.clan.core.clanDir; - machineDir = clanDir + "/machines/"; + dir = config.clan.core.settings.directory; + machineDir = dir + "/machines/"; syncthingPublicKeyPath = machines: machineDir + machines + "/facts/syncthing.pub"; machinesFileSet = builtins.readDir machineDir; machines = lib.mapAttrsToList (name: _: name) machinesFileSet; @@ -47,7 +47,7 @@ in options.clan.syncthing-static-peers = { excludeMachines = lib.mkOption { type = lib.types.listOf lib.types.str; - example = [ config.clan.core.machineName ]; + example = [ config.clan.core.settings.machine.name ]; default = [ ]; description = '' Machines that should not be added. diff --git a/clanModules/user-password/default.nix b/clanModules/user-password/default.nix index f74317d75..296dbb733 100644 --- a/clanModules/user-password/default.nix +++ b/clanModules/user-password/default.nix @@ -30,7 +30,7 @@ in }; sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") { - "${config.clan.core.machineName}-user-password-hash".neededForUsers = true; + "${config.clan.core.settings.machine.name}-user-password-hash".neededForUsers = true; }; clan.core.facts.services.user-password = { diff --git a/clanModules/zerotier-static-peers/default.nix b/clanModules/zerotier-static-peers/default.nix index c613e42df..96abe878f 100644 --- a/clanModules/zerotier-static-peers/default.nix +++ b/clanModules/zerotier-static-peers/default.nix @@ -5,8 +5,8 @@ ... }: let - clanDir = config.clan.core.clanDir; - machineDir = clanDir + "/machines/"; + dir = config.clan.core.settings.directory; + machineDir = dir + "/machines/"; machinesFileSet = builtins.readDir machineDir; machines = lib.mapAttrsToList (name: _: name) machinesFileSet; @@ -27,7 +27,7 @@ in options.clan.zerotier-static-peers = { excludeHosts = lib.mkOption { type = lib.types.listOf lib.types.str; - default = [ config.clan.core.machineName ]; + default = [ config.clan.core.settings.machine.name ]; description = "Hosts that should be excluded"; }; networkIps = lib.mkOption { diff --git a/clanModules/zerotier/roles/controller.nix b/clanModules/zerotier/roles/controller.nix index b364f76d6..2396789e0 100644 --- a/clanModules/zerotier/roles/controller.nix +++ b/clanModules/zerotier/roles/controller.nix @@ -22,10 +22,12 @@ in machines = uniqueStrings (roles.moon.machines ++ roles.controller.machines ++ roles.peer.machines); networkIps = builtins.foldl' ( ips: name: - if builtins.pathExists "${config.clan.core.clanDir}/machines/${name}/facts/zerotier-ip" then + if + builtins.pathExists "${config.clan.core.settings.directory}/machines/${name}/facts/zerotier-ip" + then ips ++ [ - (builtins.readFile "${config.clan.core.clanDir}/machines/${name}/facts/zerotier-ip") + (builtins.readFile "${config.clan.core.settings.directory}/machines/${name}/facts/zerotier-ip") ] else ips diff --git a/clanModules/zerotier/shared.nix b/clanModules/zerotier/shared.nix index daaf779b4..b1eb9f709 100644 --- a/clanModules/zerotier/shared.nix +++ b/clanModules/zerotier/shared.nix @@ -10,15 +10,17 @@ let zeroTierInstance = config.clan.inventory.services.zerotier.${instanceName}; roles = zeroTierInstance.roles; controllerMachine = builtins.head roles.controller.machines; - networkIdPath = "${config.clan.core.clanDir}/machines/${controllerMachine}/facts/zerotier-network-id"; + networkIdPath = "${config.clan.core.settings.directory}/machines/${controllerMachine}/facts/zerotier-network-id"; networkId = if builtins.pathExists networkIdPath then builtins.readFile networkIdPath else null; moons = roles.moon.machines; moonIps = builtins.foldl' ( ips: name: - if builtins.pathExists "${config.clan.core.clanDir}/machines/${name}/facts/zerotier-ip" then + if + builtins.pathExists "${config.clan.core.settings.directory}/machines/${name}/facts/zerotier-ip" + then ips ++ [ - (builtins.readFile "${config.clan.core.clanDir}/machines/${name}/facts/zerotier-ip") + (builtins.readFile "${config.clan.core.settings.directory}/machines/${name}/facts/zerotier-ip") ] else ips @@ -32,7 +34,7 @@ in { excludeHosts = lib.mkOption { type = listOf str; - default = [ config.clan.core.machineName ]; + default = [ config.clan.core.settings.machine.name ]; description = "Hosts that should be excluded"; }; networkIps = lib.mkOption { @@ -52,7 +54,7 @@ in # TODO: This should also be checked via frontmatter constraints { assertion = builtins.length instanceNames == 1; - message = "The zerotier module currently only supports one instance per machine, but found ${builtins.toString instanceNames} on machine ${config.clan.core.machineName}"; + message = "The zerotier module currently only supports one instance per machine, but found ${builtins.toString instanceNames} on machine ${config.clan.core.settings.machine.name}"; } ]; diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 7f58ecd40..83098f0fd 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -127,11 +127,12 @@ nav: - reference/clan-core/index.md - reference/clan-core/backups.md + - reference/clan-core/deployment.md - reference/clan-core/facts.md + - reference/clan-core/networking.md + - reference/clan-core/settings.md - reference/clan-core/sops.md - reference/clan-core/state.md - - reference/clan-core/deployment.md - - reference/clan-core/networking.md - reference/clan-core/vars.md - Nix API: - buildClan: reference/nix-api/buildclan.md diff --git a/docs/site/getting-started/backups.md b/docs/site/getting-started/backups.md index a58563f66..90fb8a628 100644 --- a/docs/site/getting-started/backups.md +++ b/docs/site/getting-started/backups.md @@ -116,7 +116,7 @@ On the server where backups will be stored, enable the SSH daemon and set up a r services.borgbackup.repos.myhostname = { path = "/var/lib/borgbackup/myhostname"; authorizedKeys = [ - (builtins.readFile (config.clan.core.clanDir + "/machines/myhostname/facts/borgbackup.ssh.pub")) + (builtins.readFile (config.clan.core.settings.directory + "/machines/myhostname/facts/borgbackup.ssh.pub")) ]; }; } diff --git a/docs/site/getting-started/mesh-vpn.md b/docs/site/getting-started/mesh-vpn.md index ca17dc90f..35c84d6d4 100644 --- a/docs/site/getting-started/mesh-vpn.md +++ b/docs/site/getting-started/mesh-vpn.md @@ -10,7 +10,7 @@ include a new machine into the VPN. By default all machines within one clan are connected via a chosen network technology. ```{.no-copy} -Clan +Clan Node A <-> (zerotier / mycelium / ...) Node B @@ -48,7 +48,7 @@ To introduce a new machine to the VPN, adhere to the following steps: configuration, substituting `` with the controller machine name: ```nix { config, ... }: { - clan.core.networking.zerotier.networkId = builtins.readFile (config.clan.core.clanDir + "/machines//facts/zerotier-network-id"); + clan.core.networking.zerotier.networkId = builtins.readFile (config.clan.core.settings.directory + "/machines//facts/zerotier-network-id"); } ``` 1. **Update the New Machine**: Execute: @@ -73,13 +73,13 @@ To introduce a new machine to the VPN, adhere to the following steps: ```bash $ sudo zerotier-cli info ``` - Example Output: + Example Output: ```{.console, .no-copy} 200 info d2c71971db 1.12.1 OFFLINE ``` , where `d2c71971db` is the ZeroTier ID. - + 2. **Authorize the New Machine on the Controller**: On the controller machine, execute: diff --git a/lib/build-clan/module.nix b/lib/build-clan/module.nix index 937925c8e..42411857d 100644 --- a/lib/build-clan/module.nix +++ b/lib/build-clan/module.nix @@ -80,14 +80,20 @@ let ( { # Settings - clan.core.clanDir = directory; + clan.core.settings = { + inherit directory; + inherit (config.inventory.meta) name icon; + + machine = { + inherit name; + }; + }; # Inherited from clan wide settings # TODO: remove these - clan.core.name = config.inventory.meta.name; - clan.core.icon = config.inventory.meta.icon; # Machine specific settings - clan.core.machineName = name; + # clan.core.settings.machine.name = name; + networking.hostName = lib.mkDefault name; # speeds up nix commands by using the nixpkgs from the host system (especially useful in VMs) diff --git a/lib/eval-clan-modules/default.nix b/lib/eval-clan-modules/default.nix index b12e910de..1fd93e042 100644 --- a/lib/eval-clan-modules/default.nix +++ b/lib/eval-clan-modules/default.nix @@ -23,7 +23,7 @@ let modules = [ baseModule { - clan.core.clanDir = clan-core; + clan.core.settings.directory = clan-core; } clan-core.nixosModules.clanCore ] ++ modules; @@ -75,7 +75,7 @@ let baseModule clan-core.nixosModules.clanCore { - clan.core.clanDir = clan-core; + clan.core.settings.directory = clan-core; } # Role interface (module + "/roles/${role}.nix") diff --git a/nixosModules/clanCore/facts/compat.nix b/nixosModules/clanCore/facts/compat.nix index bc2690fe2..8fc81b233 100644 --- a/nixosModules/clanCore/facts/compat.nix +++ b/nixosModules/clanCore/facts/compat.nix @@ -140,12 +140,12 @@ path to a fact which is generated by the generator ''; default = - config.clan.core.clanDir - + "/machines/${config.clan.core.machineName}/facts/${fact.config._module.args.name}"; - defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config._module.args.name}"; + config.clan.core.settings.directory + + "/machines/${config.clan.core.settings.machine.name}/facts/${fact.config._module.args.name}"; + defaultText = lib.literalExpression "\${config.clan.core.settings.directory}/machines/\${config.clan.core.settings.machine.name}/facts/\${fact.config._module.args.name}"; }; value = lib.mkOption { - defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}"; + defaultText = lib.literalExpression "\${config.clan.core.settings.directory}/\${fact.config.path}"; type = lib.types.nullOr lib.types.str; default = if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null; diff --git a/nixosModules/clanCore/facts/default.nix b/nixosModules/clanCore/facts/default.nix index bb0a505ef..7f8c6781b 100644 --- a/nixosModules/clanCore/facts/default.nix +++ b/nixosModules/clanCore/facts/default.nix @@ -219,15 +219,16 @@ description = '' path to a fact which is generated by the generator ''; - defaultText = lib.literalExpression "\${config.clan.core.clanDir}/machines/\${config.clan.core.machineName}/facts/\${fact.config.name}"; + defaultText = lib.literalExpression "\${config.clan.core.settings.directory}/machines/\${config.clan.core.settings.machine.name}/facts/\${fact.config.name}"; default = - config.clan.core.clanDir + "/machines/${config.clan.core.machineName}/facts/${fact.config.name}"; + config.clan.core.settings.directory + + "/machines/${config.clan.core.settings.machine.name}/facts/${fact.config.name}"; }; value = lib.mkOption { description = '' The value of the public fact. ''; - defaultText = lib.literalExpression "\${config.clan.core.clanDir}/\${fact.config.path}"; + defaultText = lib.literalExpression "\${config.clan.core.settings.directory}/\${fact.config.path}"; type = lib.types.nullOr lib.types.str; default = if builtins.pathExists fact.config.path then lib.strings.fileContents fact.config.path else null; diff --git a/nixosModules/clanCore/facts/secret/sops.nix b/nixosModules/clanCore/facts/secret/sops.nix index eb9caa307..989a4a6e5 100644 --- a/nixosModules/clanCore/facts/secret/sops.nix +++ b/nixosModules/clanCore/facts/secret/sops.nix @@ -5,8 +5,8 @@ ... }: let - secretsDir = config.clan.core.clanDir + "/sops/secrets"; - groupsDir = config.clan.core.clanDir + "/sops/groups"; + secretsDir = config.clan.core.settings.directory + "/sops/secrets"; + groupsDir = config.clan.core.settings.directory + "/sops/groups"; # My symlink is in the nixos module detected as a directory also it works in the repl. Is this because of pure evaluation? containsSymlink = @@ -16,7 +16,8 @@ let containsMachine = parent: name: type: - type == "directory" && containsSymlink "${parent}/${name}/machines/${config.clan.core.machineName}"; + type == "directory" + && containsSymlink "${parent}/${name}/machines/${config.clan.core.settings.machine.name}"; containsMachineOrGroups = name: type: @@ -37,12 +38,12 @@ in # Before we generate a secret we cannot know the path yet, so we need to set it to an empty string clan.core.facts.secretPathFunction = secret: - config.sops.secrets.${"${config.clan.core.machineName}-${secret.config.name}"}.path + config.sops.secrets.${"${config.clan.core.settings.machine.name}-${secret.config.name}"}.path or "/no-such-path"; clan.core.facts.secretModule = "clan_cli.facts.secret_modules.sops"; clan.core.facts.secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix"; sops.secrets = builtins.mapAttrs (name: _: { - sopsFile = config.clan.core.clanDir + "/sops/secrets/${name}/secret"; + sopsFile = config.clan.core.settings.directory + "/sops/secrets/${name}/secret"; format = "binary"; }) secrets; # To get proper error messages about missing secrets we need a dummy secret file that is always present @@ -51,7 +52,8 @@ in ); sops.age.keyFile = lib.mkIf (builtins.pathExists ( - config.clan.core.clanDir + "/sops/secrets/${config.clan.core.machineName}-age.key/secret" + config.clan.core.settings.directory + + "/sops/secrets/${config.clan.core.settings.machine.name}-age.key/secret" )) (lib.mkDefault "/var/lib/sops-nix/key.txt"); }; } diff --git a/nixosModules/clanCore/metadata.nix b/nixosModules/clanCore/metadata.nix index 2e5fb7188..748d2b076 100644 --- a/nixosModules/clanCore/metadata.nix +++ b/nixosModules/clanCore/metadata.nix @@ -1,66 +1,150 @@ { lib, pkgs, ... }: +let + inherit (lib) mkOption types; +in { imports = [ (lib.mkRemovedOptionModule [ "clan" "core" "clanName" - ] "clanName has been removed. Use clan.core.name instead.") + ] "clanName has been removed. Use clan.core.settings.name instead.") (lib.mkRemovedOptionModule [ "clan" "core" "clanIcon" - ] "clanIcon has been removed. Use clan.core.icon instead.") + ] "clanIcon has been removed. Use clan.core.settings.icon instead.") + + # The following options have been moved into clan.core.settings + (lib.mkRenamedOptionModule + [ "clan" "core" "clanDir" ] + [ + "clan" + "core" + "settings" + "directory" + ] + ) + (lib.mkRenamedOptionModule + [ "clan" "core" "name" ] + [ + "clan" + "core" + "settings" + "name" + ] + ) + (lib.mkRenamedOptionModule + [ "clan" "core" "icon" ] + [ + "clan" + "core" + "settings" + "icon" + ] + ) + # The following options have been moved into clan.core.settings.machine + (lib.mkRenamedOptionModule + [ "clan" "core" "machineName" ] + [ + "clan" + "core" + "settings" + "machine" + "name" + ] + ) + (lib.mkRenamedOptionModule + [ "clan" "core" "machineDescription" ] + [ + "clan" + "core" + "settings" + "machine" + "description" + ] + ) + (lib.mkRenamedOptionModule + [ "clan" "core" "machineIcon" ] + [ + "clan" + "core" + "settings" + "machine" + "icon" + ] + ) ]; options.clan.core = { - name = lib.mkOption { - type = lib.types.str; + settings = mkOption { description = '' - the name of the clan - ''; - # Set by the flake, so it's read-only in the maschine - readOnly = true; - }; - icon = lib.mkOption { - type = lib.types.nullOr lib.types.path; - description = '' - the location of the clan icon - ''; - # Set by the flake, so it's read-only in the maschine - readOnly = true; - }; - machineIcon = lib.mkOption { - type = lib.types.nullOr lib.types.path; - default = null; - description = '' - the location of the machine icon - ''; - }; - machineDescription = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = '' - the description of the machine - ''; - }; - clanDir = lib.mkOption { - type = lib.types.path; - # documentation.nixos.extraModules = [ - # ... - # clan-core.nixosModules.clanCore - # { clan.core.clanDir = ./path/to/flake; } - # ]; - description = '' - the location of the flake repo, used to calculate the location of facts and secrets - ''; - }; - machineName = lib.mkOption { - type = lib.types.str; - default = "nixos"; - description = '' - the name of the machine + Settings of the clan. + + This is a read-only attribute-set available to the machines of the clan. ''; + type = types.submodule { + options = { + directory = mkOption { + type = types.path; + description = '' + the location of the flake repo, used to calculate the location of facts and secrets + ''; + }; + name = lib.mkOption { + type = lib.types.str; + description = '' + the name of the clan + ''; + # Set by the flake, so it's read-only in the maschine + readOnly = true; + }; + icon = lib.mkOption { + type = lib.types.nullOr lib.types.path; + description = '' + the location of the clan icon + ''; + # Set by the flake, so it's read-only in the maschine + readOnly = true; + }; + machine = mkOption { + description = '' + Settings of the machine. + + This is a read-only attribute-set available to the machines of the clan. + ''; + default = { }; + type = types.submodule { + options = { + name = mkOption { + type = types.str; + default = "nixos"; + description = '' + the name of the machine + ''; + }; + icon = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + the location of the machine icon + ''; + }; + description = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = '' + the description of the machine + ''; + }; + }; + }; + }; + }; + }; }; + + # TODO: Move this into settings.clanPkgs ? + # This could also be part of the public interface to allow users to override the internal packages clanPkgs = lib.mkOption { defaultText = "self.packages.${pkgs.system}"; internal = true; diff --git a/nixosModules/clanCore/nixos-facter.nix b/nixosModules/clanCore/nixos-facter.nix index dbbb852c6..355d1be39 100644 --- a/nixosModules/clanCore/nixos-facter.nix +++ b/nixosModules/clanCore/nixos-facter.nix @@ -1,7 +1,7 @@ { lib, config, ... }: let - directory = config.clan.core.clanDir; - inherit (config.clan.core) machineName; + directory = config.clan.core.settings.directory; + machineName = config.clan.core.settings.machine.name; facterJson = "${directory}/machines/${machineName}/facter.json"; hwConfig = "${directory}/machines/${machineName}/hardware-configuration.nix"; in diff --git a/nixosModules/clanCore/vars/public/in_repo.nix b/nixosModules/clanCore/vars/public/in_repo.nix index f2fafa58b..088cc6b67 100644 --- a/nixosModules/clanCore/vars/public/in_repo.nix +++ b/nixosModules/clanCore/vars/public/in_repo.nix @@ -13,11 +13,14 @@ in fileModule = file: { path = mkIf (file.config.secret == false) ( if file.config.share then - (config.clan.core.clanDir + "/vars/shared/${file.config.generatorName}/${file.config.name}/value") + ( + config.clan.core.settings.directory + + "/vars/shared/${file.config.generatorName}/${file.config.name}/value" + ) else ( - config.clan.core.clanDir - + "/vars/per-machine/${config.clan.core.machineName}/${file.config.generatorName}/${file.config.name}/value" + config.clan.core.settings.directory + + "/vars/per-machine/${config.clan.core.settings.machine.name}/${file.config.generatorName}/${file.config.name}/value" ) ); value = mkIf (file.config.secret == false) ( diff --git a/nixosModules/clanCore/vars/secret/sops/default.nix b/nixosModules/clanCore/vars/secret/sops/default.nix index 8d9c00e30..b05c91be1 100644 --- a/nixosModules/clanCore/vars/secret/sops/default.nix +++ b/nixosModules/clanCore/vars/secret/sops/default.nix @@ -10,14 +10,14 @@ let inherit (import ./funcs.nix { inherit lib; }) collectFiles; - inherit (config.clan.core) machineName; + machineName = config.clan.core.settings.machine.name; secretPath = secret: if secret.share then - config.clan.core.clanDir + "/vars/shared/${secret.generator}/${secret.name}/secret" + config.clan.core.settings.directory + "/vars/shared/${secret.generator}/${secret.name}/secret" else - config.clan.core.clanDir + config.clan.core.settings.directory + "/vars/per-machine/${machineName}/${secret.generator}/${secret.name}/secret"; vars = collectFiles config.clan.core.vars; @@ -53,7 +53,7 @@ in lib.mkDefault (builtins.toString (pkgs.writeText "dummy.yaml" "")) ); age.keyFile = lib.mkIf (builtins.pathExists ( - config.clan.core.clanDir + "/sops/secrets/${machineName}-age.key/secret" + config.clan.core.settings.directory + "/sops/secrets/${machineName}-age.key/secret" )) (lib.mkDefault "/var/lib/sops-nix/key.txt"); }; } diff --git a/nixosModules/clanCore/vm.nix b/nixosModules/clanCore/vm.nix index 05951f6be..b12277b64 100644 --- a/nixosModules/clanCore/vm.nix +++ b/nixosModules/clanCore/vm.nix @@ -250,10 +250,10 @@ in config = { # for clan vm inspect clan.core.vm.inspect = { - clan_name = config.clan.core.name; - machine_icon = config.clan.core.machineIcon or config.clan.core.icon; - machine_name = config.clan.core.machineName; - machine_description = config.clan.core.machineDescription; + clan_name = config.clan.core.settings.name; + machine_icon = config.clan.core.settings.machine.icon or config.clan.core.settings.icon; + machine_name = config.clan.core.settings.machine.name; + machine_description = config.clan.core.settings.machine.description; memory_size = config.clan.virtualisation.memorySize; inherit (config.clan.virtualisation) cores graphics waypipe; }; diff --git a/nixosModules/clanCore/zerotier/default.nix b/nixosModules/clanCore/zerotier/default.nix index f7e6cb29f..25797db0c 100644 --- a/nixosModules/clanCore/zerotier/default.nix +++ b/nixosModules/clanCore/zerotier/default.nix @@ -23,7 +23,7 @@ in }; name = lib.mkOption { type = lib.types.str; - default = config.clan.core.name; + default = config.clan.core.settings.name; defaultText = "config.clan.core.name"; description = '' zerotier network name