yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

remove nix_shell_legacy

Browse Source
This commit is contained in:
Jörg Thalheim
2025-04-16 20:51:29 +02:00
parent 37f8b5919e
commit 8cde32c76f
24 changed files with 91 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/CONTRIBUTING.md
View File

@@ -82,7 +82,7 @@ For instance, if you need to update `nixos-anywhere` in clan-cli, find its usage
```python
run(
nix_shell(
["nixpkgs#nixos-anywhere"],
["nixos-anywhere"],
cmd,
),
RunOpts(log=Log.BOTH, prefix=machine.name, needs_user_terminal=True),

6
pkgs/clan-app/tests/conftest.py
View File

@@ -29,12 +29,12 @@ def pytest_sessionstart(session: pytest.Session) -> None:
@pytest.fixture
def git_repo(tmp_path: Path) -> Path:
# initialize a git repository
cmd = nix_shell(["nixpkgs#git"], ["git", "init"])
cmd = nix_shell(["git"], ["git", "init"])
subprocess.run(cmd, cwd=tmp_path, check=True)
# set user.name and user.email
cmd = nix_shell(["nixpkgs#git"], ["git", "config", "user.name", "test"])
cmd = nix_shell(["it"], ["git", "config", "user.name", "test"])
subprocess.run(cmd, cwd=tmp_path, check=True)
cmd = nix_shell(["nixpkgs#git"], ["git", "config", "user.email", "test@test.test"])
cmd = nix_shell(["git"], ["git", "config", "user.email", "test@test.test"])
subprocess.run(cmd, cwd=tmp_path, check=True)
# return the path to the git repository
return tmp_path

6
pkgs/clan-cli/clan_cli/api/directory.py
View File

@@ -6,7 +6,7 @@ from typing import Any, Literal
from clan_cli.cmd import RunOpts
from clan_cli.errors import ClanError
from clan_cli.nix import nix_shell_legacy, run_no_stdout
from clan_cli.nix import nix_shell, run_no_stdout
from . import API
@@ -126,8 +126,8 @@ def show_block_devices() -> Blockdevices:
It must return a list of block devices.
"""
cmd = nix_shell_legacy(
["nixpkgs#util-linux"],
cmd = nix_shell(
["util-linux"],
[
"lsblk",
"--json",

6
pkgs/clan-cli/clan_cli/api/mdns_discovery.py
View File

@@ -3,7 +3,7 @@ import re
from dataclasses import dataclass
from clan_cli.cmd import run_no_stdout
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
from . import API
@@ -89,8 +89,8 @@ def parse_avahi_output(output: str) -> DNSInfo:
@API.register
def show_mdns() -> DNSInfo:
cmd = nix_shell_legacy(
["nixpkgs#avahi"],
cmd = nix_shell(
["avahi"],
[
"avahi-browse",
"--all",

8
pkgs/clan-cli/clan_cli/bwrap/__init__.py
View File

@@ -1,5 +1,5 @@
from clan_cli.cmd import run
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
_works: bool | None = None
@@ -13,10 +13,10 @@ def bubblewrap_works() -> bool:
def _bubblewrap_works() -> bool:
# fmt: off
cmd = nix_shell_legacy(
cmd = nix_shell(
[
"nixpkgs#bash",
"nixpkgs#bubblewrap",
"bash",
"bubblewrap",
],
[
"bwrap",

4
pkgs/clan-cli/clan_cli/clan/create.py
View File

@@ -9,7 +9,7 @@ from clan_cli.cmd import CmdOut, RunOpts, run
from clan_cli.errors import ClanError
from clan_cli.flake import Flake
from clan_cli.inventory import Inventory, init_inventory
from clan_cli.nix import nix_command, nix_metadata, nix_shell_legacy
from clan_cli.nix import nix_command, nix_metadata, nix_shell
from clan_cli.templates import (
InputPrio,
TemplateName,
@@ -41,7 +41,7 @@ class CreateOptions:
def git_command(directory: Path, *args: str) -> list[str]:
return nix_shell_legacy(["nixpkgs#git"], ["git", "-C", str(directory), *args])
return nix_shell(["git"], ["git", "-C", str(directory), *args])
@API.register

8
pkgs/clan-cli/clan_cli/facts/generate.py
View File

@@ -18,7 +18,7 @@ from clan_cli.errors import ClanError
from clan_cli.git import commit_files
from clan_cli.machines.inventory import get_all_machines, get_selected_machines
from clan_cli.machines.machines import Machine
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
from .check import check_secrets
from .public_modules import FactStoreBase
@@ -39,10 +39,10 @@ def read_multiline_input(prompt: str = "Finish with Ctrl-D") -> str:
def bubblewrap_cmd(generator: str, facts_dir: Path, secrets_dir: Path) -> list[str]:
# fmt: off
return nix_shell_legacy(
return nix_shell(
[
"nixpkgs#bash",
"nixpkgs#bubblewrap",
"bash",
"bubblewrap",
],
[
"bwrap",

18
pkgs/clan-cli/clan_cli/facts/secret_modules/password_store.py
View File

@@ -5,7 +5,7 @@ from typing import override
from clan_cli.cmd import Log, RunOpts
from clan_cli.machines.machines import Machine
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
from . import SecretStoreBase
@@ -18,8 +18,8 @@ class SecretStore(SecretStoreBase):
self, service: str, name: str, value: bytes, groups: list[str]
) -> Path | None:
subprocess.run(
nix_shell_legacy(
["nixpkgs#pass"],
nix_shell(
["pass"],
["pass", "insert", "-m", f"machines/{self.machine.name}/{name}"],
),
input=value,
@@ -29,8 +29,8 @@ class SecretStore(SecretStoreBase):
def get(self, service: str, name: str) -> bytes:
return subprocess.run(
nix_shell_legacy(
["nixpkgs#pass"],
nix_shell(
["pass"],
["pass", "show", f"machines/{self.machine.name}/{name}"],
),
check=True,
@@ -51,8 +51,8 @@ class SecretStore(SecretStoreBase):
hashes = []
hashes.append(
subprocess.run(
nix_shell_legacy(
["nixpkgs#git"],
nix_shell(
["git"],
[
"git",
"-C",
@@ -71,8 +71,8 @@ class SecretStore(SecretStoreBase):
if symlink.is_symlink():
hashes.append(
subprocess.run(
nix_shell_legacy(
["nixpkgs#git"],
nix_shell(
["git"],
[
"git",
"-C",

6
pkgs/clan-cli/clan_cli/flash/flash.py
View File

@@ -13,7 +13,7 @@ from clan_cli.errors import ClanError
from clan_cli.facts.generate import generate_facts
from clan_cli.facts.secret_modules import SecretStoreBase
from clan_cli.machines.machines import Machine
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
from clan_cli.vars.generate import generate_vars
from .automount import pause_automounting
@@ -147,8 +147,8 @@ def flash_machine(
disko_install.extend(["--option", "dry-run", "true"])
disko_install.extend(extra_args)
cmd = nix_shell_legacy(
["nixpkgs#disko"],
cmd = nix_shell(
["disko"],
disko_install,
)
run(

19
pkgs/clan-cli/clan_cli/machines/install.py
View File

@@ -18,7 +18,7 @@ from clan_cli.errors import ClanError
from clan_cli.facts.generate import generate_facts
from clan_cli.machines.hardware import HardwareConfig
from clan_cli.machines.machines import Machine
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
from clan_cli.ssh.deploy_info import DeployInfo, find_reachable_host, ssh_command_parse
from clan_cli.ssh.host_key import HostKeyCheck
from clan_cli.vars.generate import generate_vars
@@ -145,24 +145,19 @@ def install_machine(opts: InstallOptions) -> None:
# nix copy does not support tor socks proxy
# cmd.append("--ssh-option")
# cmd.append("ProxyCommand=nc -x 127.0.0.1:9050 -X 5 %h %p")
run(
nix_shell_legacy(
cmd = nix_shell(
[
"nixpkgs#nixos-anywhere",
"nixpkgs#tor",
"nixos-anywhere",
"tor",
],
["torify", *cmd],
),
RunOpts(log=Log.BOTH, prefix=machine.name, needs_user_terminal=True),
)
else:
run(
nix_shell_legacy(
["nixpkgs#nixos-anywhere"],
cmd = nix_shell(
["nixos-anywhere"],
cmd,
),
RunOpts(log=Log.BOTH, prefix=machine.name, needs_user_terminal=True),
)
run(cmd, RunOpts(log=Log.BOTH, prefix=machine.name, needs_user_terminal=True))
def install_command(args: argparse.Namespace) -> None:

6
pkgs/clan-cli/clan_cli/machines/list.py
View File

@@ -20,7 +20,7 @@ from clan_cli.inventory import (
patch_inventory_with,
)
from clan_cli.machines.hardware import HardwareConfig
from clan_cli.nix import nix_eval, nix_shell_legacy
from clan_cli.nix import nix_eval, nix_shell
from clan_cli.tags import list_nixos_machines_by_tags
log = logging.getLogger(__name__)
@@ -126,8 +126,8 @@ def check_machine_online(
timeout = opts.timeout if opts and opts.timeout else 20
cmd = nix_shell_legacy(
["nixpkgs#util-linux", *(["nixpkgs#openssh"] if hostname else [])],
cmd = nix_shell(
["util-linux", *(["openssh"] if hostname else [])],
[
"ssh",
*(["-i", f"{opts.keyfile}"] if opts and opts.keyfile else []),

19
pkgs/clan-cli/clan_cli/nix/__init__.py
View File

@@ -105,24 +105,6 @@ def nix_metadata(flake_url: str | Path) -> dict[str, Any]:
return data
# Deprecated: use nix_shell() instead
def nix_shell_legacy(packages: list[str], cmd: list[str]) -> list[str]:
# we cannot use nix-shell inside the nix sandbox
# in our tests we just make sure we have all the packages
if (
os.environ.get("IN_NIX_SANDBOX")
or os.environ.get("CLAN_NO_DYNAMIC_DEPS")
or len(packages) == 0
):
return cmd
return [
*nix_command(["shell", "--inputs-from", f"{nixpkgs_flake()!s}"]),
*packages,
"-c",
*cmd,
]
# lazy loads list of allowed and static programs
class Packages:
allowed_packages: set[str] | None = None
@@ -152,7 +134,6 @@ class Packages:
return program in cls.static_packages
# Alternative implementation of nix_shell() to replace nix_shell_legacy() at some point
# Features:
# - allow list for programs (need to be specified in allowed-packages.json)
# - be abe to compute a closure of all deps for testing

4
pkgs/clan-cli/clan_cli/nix/allowed-packages.json
View File

@@ -3,12 +3,14 @@
"avahi",
"bash",
"bubblewrap",
"disko",
"e2fsprogs",
"git",
"gnupg",
"mypy",
"netcat",
"nix",
"nixos-anywhere",
"openssh",
"pass",
"qemu",
@@ -18,6 +20,8 @@
"sshpass",
"tor",
"util-linux",
"virt-viewer",
"virtiofsd",
"waypipe",
"zbar"
]

4
pkgs/clan-cli/clan_cli/secrets/import_sops.py
View File

@@ -11,7 +11,7 @@ from clan_cli.completions import (
complete_users,
)
from clan_cli.errors import ClanError
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
from .secrets import encrypt_secret, sops_secrets_folder
@@ -30,7 +30,7 @@ def import_sops(args: argparse.Namespace) -> None:
if args.input_type:
cmd += ["--input-type", args.input_type]
cmd += ["--output-type", "json", "--decrypt", args.sops_file]
cmd = nix_shell_legacy(["nixpkgs#sops", "nixpkgs#gnupg"], cmd)
cmd = nix_shell(["sops", "gnupg"], cmd)
res = run(cmd, RunOpts(error_msg=f"Could not import sops file {file}"))
secrets = json.loads(res.stdout)

8
pkgs/clan-cli/clan_cli/secrets/sops.py
View File

@@ -16,7 +16,7 @@ from clan_cli.api import API
from clan_cli.cmd import Log, RunOpts, run
from clan_cli.dirs import user_config_dir
from clan_cli.errors import ClanError
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
from .folders import sops_machines_folder, sops_users_folder
@@ -233,7 +233,7 @@ def sops_run(
raise ClanError(msg)
sops_cmd.append(str(secret_path))
cmd = nix_shell_legacy(["nixpkgs#sops", "nixpkgs#gnupg"], sops_cmd)
cmd = nix_shell(["sops", "gnupg"], sops_cmd)
opts = (
dataclasses.replace(run_opts, env=environ)
if run_opts
@@ -249,7 +249,7 @@ def sops_run(
def get_public_age_key(privkey: str) -> str:
cmd = nix_shell_legacy(["nixpkgs#age"], ["age-keygen", "-y"])
cmd = nix_shell(["age"], ["age-keygen", "-y"])
error_msg = "Failed to get public key for age private key. Is the key malformed?"
res = run(cmd, RunOpts(input=privkey.encode(), error_msg=error_msg))
@@ -257,7 +257,7 @@ def get_public_age_key(privkey: str) -> str:
def generate_private_key(out_file: Path | None = None) -> tuple[str, str]:
cmd = nix_shell_legacy(["nixpkgs#age"], ["age-keygen"])
cmd = nix_shell(["age"], ["age-keygen"])
try:
proc = run(cmd)
res = proc.stdout.strip()

6
pkgs/clan-cli/clan_cli/ssh/deploy_info.py
View File

@@ -14,7 +14,7 @@ from clan_cli.completions import (
)
from clan_cli.errors import ClanError
from clan_cli.machines.machines import Machine
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
from clan_cli.ssh.host import Host, is_ssh_reachable
from clan_cli.ssh.host_key import HostKeyCheck
from clan_cli.ssh.parse import parse_deployment_address
@@ -65,8 +65,8 @@ def find_reachable_host(
def qrcode_scan(picture_file: Path) -> str:
cmd = nix_shell_legacy(
["nixpkgs#zbar"],
cmd = nix_shell(
["zbar"],
[
"zbarimg",
"--quiet",

6
pkgs/clan-cli/clan_cli/ssh/tor.py
View File

@@ -10,7 +10,7 @@ from dataclasses import dataclass
from clan_cli.async_run import AsyncRuntime
from clan_cli.cmd import Log, RunOpts, run
from clan_cli.errors import TorConnectionError, TorSocksError
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
log = logging.getLogger(__name__)
@@ -116,8 +116,8 @@ def spawn_tor(runtime: AsyncRuntime) -> None:
def start_tor() -> None:
"""Starts Tor process using nix-shell."""
cmd_args = ["tor", "--HardwareAccel", "1"]
packages = ["nixpkgs#tor"]
cmd = nix_shell_legacy(packages, cmd_args)
packages = ["tor"]
cmd = nix_shell(packages, cmd_args)
runtime.async_run(None, run, cmd, RunOpts(log=Log.BOTH))
log.debug("Attempting to start Tor")

10
pkgs/clan-cli/clan_cli/tests/git_repo.py
View File

@@ -2,21 +2,19 @@ import subprocess
from pathlib import Path
import pytest
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
# fixture for git_repo
@pytest.fixture
def git_repo(temp_dir: Path) -> Path:
# initialize a git repository
cmd = nix_shell_legacy(["nixpkgs#git"], ["git", "init"])
cmd = nix_shell(["git"], ["git", "init"])
subprocess.run(cmd, cwd=temp_dir, check=True)
# set user.name and user.email
cmd = nix_shell_legacy(["nixpkgs#git"], ["git", "config", "user.name", "test"])
cmd = nix_shell(["git"], ["git", "config", "user.name", "test"])
subprocess.run(cmd, cwd=temp_dir, check=True)
cmd = nix_shell_legacy(
["nixpkgs#git"], ["git", "config", "user.email", "test@test.test"]
)
cmd = nix_shell(["git"], ["git", "config", "user.email", "test@test.test"])
subprocess.run(cmd, cwd=temp_dir, check=True)
# return the path to the git repository
return temp_dir

10
pkgs/clan-cli/clan_cli/tests/test_secrets_password_store.py
View File

@@ -6,7 +6,7 @@ from clan_cli.facts.secret_modules.password_store import SecretStore
from clan_cli.flake import Flake
from clan_cli.machines.facts import machine_get_fact
from clan_cli.machines.machines import Machine
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
from clan_cli.ssh.host import Host
from clan_cli.tests.fixtures_flakes import ClanFlake
from clan_cli.tests.helpers import cli
@@ -58,14 +58,10 @@ def test_upload_secret(
"""
)
subprocess.run(
nix_shell_legacy(
["nixpkgs#gnupg"], ["gpg", "--batch", "--gen-key", str(gpg_key_spec)]
),
nix_shell(["gnupg"], ["gpg", "--batch", "--gen-key", str(gpg_key_spec)]),
check=True,
)
subprocess.run(
nix_shell_legacy(["nixpkgs#pass"], ["pass", "init", "test@local"]), check=True
)
subprocess.run(nix_shell(["pass"], ["pass", "init", "test@local"]), check=True)
cli.run(["facts", "generate", "vm1", "--flake", str(flake.path)])
store = SecretStore(Machine(name="vm1", flake=Flake(str(flake.path))))

8
pkgs/clan-cli/clan_cli/vars/generate.py
View File

@@ -17,7 +17,7 @@ from clan_cli.completions import (
from clan_cli.errors import ClanError
from clan_cli.git import commit_files
from clan_cli.machines.inventory import get_all_machines, get_selected_machines
from clan_cli.nix import nix_config, nix_shell_legacy, nix_test_store
from clan_cli.nix import nix_config, nix_shell, nix_test_store
from clan_cli.vars._types import StoreBase
from .check import check_vars
@@ -84,10 +84,10 @@ def bubblewrap_cmd(generator: str, tmpdir: Path) -> list[str]:
test_store = nix_test_store()
# fmt: off
return nix_shell_legacy(
return nix_shell(
[
"nixpkgs#bash",
"nixpkgs#bubblewrap",
"bash",
"bubblewrap",
],
[
"bwrap",

14
pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py
View File

@@ -9,7 +9,7 @@ from tempfile import TemporaryDirectory
from clan_cli.cmd import CmdOut, Log, RunOpts, run
from clan_cli.machines.machines import Machine
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
from clan_cli.ssh.upload import upload
from clan_cli.vars._types import StoreBase
from clan_cli.vars.generate import Generator, Var
@@ -49,9 +49,7 @@ class SecretStore(StoreBase):
return Path(self.entry_prefix) / self.rel_dir(generator, name)
def _run_pass(self, *args: str, options: RunOpts | None = None) -> CmdOut:
cmd = nix_shell_legacy(
packages=["nixpkgs#pass"], cmd=[self._store_backend, *args]
)
cmd = nix_shell(packages=["pass"], cmd=[self._store_backend, *args])
return run(cmd, options)
def _set(
@@ -92,8 +90,8 @@ class SecretStore(StoreBase):
hashes = []
hashes.append(
run(
nix_shell_legacy(
["nixpkgs#git"],
nix_shell(
["git"],
[
"git",
"-C",
@@ -120,8 +118,8 @@ class SecretStore(StoreBase):
if symlink.is_symlink():
hashes.append(
run(
nix_shell_legacy(
["nixpkgs#git"],
nix_shell(
["git"],
[
"git",
"-C",

12
pkgs/clan-cli/clan_cli/vms/run.py
View File

@@ -19,7 +19,7 @@ from clan_cli.dirs import module_root, user_cache_dir, vm_state_dir
from clan_cli.errors import ClanCmdError, ClanError
from clan_cli.facts.generate import generate_facts
from clan_cli.machines.machines import Machine
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
from clan_cli.qemu.qga import QgaSession
from clan_cli.qemu.qmp import QEMUMonitorProtocol
@@ -96,8 +96,8 @@ def prepare_disk(
file_name: str = "disk.img",
) -> Path:
disk_img = directory / file_name
cmd = nix_shell_legacy(
["nixpkgs#qemu"],
cmd = nix_shell(
["qemu"],
[
"qemu-img",
"create",
@@ -127,7 +127,7 @@ def start_vm(
) -> Iterator[subprocess.Popen]:
env = os.environ.copy()
env.update(extra_env)
cmd = nix_shell_legacy(packages, args)
cmd = nix_shell(packages, args)
machine.debug(f"Starting VM with command: {cmd}")
with subprocess.Popen(
@@ -280,11 +280,11 @@ def spawn_vm(
interactive=stdin is None,
)
packages = ["nixpkgs#qemu"]
packages = ["qemu"]
extra_env = {}
if vm.graphics and not vm.waypipe.enable:
packages.append("nixpkgs#virt-viewer")
packages.append("virt-viewer")
remote_viewer_mimetypes = module_root() / "vms" / "mimetypes"
extra_env["XDG_DATA_DIRS"] = (
f"{remote_viewer_mimetypes}:{os.environ.get('XDG_DATA_DIRS', '')}"

6
pkgs/clan-cli/clan_cli/vms/virtiofsd.py
View File

@@ -6,7 +6,7 @@ from collections.abc import Iterator
from pathlib import Path
from clan_cli.errors import ClanError
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
@contextlib.contextmanager
@@ -14,8 +14,8 @@ def start_virtiofsd(socket_path: Path) -> Iterator[None]:
sandbox = "namespace"
if shutil.which("newuidmap") is None:
sandbox = "none"
virtiofsd = nix_shell_legacy(
["nixpkgs#virtiofsd"],
virtiofsd = nix_shell(
["virtiofsd"],
[
"virtiofsd",
"--socket-path",

6
pkgs/clan-cli/clan_cli/vms/waypipe.py
View File

@@ -6,7 +6,7 @@ import time
from collections.abc import Iterator
from clan_cli.errors import ClanError
from clan_cli.nix import nix_shell_legacy
from clan_cli.nix import nix_shell
VMADDR_CID_HYPERVISOR = 2
@@ -29,8 +29,8 @@ def start_waypipe(cid: int | None, title_prefix: str) -> Iterator[None]:
if cid is None:
yield
return
waypipe = nix_shell_legacy(
["nixpkgs#waypipe"],
waypipe = nix_shell(
["waypipe"],
[
"waypipe",
"--vsock",