nixosModules/clanCore: support nix-darwin

2025-04-12 17:11:34 +02:00
parent 2bbf4b168a
commit a575894a83
13 changed files with 173 additions and 133 deletions
--- a/lib/build-clan/machineModules/forName.nix
+++ b/lib/build-clan/machineModules/forName.nix
@@ -9,30 +9,24 @@
  ...
 }:
 {
-  imports = [
+  imports = builtins.filter builtins.pathExists (
-    {
+    [
-      imports = builtins.filter builtins.pathExists (
+      "${directory}/machines/${name}/configuration.nix"
-        [
+    ]
-          "${directory}/machines/${name}/configuration.nix"
+    ++ lib.optionals (_class == "nixos") [
-        ]
+      "${directory}/machines/${name}/hardware-configuration.nix"
-        ++ lib.optionals (_class == "nixos") [
+      "${directory}/machines/${name}/disko.nix"
-          "${directory}/machines/${name}/hardware-configuration.nix"
+    ]
-          "${directory}/machines/${name}/disko.nix"
+  );
-        ]
+
-      );
+  clan.core.settings = {
-    }
+    inherit (meta) name icon;
-    (lib.optionalAttrs (_class == "nixos") {
+    inherit directory;
-      clan.core.settings = {
+    machine = {
-        inherit (meta) name icon;
+      inherit name;
-        inherit directory;
+    };
-        machine = {
+  };
-          inherit name;
+
-        };
+  # TODO: move into nixosModules
-      };
+  networking.hostName = lib.mkDefault name;
    })
    # TODO: move into nixos modules
    ({
      networking.hostName = lib.mkDefault name;
    })
  ];
 }
--- a/lib/build-clan/module.nix
+++ b/lib/build-clan/module.nix
@@ -221,17 +221,11 @@ in
    # machine specifics
    machines = configsPerSystem;
-    all-machines-json =
+    all-machines-json = lib.mapAttrs (
-      if !lib.hasAttrByPath [ "darwinModules" "clanCore" ] clan-core then
+      system: configs:
-        lib.mapAttrs (
+      nixpkgs.legacyPackages.${system}.writers.writeJSON "machines.json" (
-          system: configs:
+        lib.mapAttrs (_: m: m.config.system.clan.deployment.data) configs
-          nixpkgs.legacyPackages.${system}.writers.writeJSON "machines.json" (
+      )
-            lib.mapAttrs (_: m: m.config.system.clan.deployment.data) (
+    ) configsPerSystem;
              lib.filterAttrs (_n: v: v.class == "nixos") configs
            )
          )
        ) configsPerSystem
      else
        throw "remove NixOS filter and support nix-darwin as well";
  };
 }
--- a/nixosModules/clanCore/default.nix
+++ b/nixosModules/clanCore/default.nix
@@ -1,23 +1,26 @@
 { _class, lib, ... }:
 {
-  imports = [
+  imports =
-    ./backups.nix
+    [
-    ./defaults.nix
+      ./backups.nix
-    ./facts
+      ./defaults.nix
-    ./inventory
+      ./facts
-    ./meta/interface.nix
+      ./inventory
-    ./metadata.nix
+      ./meta/interface.nix
-    ./networking.nix
+      ./metadata.nix
-    ./nixos-facter.nix
+      ./networking.nix
-    ./nix-settings.nix
+      ./nix-settings.nix
-    ./options.nix
+      ./options.nix
-    ./outputs.nix
+      ./outputs.nix
-    ./schema.nix
+      ./schema.nix
-    ./sops.nix
+      ./sops.nix
-    ./vars
+      ./vars
-    ./vm.nix
+    ]
-    ./wayland-proxy-virtwl.nix
+    ++ lib.optionals (_class == "nixos") [
-    ./zerotier
+      ./nixos-facter.nix
-    ./zfs.nix
+      ./vm.nix
-  ];
+      ./wayland-proxy-virtwl.nix
-
+      ./zerotier
      ./zfs.nix
    ];
 }
--- a/nixosModules/clanCore/defaults.nix
+++ b/nixosModules/clanCore/defaults.nix
@@ -1,10 +1,27 @@
 {
  _class,
  lib,
  config,
  pkgs,
  ...
 }:
 {
  imports = lib.optional (_class == "nixos") (
    lib.mkIf config.clan.core.enableRecommendedDefaults {
      # Use systemd during boot as well except:
      # - systems with raids as this currently require manual configuration: https://github.com/NixOS/nixpkgs/issues/210210
      # - for containers we currently rely on the `stage-2` init script that sets up our /etc
      boot.initrd.systemd.enable = lib.mkDefault (!config.boot.swraid.enable && !config.boot.isContainer);
      # Don't install the /lib/ld-linux.so.2 stub. This saves one instance of nixpkgs.
      environment.ldso32 = null;
      environment.systemPackages = [
        pkgs.nixos-facter # for `clan machines update-hardware-config --backend nixos-facter`
      ];
    }
  );
  options.clan.core.enableRecommendedDefaults = lib.mkOption {
    type = lib.types.bool;
    description = ''
@@ -20,11 +37,6 @@
  };
  config = lib.mkIf config.clan.core.enableRecommendedDefaults {
    # Use systemd during boot as well except:
    # - systems with raids as this currently require manual configuration: https://github.com/NixOS/nixpkgs/issues/210210
    # - for containers we currently rely on the `stage-2` init script that sets up our /etc
    boot.initrd.systemd.enable = lib.mkDefault (!config.boot.swraid.enable && !config.boot.isContainer);
    # This disables the HTML manual and `nixos-help` command but leaves
    # `man configuration.nix`
    documentation.doc.enable = lib.mkDefault false;
@@ -32,9 +44,6 @@
    # Work around for https://github.com/NixOS/nixpkgs/issues/124215
    documentation.info.enable = lib.mkDefault false;
    # Don't install the /lib/ld-linux.so.2 stub. This saves one instance of nixpkgs.
    environment.ldso32 = null;
    environment.systemPackages = [
      # essential debugging tools for networked services
      pkgs.dnsutils
@@ -43,8 +52,6 @@
      pkgs.jq
      pkgs.htop
      pkgs.nixos-facter # for `clan machines update-hardware-config --backend nixos-facter`
      pkgs.gitMinimal
    ];
  };
--- a/nixosModules/clanCore/networking.nix
+++ b/nixosModules/clanCore/networking.nix
@@ -1,4 +1,9 @@
-{ config, lib, ... }:
+{
  _class,
  config,
  lib,
  ...
 }:
 {
  options.clan.core = {
    networking = {
@@ -96,23 +101,25 @@
      ]
    )
  ];
-  config = lib.mkIf config.clan.core.enableRecommendedDefaults {
+  config = lib.optionalAttrs (_class == "nixos") (
-    # conflicts with systemd-resolved
+    lib.mkIf config.clan.core.enableRecommendedDefaults {
-    networking.useHostResolvConf = false;
+      # conflicts with systemd-resolved
      networking.useHostResolvConf = false;
-    # Allow PMTU / DHCP
+      # Allow PMTU / DHCP
-    networking.firewall.allowPing = true;
+      networking.firewall.allowPing = true;
-    # The notion of "online" is a broken concept
+      # The notion of "online" is a broken concept
-    # https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13
+      # https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13
-    systemd.services.NetworkManager-wait-online.enable = false;
+      systemd.services.NetworkManager-wait-online.enable = false;
-    systemd.network.wait-online.enable = false;
+      systemd.network.wait-online.enable = false;
-    systemd.network.networks."99-ethernet-default-dhcp".networkConfig.MulticastDNS = lib.mkDefault true;
+      systemd.network.networks."99-ethernet-default-dhcp".networkConfig.MulticastDNS = lib.mkDefault true;
-    systemd.network.networks."99-wireless-client-dhcp".networkConfig.MulticastDNS = lib.mkDefault true;
+      systemd.network.networks."99-wireless-client-dhcp".networkConfig.MulticastDNS = lib.mkDefault true;
-    networking.firewall.allowedUDPPorts = [ 5353 ]; # Multicast DNS
+      networking.firewall.allowedUDPPorts = [ 5353 ]; # Multicast DNS
-    # Use networkd instead of the pile of shell scripts
+      # Use networkd instead of the pile of shell scripts
-    networking.useNetworkd = lib.mkDefault true;
+      networking.useNetworkd = lib.mkDefault true;
-  };
+    }
  );
 }
--- a/nixosModules/clanCore/nix-settings.nix
+++ b/nixosModules/clanCore/nix-settings.nix
@@ -1,27 +1,38 @@
-{ lib, config, ... }:
+{
  _class,
  lib,
  config,
  ...
 }:
 # Taken from:
 # https://github.com/nix-community/srvos/blob/main/nixos/common/nix.nix
-lib.mkIf config.clan.core.enableRecommendedDefaults {
+{
-  # Fallback quickly if substituters are not available.
+  imports = lib.optional (_class == "nixos") (
-  nix.settings.connect-timeout = 5;
+    lib.mkIf config.clan.core.enableRecommendedDefaults {
      nix.daemonCPUSchedPolicy = lib.mkDefault "batch";
      nix.daemonIOSchedClass = lib.mkDefault "idle";
      nix.daemonIOSchedPriority = lib.mkDefault 7;
    }
  );
-  # Enable flakes
+  config = lib.mkIf config.clan.core.enableRecommendedDefaults {
-  nix.settings.experimental-features = [
+    # Fallback quickly if substituters are not available.
-    "nix-command"
+    nix.settings.connect-timeout = 5;
    "flakes"
  ];
-  # The default at 10 is rarely enough.
+    # Enable flakes
-  nix.settings.log-lines = lib.mkDefault 25;
+    nix.settings.experimental-features = [
      "nix-command"
      "flakes"
    ];
-  # Avoid disk full issues
+    # The default at 10 is rarely enough.
-  nix.settings.max-free = lib.mkDefault (3000 * 1024 * 1024);
+    nix.settings.log-lines = lib.mkDefault 25;
  nix.settings.min-free = lib.mkDefault (512 * 1024 * 1024);
-  nix.daemonCPUSchedPolicy = lib.mkDefault "batch";
+    # Avoid disk full issues
-  nix.daemonIOSchedClass = lib.mkDefault "idle";
+    nix.settings.max-free = lib.mkDefault (3000 * 1024 * 1024);
-  nix.daemonIOSchedPriority = lib.mkDefault 7;
+    nix.settings.min-free = lib.mkDefault (512 * 1024 * 1024);
-  # Avoid copying unnecessary stuff over SSH
+    # Avoid copying unnecessary stuff over SSH
-  nix.settings.builders-use-substitutes = true;
+    nix.settings.builders-use-substitutes = true;
  };
 }
--- a/nixosModules/clanCore/nixos-facter.nix
+++ b/nixosModules/clanCore/nixos-facter.nix
@@ -6,6 +6,7 @@ let
  hwConfig = "${directory}/machines/${machineName}/hardware-configuration.nix";
 in
 {
  _class = "nixos";
  facter.reportPath = lib.mkIf (builtins.pathExists facterJson) facterJson;
  warnings =
    lib.optionals
--- a/nixosModules/clanCore/vars/default.nix
+++ b/nixosModules/clanCore/vars/default.nix
@@ -1,4 +1,5 @@
 {
  _class,
  lib,
  config,
  pkgs,
@@ -14,13 +15,16 @@ let
    };
 in
 {
-  imports = [
+  imports =
-    ./public/in_repo.nix
+    [
-    ./secret/fs.nix
+      ./public/in_repo.nix
-    ./secret/password-store.nix
+      ./secret/fs.nix
-    ./secret/sops
+      ./secret/sops
-    ./secret/vm.nix
+      ./secret/vm.nix
-  ];
+    ]
    ++ lib.optionals (_class == "nixos") [
      ./secret/password-store.nix
    ];
  options.clan.core.vars = lib.mkOption {
    description = ''
      Generated Variables
--- a/nixosModules/clanCore/vars/secret/password-store.nix
+++ b/nixosModules/clanCore/vars/secret/password-store.nix
@@ -52,6 +52,8 @@ let
 in
 {
  _class = "nixos";
  options.clan.vars.password-store = {
    secretLocation = lib.mkOption {
      type = lib.types.path;
--- a/nixosModules/clanCore/vm.nix
+++ b/nixosModules/clanCore/vm.nix
@@ -122,6 +122,8 @@ let
  vmConfig = extendModules { modules = [ vmModule ]; };
 in
 {
  _class = "nixos";
  options = {
    clan.virtualisation = {
      cores = lib.mkOption {
--- a/nixosModules/clanCore/wayland-proxy-virtwl.nix
+++ b/nixosModules/clanCore/wayland-proxy-virtwl.nix
@@ -5,6 +5,7 @@
  ...
 }:
 {
  _class = "nixos";
  options = {
    # maybe upstream this?
    services.wayland-proxy-virtwl = {
--- a/nixosModules/clanCore/zfs.nix
+++ b/nixosModules/clanCore/zfs.nix
@@ -1,5 +1,7 @@
 { lib, config, ... }:
 {
  _class = "nixos";
  # Use the same default hostID as the NixOS install ISO and nixos-anywhere.
  # This allows us to import zfs pool without using a force import.
  # ZFS has this as a safety mechanism for networked block storage (ISCSI), but
--- a/nixosModules/flake-module.nix
+++ b/nixosModules/flake-module.nix
@@ -1,25 +1,37 @@
 { inputs, self, ... }:
 let
  clanCore =
    {
      _class,
      pkgs,
      lib,
      ...
    }:
    {
      imports =
        [
          ./clanCore
          inputs.sops-nix."${_class}Modules".sops
        ]
        ++ lib.optionals (_class == "nixos") [
          inputs.nixos-facter-modules.nixosModules.facter
          inputs.disko.nixosModules.default
          inputs.data-mesher.nixosModules.data-mesher
        ];
      config = {
        clan.core.clanPkgs = lib.mkDefault self.packages.${pkgs.hostPlatform.system};
      };
    };
 in
 {
-  flake.nixosModules = {
+  flake.nixosModules.hidden-ssh-announce = ./hidden-ssh-announce.nix;
-    hidden-ssh-announce.imports = [ ./hidden-ssh-announce.nix ];
+  flake.nixosModules.bcachefs = ./bcachefs.nix;
-    bcachefs.imports = [ ./bcachefs.nix ];
+  flake.nixosModules.installer.imports = [
-    installer.imports = [
+    ./installer
-      ./installer
+    self.nixosModules.hidden-ssh-announce
-      self.nixosModules.hidden-ssh-announce
+    self.nixosModules.bcachefs
-      self.nixosModules.bcachefs
+  ];
-    ];
+
-    clanCore.imports = [
+  flake.nixosModules.clanCore = clanCore;
-      inputs.sops-nix.nixosModules.sops
+  flake.darwinModules.clanCore = clanCore;
      inputs.nixos-facter-modules.nixosModules.facter
      inputs.disko.nixosModules.default
      inputs.data-mesher.nixosModules.data-mesher
      ./clanCore
      (
        { pkgs, lib, ... }:
        {
          clan.core.clanPkgs = lib.mkDefault self.packages.${pkgs.hostPlatform.system};
        }
      )
    ];
  };
 }