nixosModules/clanCore: support nix-darwin

2025-04-12 17:11:34 +02:00
parent 2bbf4b168a
commit a575894a83
13 changed files with 173 additions and 133 deletions
--- a/lib/build-clan/machineModules/forName.nix
+++ b/lib/build-clan/machineModules/forName.nix
@@ -9,8 +9,6 @@
  ...
 }:
 {
-  imports = [
-    {
  imports = builtins.filter builtins.pathExists (
    [
      "${directory}/machines/${name}/configuration.nix"
@@ -20,8 +18,7 @@
      "${directory}/machines/${name}/disko.nix"
    ]
  );
-    }
-    (lib.optionalAttrs (_class == "nixos") {
+
  clan.core.settings = {
    inherit (meta) name icon;
    inherit directory;
@@ -29,10 +26,7 @@
      inherit name;
    };
  };
-    })
-    # TODO: move into nixos modules
-    ({
+
+  # TODO: move into nixosModules
  networking.hostName = lib.mkDefault name;
-    })
-  ];
 }
--- a/lib/build-clan/module.nix
+++ b/lib/build-clan/module.nix
@@ -221,17 +221,11 @@ in

    # machine specifics
    machines = configsPerSystem;
-    all-machines-json =
-      if !lib.hasAttrByPath [ "darwinModules" "clanCore" ] clan-core then
-        lib.mapAttrs (
+    all-machines-json = lib.mapAttrs (
      system: configs:
      nixpkgs.legacyPackages.${system}.writers.writeJSON "machines.json" (
-            lib.mapAttrs (_: m: m.config.system.clan.deployment.data) (
-              lib.filterAttrs (_n: v: v.class == "nixos") configs
+        lib.mapAttrs (_: m: m.config.system.clan.deployment.data) configs
      )
-          )
-        ) configsPerSystem
-      else
-        throw "remove NixOS filter and support nix-darwin as well";
+    ) configsPerSystem;
  };
 }
--- a/nixosModules/clanCore/default.nix
+++ b/nixosModules/clanCore/default.nix
@@ -1,5 +1,7 @@
+{ _class, lib, ... }:
 {
-  imports = [
+  imports =
+    [
      ./backups.nix
      ./defaults.nix
      ./facts
@@ -7,17 +9,18 @@
      ./meta/interface.nix
      ./metadata.nix
      ./networking.nix
-    ./nixos-facter.nix
      ./nix-settings.nix
      ./options.nix
      ./outputs.nix
      ./schema.nix
      ./sops.nix
      ./vars
+    ]
+    ++ lib.optionals (_class == "nixos") [
+      ./nixos-facter.nix
      ./vm.nix
      ./wayland-proxy-virtwl.nix
      ./zerotier
      ./zfs.nix
    ];
-
 }
--- a/nixosModules/clanCore/defaults.nix
+++ b/nixosModules/clanCore/defaults.nix
@@ -1,10 +1,27 @@
 {
+  _class,
  lib,
  config,
  pkgs,
  ...
 }:
 {
+  imports = lib.optional (_class == "nixos") (
+    lib.mkIf config.clan.core.enableRecommendedDefaults {
+      # Use systemd during boot as well except:
+      # - systems with raids as this currently require manual configuration: https://github.com/NixOS/nixpkgs/issues/210210
+      # - for containers we currently rely on the `stage-2` init script that sets up our /etc
+      boot.initrd.systemd.enable = lib.mkDefault (!config.boot.swraid.enable && !config.boot.isContainer);
+
+      # Don't install the /lib/ld-linux.so.2 stub. This saves one instance of nixpkgs.
+      environment.ldso32 = null;
+
+      environment.systemPackages = [
+        pkgs.nixos-facter # for `clan machines update-hardware-config --backend nixos-facter`
+      ];
+    }
+  );
+
  options.clan.core.enableRecommendedDefaults = lib.mkOption {
    type = lib.types.bool;
    description = ''
@@ -20,11 +37,6 @@
  };

  config = lib.mkIf config.clan.core.enableRecommendedDefaults {
-    # Use systemd during boot as well except:
-    # - systems with raids as this currently require manual configuration: https://github.com/NixOS/nixpkgs/issues/210210
-    # - for containers we currently rely on the `stage-2` init script that sets up our /etc
-    boot.initrd.systemd.enable = lib.mkDefault (!config.boot.swraid.enable && !config.boot.isContainer);
-
    # This disables the HTML manual and `nixos-help` command but leaves
    # `man configuration.nix`
    documentation.doc.enable = lib.mkDefault false;
@@ -32,9 +44,6 @@
    # Work around for https://github.com/NixOS/nixpkgs/issues/124215
    documentation.info.enable = lib.mkDefault false;

-    # Don't install the /lib/ld-linux.so.2 stub. This saves one instance of nixpkgs.
-    environment.ldso32 = null;
-
    environment.systemPackages = [
      # essential debugging tools for networked services
      pkgs.dnsutils
@@ -43,8 +52,6 @@
      pkgs.jq
      pkgs.htop

-      pkgs.nixos-facter # for `clan machines update-hardware-config --backend nixos-facter`
-
      pkgs.gitMinimal
    ];
  };
--- a/nixosModules/clanCore/networking.nix
+++ b/nixosModules/clanCore/networking.nix
@@ -1,4 +1,9 @@
-{ config, lib, ... }:
+{
+  _class,
+  config,
+  lib,
+  ...
+}:
 {
  options.clan.core = {
    networking = {
@@ -96,7 +101,8 @@
      ]
    )
  ];
-  config = lib.mkIf config.clan.core.enableRecommendedDefaults {
+  config = lib.optionalAttrs (_class == "nixos") (
+    lib.mkIf config.clan.core.enableRecommendedDefaults {
      # conflicts with systemd-resolved
      networking.useHostResolvConf = false;

@@ -114,5 +120,6 @@

      # Use networkd instead of the pile of shell scripts
      networking.useNetworkd = lib.mkDefault true;
-  };
+    }
+  );
 }
--- a/nixosModules/clanCore/nix-settings.nix
+++ b/nixosModules/clanCore/nix-settings.nix
@@ -1,7 +1,21 @@
-{ lib, config, ... }:
+{
+  _class,
+  lib,
+  config,
+  ...
+}:
 # Taken from:
 # https://github.com/nix-community/srvos/blob/main/nixos/common/nix.nix
-lib.mkIf config.clan.core.enableRecommendedDefaults {
+{
+  imports = lib.optional (_class == "nixos") (
+    lib.mkIf config.clan.core.enableRecommendedDefaults {
+      nix.daemonCPUSchedPolicy = lib.mkDefault "batch";
+      nix.daemonIOSchedClass = lib.mkDefault "idle";
+      nix.daemonIOSchedPriority = lib.mkDefault 7;
+    }
+  );
+
+  config = lib.mkIf config.clan.core.enableRecommendedDefaults {
    # Fallback quickly if substituters are not available.
    nix.settings.connect-timeout = 5;

@@ -18,10 +32,7 @@ lib.mkIf config.clan.core.enableRecommendedDefaults {
    nix.settings.max-free = lib.mkDefault (3000 * 1024 * 1024);
    nix.settings.min-free = lib.mkDefault (512 * 1024 * 1024);

-  nix.daemonCPUSchedPolicy = lib.mkDefault "batch";
-  nix.daemonIOSchedClass = lib.mkDefault "idle";
-  nix.daemonIOSchedPriority = lib.mkDefault 7;
-
    # Avoid copying unnecessary stuff over SSH
    nix.settings.builders-use-substitutes = true;
+  };
 }
--- a/nixosModules/clanCore/nixos-facter.nix
+++ b/nixosModules/clanCore/nixos-facter.nix
@@ -6,6 +6,7 @@ let
  hwConfig = "${directory}/machines/${machineName}/hardware-configuration.nix";
 in
 {
+  _class = "nixos";
  facter.reportPath = lib.mkIf (builtins.pathExists facterJson) facterJson;
  warnings =
    lib.optionals
--- a/nixosModules/clanCore/vars/default.nix
+++ b/nixosModules/clanCore/vars/default.nix
@@ -1,4 +1,5 @@
 {
+  _class,
  lib,
  config,
  pkgs,
@@ -14,12 +15,15 @@ let
    };
 in
 {
-  imports = [
+  imports =
+    [
      ./public/in_repo.nix
      ./secret/fs.nix
-    ./secret/password-store.nix
      ./secret/sops
      ./secret/vm.nix
+    ]
+    ++ lib.optionals (_class == "nixos") [
+      ./secret/password-store.nix
    ];
  options.clan.core.vars = lib.mkOption {
    description = ''
--- a/nixosModules/clanCore/vars/secret/password-store.nix
+++ b/nixosModules/clanCore/vars/secret/password-store.nix
@@ -52,6 +52,8 @@ let

 in
 {
+  _class = "nixos";
+
  options.clan.vars.password-store = {
    secretLocation = lib.mkOption {
      type = lib.types.path;
--- a/nixosModules/clanCore/vm.nix
+++ b/nixosModules/clanCore/vm.nix
@@ -122,6 +122,8 @@ let
  vmConfig = extendModules { modules = [ vmModule ]; };
 in
 {
+  _class = "nixos";
+
  options = {
    clan.virtualisation = {
      cores = lib.mkOption {
--- a/nixosModules/clanCore/wayland-proxy-virtwl.nix
+++ b/nixosModules/clanCore/wayland-proxy-virtwl.nix
@@ -5,6 +5,7 @@
  ...
 }:
 {
+  _class = "nixos";
  options = {
    # maybe upstream this?
    services.wayland-proxy-virtwl = {
--- a/nixosModules/clanCore/zfs.nix
+++ b/nixosModules/clanCore/zfs.nix
@@ -1,5 +1,7 @@
 { lib, config, ... }:
 {
+  _class = "nixos";
+
  # Use the same default hostID as the NixOS install ISO and nixos-anywhere.
  # This allows us to import zfs pool without using a force import.
  # ZFS has this as a safety mechanism for networked block storage (ISCSI), but
--- a/nixosModules/flake-module.nix
+++ b/nixosModules/flake-module.nix
@@ -1,25 +1,37 @@
 { inputs, self, ... }:
+let
+  clanCore =
+    {
+      _class,
+      pkgs,
+      lib,
+      ...
+    }:
+    {
+      imports =
+        [
+          ./clanCore
+          inputs.sops-nix."${_class}Modules".sops
+        ]
+        ++ lib.optionals (_class == "nixos") [
+          inputs.nixos-facter-modules.nixosModules.facter
+          inputs.disko.nixosModules.default
+          inputs.data-mesher.nixosModules.data-mesher
+        ];
+      config = {
+        clan.core.clanPkgs = lib.mkDefault self.packages.${pkgs.hostPlatform.system};
+      };
+    };
+in
 {
-  flake.nixosModules = {
-    hidden-ssh-announce.imports = [ ./hidden-ssh-announce.nix ];
-    bcachefs.imports = [ ./bcachefs.nix ];
-    installer.imports = [
+  flake.nixosModules.hidden-ssh-announce = ./hidden-ssh-announce.nix;
+  flake.nixosModules.bcachefs = ./bcachefs.nix;
+  flake.nixosModules.installer.imports = [
    ./installer
    self.nixosModules.hidden-ssh-announce
    self.nixosModules.bcachefs
  ];
-    clanCore.imports = [
-      inputs.sops-nix.nixosModules.sops
-      inputs.nixos-facter-modules.nixosModules.facter
-      inputs.disko.nixosModules.default
-      inputs.data-mesher.nixosModules.data-mesher
-      ./clanCore
-      (
-        { pkgs, lib, ... }:
-        {
-          clan.core.clanPkgs = lib.mkDefault self.packages.${pkgs.hostPlatform.system};
-        }
-      )
-    ];
-  };
+
+  flake.nixosModules.clanCore = clanCore;
+  flake.darwinModules.clanCore = clanCore;
 }