yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

clanCore: init machine_id.nix with clan.core.machine.{id,diskId}

Browse Source
This commit is contained in:
Qubasa
2024-09-06 18:05:40 +02:00
parent 0d83a59d8e
commit b16a53f510
28 changed files with 219 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
checks/backups/flake-module.nix
View File

@@ -134,6 +134,10 @@
];
virtualisation.emptyDiskImages = [ 256 ];
clan.core.clanDir = ./.;
clan.core.machine = {
id = "a73f5245cdba4576ab6cfef3145ac9ec";
diskId = "c4c47b";
};
};
testScript = ''

4
checks/borgbackup/default.nix
View File

@@ -18,6 +18,10 @@
{
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
clan.core.machine = {
id = "a73f5245cdba4576ab6cfef3145ac9ec";
diskId = "c4c47b";
};
clan.core.state.testState.folders = [ "/etc/state" ];
environment.etc.state.text = "hello world";
systemd.tmpfiles.settings."vmsecrets" = {

1
checks/container/default.nix
View File

@@ -9,6 +9,7 @@
networking.hostName = "machine";
services.openssh.enable = true;
services.openssh.startWhenNeeded = false;
};
testScript = ''
start_all()

4
checks/deltachat/default.nix
View File

@@ -12,6 +12,10 @@
{
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
clan.core.machine = {
id = "a73f5245cdba4576ab6cfef3145ac9ec";
diskId = "c4c47b";
};
}
];
};

13
checks/flash/flake-module.nix
View File

@@ -10,6 +10,7 @@
let
dependencies = [
pkgs.disko
pkgs.age
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine.config.system.build.toplevel
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine.config.system.build.diskoScript
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine.config.system.build.diskoScript.drvPath
@@ -25,9 +26,11 @@
nodes.target = {
virtualisation.emptyDiskImages = [ 4096 ];
virtualisation.memorySize = 3000;
environment.systemPackages = [ self.packages.${pkgs.system}.clan-cli ];
environment.systemPackages = [
self.packages.${pkgs.system}.clan-cli
] ++ self.packages.${pkgs.system}.clan-cli.runtimeDependencies;
environment.variables."SOPS_AGE_KEY" = builtins.readFile ../lib/age/privkey;
environment.etc."install-closure".source = "${closureInfo}/store-paths";
nix.settings = {
substituters = lib.mkForce [ ];
hashed-mirrors = null;
@@ -38,11 +41,15 @@
"flakes"
];
};
system.extraDependencies = dependencies;
};
testScript = ''
start_all()
machine.succeed("clan flash --debug --flake ${../..} --yes --disk main /dev/vdb test-install-machine")
machine.succeed("cp -r ${../..} test-flake && chmod -R +w test-flake")
machine.succeed("clan secrets key generate")
machine.succeed("clan secrets users add --debug --flake test-flake testuser '${builtins.readFile ../lib/age/pubkey}'")
machine.succeed("clan flash --debug --flake test-flake --yes --disk main /dev/vdb test-install-machine")
'';
} { inherit pkgs self; };
};

20
checks/installation/flake-module.nix
View File

@@ -1,7 +1,12 @@
{ self, lib, ... }:
{
clan.machines.test-install-machine = {
clan.core.networking.targetHost = "test-install-machine";
clan.core.machine = {
id = "a73f5245cdba4576ab6cfef3145ac9ec";
diskId = "c4c47b";
};
fileSystems."/".device = lib.mkDefault "/dev/vdb";
boot.loader.grub.device = lib.mkDefault "/dev/vdb";
@@ -17,7 +22,10 @@
(modulesPath + "/profiles/qemu-guest.nix")
];
clan.single-disk.device = "/dev/vdb";
clan.core.machine = {
id = "a73f5245cdba4576ab6cfef3145ac9ec";
diskId = "c4c47b";
};
environment.etc."install-successful".text = "ok";
boot.consoleLogLevel = lib.mkForce 100;
@@ -34,8 +42,10 @@
let
dependencies = [
self
pkgs.age
self.nixosConfigurations.test-install-machine.config.system.build.toplevel
self.nixosConfigurations.test-install-machine.config.system.build.diskoScript
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine.config.system.build.diskoScript.drvPath
self.nixosConfigurations.test-install-machine.config.system.clan.deployment.file
pkgs.stdenv.drvPath
pkgs.nixos-anywhere
@@ -50,6 +60,7 @@
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keyFiles = [ ../lib/ssh/pubkey ];
system.nixos.variant_id = "installer";
virtualisation.emptyDiskImages = [ 4096 ];
nix.settings = {
substituters = lib.mkForce [ ];
@@ -67,6 +78,7 @@
self.packages.${pkgs.system}.clan-cli
] ++ self.packages.${pkgs.system}.clan-cli.runtimeDependencies;
environment.etc."install-closure".source = "${closureInfo}/store-paths";
environment.variables."SOPS_AGE_KEY" = builtins.readFile ../lib/age/privkey;
virtualisation.memorySize = 2048;
nix.settings = {
substituters = lib.mkForce [ ];
@@ -99,9 +111,11 @@
client.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v root@target hostname")
client.succeed("cp -r ${../..} test-flake && chmod -R +w test-flake")
client.fail("test -f test-flake/machines/test-install-machine/hardware-configuration.nix")
client.succeed("clan machines hw-generate --flake test-flake test-install-machine root@target>&2")
client.succeed("clan secrets key generate")
client.succeed("clan secrets users add --debug --flake test-flake testuser '${builtins.readFile ../lib/age/pubkey}'")
client.succeed("clan machines hw-generate --debug --flake test-flake test-install-machine root@target>&2")
client.succeed("test -f test-flake/machines/test-install-machine/hardware-configuration.nix")
client.succeed("clan machines install --debug --flake ${../..} --yes test-install-machine root@target >&2")
client.succeed("clan machines install --debug --flake test-flake --yes test-install-machine root@target >&2")
try:
target.shutdown()
except BrokenPipeError:

1
checks/lib/age/privkey Normal file
View File

@@ -0,0 +1 @@
AGE-SECRET-KEY-1KF8E3SR3TTGL6M476SKF7EEMR4H9NF7ZWYSLJUAK8JX276JC7KUSSURKFK

1
checks/lib/age/pubkey Normal file
View File

@@ -0,0 +1 @@
age1dhwqzkah943xzc34tc3dlmfayyevcmdmxzjezdgdy33euxwf59vsp3vk3c

5
checks/matrix-synapse/default.nix
View File

@@ -17,7 +17,10 @@
{
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
clan.core.machine = {
id = "a73f5245cdba4576ab6cfef3145ac9ec";
diskId = "c4c47b";
};
services.nginx.virtualHosts."matrix.clan.test" = {
enableACME = lib.mkForce false;
forceSSL = lib.mkForce false;

8
checks/mumble/default.nix
View File

@@ -32,6 +32,10 @@
common
{
clan.core.machineName = "peer1";
clan.core.machine = {
id = "df97124f09da48e3a22d77ce30ee8da6";
diskId = "c9c52c";
};
environment.etc = {
"mumble-key".source = ./peer_1/peer_1_test_key;
"mumble-cert".source = ./peer_1/peer_1_test_cert;
@@ -65,6 +69,10 @@
imports = [
common
{
clan.core.machine = {
id = "a73f5245cdba4576ab6cfef3145ac9ec";
diskId = "c4c47b";
};
clan.core.machineName = "peer2";
environment.etc = {
"mumble-key".source = ./peer_2/peer_2_test_key;

8
checks/nixos-documentation/flake-module.nix
View File

@@ -8,7 +8,13 @@ let
self.nixosModules.clanCore
# This is the only option that is not part of the
# module because it is usually set by flake-parts
{ clan.core.clanDir = ./.; }
{
clan.core.clanDir = ./.;
clan.core.machine = {
id = "df97124f09da48e3a22d77ce30ee8da6";
diskId = "c9c52c";
};
}
];
};
in

5
checks/postgresql/default.nix
View File

@@ -15,6 +15,11 @@
clan.localbackup.targets.hdd.directory = "/mnt/external-disk";
clan.core.clanDir = ./.;
clan.core.machine = {
id = "df97124f09da48e3a22d77ce30ee8da6";
diskId = "c9c52c";
};
systemd.services.sample-service = {
wantedBy = [ "multi-user.target" ];
script = ''

4
checks/secrets/default.nix
View File

@@ -12,6 +12,10 @@
clan.core.clanDir = "${./.}";
clan.core.machineName = "machine";
clan.core.machine = {
id = "df97124f09da48e3a22d77ce30ee8da6";
diskId = "c9c52c";
};
networking.hostName = "machine";
};

12
checks/syncthing/default.nix
View File

@@ -14,6 +14,10 @@
{
clan.core.machineName = "introducer";
clan.core.clanDir = ./.;
clan.core.machine = {
id = "df97124f09da48e3a22d77ce30ee8da6";
diskId = "c9c52c";
};
environment.etc = {
"syncthing.pam".source = ./introducer/introducer_test_cert;
"syncthing.key".source = ./introducer/introducer_test_key;
@@ -55,6 +59,10 @@
{
clan.core.machineName = "peer1";
clan.core.clanDir = ./.;
clan.core.machine = {
id = "645a43ad1d6f456aa2d623464efed096";
diskId = "9404bf2fb28343cba82e64d1a9131ea4";
};
clan.syncthing.introducer = lib.strings.removeSuffix "\n" (
builtins.readFile ./introducer/introducer_device_id
);
@@ -77,6 +85,10 @@
{
clan.core.machineName = "peer2";
clan.core.clanDir = ./.;
clan.core.machine = {
id = "dd0927b2113b4fa58a94a4be15b0408e";
diskId = "05d6d08214d14261b001782b417ca2a3";
};
clan.syncthing.introducer = lib.strings.removeSuffix "\n" (
builtins.readFile ./introducer/introducer_device_id
);

4
checks/wayland-proxy-virtwl/default.nix
View File

@@ -16,6 +16,10 @@ import ../lib/test-base.nix (
{
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
clan.core.machine = {
id = "df97124f09da48e3a22d77ce30ee8da6";
diskId = "c9c52c";
};
}
];
services.wayland-proxy-virtwl.enable = true;

4
checks/zt-tcp-relay/default.nix
View File

@@ -12,6 +12,10 @@
{
clan.core.machineName = "machine";
clan.core.clanDir = ./.;
clan.core.machine = {
id = "df97124f09da48e3a22d77ce30ee8da6";
diskId = "c9c52c";
};
}
];
};

25
clanModules/single-disk/default.nix
View File

@@ -1,4 +1,7 @@
{ lib, config, ... }:
let
cfg = config.clan.single-disk;
in
{
options.clan.single-disk = {
device = lib.mkOption {
@@ -8,26 +11,38 @@
# Question: should we set a default here?
# default = "/dev/null";
};
suffix = lib.mkOption {
default = config.clan.core.machine.diskId;
defaultText = "abcdef";
type = lib.types.nullOr lib.types.str;
description = "The suffix to use for the disk";
};
};
config = {
assertions = [
{
assertion = cfg.suffix != null;
message = "clan.core.machine.diskId must be set, please run `clan facts generate`";
}
];
boot.loader.grub.efiSupport = lib.mkDefault true;
boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
disko.devices = {
disko.devices = lib.mkIf (cfg.suffix != null) {
disk = {
main = {
type = "disk";
# This is set through the UI
device = config.clan.single-disk.device;
device = cfg.device;
content = {
type = "gpt";
partitions = {
"${config.networking.hostName}-boot" = {
"boot-${cfg.suffix}" = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1;
};
"${config.networking.hostName}-ESP" = {
"ESP-${cfg.suffix}" = {
size = "512M";
type = "EF00";
content = {
@@ -36,7 +51,7 @@
mountpoint = "/boot";
};
};
"${config.networking.hostName}-root" = {
"root-${cfg.suffix}" = {
size = "100%";
content = {
type = "filesystem";

1
docs/mkdocs.yml
View File

@@ -108,6 +108,7 @@ nav:
- reference/clan-core/sops.md
- reference/clan-core/state.md
- reference/clan-core/deployment.md
- reference/clan-core/machine.md
- reference/clan-core/networking.md
- Nix API:
- reference/nix-api/index.md

14
docs/site/getting-started/disk-encryption.md
View File

@@ -17,18 +17,19 @@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
```nix hl_lines="14 40"
{ lib, ... }:
let
suffix = config.clan.core.machine.diskIdShort;
mirrorBoot = idx: {
type = "disk";
device = "/dev/disk/by-id/${idx}";
content = {
type = "gpt";
partitions = {
"${config.networking.hostName}-boot" = {
"boot-${suffix}" = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1;
};
"${config.networking.hostName}-ESP" = lib.mkIf (idx == "nvme-eui.002538b931b59865") {
"ESP-${suffix}" = lib.mkIf (idx == "nvme-eui.002538b931b59865") {
size = "1G";
type = "EF00";
content = {
@@ -38,7 +39,7 @@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
mountOptions = [ "nofail" ];
};
};
"${config.networking.hostName}-root" = {
"root-${suffix}" = {
size = "100%";
content = {
type = "zfs";
@@ -108,18 +109,19 @@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
```nix hl_lines="14 40 41"
{ lib, ... }:
let
suffix = config.clan.core.machine.diskIdShort;
mirrorBoot = idx: {
type = "disk";
device = "/dev/disk/by-id/${idx}";
content = {
type = "gpt";
partitions = {
boot = {
"boot-${suffix}" = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1;
};
ESP = lib.mkIf (idx == "nvme-eui.002538b931b59865") {
"ESP-${suffix}" = lib.mkIf (idx == "nvme-eui.002538b931b59865") {
size = "1G";
type = "EF00";
content = {
@@ -129,7 +131,7 @@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
mountOptions = [ "nofail" ];
};
};
zfs = {
"root-${suffix}" = {
size = "100%";
content = {
type = "zfs";

3
inventory.json
View File

@@ -88,7 +88,8 @@
"machines": {
"test-inventory-machine": {
"config": {
"device": "/dev/null"
"device": "/dev/null",
"suffix": "foobar"
},
"imports": []
}

3
lib/eval-clan-modules/default.nix
View File

@@ -25,6 +25,9 @@ let
evaled = lib.evalModules {
modules = [
baseModule
({
clan.core.clanDir = ./.;
})
clan-core.nixosModules.clanCore
] ++ (map (name: clanModules.${name}) modulenames);
};

34
lib/inventory/build-inventory/interface.nix
View File

@@ -23,27 +23,27 @@ let
description = ''
List of imported '.nix' files.
Each filename must be a string and is interpreted relative to the 'directory' passed to buildClan.
The import only happens if the machine is part of the service or role.
Each filename must be a string and is interpreted relative to the 'directory' passed to buildClan.
The import only happens if the machine is part of the service or role.
## Example
## Example
To import the `special.nix` file
To import the `special.nix` file
```
. Clan Directory
flake.nix
...
modules
special.nix
...
```
```
. Clan Directory
flake.nix
...
modules
special.nix
...
```
```nix
{
imports = [ "modules/special.nix" ];
}
```
```nix
{
imports = [ "modules/special.nix" ];
}
```
'';
default = [ ];

1
nixosModules/clanCore/default.nix
View File

@@ -18,5 +18,6 @@
./vm.nix
./wayland-proxy-virtwl.nix
./zerotier
./machine_id.nix
];
}

58
nixosModules/clanCore/machine_id.nix Normal file
View File

@@ -0,0 +1,58 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.clan.core.machine;
in
{
options.clan.core.machine = {
id = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "The machine id";
};
idShort = lib.mkOption {
readOnly = true;
type = lib.types.nullOr lib.types.str;
description = "The short machine id";
};
diskId = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "The disk id";
};
};
config = {
clan.core.machine.id =
lib.mkDefault
config.clan.core.facts.services."machine_id".public."machine_id".value;
clan.core.machine.idShort = if (cfg.id != null) then (lib.substring 0 8 cfg.id) else null;
clan.core.machine.diskId =
lib.mkDefault
config.clan.core.facts.services."machine_id".public."diskId".value;
clan.core.facts.services."machine_id" = {
public."machine_id" = { };
public."diskId" = { };
generator.path = [
pkgs.coreutils
];
generator.script = ''
machine_uuid=$(dd if=/dev/urandom bs=1 count=16 2>/dev/null | od -An -tx1 | tr -d ' \n')
disk_uuid=$(dd if=/dev/urandom bs=1 count=3 2>/dev/null | od -An -tx1 | tr -d ' \n')
echo -n "$machine_uuid" > "$facts"/machine_id
echo -n "$disk_uuid" > "$facts"/diskId
'';
};
networking.hostId = lib.mkIf (cfg.id != null) (lib.mkDefault cfg.idShort);
boot.kernelParams = lib.mkIf (cfg.id != null) [
''systemd.machine_id=${cfg.id}''
];
};
}

4
pkgs/clan-cli/tests/helpers/vms.py
View File

@@ -46,7 +46,7 @@ def wait_vm_up(machine_name: str, flake_url: str | None = None) -> None:
if flake_url is None:
flake_url = str(Path.cwd())
socket_file = vm_state_dir(flake_url, machine_name) / "qmp.sock"
timeout: float = 600
timeout: float = 1200 # in seconds
while True:
if timeout <= 0:
msg = f"qmp socket {socket_file} not found. Is the VM running?"
@@ -62,7 +62,7 @@ def wait_vm_down(machine_name: str, flake_url: str | None = None) -> None:
if flake_url is None:
flake_url = str(Path.cwd())
socket_file = vm_state_dir(flake_url, machine_name) / "qmp.sock"
timeout: float = 300
timeout: float = 600
while socket_file.exists():
if timeout <= 0:
msg = f"qmp socket {socket_file} still exists. Is the VM down?"

6
pkgs/webview-ui/app/src/routes/machines/details.tsx
View File

@@ -112,15 +112,15 @@ const InstallMachine = (props: InstallMachineProps) => {
e.preventDefault();
const curr_uri = activeURI();
const disk = getValue(formStore, "disk");
const disk_id = props.disks.find((d) => d.name === disk)?.id_link;
if (!curr_uri || !disk_id || !props.name) {
const diskId = props.disks.find((d) => d.name === disk)?.id_link;
if (!curr_uri || !diskId || !props.name) {
return;
}
const r = await callApi("set_single_disk_uuid", {
base_path: curr_uri,
machine_name: props.name,
disk_uuid: disk_id,
disk_uuid: diskId,
});
if (r.status === "error") {
toast.error("Failed to set disk");

10
templates/flake-parts/modules/disko.nix
View File

@@ -1,4 +1,8 @@
{ lib, ... }:
let
suffix = config.clan.core.machine.diskIdShort;
in
{
boot.loader.grub.efiSupport = lib.mkDefault true;
boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
@@ -11,12 +15,12 @@
content = {
type = "gpt";
partitions = {
"boot" = {
"boot-${suffix}" = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1;
};
"ESP" = {
"ESP-${suffix}" = {
size = "512M";
type = "EF00";
content = {
@@ -25,7 +29,7 @@
mountpoint = "/boot";
};
};
"root" = {
"root-${suffix}" = {
size = "100%";
content = {
type = "filesystem";

10
templates/new-clan/modules/disko.nix
View File

@@ -1,4 +1,8 @@
{ lib, ... }:
let
suffix = config.clan.core.machine.diskIdShort;
in
{
# TO NOT EDIT THIS FILE AFTER INSTALLATION of a machine
# Otherwise your system might not boot because of missing partitions / filesystems
@@ -13,12 +17,12 @@
content = {
type = "gpt";
partitions = {
"boot" = {
"boot-${suffix}" = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1;
};
"ESP" = {
"ESP-${suffix}" = {
size = "512M";
type = "EF00";
content = {
@@ -28,7 +32,7 @@
mountOptions = [ "nofail" ];
};
};
"root" = {
"root-${suffix}" = {
size = "100%";
content = {
type = "filesystem";