clanInternals.machines: invert system and machine name

lib/build-clan/default.nix

@@ -26,12 +26,9 @@ let
     inherit specialArgs;
   };
 
-  nixosConfigurations = lib.mapAttrs
-    (name: _:
-      nixosConfiguration { inherit name; })
-    (machinesDirs // machines);
+  allMachines = machinesDirs // machines;
 
-  systems = [
+  supportedSystems = [
     "x86_64-linux"
     "aarch64-linux"
     "riscv64-linux"
@@ -39,16 +36,26 @@ let
     "aarch64-darwin"
   ];
 
+  nixosConfigurations = lib.mapAttrs (name: _: nixosConfiguration { inherit name; }) allMachines;
+
+  # This instantiates nixos for each system that we support:
+  # clanInternals.machinesForAllSystems.<system>.<machine>
+  # We need this to build nixos secret generators for each system
+  machinesForAllSystems = builtins.listToAttrs
+    (builtins.map
+      (system: lib.nameValuePair system
+        (lib.mapAttrs (name: _: nixosConfiguration { inherit name system; }) allMachines))
+      supportedSystems);
+in
+{
+  inherit nixosConfigurations;
+
   clanInternals = {
     machines = lib.mapAttrs
-      (name: _:
-        (builtins.listToAttrs (map
-          (system:
-            lib.nameValuePair system (nixosConfiguration { inherit name system; })
-          )
-          systems))
-      )
-      (machinesDirs // machines);
+      (_: lib.mapAttrs (_: machine: {
+        inherit (machine.config.system.clan) uploadSecrets generateSecrets;
+        inherit (machine.config.clan.networking) deploymentAddress;
+      }))
+      machinesForAllSystems;
   };
-in
-{ inherit nixosConfigurations clanInternals; }
+}

pkgs/clan-cli/clan_cli/machines/update.py

@@ -4,7 +4,7 @@ import os
 import subprocess
 
 from ..dirs import get_clan_flake_toplevel
-from ..nix import nix_command, nix_eval
+from ..nix import nix_command, nix_config, nix_eval
 from ..secrets.generate import generate_secrets
 from ..secrets.upload import upload_secrets
 from ..ssh import Host, HostGroup, HostKeyCheck, parse_deployment_address
@@ -78,12 +78,14 @@ def deploy_nixos(hosts: HostGroup) -> None:
 def update(args: argparse.Namespace) -> None:
     clan_dir = get_clan_flake_toplevel().as_posix()
     machine = args.machine
+
+    config = nix_config()
+    system = config["system"]
+
     address = json.loads(
         subprocess.run(
             nix_eval(
-                [
-                    f'{clan_dir}#nixosConfigurations."{machine}".config.clan.networking.deploymentAddress'
-                ]
+                [f'{clan_dir}#clanInternals."{system}"."{machine}".deploymentAddress']
             ),
             stdout=subprocess.PIPE,
             check=True,

pkgs/clan-cli/clan_cli/secrets/generate.py

@@ -19,7 +19,7 @@ def generate_secrets(machine: str) -> None:
 
     cmd = nix_build(
         [
-            f'path:{clan_dir}#clanInternals.machines."{machine}".{system}.config.system.clan.generateSecrets'
+            f'path:{clan_dir}#clanInternals.machines."{system}"."{machine}".generateSecrets'
         ]
     )
     proc = subprocess.run(cmd, stdout=subprocess.PIPE, text=True)

pkgs/clan-cli/clan_cli/secrets/upload.py

@@ -15,9 +15,7 @@ def upload_secrets(machine: str) -> None:
 
     proc = subprocess.run(
         nix_build(
-            [
-                f'{clan_dir}#clanInternals.machines."{machine}".{system}.config.system.clan.uploadSecrets'
-            ]
+            [f'{clan_dir}#clanInternals.machines."{system}"."{machine}".uploadSecrets']
         ),
         stdout=subprocess.PIPE,
         text=True,
@@ -30,7 +28,7 @@ def upload_secrets(machine: str) -> None:
         subprocess.run(
             nix_eval(
                 [
-                    f'{clan_dir}#clanInternals.machines."{machine}".{system}.config.clan.networking.deploymentAddress'
+                    f'{clan_dir}#clanInternals.machines."{system}"."{machine}".deploymentAddress'
                 ]
             ),
             stdout=subprocess.PIPE,