POC

docs/site/community/services/index.md

@@ -1,8 +1,10 @@
-Services provided by the community
+---
+title: Services provided by the community
+---
 
-!!! tip "Add your own!"
-
-    Have you built a service or a tool for? Open a PR adding a link to this page!
+:::tip[Add your own!]
+Have you built a service or a tool for? Open a PR adding a link to this page!
+:::
 
 <div class="grid cards" markdown>
 

docs/site/concepts/templates.md

@@ -64,6 +64,7 @@ Just like with Nix you could specify a remote url or path to the flake containin
 
 `clan flakes create --template=github:owner/repo#foo`
 
-!!! Note "Implementation Note"
-    Not all features of Nix's attribute selection are currently matched.
-    There are minor differences in case of unexpected behavior please create an [issue](https://git.clan.lol/clan/clan-core/issues/new)
+:::note
+Not all features of Nix's attribute selection are currently matched.
+There are minor differences in case of unexpected behavior please create an [issue](https://git.clan.lol/clan/clan-core/issues/new)
+:::

docs/site/decisions/README.md

@@ -6,8 +6,9 @@ This section contains the architecture decisions that have been reviewed and gen
 
 > An architecture decision record (ADR) is a document that captures an important architecture decision made along with its context and consequences.
 
-!!! Note
-    For further reading about adr's we recommend [architecture-decision-record](https://github.com/joelparkerhenderson/architecture-decision-record)
+:::note
+For further reading about adr's we recommend [architecture-decision-record](https://github.com/joelparkerhenderson/architecture-decision-record)
+:::
 
 ## Crafting a new ADR
 

docs/site/guides/contributing/debugging.md

@@ -5,7 +5,7 @@ Here are some methods for debugging and testing the clan-cli
 
 To streamline your development process, I suggest not installing `clan-cli`. Instead, clone the `clan-core` repository and add `clan-core/pkgs/clan-cli/bin` to your PATH to use the checked-out version directly.
 
-!!! Note
+:::Note
     After cloning, navigate to `clan-core/pkgs/clan-cli` and execute `direnv allow` to activate the devshell. This will set up a symlink to nixpkgs at a specific location; without it, `clan-cli` won't function correctly.
 
 With this setup, you can easily use [breakpoint()](https://docs.python.org/3/library/pdb.html) to inspect the application's internal state as needed.
@@ -26,7 +26,7 @@ pkgs.mkShell {
 
 ## Debugging nixos-anywhere
 
-If you encounter a bug in a complex shell script such as `nixos-anywhere`, start by replacing the `nixos-anywhere` command with a local checkout of the project, look in the [contribution](./CONTRIBUTING.md) section for an example. 
+If you encounter a bug in a complex shell script such as `nixos-anywhere`, start by replacing the `nixos-anywhere` command with a local checkout of the project, look in the [contribution](./CONTRIBUTING.md) section for an example.
 
 ## The Debug Flag
 

docs/site/guides/disk-encryption.md

@@ -1,10 +1,10 @@
 
 This guide provides an example setup for a single-disk ZFS system with native encryption, accessible for decryption remotely.
 
-!!! Warning
+:::warning
     This configuration only applies to `systemd-boot` enabled systems and **requires** UEFI booting.
 
-!!! Info "Secure Boot"
+:::Info "Secure Boot"
     This guide is compatible with systems that have [secure boot disabled](./secure-boot.md). If you encounter boot issues, check if secure boot needs to be disabled in your UEFI settings.
 
 Replace the highlighted lines with your own disk-id.

docs/site/guides/disko-templates/community.md

@@ -1,5 +1,5 @@
 
-!!! Danger ":fontawesome-solid-road-barrier: Under Construction :fontawesome-solid-road-barrier:"
+:::Danger ":fontawesome-solid-road-barrier: Under Construction :fontawesome-solid-road-barrier:"
     Currently under construction use with caution
 
     :fontawesome-solid-road-barrier: :fontawesome-solid-road-barrier: :fontawesome-solid-road-barrier:

docs/site/guides/getting-started/add-machines.md

@@ -41,7 +41,7 @@ See the complete [list](../inventory/autoincludes.md) of auto-loaded files.
 
 ### Configuring a machine
 
-!!! Note
+:::Note
     The option: `inventory.machines.<name>` is used to define metadata about the machine
     That includes for example `deploy.targethost` `machineClass` or `tags`
 

docs/site/guides/getting-started/add-services.md

@@ -12,7 +12,7 @@ In Clan Services are multi-Host & role-based:
 
 To learn more: [Guide about clanService](../inventory/clanServices.md)
 
-!!! Important
+:::Important
     It is recommended to add at least one networking service such as `zerotier` that allows to reach all your clan machines from your setup computer across the globe.
 
 ## Configure a Zerotier Network (recommended)

docs/site/guides/getting-started/add-user.md

@@ -1,6 +1,6 @@
 # How to add users
 
-!!! Note "Under construction"
+:::Note "Under construction"
 
 The users concept of clan is not done yet. This guide outlines some solutions from our community.
 Defining users can be done in many different ways. We want to highlight two approaches:
@@ -109,7 +109,7 @@ We can use this property of clan services to bind a nixosModule to the user, whi
 
 1. Type `path` or `string`: Must point to a separate file. Inlining a module is not possible
 
-!!! Note "This is inspiration"
+:::Note "This is inspiration"
     Our community might come up with better solutions soon.
     We are seeking contributions to improve this pattern if you have a nicer solution in mind.
 

docs/site/guides/getting-started/choose-disk.md

@@ -25,7 +25,7 @@ Available 'machine' templates
 
 For this guide we will select the `single-disk` template, that uses `A simple ext4 disk with a single partition`.
 
-!!! tip
+:::tip
     For advanced partitioning, see [Disko templates](https://github.com/nix-community/disko-templates) or [Disko examples](https://github.com/nix-community/disko/tree/master/example).
     You can also [contribute a disk template to clan core](https://docs.clan.lol/guides/disko-templates/community/)
 
@@ -58,15 +58,15 @@ Applied disk template 'single-disk' to machine 'jon'
 A disko.nix file should be created in `machines/jon`
 You can have a look and customize it if needed.
 
-!!! Danger
+:::Danger
     Don't change the `disko.nix` after the machine is installed for the first time, unless you really know what you are doing.
     Changing disko configuration requires wiping and reinstalling the machine.
 
 ## Deploy the machine
 
-**Finally deployment time!** 
+**Finally deployment time!**
 
-This command is destructive and will format your disk and install NixOS on it! It is equivalent to appending `--phases kexec,disko,install,reboot`. 
+This command is destructive and will format your disk and install NixOS on it! It is equivalent to appending `--phases kexec,disko,install,reboot`.
 
 
 ```bash

docs/site/guides/getting-started/convert-flake.md

@@ -2,7 +2,7 @@
 
 This guide will help you convert your existing NixOS configurations into a Clan.
 
-!!! Warning
+:::Warning
     Migrating instead of starting new can be trickier and might lead to bugs or
     unexpected issues. We recommend reading the [Getting Started](./index.md) guide first.
 

docs/site/guides/getting-started/create-installer.md

@@ -2,13 +2,13 @@
 
 To install Clan on physical machines, you need to use our custom installer image. This is necessary for proper installation and operation.
 
-!!! note "Deploying to a Virtual Machine?"
+:::note "Deploying to a Virtual Machine?"
     If you're deploying to a virtual machine (VM), you can skip this section and go directly to the [Deploy Virtual Machine](./hardware-report-virtual.md) step. In this scenario, we automatically use [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) to replace the kernel during runtime.
 
-??? info "Why nixos-anywhere Doesn't Work on Physical Hardware?"
+:::info "Why nixos-anywhere Doesn't Work on Physical Hardware?"
     nixos-anywhere relies on [kexec](https://wiki.archlinux.org/title/Kexec) to replace the running kernel with our custom one. This method often has compatibility issues with real hardware, especially systems with dedicated graphics cards like laptops and servers, leading to crashes and black screens.
 
-??? info "Reasons for a Custom Install Image"
+:::info "Reasons for a Custom Install Image"
     Our custom install images are built to include essential tools like [nixos-facter](https://github.com/nix-community/nixos-facter) and support for [ZFS](https://wiki.archlinux.org/title/ZFS). They're also optimized to run on systems with as little as 1 GB of RAM, ensuring efficient performance even on lower-end hardware.
 
 ## Prerequisites
@@ -36,7 +36,7 @@ To install Clan on physical machines, you need to use our custom installer image
       └─luks-f7600028-9d83-4967-84bc-dd2f498bc486 254:0    0   1,8T  0 crypt /nix/store
     ```
 
-    !!! Info "In this case the USB device is `sdb`"
+    :::Info "In this case the USB device is `sdb`"
 
 3. Ensure all partitions on the drive are unmounted. Replace `sdb1` in the command below with your device identifier (like `sdc1`, etc.):
 
@@ -62,11 +62,11 @@ sudo umount /dev/sdb1
       --disk main /dev/sd<X> \
       flash-installer
     ```
-    !!! Note
+    :::Note
         Replace `$HOME/.ssh/id_ed25519.pub` with a path to your SSH public key.
         Replace `/dev/sd<X>` with the drive path you want to flash
 
-    !!! Danger "Specifying the wrong device can lead to unrecoverable data loss."
+    :::Danger "Specifying the wrong device can lead to unrecoverable data loss."
 
         The `clan flash` utility will erase the disk. Make sure to specify the correct device
 
@@ -114,12 +114,12 @@ sudo umount /dev/sdb1
     wget https://github.com/nix-community/nixos-images/releases/download/nixos-unstable/nixos-installer-aarch64-linux.iso
     ```
 
-    !!! Note
+    :::Note
         If you don't have `wget` installed, you can use `curl --progress-bar -OL <url>` instead.
 
     ## Flash the Installer to the USB Drive
 
-    !!! Danger "Specifying the wrong device can lead to unrecoverable data loss."
+    :::Danger "Specifying the wrong device can lead to unrecoverable data loss."
 
         The `dd` utility will erase the disk. Make sure to specify the correct device (`of=...`)
 
@@ -197,7 +197,7 @@ IPv4 address          192.168.188.50 (Your new local ip)
 
 Press ++ctrl+d++ to exit `IWD`.
 
-!!! Important
+:::Important
     Press ++ctrl+d++ **again** to update the displayed QR code and connection information.
 
 You're all set up

docs/site/guides/getting-started/flake-check.md

@@ -22,7 +22,7 @@ nix flake check
 
 This command helps ensure that your system configuration is correct and free from errors.
 
-!!! Tip
+:::Tip
 
     You can integrate this step into your [Continuous Integration](https://en.wikipedia.org/wiki/Continuous_integration) workflow to ensure that only valid Nix configurations are merged into your codebase.
 

docs/site/guides/getting-started/hardware-report-physical.md

@@ -70,7 +70,7 @@ This is an example of the booted installer.
     This password is autogenerated and meant to be easily typeable.
 3.  See how to connect the installer medium to wlan [here](./create-installer.md).
 
-!!!tip
+:::tip
     For easy sharing of deployment information via QR code, we highly recommend using [KDE Connect](https://apps.kde.org/de/kdeconnect/).
 
 There are two ways to deploy your machine:

docs/site/guides/getting-started/hardware-report-virtual.md

@@ -12,7 +12,7 @@ Now that you have created a machine, added some services, and set up secrets, th
 Clan supports any cloud machine if it is reachable via SSH and supports `kexec`.
 
 
-??? tip "NixOS can cause strange issues when booting in certain cloud environments."
+:::tip "NixOS can cause strange issues when booting in certain cloud environments."
     If on Linode: Make sure that the system uses "Direct Disk boot kernel" (found in the configuration panel)
 
 
@@ -26,5 +26,5 @@ clan machines install [MACHINE] \
   --target-host myuser@<IP>
 ```
 
-!!! Warning
+:::Warning
     After running the above command, be aware that the SSH login user changes from `myuser` to `root`. For subsequent SSH connections to the target machine, use `root` as the login user. This change occurs because the system switches to the NixOS kernel using `kexec`.

docs/site/guides/getting-started/index.md

@@ -1,6 +1,6 @@
 # :material-clock-fast: Getting Started
 
-Ready to manage your fleet of machines? 
+Ready to manage your fleet of machines?
 
 We will create a declarative infrastructure using **clan**, **git**, and **nix flakes**.
 
@@ -13,7 +13,7 @@ Make sure you have the following:
 * 💻 **Administration Machine**: Run the setup commands from this machine.
 * 🛠️ **Nix**: The Nix package manager, installed on your administration machine.
 
-    ??? info "**How to install Nix (Linux / MacOS / NixOS)**"
+    :::info "**How to install Nix (Linux / MacOS / NixOS)**"
 
         **On Linux or macOS:**
 
@@ -43,7 +43,7 @@ Make sure you have the following:
 ## Create a New Clan
 
 1. Navigate to your desired directory:
-    
+
     ```shellSession
     cd <your-directory>
     ```
@@ -75,8 +75,8 @@ my-clan/
 └── sops/
 ```
 
-!!! note "Templates"
-    This is the structure for the `default` template. 
+:::note "Templates"
+    This is the structure for the `default` template.
 
     Use `clan templates list` and `clan templates --help` for available templates & more. Keep in mind that the exact files may change as templates evolve.
 
@@ -121,7 +121,7 @@ Name: __CHANGE_ME__
 Description: None
 ```
 
-This confirms your setup is working correctly. 
+This confirms your setup is working correctly.
 
 You can now change the default name by editing the `meta.name` field in your `clan.nix` file.
 

docs/site/guides/getting-started/update.md

@@ -60,7 +60,7 @@ If the machine does not have enough resources to run the NixOS **evaluation** or
 it is also possible to specify a `buildHost` instead.
 During an update, clan will ssh into the `buildHost` and run `nixos-rebuild` from there.
 
-!!! Note
+:::Note
     The `buildHost` option should be set directly within your machine’s Nix configuration, **not** under `inventory.machines`.
 
 
@@ -89,7 +89,7 @@ clan machines update jon --build-host root@192.168.1.10
 clan machines update jon --build-host local
 ```
 
-!!! Note
+:::Note
     Make sure the CPU architecture of the `buildHost` matches that of the `targetHost`
 
     For example, if deploying to a macOS machine with an ARM64-Darwin architecture, you need a second macOS machine with the same architecture to build it.

docs/site/guides/inventory/autoincludes.md

@@ -6,7 +6,7 @@ Clan automatically imports specific files from each machine directory and regist
 
 Every folder under `machines/{machineName}` is automatically registered as a Clan machine.
 
-!!! info "Files loaded automatically for each machine"
+:::info "Files loaded automatically for each machine"
 
 The following files are detected and imported for every Clan machine:
 

docs/site/guides/inventory/inventory.md

@@ -9,7 +9,7 @@ The inventory logic will automatically derive the modules and configurations to
 
 The following tutorial will walk through setting up a Backup service where the terms `Service` and `Role` will become more clear.
 
-!!! example "Experimental status"
+:::example "Experimental status"
     The inventory implementation is not considered stable yet.
     We are actively soliciting feedback from users.
 
@@ -36,7 +36,7 @@ Each service can still be customized and configured according to the modules opt
 
 ### Setting up the Backup Service
 
-!!! Example "Borgbackup Example"
+:::Example "Borgbackup Example"
 
     To configure a service it needs to be added to the machine.
     It is required to assign the service (`borgbackup`) an arbitrary instance name. (`instance_1`)
@@ -64,7 +64,7 @@ The inventory allows machines to set Tags
 
 It is possible to add services to multiple machines via tags as shown
 
-!!! Example "Tags Example"
+:::Example "Tags Example"
 
     ```{.nix hl_lines="5 8 18"}
     {
@@ -93,11 +93,11 @@ It is possible to add services to multiple machines via tags as shown
 
 ### Multiple Service Instances
 
-!!! danger "Important"
+:::danger "Important"
     Not all modules implement support for multiple instances yet.
     Multiple instance usage could create complexity, refer to each modules documentation, for intended usage.
 
-!!! Example
+:::Example
 
     In this example `backup_server` has role `client` and `server` in different instances.
 

docs/site/guides/migrations/migrate-inventory-services.md

@@ -290,7 +290,7 @@ The following table shows the migration status of each deprecated clanModule:
 
 ---
 
-!!! Warning
+:::Warning
     * Old `clanModules` (`class = "nixos"`) are deprecated and will be removed in the near future.
     * `inventory.services` is no longer recommended; use `inventory.instances` instead.
     * Module authors should begin exporting service modules under the `clan.modules` attribute of their flake.

docs/site/guides/networking/networking.md

@@ -98,7 +98,7 @@ clan network overview
 
 ## Option 2: Manual targetHost (Bypasses Fallback!)
 
-!!! warning
+:::warning
     Setting `targetHost` directly **disables all automatic networking and fallback**. Only use this if you need complete control and don't want Clan's intelligent connection management.
 
 ### Using Inventory (For Static Addresses)
@@ -155,7 +155,7 @@ Use machine-level `targetHost` when you need to **interpolate values from the Ni
 - Building from multiple config values: `"${config.users.users.deploy.name}@${config.networking.hostName}"`
 - Any address that depends on evaluated NixOS configuration
 
-!!! info "Key Difference"
+:::info "Key Difference"
     **Inventory-level** (`deploy.targetHost`) is evaluated immediately and works with static strings.
     **Machine-level** (`clan.core.networking.targetHost`) is evaluated after NixOS configuration and can access `config.*` values.
 

docs/site/guides/nixos-rebuild.md

@@ -7,10 +7,10 @@ However, there are important considerations when using `nixos-rebuild` directly
 
 ## Important Considerations
 
-!!! warning "Vars Must Be Uploaded First"
+:::warning "Vars Must Be Uploaded First"
     If your configuration uses clan vars, failing to run `clan vars upload` before `nixos-rebuild` will result in missing secrets and potentially broken services.
 
-!!! info "Build Host Configuration"
+:::info "Build Host Configuration"
     Clan automatically handles build host configuration based on your machine settings.
     When using `nixos-rebuild` manually, you need to specify `--build-host` and `--target-host` options yourself.
 

docs/site/guides/secrets.md

@@ -17,7 +17,7 @@ Clan can also be configured to be used with other secret store [backends](../ref
 
 To get started, you'll need to create **your admin keypair**.
 
-!!! info
+:::info
     Don't worry — if you've already made one before, this step won't change or overwrite it.
 
 ```bash
@@ -33,7 +33,7 @@ Generated age private key at '/home/joerg/.config/sops/age/keys.txt' for your us
 Also add your age public key to the repository with 'clan secrets users add YOUR_USER age1wkth7uhpkl555g40t8hjsysr20drq286netu8zptw50lmqz7j95sw2t3l7' (replace YOUR_USER with your actual username)
 ```
 
-!!! warning
+:::warning
     Make sure to keep a safe backup of the private key you've just created.
     If it's lost, you won't be able to get to your secrets anymore because they all need the admin key to be unlocked.
 
@@ -47,7 +47,7 @@ Alternatively, you can provide your [age] secret key as an environment variable
 using `SOPS_AGE_KEY_FILE`.
 For more information see the [SOPS] guide on [encrypting with age].
 
-!!! note
+:::note
     It's safe to add any secrets created by the clan CLI and placed in your repository to version control systems like `git`.
 
 ## Add Your Public Key(s)
@@ -68,7 +68,7 @@ sops/
 ```
 If you followed the quickstart tutorial all necessary secrets are initialized at this point.
 
-!!! note
+:::note
     You can add multiple age keys for a user by providing multiple `--age-key <your_public_key>` flags:
 
     ```console
@@ -260,7 +260,7 @@ The secrets system conceptually knows two different entities:
 
 **A machine** Can decrypt secrets that where encrypted specifically for that machine.
 
-!!! Danger
+:::Danger
     **Always make sure at least one _User_ has access to a secret**. Otherwise you could lock yourself out from accessing the secret.
 
 ### Inherited implications
@@ -275,8 +275,9 @@ By default clan uses [sops](https://github.com/getsops/sops) through [sops-nix](
 - **Machine key-pairs are auto-generated**: When a machine is created **no user-interaction is required** to setup public/private key-pairs.
 - **secrets are re-encrypted**: In case machines, users or groups are modified secrets get re-encrypted on demand.
 
-    !!! Important
-        After revoking access to a secret you should also change the underlying secret. i.e. change the API key, or the password.
+    :::caution
+    After revoking access to a secret you should also change the underlying secret. i.e. change the API key, or the password.
+    :::
 
 ---
 

docs/site/guides/secure-boot.md

@@ -8,7 +8,7 @@ At the moment, NixOS/Clan does not support [Secure Boot](https://wiki.gentoo.org
 
 - Restart your computer.
 - As your computer restarts, press the appropriate key to enter the UEFI/BIOS settings.
-??? tip "The key depends on your laptop or motherboard manufacturer. Click to see a reference list:"
+:::tip "The key depends on your laptop or motherboard manufacturer. Click to see a reference list:"
 
     | Manufacturer       | UEFI/BIOS Key(s)          |
     |--------------------|---------------------------|
@@ -31,8 +31,9 @@ At the moment, NixOS/Clan does not support [Secure Boot](https://wiki.gentoo.org
     | EVGA               | `Del`                     |
     | Origin PC          | `F2`, `Delete`            |
 
-    !!! Note
-        Pressing the key quickly and repeatedly is sometimes necessary to access the UEFI/BIOS menu, as the window to enter this mode is brief.
+    :::note
+    Pressing the key quickly and repeatedly is sometimes necessary to access the UEFI/BIOS menu, as the window to enter this mode is brief.
+    :::
 
 ## Access Advanced Mode (Optional)
 

docs/site/guides/services/community.md

@@ -145,7 +145,7 @@ Next we need to define the settings and the behavior of these distinct roles.
 
 ## Using values from a NixOS machine inside the module
 
-!!! Example "Experimental Status"
+:::Example "Experimental Status"
     This feature is experimental and should be used with care.
 
 Sometimes a settings value depends on something within a machines `config`.
@@ -174,7 +174,7 @@ The following example shows how to create a local instance of machine specific s
 }
 ```
 
-!!! Danger
+:::Danger
     `localSettings` are a local attribute. Other machines cannot access it.
     If calling extendSettings is done that doesn't change the original `settings` this means if a different machine tries to access i.e `roles.client.settings` it would *NOT* contain your changes.
 

docs/site/guides/vars/sops/age-plugins.md

@@ -29,7 +29,7 @@ Below is a [list of popular `age` plugins](https://github.com/FiloSottile/awesom
 
 If you want to use `fido2 tokens` to encrypt your secret instead of the normal age secret key then you need to prefix your age secret key with the corresponding plugin name. In our case we want to use the `age-plugin-fido2-hmac` plugin so we replace `AGE-SECRET-KEY` with `AGE-PLUGIN-FIDO2-HMAC`.
 
-??? tip
+:::tip
     - On Linux the age secret key is located at `~/.config/sops/age/keys.txt`
     - On macOS it is located at `/Users/admin/Library/Application Support/sops/age/keys.txt`