diff --git a/docs/admins/machines.md b/docs/admins/machines.md index 601ab465d..09fd7671c 100644 --- a/docs/admins/machines.md +++ b/docs/admins/machines.md @@ -101,16 +101,6 @@ $ clan config --machine my-machine clan.networking.targetHost root@host_or_ip _Note: The use of `root@` in the target address implies SSH access as the root user. Ensure that the root login is secured and only used when necessary._ -### Setting the Build Host - -If the machine does not have enough resources to run the NixOS evaluation or build itself, -it is also possible to specify a build host instead. -During an update, the cli will ssh into the build host and run `nixos-rebuild` from there. - -```shellSession -$ clan config --machine my-machine clan.networking.buildHost root@host_or_ip -``` - ### Updating Machine Configurations Execute the following command to update the specified machine: @@ -124,3 +114,25 @@ You can also update all configured machines simultaneously by omitting the machi ```shellSession $ clan machines update ``` + +### Setting a Build Host + +If the machine does not have enough resources to run the NixOS evaluation or build itself, +it is also possible to specify a build host instead. +During an update, the cli will ssh into the build host and run `nixos-rebuild` from there. + +```shellSession +$ clan config --machine my-machine clan.networking.buildHost root@host_or_ip +``` + +### Excluding a machine from `clan machine update` + +To exclude machines from beeing updated when running `clan machines update` without any machines specified, +one can set the `clan.deployment.requireExplicitUpdate` option to true: + + +```shellSession +$ clan config --machine my-machine clan.deployment.requireExplicitUpdate true +``` + +This is useful for machines that are not always online or are not part of the regular update cycle. diff --git a/nixosModules/clanCore/networking.nix b/nixosModules/clanCore/networking.nix index f6f8d93a7..affed63f8 100644 --- a/nixosModules/clanCore/networking.nix +++ b/nixosModules/clanCore/networking.nix @@ -1,38 +1,53 @@ { config, lib, ... }: { - options.clan.networking = { - targetHost = lib.mkOption { - description = '' - The target SSH node for deployment. + options.clan = { + networking = { + targetHost = lib.mkOption { + description = '' + The target SSH node for deployment. - By default, the node's attribute name will be used. - If set to null, only local deployment will be supported. + By default, the node's attribute name will be used. + If set to null, only local deployment will be supported. - format: user@host:port&SSH_OPTION=SSH_VALUE - examples: - - machine.example.com - - user@machine2.example.com - - root@example.com:2222&IdentityFile=/path/to/private/key - ''; - default = null; - type = lib.types.nullOr lib.types.str; + format: user@host:port&SSH_OPTION=SSH_VALUE + examples: + - machine.example.com + - user@machine2.example.com + - root@example.com:2222&IdentityFile=/path/to/private/key + ''; + default = null; + type = lib.types.nullOr lib.types.str; + }; + buildHost = lib.mkOption { + description = '' + The build SSH node where nixos-rebuild will be executed. + + If set to null, the targetHost will be used. + + format: user@host:port&SSH_OPTION=SSH_VALUE + examples: + - machine.example.com + - user@machine2.example.com + - root@example.com:2222&IdentityFile=/path/to/private/key + ''; + type = lib.types.nullOr lib.types.str; + default = null; + }; }; - buildHost = lib.mkOption { - description = '' - The build SSH node where nixos-rebuild will be executed. - If set to null, the targetHost will be used. + deployment = { + requireExplicitUpdate = lib.mkOption { + description = '' + Do not update this machine when running `clan machines update` without any machines specified. - format: user@host:port&SSH_OPTION=SSH_VALUE - examples: - - machine.example.com - - user@machine2.example.com - - root@example.com:2222&IdentityFile=/path/to/private/key - ''; - type = lib.types.nullOr lib.types.str; - default = null; + This is useful for machines that are not always online or are not part of the regular update cycle. + ''; + type = lib.types.bool; + default = false; + }; }; }; + imports = [ (lib.mkRenamedOptionModule [ "clan" "networking" "deploymentAddress" ] [ "clan" "networking" "targetHost" ]) ]; diff --git a/nixosModules/clanCore/outputs.nix b/nixosModules/clanCore/outputs.nix index 924728cb1..54d81f694 100644 --- a/nixosModules/clanCore/outputs.nix +++ b/nixosModules/clanCore/outputs.nix @@ -31,6 +31,13 @@ the hostname of the target host to be deployed to ''; }; + deployment.requireExplicitUpdate = lib.mkOption { + type = lib.types.bool; + description = '' + if true, the deployment will not be updated automatically. + ''; + default = false; + }; secretsUploadDirectory = lib.mkOption { type = lib.types.path; description = '' @@ -73,6 +80,7 @@ system.clan.deployment.data = { inherit (config.system.clan) secretsModule secretsData; inherit (config.clan.networking) targetHost buildHost; + inherit (config.clan.deployment) requireExplicitUpdate; inherit (config.clanCore) secretsUploadDirectory; }; system.clan.deployment.file = pkgs.writeText "deployment.json" (builtins.toJSON config.system.clan.deployment.data); diff --git a/pkgs/clan-cli/clan_cli/machines/update.py b/pkgs/clan-cli/clan_cli/machines/update.py index 493970106..ee536bb3b 100644 --- a/pkgs/clan-cli/clan_cli/machines/update.py +++ b/pkgs/clan-cli/clan_cli/machines/update.py @@ -151,6 +151,9 @@ def get_all_machines(clan_dir: Path) -> HostGroup: hosts = [] ignored_machines = [] for name, machine_data in machines.items(): + if machine_data.get("requireExplicitUpdate", False): + continue + machine = Machine(name=name, flake=clan_dir, deployment_info=machine_data) try: hosts.append(machine.build_host)