Make machine ID a option

nixosModules/clanCore/default.nix

@@ -3,6 +3,7 @@
   imports =
     [
       ./backups.nix
+      ./machine-id
       ./defaults.nix
       ./facts
       ./inventory

nixosModules/clanCore/machine-id/default.nix

@@ -0,0 +1,53 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  var = config.clan.core.vars.generators.machine-id.files.machineId or { };
+in
+{
+
+  options.clan.core.settings.machine-id = {
+    enable = lib.mkEnableOption ''
+      machine ID generation. Sets the /etc/machine-id and exposes it as a nix
+      option. This unique ID that is not dependent on ephemeral or
+      variable data, such as hostnames, MAC addresses or IP addresses.
+
+      See https://www.freedesktop.org/software/systemd/man/latest/machine-id.html for details.
+    '';
+  };
+
+  config = lib.mkIf (config.clan.core.settings.machine-id.enable) {
+
+    assertions = [
+      {
+        assertion = lib.stringLength var.value == 32;
+        message = "machine ID must be exactly 32 characters long.";
+      }
+    ];
+
+    boot.kernelParams = [
+      ''systemd.machine_id=${var.value}''
+    ];
+
+    environment.etc."machine-id".text = var.value;
+
+    clan.core.vars.generators.machine-id = {
+      files.machineId.secret = false;
+      runtimeInputs = [
+        pkgs.coreutils
+        pkgs.bash
+      ];
+      script = ''
+        uuid=$(bash ${./uuid4.sh})
+
+        # Remove the hyphens from the UUID
+        uuid_no_hyphens=$(echo -n "$uuid" | tr -d '-')
+
+        echo -n "$uuid_no_hyphens" > "$out/machineId"
+      '';
+    };
+  };
+}

nixosModules/clanCore/machine-id/tests/flake-module.nix

@@ -0,0 +1,39 @@
+{ ... }:
+{
+  perSystem =
+    { ... }:
+    {
+      clan.nixosTests.machine-id = {
+
+        name = "machine-id";
+
+        clan = {
+          directory = ./.;
+
+          # Workaround until we can use nodes.server = { };
+          modules."@clan/importer" = ../../../../clanServices/importer;
+
+          inventory = {
+            machines.server = { };
+            instances.importer = {
+              module.name = "@clan/importer";
+              roles.default.tags.all = { };
+              roles.default.extraModules = [
+                {
+                  # Test machine ID generation
+                  clan.core.settings.machine-id.enable = true;
+                }
+              ];
+            };
+          };
+        };
+
+        # TODO: Broken. Use instead of importer after fixing.
+        # nodes.server = { };
+
+        # This is not an actual vm test, this is a workaround to
+        # generate the needed vars for the eval test.
+        testScript = "";
+      };
+    };
+}

nixosModules/clanCore/machine-id/tests/sops/users/admin/key.json

@@ -0,0 +1,4 @@
+{
+  "publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
+  "type": "age"
+}

nixosModules/clanCore/machine-id/tests/vars/per-machine/server/machine-id/machineId/value

@@ -0,0 +1 @@
+5e32b25aca76401c8e3cec57a0a006f1

nixosModules/clanCore/machine-id/uuid4.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+# Read 16 bytes from /dev/urandom
+uuid=$(dd if=/dev/urandom bs=1 count=16 2>/dev/null | od -An -tx1 | tr -d ' \n')
+
+# Break the UUID into pieces and apply the required modifications
+byte6=${uuid:12:2}
+byte8=${uuid:16:2}
+
+# Construct the correct version and variant
+hex_byte6=$(printf "%x" $((0x$byte6 & 0x0F | 0x40)))
+hex_byte8=$(printf "%x" $((0x$byte8 & 0x3F | 0x80)))
+
+# Rebuild the UUID with the correct fields
+uuid_v4="${uuid:0:12}${hex_byte6}${uuid:14:2}${hex_byte8}${uuid:18:14}"
+
+# Format the UUID correctly 8-4-4-4-12
+uuid_formatted="${uuid_v4:0:8}-${uuid_v4:8:4}-${uuid_v4:12:4}-${uuid_v4:16:4}-${uuid_v4:20:12}"
+
+echo -n "$uuid_formatted"