From d88ac429cb1d5071b7dd14e8b362b93a9515670e Mon Sep 17 00:00:00 2001 From: pinpox Date: Wed, 18 Jun 2025 14:30:04 +0200 Subject: [PATCH] Make machine ID a option --- checks/clan-core-for-checks.nix | 4 +- checks/flake-module.nix | 1 + clanModules/flake-module.nix | 1 - clanModules/machine-id/README.md | 4 -- clanModules/machine-id/default.nix | 6 --- clanModules/machine-id/roles/default.nix | 45 ---------------- docs/mkdocs.yml | 1 - lib/clanTest/flake-module.nix | 2 +- nixosModules/clanCore/default.nix | 1 + nixosModules/clanCore/machine-id/default.nix | 53 +++++++++++++++++++ .../machine-id/tests/flake-module.nix | 39 ++++++++++++++ .../tests/sops/users/admin/key.json | 4 ++ .../server/machine-id/machineId/value | 1 + .../clanCore/machine-id}/uuid4.sh | 0 pkgs/clan-cli/clan_lib/flake/flake.py | 4 ++ 15 files changed, 106 insertions(+), 60 deletions(-) delete mode 100644 clanModules/machine-id/README.md delete mode 100644 clanModules/machine-id/default.nix delete mode 100644 clanModules/machine-id/roles/default.nix create mode 100644 nixosModules/clanCore/machine-id/default.nix create mode 100644 nixosModules/clanCore/machine-id/tests/flake-module.nix create mode 100644 nixosModules/clanCore/machine-id/tests/sops/users/admin/key.json create mode 100644 nixosModules/clanCore/machine-id/tests/vars/per-machine/server/machine-id/machineId/value rename {clanModules/machine-id/roles => nixosModules/clanCore/machine-id}/uuid4.sh (100%) diff --git a/checks/clan-core-for-checks.nix b/checks/clan-core-for-checks.nix index c6897f779..cdff657fa 100644 --- a/checks/clan-core-for-checks.nix +++ b/checks/clan-core-for-checks.nix @@ -1,6 +1,6 @@ { fetchgit }: fetchgit { url = "https://git.clan.lol/clan/clan-core.git"; - rev = "13a9b1719835ef4510e4adb6941ddfe9a91d41cb"; - sha256 = "sha256-M+pLnpuX+vIsxTFtbBZaNA1OwGQPeSbsMbTiDl1t4vY="; + rev = "28131afbbcd379a8ff04c79c66c670ef655ed889"; + sha256 = "1294cwjlnc341fl6zbggn4rgq8z33gqkcyggjfvk9cf7zdgygrf6"; } diff --git a/checks/flake-module.nix b/checks/flake-module.nix index b3bc51d0f..03f16db04 100644 --- a/checks/flake-module.nix +++ b/checks/flake-module.nix @@ -9,6 +9,7 @@ in { imports = filter pathExists [ ./backups/flake-module.nix + ../nixosModules/clanCore/machine-id/tests/flake-module.nix ./devshell/flake-module.nix ./flash/flake-module.nix ./impure/flake-module.nix diff --git a/clanModules/flake-module.nix b/clanModules/flake-module.nix index e088e83df..54bcfc4d1 100644 --- a/clanModules/flake-module.nix +++ b/clanModules/flake-module.nix @@ -23,7 +23,6 @@ in iwd = ./iwd; localbackup = ./localbackup; localsend = ./localsend; - machine-id = ./machine-id; matrix-synapse = ./matrix-synapse; moonlight = ./moonlight; mumble = ./mumble; diff --git a/clanModules/machine-id/README.md b/clanModules/machine-id/README.md deleted file mode 100644 index 226b69738..000000000 --- a/clanModules/machine-id/README.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -description = "Sets the /etc/machine-id and exposes it as a nix option" -features = [ "inventory" ] ---- diff --git a/clanModules/machine-id/default.nix b/clanModules/machine-id/default.nix deleted file mode 100644 index ed6af3368..000000000 --- a/clanModules/machine-id/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -# Dont import this file -# It is only here for backwards compatibility. -# Dont author new modules with this file. -{ - imports = [ ./roles/default.nix ]; -} diff --git a/clanModules/machine-id/roles/default.nix b/clanModules/machine-id/roles/default.nix deleted file mode 100644 index 0da10a709..000000000 --- a/clanModules/machine-id/roles/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -let - var = config.clan.core.vars.generators.machine-id.files.machineId or { }; -in -{ - config = lib.mkMerge [ - (lib.mkIf ((var.value or null) != null) { - assertions = [ - { - assertion = lib.stringLength var.value == 32; - message = "machineId must be exactly 32 characters long."; - } - ]; - boot.kernelParams = [ - ''systemd.machine_id=${var.value}'' - ]; - environment.etc."machine-id" = { - text = var.value; - }; - }) - { - clan.core.vars.generators.machine-id = { - files.machineId.secret = false; - runtimeInputs = [ - pkgs.coreutils - pkgs.bash - ]; - script = '' - uuid=$(bash ${./uuid4.sh}) - - # Remove the hyphens from the UUID - uuid_no_hyphens=$(echo -n "$uuid" | tr -d '-') - - echo -n "$uuid_no_hyphens" > "$out/machineId" - ''; - }; - } - ]; -} diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 84869ddc8..a64b567e6 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -116,7 +116,6 @@ nav: - reference/clanModules/iwd.md - reference/clanModules/localbackup.md - reference/clanModules/localsend.md - - reference/clanModules/machine-id.md - reference/clanModules/matrix-synapse.md - reference/clanModules/moonlight.md - reference/clanModules/mumble.md diff --git a/lib/clanTest/flake-module.nix b/lib/clanTest/flake-module.nix index 39449b047..5912d9300 100644 --- a/lib/clanTest/flake-module.nix +++ b/lib/clanTest/flake-module.nix @@ -87,7 +87,7 @@ in self.packages.${hostPkgs.system}.generate-test-vars }/bin/generate-test-vars"; - relativeDir = removePrefix ("${self}/") (toString config.clan.directory); + relativeDir = removePrefix "${self}/" (toString config.clan.directory); update-vars = hostPkgs.writeShellScriptBin "update-vars" '' ${update-vars-script} $PRJ_ROOT/${relativeDir} ${testName} diff --git a/nixosModules/clanCore/default.nix b/nixosModules/clanCore/default.nix index fcf1c0c37..cbca81ddd 100644 --- a/nixosModules/clanCore/default.nix +++ b/nixosModules/clanCore/default.nix @@ -3,6 +3,7 @@ imports = [ ./backups.nix + ./machine-id ./defaults.nix ./facts ./inventory diff --git a/nixosModules/clanCore/machine-id/default.nix b/nixosModules/clanCore/machine-id/default.nix new file mode 100644 index 000000000..dac7b6e99 --- /dev/null +++ b/nixosModules/clanCore/machine-id/default.nix @@ -0,0 +1,53 @@ +{ + lib, + config, + pkgs, + ... +}: +let + var = config.clan.core.vars.generators.machine-id.files.machineId or { }; +in +{ + + options.clan.core.settings.machine-id = { + enable = lib.mkEnableOption '' + machine ID generation. Sets the /etc/machine-id and exposes it as a nix + option. This unique ID that is not dependent on ephemeral or + variable data, such as hostnames, MAC addresses or IP addresses. + + See https://www.freedesktop.org/software/systemd/man/latest/machine-id.html for details. + ''; + }; + + config = lib.mkIf (config.clan.core.settings.machine-id.enable) { + + assertions = [ + { + assertion = lib.stringLength var.value == 32; + message = "machine ID must be exactly 32 characters long."; + } + ]; + + boot.kernelParams = [ + ''systemd.machine_id=${var.value}'' + ]; + + environment.etc."machine-id".text = var.value; + + clan.core.vars.generators.machine-id = { + files.machineId.secret = false; + runtimeInputs = [ + pkgs.coreutils + pkgs.bash + ]; + script = '' + uuid=$(bash ${./uuid4.sh}) + + # Remove the hyphens from the UUID + uuid_no_hyphens=$(echo -n "$uuid" | tr -d '-') + + echo -n "$uuid_no_hyphens" > "$out/machineId" + ''; + }; + }; +} diff --git a/nixosModules/clanCore/machine-id/tests/flake-module.nix b/nixosModules/clanCore/machine-id/tests/flake-module.nix new file mode 100644 index 000000000..842aa452f --- /dev/null +++ b/nixosModules/clanCore/machine-id/tests/flake-module.nix @@ -0,0 +1,39 @@ +{ ... }: +{ + perSystem = + { ... }: + { + clan.nixosTests.machine-id = { + + name = "machine-id"; + + clan = { + directory = ./.; + + # Workaround until we can use nodes.server = { }; + modules."@clan/importer" = ../../../../clanServices/importer; + + inventory = { + machines.server = { }; + instances.importer = { + module.name = "@clan/importer"; + roles.default.tags.all = { }; + roles.default.extraModules = [ + { + # Test machine ID generation + clan.core.settings.machine-id.enable = true; + } + ]; + }; + }; + }; + + # TODO: Broken. Use instead of importer after fixing. + # nodes.server = { }; + + # This is not an actual vm test, this is a workaround to + # generate the needed vars for the eval test. + testScript = ""; + }; + }; +} diff --git a/nixosModules/clanCore/machine-id/tests/sops/users/admin/key.json b/nixosModules/clanCore/machine-id/tests/sops/users/admin/key.json new file mode 100644 index 000000000..e408aa96b --- /dev/null +++ b/nixosModules/clanCore/machine-id/tests/sops/users/admin/key.json @@ -0,0 +1,4 @@ +{ + "publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg", + "type": "age" +} diff --git a/nixosModules/clanCore/machine-id/tests/vars/per-machine/server/machine-id/machineId/value b/nixosModules/clanCore/machine-id/tests/vars/per-machine/server/machine-id/machineId/value new file mode 100644 index 000000000..434f1f67f --- /dev/null +++ b/nixosModules/clanCore/machine-id/tests/vars/per-machine/server/machine-id/machineId/value @@ -0,0 +1 @@ +5e32b25aca76401c8e3cec57a0a006f1 \ No newline at end of file diff --git a/clanModules/machine-id/roles/uuid4.sh b/nixosModules/clanCore/machine-id/uuid4.sh similarity index 100% rename from clanModules/machine-id/roles/uuid4.sh rename to nixosModules/clanCore/machine-id/uuid4.sh diff --git a/pkgs/clan-cli/clan_lib/flake/flake.py b/pkgs/clan-cli/clan_lib/flake/flake.py index bef8c1c38..a4424d94f 100644 --- a/pkgs/clan-cli/clan_lib/flake/flake.py +++ b/pkgs/clan-cli/clan_lib/flake/flake.py @@ -786,6 +786,10 @@ class Flake: if tmp_store := nix_test_store(): nix_options.append("--impure") + # build_output = Path( + # run(nix_build(["--expr", nix_code, *nix_options])).stdout.strip() + # ) + build_output = Path( run( nix_build(["--expr", nix_code, *nix_options]), RunOpts(log=Log.NONE)