rework installation template based on received feedback

templates/flake-module.nix

@@ -1,6 +1,6 @@
 { self, inputs, ... }:
 {
-  flake = (import ./flake.nix).outputs {} // {
+  flake = (import ./flake.nix).outputs { } // {
     checks.x86_64-linux.template-minimal =
       let
         path = self.templates.minimal.path;

templates/new-clan/flake.nix

@@ -6,94 +6,24 @@
   outputs =
     { self, clan-core, ... }:
     let
-      system = "x86_64-linux";
-      pkgs = clan-core.inputs.nixpkgs.legacyPackages.${system};
       # Usage see: https://docs.clan.lol
       clan = clan-core.lib.buildClan {
         directory = self;
-        meta.name = "__CHANGE_ME__"; # Ensure this is unique among all clans you want to use.
-
-        # Distributed services, uncomment to enable.
-        # inventory = {
-        #   services = {
-        #     # This example configures a BorgBackup service
-        #     # Check: https://docs.clan.lol/reference/clanModules which ones are available in Inventory
-        #     borgbackup.instance_1 = {
-        #       roles.server.machines = [ "jon" ];
-        #       roles.client.machines = [ "sara" ];
-        #     };
-        #   };
-        # };
+        # Ensure this is unique among all clans you want to use.
+        meta.name = "__CHANGE_ME__";
 
         # Prerequisite: boot into the installer
         # See: https://docs.clan.lol/getting-started/installer
         # local> mkdir -p ./machines/machine1
-        # local> Edit ./machines/machine1/configuration.nix to your liking
+        # local> Edit ./machines/<machine>/configuration.nix to your liking
         machines = {
           # "jon" will be the hostname of the machine
           jon = {
-            imports = [
-              ./modules/shared.nix
-              ./modules/disko.nix
-              ./machines/jon/configuration.nix
-            ];
-
-            nixpkgs.hostPlatform = system;
-
-            # Set this for clan commands use ssh i.e. `clan machines update`
-            # If you change the hostname, you need to update this line to root@<new-hostname>
-            # This only works however if you have avahi running on your admin machine else use IP
-            clan.core.networking.targetHost = pkgs.lib.mkDefault "root@jon";
-
-            # You can get your disk id by running the following command on the installer:
-            # Replace <IP> with the IP of the installer printed on the screen or by running the `ip addr` command.
-            # ssh root@<IP> lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
-            disko.devices.disk.main.device = "/dev/disk/by-id/__CHANGE_ME__";
-
-            # IMPORTANT! Add your SSH key here
-            # e.g. > cat ~/.ssh/id_ed25519.pub
-            users.users.root.openssh.authorizedKeys.keys = throw ''
-              Don't forget to add your SSH key here!
-              users.users.root.openssh.authorizedKeys.keys = [ "<YOUR SSH_KEY>" ]
-            '';
-
-            # Zerotier needs one controller to accept new nodes. Once accepted
-            # the controller can be offline and routing still works.
-            clan.core.networking.zerotier.controller.enable = true;
+            imports = [ ./machines/jon/configuration.nix ];
           };
           # "sara" will be the hostname of the machine
           sara = {
-            imports = [
-              ./modules/shared.nix
-              ./modules/disko.nix
-              ./machines/sara/configuration.nix
-            ];
-
-            nixpkgs.hostPlatform = system;
-
-            # Set this for clan commands use ssh i.e. `clan machines update`
-            # If you change the hostname, you need to update this line to root@<new-hostname>
-            # This only works however if you have avahi running on your admin machine else use IP
-            clan.core.networking.targetHost = pkgs.lib.mkDefault "root@sara";
-
-            # You can get your disk id by running the following command on the installer:
-            # Replace <IP> with the IP of the installer printed on the screen or by running the `ip addr` command.
-            # ssh root@<IP> lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
-            disko.devices.disk.main.device = "/dev/disk/by-id/__CHANGE_ME__";
-
-            # IMPORTANT! Add your SSH key here
-            # e.g. > cat ~/.ssh/id_ed25519.pub
-            users.users.root.openssh.authorizedKeys.keys = throw ''
-              Don't forget to add your SSH key here!
-              users.users.root.openssh.authorizedKeys.keys = [ "<YOUR SSH_KEY>" ]
-            '';
-
-            /*
-              After jon is deployed, uncomment the following line
-              This will allow sara to share the VPN overlay network with jon
-              The networkId is generated by the first deployment of jon
-            */
-            # clan.core.networking.zerotier.networkId = builtins.readFile ../jon/facts/zerotier-network-id;
+            imports = [ ./machines/sara/configuration.nix ];
           };
         };
       };
@@ -102,8 +32,19 @@
       # all machines managed by Clan
       inherit (clan) nixosConfigurations clanInternals;
       # add the Clan cli tool to the dev shell
-      devShells.${system}.default = pkgs.mkShell {
-        packages = [ clan-core.packages.${system}.clan-cli ];
-      };
+      # use the "nix develop" command to enter the dev shell
+      devShells =
+        clan-core.inputs.nixpkgs.lib.genAttrs
+          [
+            "x86_64-linux"
+            "aarch64-linux"
+            "aarch64-darwin"
+            "x86_64-darwin"
+          ]
+          (system: {
+            default = clan-core.inputs.nixpkgs.legacyPackages.${system}.mkShell {
+              packages = [ clan-core.packages.${system}.clan-cli ];
+            };
+          });
     };
 }

templates/new-clan/machines/jon/configuration.nix

@@ -1,38 +1,34 @@
-{ config, ... }:
-let
-  username = config.networking.hostName;
-in
 {
-  imports = [ ./hardware-configuration.nix ];
+  imports = [
+    ./hardware-configuration.nix
+    # contains your disk format and partitioning configuration.
+    ../../modules/disko.nix
+    # this file is shared among all machines
+    ../../modules/shared.nix
+    # enables GNOME desktop (optional)
+    ../../modules/gnome.nix
+  ];
 
-  # Locale service discovery and mDNS
-  services.avahi.enable = true;
+  # This is your user login name.
+  users.users.user.name = "<your-username>";
 
-  services.xserver.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
-  services.xserver.displayManager.gdm.enable = true;
-  # Disable the default gnome apps to speed up deployment
-  services.gnome.core-utilities.enable = false;
+  # Set this for clan commands use ssh i.e. `clan machines update`
+  # If you change the hostname, you need to update this line to root@<new-hostname>
+  # This only works however if you have avahi running on your admin machine else use IP
+  clan.core.networking.targetHost = "root@<IP>";
 
-  # Enable automatic login for the user.
-  services.displayManager.autoLogin = {
-    enable = true;
-    user = username;
-  };
+  # You can get your disk id by running the following command on the installer:
+  # Replace <IP> with the IP of the installer printed on the screen or by running the `ip addr` command.
+  # ssh root@<IP> lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
+  disko.devices.disk.main.device = "/dev/disk/by-id/__CHANGE_ME__";
 
-  users.users.${username} = {
-    initialPassword = username;
-    isNormalUser = true;
-    extraGroups = [
-      "wheel"
-      "networkmanager"
-      "video"
-      "audio"
-      "input"
-      "dialout"
-      "disk"
-    ];
-    uid = 1000;
-    openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
-  };
+  # IMPORTANT! Add your SSH key here
+  # e.g. > cat ~/.ssh/id_ed25519.pub
+  users.users.root.openssh.authorizedKeys.keys = [''
+    __YOUR_SSH_KEY__
+  ''];
+
+  # Zerotier needs one controller to accept new nodes. Once accepted
+  # the controller can be offline and routing still works.
+  clan.core.networking.zerotier.controller.enable = true;
 }

templates/new-clan/machines/sara/configuration.nix

@@ -1,39 +1,33 @@
-{ config, ... }:
-
-let
-  username = config.networking.hostName;
-in
 {
-  imports = [ ./hardware-configuration.nix ];
+  imports = [
+    ./hardware-configuration.nix
+    ../../modules/disko.nix
+    ../../modules/shared.nix
+    # enables GNOME desktop (optional)
+    ../../modules/gnome.nix
+  ];
+  # Put your username here for login
+  users.users.user.name = "<your-username>";
 
-  # Locale service discovery and mDNS
-  services.avahi.enable = true;
+  # Set this for clan commands use ssh i.e. `clan machines update`
+  # If you change the hostname, you need to update this line to root@<new-hostname>
+  # This only works however if you have avahi running on your admin machine else use IP
+  clan.core.networking.targetHost = "root@<IP>";
 
-  services.xserver.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
-  services.xserver.displayManager.gdm.enable = true;
-  # Disable the default gnome apps to speed up deployment
-  services.gnome.core-utilities.enable = false;
+  # You can get your disk id by running the following command on the installer:
+  # Replace <IP> with the IP of the installer printed on the screen or by running the `ip addr` command.
+  # ssh root@<IP> lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT
+  disko.devices.disk.main.device = "/dev/disk/by-id/__CHANGE_ME__";
 
-  # Enable automatic login for the user.
-  services.displayManager.autoLogin = {
-    enable = true;
-    user = username;
-  };
-
-  users.users.${username} = {
-    initialPassword = username;
-    isNormalUser = true;
-    extraGroups = [
-      "wheel"
-      "networkmanager"
-      "video"
-      "audio"
-      "input"
-      "dialout"
-      "disk"
-    ];
-    uid = 1000;
-    openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
-  };
+  # IMPORTANT! Add your SSH key here
+  # e.g. > cat ~/.ssh/id_ed25519.pub
+  users.users.root.openssh.authorizedKeys.keys = [''
+    __YOUR_SSH_KEY__
+  ''];
+  /*
+    After jon is deployed, uncomment the following line
+    This will allow sara to share the VPN overlay network with jon
+    The networkId is generated by the first deployment of jon
+  */
+  # clan.core.networking.zerotier.networkId = builtins.readFile ../jon/facts/zerotier-network-id;
 }

templates/new-clan/modules/disko.nix

@@ -1,5 +1,7 @@
 { lib, ... }:
 {
+  # TO NOT EDIT THIS FILE AFTER INSTALLATION of a machine
+  # Otherwise your system might not boot because of missing partitions / filesystems
   boot.loader.grub.efiSupport = lib.mkDefault true;
   boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
   disko.devices = {
@@ -23,6 +25,7 @@
                 type = "filesystem";
                 format = "vfat";
                 mountpoint = "/boot";
+                mountOptions = [ "nofail" ];
               };
             };
             root = {
@@ -30,6 +33,8 @@
               content = {
                 type = "filesystem";
                 format = "ext4";
+                # format = "btrfs";
+                # format = "bcachefs";
                 mountpoint = "/";
               };
             };

templates/new-clan/modules/gnome.nix

@@ -0,0 +1,5 @@
+{
+  services.xserver.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+  services.xserver.displayManager.gdm.enable = true;
+}

templates/new-clan/modules/shared.nix

@@ -1,7 +1,28 @@
-{ clan-core, ... }:
+{ config, clan-core, ... }:
 {
   imports = [
+    # Enables the OpenSSH server for remote access
     clan-core.clanModules.sshd
+    # Set a root password
     clan-core.clanModules.root-password
+    clan-core.clanModules.user-password
   ];
+
+  # Locale service discovery and mDNS
+  services.avahi.enable = true;
+
+  # generate a random password for our user below
+  # can be read using `clan secrets get <machine-name>-user-password` command
+  clan.user-password.user = "user";
+  users.users.user = {
+    isNormalUser = true;
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "video"
+      "input"
+    ];
+    uid = 1000;
+    openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
+  };
 }