This is basically
<af7ce9b8ed>,
but with support for deploying locally.
This failed to install secrets to `/var/lib/sops-nix`. That's because
our `LocalHost` didn't have support for sudo yet. I fixed that.
Now the user can pass `--build-host local`, to select the local machine as a build host, in which case no ssh is used.
This means the admin machine does not necessarily have ssh set up to itself, which was confusing for many users.
Also this makes it easier to re-use a well configured nix remote build setup which is only available on the local machine. Eg if `--build-host local` nix' defaults for remote builds on that machine will be utilized.
When clan-core is fetched via fetchgit (e.g. in tests), the devFlake/private
directory exists but cannot be loaded as a flake. This causes errors when
building test machines.
Fix by:
1. Adding a .skip-private-inputs marker file in clan-core-for-checks to
explicitly disable private inputs in test contexts
2. Checking for this marker file before attempting to load private inputs
3. Keeping the original tryEval approach as a fallback for compatibility
This ensures tests can run without errors while preserving the ability to
load private inputs in development environments.
By default /etc/passwd in container build sandboxes have two users
(root,nixbld) mapped to root. This confuses nix especially it behaves
different if it runs as root. setuid/setgid() is not enough because ssh
will break if the current uid does not exist in /etc/passwd.
Along with this we now also only run the setup for setting up the
network bridge and cgroup filesystems once and not per container.
- Remove deployment.json file generation from outputs.nix
- Add throw for deprecated deployment.file usage with upgrade instructions
- Remove vars data from deployment.data
- Update Machine class to use direct select() calls instead of deployment property
- Update all deployment property accesses to use direct selectors
- Add precaching for frequently accessed values in update.py:
- Module paths for facts and vars
- Deployment settings (requireExplicitUpdate, nixosMobileWorkaround)
- Services and generators data
- Secret upload locations
- This removes unnecessary JSON serialization and makes the code more composable
This particular check has been gotten quite slow over time,
as the upstream module has been updated.
This will be reintroduced in a more performant fashion, once the
`syncthing` module has been ported.
We haven many VM tests which are quite slow, therefore q local `nix flake check` doesn't make sense anymore in most cases.
This introduces a set of cheaper local tests to be run via:
```
nix run .#check.x86_64-linux -L
```
