Despite using `root` as the ssh user, `ssh-ng` still fails with:
`error: cannot add path '/nix/store/...' because it lacks a signature by a trusted key
`
This does not happen with `ssh` instead of `ssh-ng`
This is an attempt to reduce cognitive load when trying to understand the host related logic in run_machine_update.
The change should not affect behavior.
Done:
- make it very clear early on, that build_host == target_host if build_host is not set.
- rename some variables to make relations more clear
- remove `deploy_host` variable. unnecessary complexity
- remove `become_root` variable. After simplifying via boolean algebra, this boils down to `build_host == target_host`.
Motivation: updating a machine fails, if it depends on a private github repo, as the remote will likely not be authenticated.
This adds a new flag `--fetch-local` to `clan machines update` which fetches all flake inputs prior to building, then uploads them to the build-host.
This also adds a new error message, when flake inputs could not fetched, to hint the user to use `--fetch-local`
- Replace Tor-specific implementation with generic SOCKS5 proxy support
- Change `tor_socks` boolean to `socks_port` and `socks_wrapper` parameters
- Move Tor functionality to clan_lib.network.tor submodule
- Add connection context managers to NetworkTechnologyBase
- Improve network abstraction with proper remote() and connection() methods
- Update all callers to use new SOCKS5 proxy interface
- Fix network ping command to properly handle connection contexts
This allows for more flexible proxy configurations beyond just Tor,
while maintaining backward compatibility for Tor usage.
Stores now get machine context from generator objects instead of storing
it internally. This enables future machine-independent generators and
reduces coupling.
- StoreBase.__init__ only takes flake parameter
- Store methods receive machine as explicit parameter
- Fixed all callers to pass machine context
- Updated StoreBase.__init__ to accept machine: str and flake: Flake
- Modified all StoreBase subclasses (in_repo, vm, fs, sops, password_store) to match new signature
- Added select_machine method to Flake class for machine-specific attribute selection
- Updated Machine.select to use the new Flake.select_machine method
- Fixed all test cases to pass machine name and flake to store constructors
- Maintained backward compatibility by keeping the same external API
This reduces coupling between the store system and the Machine class,
making the architecture more modular and flexible.
Motivation: A warning should encourage consistent usage of inventory.machines setting targetHost inside the machine should be considered a custom override
Changing the warning strings to avoid the term 'nix'/'json' both inventory and nixos machines are nix features
Replace all calls to machine.vars_generators() with direct calls to
Generator.generators_from_flake() to make the dependency more explicit
and remove unnecessary indirection.
This reduces coupling to the Machine class, making the codebase more
modular and easier to refactor in the future.
