I had concurrency issues with `nix copy` and the ssh:// protocol when
using a machine both as the build host/target host (for different
machines), where it make the result path partially available to a
different update command thread.
Now the user can pass `--build-host local`, to select the local machine as a build host, in which case no ssh is used.
This means the admin machine does not necessarily have ssh set up to itself, which was confusing for many users.
Also this makes it easier to re-use a well configured nix remote build setup which is only available on the local machine. Eg if `--build-host local` nix' defaults for remote builds on that machine will be utilized.
Motivation: local builds and deployments without ssh
Add a new interface `Host` which is implemented bei either `Remote` or `Localhost`
This simplifies all interactions with hosts. THe caller does ot need to know if the Host is remote or local in mot cases anymore
The documentation currently lists setting targetHost in the NixOS
configuration as a slower, but valid option. Especially for dynamic
values, this is the recommended way but it results in a lot of annyoing
warnings.
This lowers the warning level, so it will only get printed on --debug
Despite using `root` as the ssh user, `ssh-ng` still fails with:
`error: cannot add path '/nix/store/...' because it lacks a signature by a trusted key
`
This does not happen with `ssh` instead of `ssh-ng`
since this code is used as a default in the cli parser, we should not
crash on OSError because we wouldn't be abe to perform basic tasks such
as --help.
This is an attempt to reduce cognitive load when trying to understand the host related logic in run_machine_update.
The change should not affect behavior.
Done:
- make it very clear early on, that build_host == target_host if build_host is not set.
- rename some variables to make relations more clear
- remove `deploy_host` variable. unnecessary complexity
- remove `become_root` variable. After simplifying via boolean algebra, this boils down to `build_host == target_host`.
Fix the directory functionality of clan (clan.directory).
The python API interface was not able to distinguish if the directory
was set to anything other than `self.src`.
Breaking every command that relied on the clan directory, for example:
- `clan machines update`
- `clan machines update-hardware-config`
See more in #2906
This is the first step in fixing all those commands.
Individual command support and implementation will be implemented in
follow ups.
Motivation: updating a machine fails, if it depends on a private github repo, as the remote will likely not be authenticated.
This adds a new flag `--fetch-local` to `clan machines update` which fetches all flake inputs prior to building, then uploads them to the build-host.
This also adds a new error message, when flake inputs could not fetched, to hint the user to use `--fetch-local`
Fix clan template creation when already in a flake.
Currently we already fail with very clear and descriptive error when
trying to evaluate the template of the flake we are in:
```
Failed to select template 'flake-parts' from flake '/tmp/superclan' (via attribute path: /tmp/superclan#clanInternals.templates.clan."flake-parts")
```
This is undesired behavior.
When we are trying to create a clan with `clan flakes create`.
We can't rely on the fact that the flake we are currently in exports flake templates.
Now we *try* to evaluate the flake we are in upon creation.
If there are no clan templates available, we now will fall back to
builtin templates.
Closes: #4472
Allow `clan templates list` to function outside a clan.
Currently when bootstrapping a clan and trying to list the templates
it fails as follows:
```
Traceback (most recent call last):
File "/nix/store/pkrsr8zr90bps1fwrl8n74zbb9g038b8-clan-cli/bin/.clan-wrapped", line 9, in <module>
sys.exit(main())
~~~~^^
File "/nix/store/pkrsr8zr90bps1fwrl8n74zbb9g038b8-clan-cli/lib/python3.13/site-packages/clan_cli/cli.py", line 516, in main
args.func(args)
~~~~~~~~~^^^^^^
File "/nix/store/pkrsr8zr90bps1fwrl8n74zbb9g038b8-clan-cli/lib/python3.13/site-packages/clan_cli/templates/list.py", line 11, in list_command
templates = list_templates(args.flake)
File "/nix/store/pkrsr8zr90bps1fwrl8n74zbb9g038b8-clan-cli/lib/python3.13/site-packages/clan_lib/templates/__init__.py", line 20, in list_templates
custom_templates = flake.select("clanInternals.inventoryClass.templatesPerSource")
^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'select'
```
With the change we get the following output:
```
Available 'clan' templates
├── <builtin>
│ ├── default: Initialize a new clan flake
│ ├── flake-parts: Flake-parts
│ └── minimal: for clans managed via (G)UI
Available 'disko' templates
├── <builtin>
│ └── single-disk: A simple ext4 disk with a single partition
Available 'machine' templates
├── <builtin>
│ ├── flash-installer: Initialize a new flash-installer machine
│ └── new-machine: Initialize a new machine
```
Allowing to check for available templates without needing to have a
clan, which improves the bootstrapping experience.
- Replace Tor-specific implementation with generic SOCKS5 proxy support
- Change `tor_socks` boolean to `socks_port` and `socks_wrapper` parameters
- Move Tor functionality to clan_lib.network.tor submodule
- Add connection context managers to NetworkTechnologyBase
- Improve network abstraction with proper remote() and connection() methods
- Update all callers to use new SOCKS5 proxy interface
- Fix network ping command to properly handle connection contexts
This allows for more flexible proxy configurations beyond just Tor,
while maintaining backward compatibility for Tor usage.
