This uses the networking module to find the best_host, as we already do
with ssh and install. So if we don't supply a --target-host and a
networking module is configured, the remote should be autodetected.
Since vars upload doesn't have a --target-host argument, we always try
to use get_best_remote
This is basically
<af7ce9b8ed>,
but with support for deploying locally.
This failed to install secrets to `/var/lib/sops-nix`. That's because
our `LocalHost` didn't have support for sudo yet. I fixed that.
Now the user can pass `--build-host local`, to select the local machine as a build host, in which case no ssh is used.
This means the admin machine does not necessarily have ssh set up to itself, which was confusing for many users.
Also this makes it easier to re-use a well configured nix remote build setup which is only available on the local machine. Eg if `--build-host local` nix' defaults for remote builds on that machine will be utilized.
Motivation: updating a machine fails, if it depends on a private github repo, as the remote will likely not be authenticated.
This adds a new flag `--fetch-local` to `clan machines update` which fetches all flake inputs prior to building, then uploads them to the build-host.
This also adds a new error message, when flake inputs could not fetched, to hint the user to use `--fetch-local`
The `clan.core.vars.settings.passBackend` option has been replaced with
`clan.vars.password-store.passPackage` to provide better type safety and
clearer configuration.
Changes:
- Remove problematic mkRemovedOptionModule that caused circular dependency
- Add proper option definition with assertion-based migration
- Users setting the old option get clear migration instructions
- Normal evaluation continues to work for users not using the old option
Migration: Replace `clan.core.vars.settings.passBackend = "passage"`
with `clan.vars.password-store.passPackage = pkgs.passage`
- Remove _serialized field from vars interface to prevent serialization
errors with throwing passBackend field
- Implement direct selection of generator fields using multi-select syntax
- Refactor vars_generators() to use new Generator.from_flake() method that
selects only safe fields (avoiding non-serializable values)
- Remove unused legacy methods: Generator.from_json(), Var.from_json(),
Prompt.from_json()
- Update precaching to match new selection approach
This fixes the serialization errors that were preventing vars from working
with the new password-store implementation by avoiding the problematic
_serialized field entirely.
- Remove deployment.json file generation from outputs.nix
- Add throw for deprecated deployment.file usage with upgrade instructions
- Remove vars data from deployment.data
- Update Machine class to use direct select() calls instead of deployment property
- Update all deployment property accesses to use direct selectors
- Add precaching for frequently accessed values in update.py:
- Module paths for facts and vars
- Deployment settings (requireExplicitUpdate, nixosMobileWorkaround)
- Services and generators data
- Secret upload locations
- This removes unnecessary JSON serialization and makes the code more composable
MacOS doesn't come with a proper login shell for ssh and therefore
doesn't have nix in $PATH as it doesn't source /etc/profile.
This restores the remote-program parameter that was accidentally
removed in commit e14f30bdc0.
This refactoring improves the separation of concerns by moving remote host creation logic from the Machine class to the calling functions, making the code more flexible and testable.
This makes it clear that this should be used with care
It is potentially more expensive to create the full object, therefore it should be discouraged by its longer name
This listing is implemented based on the basic listing, where each item is turned into the bigger machine class
