WIP

flake.nix

@@ -72,12 +72,19 @@
         clan = {
           meta.name = "clan-core";
           inventory = {
-            services = { };
             machines = {
               "test-darwin-machine" = {
                 machineClass = "darwin";
               };
             };
+            instances = {
+              users = {
+                roles.default.tags."all" = { };
+                roles.default.settings = {
+                  user = "root";
+                };
+              };
+            };
           };
         };
         systems = import systems;

lib/modules/clan/interface.nix

@@ -275,8 +275,6 @@ in
           templates = lib.mkOption { type = lib.types.raw; };
 
           machines = lib.mkOption { type = lib.types.raw; };
-
-          clan-cli = lib.mkOption { type = lib.types.raw; };
         };
       };
     };

lib/modules/clan/module.nix

@@ -273,9 +273,6 @@ in
 
       # machine specifics
       machines = configsPerSystem;
-
-      # export clan-cli in clanInternals to tie the CLI to the flake
-      clan-cli = builtins.mapAttrs (_sys: pkgs: pkgs.clan-cli) clan-core.packages;
     };
   };
 }

lib/modules/inventory/distributed-service/service-module.nix

@@ -418,6 +418,29 @@ in
                             ```
                           '';
                         };
+                        options.assertions = mkOption {
+                          default = { };
+                          description = ''
+                            Assertions for the instance.
+
+                            This is a set of assertions that should be checked during the evaluation of the instance.
+                            If any assertion fails, an error is thrown.
+
+                            Example:
+
+                            ```nix
+                            {
+                              assertions = {
+                                timeout = {
+                                  assertion = "settings.timeout > 0";
+                                  message = "Timeout must be greater than 0";
+                                };
+                              };
+                            }
+                            ```
+                          '';
+                          type = types.attrsOf types.raw;
+                        };
                         options.nixosModule = mkOption {
                           type = types.deferredModule;
                           default = { };
@@ -553,6 +576,15 @@ in
                 ```
               '';
             };
+            options.assertions = mkOption {
+              default = { };
+              description = ''
+                Assertions for the machine.
+
+                See instance assertions for more information.
+              '';
+              type = types.attrsOf types.raw;
+            };
             options.nixosModule = mkOption {
               type = types.deferredModule;
               default = { };
@@ -877,5 +909,23 @@ in
         }
       ) config.result.allMachines;
     };
+
+    debug = mkOption {
+      default = { };
+      # result.allRoles.default.allInstances.users.allMachines.flash-installer
+    };
   };
+  config.result.assertions = lib.concatMapAttrs (
+    roleName: role:
+    lib.concatMapAttrs (
+      instanceName: instance:
+      lib.concatMapAttrs (
+        machineName: machine:
+        lib.mapAttrs' (assertion_id: value: {
+          name = "${assertion_id} (instance=${instanceName}; role=${roleName}; machine=${machineName};)";
+          inherit value;
+        }) machine.assertions
+      ) instance.allMachines
+    ) role.allInstances
+  ) config.result.allRoles;
 }

pkgs/flake-module.nix

@@ -13,12 +13,7 @@
   ];
 
   perSystem =
-    {
+    { config, pkgs, ... }:
-      config,
-      pkgs,
-      self',
-      ...
-    }:
     {
       packages = {
         agit = pkgs.callPackage ./agit { };
@@ -33,25 +28,6 @@
         classgen = pkgs.callPackage ./classgen { };
         zerotierone = pkgs.callPackage ./zerotierone { };
         update-clan-core-for-checks = pkgs.callPackage ./update-clan-core-for-checks { };
-        clan-autorefresh = pkgs.symlinkJoin {
-          name = "clan";
-          paths = [
-            (pkgs.writeScriptBin "clan" ''
-              #!/bin/sh
-              set -efu
-
-              system=$(nix config show system)
-
-              nix \
-                --extra-experimental-features 'flakes nix-command' \
-                run ".#clanInternals.clan-cli.$system" -- "$@"
-            '')
-            self'.packages.clan-cli
-          ];
-          postBuild = ''
-            rm -r $out/lib
-          '';
-        };
       };
     };
 }

templates/clan/default/flake.nix

@@ -25,9 +25,7 @@
           ]
           (system: {
             default = clan-core.inputs.nixpkgs.legacyPackages.${system}.mkShell {
-              packages = [
+              packages = [ clan-core.packages.${system}.clan-cli ];
-                clan-core.packages.${system}.clan-autorefresh
-              ];
             };
           });
     };

templates/clan/flake-parts/flake.nix

@@ -28,7 +28,7 @@
       perSystem =
         { pkgs, inputs', ... }:
         {
-          devShells.default = pkgs.mkShell { packages = [ inputs'.clan-core.packages.clan-autorefresh ]; };
+          devShells.default = pkgs.mkShell { packages = [ inputs'.clan-core.packages.clan-cli ]; };
         };
     };
 }