clanServices/mycelium: add networking export

Merge pull request 'Update nixpkgs-dev in devFlake' (#5706 ) from update-devFlake-nixpkgs-dev into main
Update nixpkgs-dev in devFlake
2025-10-31 11:35:50 +01:00 · 2025-10-31 00:08:41 +00:00 · 2025-10-31 00:02:00 +00:00 · 2025-10-30 20:05:49 +00:00 · 2025-10-30 20:01:49 +00:00 · 2025-10-30 15:06:22 +00:00
38 changed files with 611 additions and 694 deletions
--- a/clanServices/mycelium/default.nix
+++ b/clanServices/mycelium/default.nix
@@ -1,4 +1,9 @@
-{ ... }:
+{
+  lib,
+  clanLib,
+  directory,
+  ...
+}:
 {
  _class = "clan.service";
  manifest.name = "clan-core/mycelium";
@@ -30,8 +35,24 @@
      };

    perInstance =
-      { settings, ... }:
      {
+        settings,
+        roles,
+        ...
+      }:
+      {
+
+        exports.networking = {
+          peers = lib.mapAttrs (name: _machine: {
+            host.plain = clanLib.vars.getPublicValue {
+              machine = name;
+              generator = "mycelium";
+              file = "ip";
+              flake = directory;
+            };
+          }) roles.peer.machines;
+        };
+
        nixosModule =
          {
            config,
--- a/clanServices/sshd/default.nix
+++ b/clanServices/sshd/default.nix
@@ -39,6 +39,7 @@
            ...
          }:
          let
+            uniqueStrings = list: builtins.attrNames (builtins.groupBy lib.id list);
            # Collect searchDomains from all servers in this instance
            allServerSearchDomains = lib.flatten (
              lib.mapAttrsToList (_name: machineConfig: machineConfig.settings.certificate.searchDomains or [ ]) (
@@ -46,7 +47,7 @@
              )
            );
            # Merge client's searchDomains with all servers' searchDomains
-            searchDomains = lib.uniqueStrings (settings.certificate.searchDomains ++ allServerSearchDomains);
+            searchDomains = uniqueStrings (settings.certificate.searchDomains ++ allServerSearchDomains);
          in
          {
            clan.core.vars.generators.openssh-ca = lib.mkIf (searchDomains != [ ]) {
--- a/clanServices/syncthing/flake-module.nix
+++ b/clanServices/syncthing/flake-module.nix
@@ -22,6 +22,7 @@ in
            ../../clanServices/syncthing
            # Required modules
            ../../nixosModules/clanCore
+            ../../nixosModules/machineModules
            # Dependencies like clan-cli
            ../../pkgs/clan-cli
          ];
--- a/clanServices/wifi/tests/eval-tests.nix
+++ b/clanServices/wifi/tests/eval-tests.nix
@@ -41,14 +41,14 @@ let
  # In this case it is 'self-zerotier-redux'
  # This is usually only used internally, but we can use it to test the evaluation of service module in isolation
  # evaluatedService =
-  #   testFlake.clanInternals.inventoryClass.distributedServices.importedModulesEvaluated.self-zerotier-redux.config;
+  #   testFlake.clanInternals.inventoryClass.distributedServices.servicesEval.config.mappedServices.self-zerotier-redux.config;
 in
 {
  test_simple = {
    inherit testFlake;

    expr =
-      testFlake.config.clan.clanInternals.inventoryClass.distributedServices.importedModulesEvaluated.self-wifi.config;
+      testFlake.config.clan.clanInternals.inventoryClass.distributedServices.servicesEval.config.mappedServices.self-wifi.config;
    expected = 1;

    # expr = {
--- a/clanServices/zerotier/default.nix
+++ b/clanServices/zerotier/default.nix
@@ -140,6 +140,9 @@
            pkgs,
            ...
          }:
+          let
+            uniqueStrings = list: builtins.attrNames (builtins.groupBy lib.id list);
+          in
          {
            imports = [
              (import ./shared.nix {
@@ -156,7 +159,7 @@
            config = {
              systemd.services.zerotier-inventory-autoaccept =
                let
-                  machines = lib.uniqueStrings (
+                  machines = uniqueStrings (
                    (lib.optionals (roles ? moon) (lib.attrNames roles.moon.machines))
                    ++ (lib.optionals (roles ? controller) (lib.attrNames roles.controller.machines))
                    ++ (lib.optionals (roles ? peer) (lib.attrNames roles.peer.machines))
--- a/clanServices/zerotier/flake-module.nix
+++ b/clanServices/zerotier/flake-module.nix
@@ -21,6 +21,7 @@ in
            ../../clanServices/zerotier
            # Required modules
            ../../nixosModules/clanCore
+            ../../nixosModules/machineModules
            # Dependencies like clan-cli
            ../../pkgs/clan-cli
          ];
--- a/devFlake/flake.lock
+++ b/devFlake/flake.lock
@@ -105,11 +105,11 @@
    },
    "nixpkgs-dev": {
      "locked": {
-        "lastModified": 1761544814,
-        "narHash": "sha256-t5f0A+2MtSWTfA6hzMNiotpIMGLlSQF2JnK9m6nkzIY=",
+        "lastModified": 1761853358,
+        "narHash": "sha256-1tBdsBzYJOzVzNOmCFzFMWHw7UUbhkhiYCFGr+OjPTs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e5aa45ed6c45058ec109658b2b7352a9a062cdf3",
+        "rev": "262333bca9b49964f8e3cad3af655466597c01d4",
        "type": "github"
      },
      "original": {
@@ -128,11 +128,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1760652422,
-        "narHash": "sha256-C88Pgz38QIl9JxQceexqL2G7sw9vodHWx1Uaq+NRJrw=",
+        "lastModified": 1761730856,
+        "narHash": "sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY=",
        "owner": "NuschtOS",
        "repo": "search",
-        "rev": "3ebeebe8b6a49dfb11f771f761e0310f7c48d726",
+        "rev": "e29de6db0cb3182e9aee75a3b1fd1919d995d85b",
        "type": "github"
      },
      "original": {
--- a/docs/site/guides/contributing/testing.md
+++ b/docs/site/guides/contributing/testing.md
@@ -150,61 +150,10 @@ Those are very similar to NixOS VM tests, as in they run virtualized nixos machi
 As of now the container test driver is a downstream development in clan-core.
 Basically everything stated under the NixOS VM tests sections applies here, except some limitations.

-### Using Container Tests vs VM Tests
+Limitations:

-Container tests are **enabled by default** for all tests using the clan testing framework.
-They offer significant performance advantages over VM tests:
-
- **Faster startup**
- **Lower resource usage**: No full kernel boot or hardware emulation overhead
-
-To control whether a test uses containers or VMs, use the `clan.test.useContainers` option:
-
-```nix
-{
-  clan = {
-    directory = ./.;
-    test.useContainers = true;  # Use containers (default)
-    # test.useContainers = false;  # Use VMs instead
-  };
-}
-```
-
-**When to use VM tests instead of container tests:**
-
- Testing kernel features, modules, or boot processes
- Testing hardware-specific features
- When you need full system isolation
-
-### System Requirements for Container Tests
-
-Container tests require the **`uid-range`** system feature** in the Nix sandbox.
-This feature allows Nix to allocate a range of UIDs for containers to use, enabling `systemd-nspawn` containers to run properly inside the Nix build sandbox.
-
-**Configuration:**
-
-The `uid-range` feature requires the `auto-allocate-uids` setting to be enabled in your Nix configuration.
-
-To verify or enable it, add to your `/etc/nix/nix.conf` or NixOS configuration:
-
-```nix
-settings.experimental-features = [
-    "auto-allocate-uids"
-];
-
-nix.settings.auto-allocate-uids = true;
-nix.settings.system-features = [ "uid-range" ];
-```
-
-**Technical details:**
-
- Container tests set `requiredSystemFeatures = [ "uid-range" ];` in their derivation (see `lib/test/container-test-driver/driver-module.nix:98`)
- Without this feature, containers cannot properly manage user namespaces and will fail to start
-
-### Limitations
-
- Cannot run in interactive mode, however while the container test runs, it logs a nsenter command that can be used to log into each of the containers.
- Early implementation and limited by features.
+- Cannot run in interactive mode, however while the container test runs, it logs a nsenter command that can be used to log into each of the container.
+- setuid binaries don't work

 ### Where to find examples for NixOS container tests

--- a/flakeModules/clan.nix
+++ b/flakeModules/clan.nix
@@ -39,32 +39,10 @@ in
          };
          modules = [
            clan-core.modules.clan.default
-            {
-              checks.minNixpkgsVersion = {
-                assertion = lib.versionAtLeast nixpkgs.lib.version "25.11";
-                message = ''
-                  Nixpkgs version: ${nixpkgs.lib.version} is incompatible with clan-core. (>= 25.11 is recommended)
-                  ---
-                  Your version of 'nixpkgs' seems too old for clan-core.
-                  Please read: https://docs.clan.lol/guides/nixpkgs-flake-input
-
-                  You can ignore this check by setting:
-                  clan.checks.minNixpkgsVersion.ignore = true;
-                  ---
-                '';
-              };
-            }
          ];
        };
-        apply =
-          config:
-          lib.deepSeq (lib.mapAttrs (
-            id: check:
-            if check.ignore || check.assertion then
-              null
-            else
-              throw "clan.checks.${id} failed with message\n${check.message}"
-          ) config.checks) config;
+        # Important: !This logic needs to be kept in sync with lib.clan function!
+        apply = config: clan-core.lib.checkConfig config.checks config;
      };

    # Mapped flake toplevel outputs
--- a/lib/clan/checkConfig.nix
+++ b/lib/clan/checkConfig.nix
@@ -0,0 +1,19 @@
+{ lib, ... }:
+/**
+  Function to assert clan configuration checks.
+
+  Arguments:
+
+  - 'checks' attribute of clan configuration
+  - Any: the returned configuration (can be anything, is just passed through)
+*/
+checks:
+lib.deepSeq (
+  lib.mapAttrs (
+    id: check:
+    if check.ignore || check.assertion then
+      null
+    else
+      throw "clan.checks.${id} failed with message\n${check.message}"
+  ) checks
+)
--- a/lib/clan/default.nix
+++ b/lib/clan/default.nix
@@ -33,20 +33,23 @@
 let
  nixpkgs = self.inputs.nixpkgs or clan-core.inputs.nixpkgs;
  nix-darwin = self.inputs.nix-darwin or clan-core.inputs.nix-darwin;
+  configuration = (
+    lib.evalModules {
+      class = "clan";
+      specialArgs = {
+        inherit
+          self
+          ;
+        inherit
+          nixpkgs
+          nix-darwin
+          ;
+      };
+      modules = [
+        clan-core.modules.clan.default
+        m
+      ];
+    }
+  );
 in
-lib.evalModules {
-  class = "clan";
-  specialArgs = {
-    inherit
-      self
-      ;
-    inherit
-      nixpkgs
-      nix-darwin
-      ;
-  };
-  modules = [
-    clan-core.modules.clan.default
-    m
-  ];
-}
+clan-core.clanLib.checkConfig configuration.config.checks configuration
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -16,6 +16,8 @@ lib.fix (
      */
      callLib = file: args: import file ({ inherit lib clanLib; } // args);

+      checkConfig = clanLib.callLib ./clan/checkConfig.nix { };
+
      evalService = clanLib.callLib ./evalService.nix { };
      # ------------------------------------
      # ClanLib functions
--- a/lib/dir_test.nix
+++ b/lib/dir_test.nix
@@ -53,7 +53,12 @@ in
            };
          };
        }).clan
-          { config.directory = rootPath; };
+          {
+            directory = rootPath;
+            self = {
+              inputs.nixpkgs.lib.version = "25.11";
+            };
+          };
    in
    {
      inherit vclan;
@@ -94,7 +99,12 @@ in
            };
          };
        }).clan
-          { config.directory = rootPath; };
+          {
+            directory = rootPath;
+            self = {
+              inputs.nixpkgs.lib.version = "25.11";
+            };
+          };
    in
    {
      inherit vclan;
--- a/lib/inventory/default.nix
+++ b/lib/inventory/default.nix
@@ -2,11 +2,7 @@
  lib,
  clanLib,
 }:
-let
-  services = clanLib.callLib ./distributed-service/inventory-adapter.nix { };
-in
 {
-  inherit (services) mapInstances;
  inventoryModule = {
    _file = "clanLib.inventory.module";
    imports = [
--- a/lib/inventory/distributed-service/all-services-wrapper.nix
+++ b/lib/inventory/distributed-service/all-services-wrapper.nix
@@ -28,19 +28,15 @@ in
        elemType = submoduleWith {
          class = "clan.service";
          specialArgs = {
-            exports = config.exports;
            directory = directory;
            clanLib = specialArgs.clanLib;
+            exports = config.exports;
          };
          modules = [
            (
              { name, ... }:
              {
                _module.args._ctx = [ name ];
-                _module.args.clanLib = specialArgs.clanLib;
-                _module.args.exports = config.exports;
-                _module.args.directory = directory;
-
              }
            )
            ./service-module.nix
--- a/lib/inventory/distributed-service/flake-module.nix
+++ b/lib/inventory/distributed-service/flake-module.nix
@@ -21,6 +21,7 @@ in
          ../../../flakeModules
          ../../../lib
          ../../../nixosModules/clanCore
+          ../../../nixosModules/machineModules
          ../../../machines
          ../../../inventory.json
          ../../../modules
--- a/lib/inventory/distributed-service/inventory-adapter.nix
+++ b/lib/inventory/distributed-service/inventory-adapter.nix
@@ -1,171 +0,0 @@
-# Adapter function between the inventory.instances and the clan.service module
-#
-# Data flow:
-# - inventory.instances -> Adapter -> clan.service module -> Service Resources (i.e. NixosModules per Machine, Vars per Service, etc.)
-#
-# What this file does:
-#
-# - Resolves the [Module] to an actual module-path and imports it.
-# - Groups together all the same modules into a single import and creates all instances for it.
-# - Resolves the inventory tags into machines. Tags don't exist at the service level.
-#   Also combines the settings for 'machines' and 'tags'.
-{
-  lib,
-  clanLib,
-  ...
-}:
-{
-  mapInstances =
-    {
-      # This is used to resolve the module imports from 'flake.inputs'
-      flakeInputs,
-      # The clan inventory
-      inventory,
-      directory,
-      clanCoreModules,
-      prefix ? [ ],
-      exportsModule,
-    }:
-    let
-      # machineHasTag = machineName: tagName: lib.elem tagName inventory.machines.${machineName}.tags;
-
-      # map the instances into the module
-      importedModuleWithInstances = lib.mapAttrs (
-        instanceName: instance:
-        let
-          resolvedModule = clanLib.resolveModule {
-            moduleSpec = instance.module;
-            inherit flakeInputs clanCoreModules;
-          };
-
-          # Every instance includes machines via roles
-          # :: { client :: ... }
-          instanceRoles = lib.mapAttrs (
-            roleName: role:
-            let
-              resolvedMachines = clanLib.inventory.resolveTags {
-                members = {
-                  # Explicit members
-                  machines = lib.attrNames role.machines;
-                  # Resolved Members
-                  tags = lib.attrNames role.tags;
-                };
-                inherit (inventory) machines;
-                inherit instanceName roleName;
-              };
-            in
-            # instances.<instanceName>.roles.<roleName> =
-            # Remove "tags", they are resolved into "machines"
-            (removeAttrs role [ "tags" ])
-            // {
-              machines = lib.genAttrs resolvedMachines.machines (
-                machineName:
-                let
-                  machineSettings = instance.roles.${roleName}.machines.${machineName}.settings or { };
-                in
-                # TODO: tag settings
-                # Wait for this feature until option introspection for 'settings' is done.
-                # This might get too complex to handle otherwise.
-                # settingsViaTags = lib.filterAttrs (
-                #   tagName: _: machineHasTag machineName tagName
-                # ) instance.roles.${roleName}.tags;
-                {
-                  # TODO: Do we want to wrap settings with
-                  # setDefaultModuleLocation "inventory.instances.${instanceName}.roles.${roleName}.tags.${tagName}";
-                  settings = {
-                    imports = [
-                      machineSettings
-                    ]; # ++ lib.attrValues (lib.mapAttrs (_tagName: v: v.settings) settingsViaTags);
-                  };
-                }
-              );
-            }
-          ) instance.roles;
-        in
-        {
-          inherit (instance) module;
-          inherit resolvedModule instanceRoles;
-        }
-      ) inventory.instances or { };
-
-      # Group the instances by the module they resolve to
-      # This is necessary to evaluate the module in a single pass
-      # :: { <module.input>_<module.name> :: [ { name, value } ] }
-      # Since 'perMachine' needs access to all the instances we should include them as a whole
-      grouped = lib.foldlAttrs (
-        acc: instanceName: instance:
-        let
-          inputName = if instance.module.input == null then "<clan-core>" else instance.module.input;
-          id = inputName + "-" + instance.module.name;
-        in
-        acc
-        // {
-          ${id} = acc.${id} or [ ] ++ [
-            {
-              inherit instanceName instance;
-            }
-          ];
-        }
-      ) { } importedModuleWithInstances;
-
-      # servicesEval.config.mappedServices.self-A.result.final.jon.nixosModule
-      allMachines = lib.mapAttrs (machineName: _: {
-        # This is the list of nixosModules for each machine
-        machineImports = lib.foldlAttrs (
-          acc: _module_ident: serviceModule:
-          acc ++ [ serviceModule.result.final.${machineName}.nixosModule or { } ]
-        ) [ ] servicesEval.config.mappedServices;
-      }) inventory.machines or { };
-
-      evalServices =
-        { modules, prefix }:
-        lib.evalModules {
-          class = "clan";
-          specialArgs = {
-            inherit clanLib;
-            _ctx = prefix;
-          };
-          modules = [
-            (import ./all-services-wrapper.nix { inherit directory; })
-          ]
-          ++ modules;
-        };
-
-      servicesEval = evalServices {
-        inherit prefix;
-        modules = [
-          {
-            inherit exportsModule;
-            mappedServices = lib.mapAttrs (_module_ident: instances: {
-              imports = [
-                # Import the resolved module.
-                # i.e. clan.modules.admin
-                {
-                  options.module = lib.mkOption {
-                    type = lib.types.raw;
-                    default = (builtins.head instances).instance.module;
-                  };
-                }
-                (builtins.head instances).instance.resolvedModule
-              ] # Include all the instances that correlate to the resolved module
-              ++ (builtins.map (v: {
-                instances.${v.instanceName}.roles = v.instance.instanceRoles;
-              }) instances);
-            }) grouped;
-          }
-        ];
-      };
-      importedModulesEvaluated = servicesEval.config.mappedServices;
-
-    in
-    {
-      inherit
-        servicesEval
-        importedModuleWithInstances
-        # Exposed for testing
-        grouped
-        allMachines
-        importedModulesEvaluated
-        ;
-    };
-}
--- a/lib/inventory/distributed-service/service-module.nix
+++ b/lib/inventory/distributed-service/service-module.nix
@@ -7,10 +7,14 @@
  ...
 }:
 let
-  inherit (lib) mkOption types uniqueStrings;
+  inherit (lib) mkOption types;
  inherit (types) attrsWith submoduleWith;

  errorContext = "Error context: ${lib.concatStringsSep "." _ctx}";
+  # TODO:
+  # Remove once this gets merged upstream; performs in O(n*log(n) instead of O(n^2))
+  # https://github.com/NixOS/nixpkgs/pull/355616/files
+  uniqueStrings = list: builtins.attrNames (builtins.groupBy lib.id list);
  /**
    Merges the role- and machine-settings using the role interface

--- a/lib/inventory/distributed-service/tests/default.nix
+++ b/lib/inventory/distributed-service/tests/default.nix
@@ -4,63 +4,53 @@
  ...
 }:
 let
-  inherit (lib)
-    evalModules
-    ;

-  evalInventory =
-    m:
-    (evalModules {
-      # Static modules
-      modules = [
-        clanLib.inventory.inventoryModule
-        {
-          _file = "test file";
-          tags.all = [ ];
-          tags.nixos = [ ];
-          tags.darwin = [ ];
-        }
-        {
-          modules.test = { };
-        }
-        m
-      ];
-    }).config;
-
-  callInventoryAdapter =
-    inventoryModule:
-    let
-      inventory = evalInventory inventoryModule;
-      flakeInputsFixture = {
-        self.clan.modules = inventoryModule.modules or { };
-        # Example upstream module
-        upstream.clan.modules = {
-          uzzi = {
-            _class = "clan.service";
-            manifest = {
-              name = "uzzi-from-upstream";
-            };
-          };
+  flakeInputsFixture = {
+    upstream.clan.modules = {
+      uzzi = {
+        _class = "clan.service";
+        manifest = {
+          name = "uzzi-from-upstream";
        };
      };
-    in
-    clanLib.inventory.mapInstances {
-      directory = ./.;
-      clanCoreModules = { };
-      flakeInputs = flakeInputsFixture;
-      inherit inventory;
-      exportsModule = { };
    };
+  };
+
+  createTestClan =
+    testClan:
+    let
+      res = clanLib.clan ({
+        # Static / mocked
+        specialArgs = {
+          clan-core = {
+            clan.modules = { };
+          };
+        };
+        self.inputs = flakeInputsFixture // {
+          self.clan = res.config;
+        };
+        directory = ./.;
+        exportsModule = { };
+
+        imports = [
+          testClan
+        ];
+      });
+    in
+    res;
+
 in
 {
  extraModules = import ./extraModules.nix { inherit clanLib; };
  exports = import ./exports.nix { inherit lib clanLib; };
-  settings = import ./settings.nix { inherit lib callInventoryAdapter; };
-  specialArgs = import ./specialArgs.nix { inherit lib callInventoryAdapter; };
-  resolve_module_spec = import ./import_module_spec.nix { inherit lib callInventoryAdapter; };
+  settings = import ./settings.nix { inherit lib createTestClan; };
+  specialArgs = import ./specialArgs.nix { inherit lib createTestClan; };
+  resolve_module_spec = import ./import_module_spec.nix {
+    inherit lib createTestClan;
+  };
  test_simple =
    let
-      res = callInventoryAdapter {
+      res = createTestClan {
        # Authored module
        # A minimal module looks like this
        # It isn't exactly doing anything but it's a valid module that produces an output
@@ -71,7 +61,7 @@ in
          };
        };
        # User config
-        instances."instance_foo" = {
+        inventory.instances."instance_foo" = {
          module = {
            name = "simple-module";
          };
@@ -81,7 +71,7 @@ in
    {
      # Test that the module is mapped into the output
      # We might change the attribute name in the future
-      expr = res.importedModulesEvaluated ? "<clan-core>-simple-module";
+      expr = res.config._services.mappedServices ? "<clan-core>-simple-module";
      expected = true;
      inherit res;
    };
@@ -92,7 +82,7 @@ in
  # All instances should be included within one evaluation to make all of them available
  test_module_grouping =
    let
-      res = callInventoryAdapter {
+      res = createTestClan {
        # Authored module
        # A minimal module looks like this
        # It isn't exactly doing anything but it's a valid module that produces an output
@@ -112,18 +102,19 @@ in

          perMachine = { }: { };
        };
+
        # User config
-        instances."instance_foo" = {
+        inventory.instances."instance_foo" = {
          module = {
            name = "A";
          };
        };
-        instances."instance_bar" = {
+        inventory.instances."instance_bar" = {
          module = {
            name = "B";
          };
        };
-        instances."instance_baz" = {
+        inventory.instances."instance_baz" = {
          module = {
            name = "A";
          };
@@ -133,16 +124,16 @@ in
    {
      # Test that the module is mapped into the output
      # We might change the attribute name in the future
-      expr = lib.mapAttrs (_n: v: builtins.length v) res.grouped;
-      expected = {
-        "<clan-core>-A" = 2;
-        "<clan-core>-B" = 1;
-      };
+      expr = lib.attrNames res.config._services.mappedServices;
+      expected = [
+        "<clan-core>-A"
+        "<clan-core>-B"
+      ];
    };

  test_creates_all_instances =
    let
-      res = callInventoryAdapter {
+      res = createTestClan {
        # Authored module
        # A minimal module looks like this
        # It isn't exactly doing anything but it's a valid module that produces an output
@@ -154,22 +145,24 @@ in

          perMachine = { }: { };
        };
-        instances."instance_foo" = {
-          module = {
-            name = "A";
-            input = "self";
+        inventory = {
+          instances."instance_foo" = {
+            module = {
+              name = "A";
+              input = "self";
+            };
          };
-        };
-        instances."instance_bar" = {
-          module = {
-            name = "A";
-            input = "self";
+          instances."instance_bar" = {
+            module = {
+              name = "A";
+              input = "self";
+            };
          };
-        };
-        instances."instance_zaza" = {
-          module = {
-            name = "B";
-            input = null;
+          instances."instance_zaza" = {
+            module = {
+              name = "B";
+              input = null;
+            };
          };
        };
      };
@@ -177,7 +170,7 @@ in
    {
      # Test that the module is mapped into the output
      # We might change the attribute name in the future
-      expr = lib.attrNames res.importedModulesEvaluated.self-A.instances;
+      expr = lib.attrNames res.config._services.mappedServices.self-A.instances;
      expected = [
        "instance_bar"
        "instance_foo"
@@ -187,7 +180,7 @@ in
  # Membership via roles
  test_add_machines_directly =
    let
-      res = callInventoryAdapter {
+      res = createTestClan {
        # Authored module
        # A minimal module looks like this
        # It isn't exactly doing anything but it's a valid module that produces an output
@@ -202,38 +195,40 @@ in

          # perMachine = {}: {};
        };
-        machines = {
-          jon = { };
-          sara = { };
-          hxi = { };
-        };
-        instances."instance_foo" = {
-          module = {
-            name = "A";
-            input = "self";
+        inventory = {
+          machines = {
+            jon = { };
+            sara = { };
+            hxi = { };
          };
-          roles.peer.machines.jon = { };
-        };
-        instances."instance_bar" = {
-          module = {
-            name = "A";
-            input = "self";
+          instances."instance_foo" = {
+            module = {
+              name = "A";
+              input = "self";
+            };
+            roles.peer.machines.jon = { };
          };
-          roles.peer.machines.sara = { };
-        };
-        instances."instance_zaza" = {
-          module = {
-            name = "B";
-            input = null;
+          instances."instance_bar" = {
+            module = {
+              name = "A";
+              input = "self";
+            };
+            roles.peer.machines.sara = { };
+          };
+          instances."instance_zaza" = {
+            module = {
+              name = "B";
+              input = null;
+            };
+            roles.peer.tags.all = { };
          };
-          roles.peer.tags.all = { };
        };
      };
    in
    {
      # Test that the module is mapped into the output
      # We might change the attribute name in the future
-      expr = lib.attrNames res.importedModulesEvaluated.self-A.result.allMachines;
+      expr = lib.attrNames res.config._services.mappedServices.self-A.result.allMachines;
      expected = [
        "jon"
        "sara"
@@ -243,7 +238,7 @@ in
  # Membership via tags
  test_add_machines_via_tags =
    let
-      res = callInventoryAdapter {
+      res = createTestClan {
        # Authored module
        # A minimal module looks like this
        # It isn't exactly doing anything but it's a valid module that produces an output
@@ -257,35 +252,37 @@ in

          # perMachine = {}: {};
        };
-        machines = {
-          jon = {
-            tags = [ "foo" ];
+        inventory = {
+          machines = {
+            jon = {
+              tags = [ "foo" ];
+            };
+            sara = {
+              tags = [ "foo" ];
+            };
+            hxi = { };
          };
-          sara = {
-            tags = [ "foo" ];
+          instances."instance_foo" = {
+            module = {
+              name = "A";
+              input = "self";
+            };
+            roles.peer.tags.foo = { };
          };
-          hxi = { };
-        };
-        instances."instance_foo" = {
-          module = {
-            name = "A";
-            input = "self";
+          instances."instance_zaza" = {
+            module = {
+              name = "B";
+              input = null;
+            };
+            roles.peer.tags.all = { };
          };
-          roles.peer.tags.foo = { };
-        };
-        instances."instance_zaza" = {
-          module = {
-            name = "B";
-            input = null;
-          };
-          roles.peer.tags.all = { };
        };
      };
    in
    {
      # Test that the module is mapped into the output
      # We might change the attribute name in the future
-      expr = lib.attrNames res.importedModulesEvaluated.self-A.result.allMachines;
+      expr = lib.attrNames res.config._services.mappedServices.self-A.result.allMachines;
      expected = [
        "jon"
        "sara"
@@ -293,6 +290,9 @@ in
    };

  machine_imports = import ./machine_imports.nix { inherit lib clanLib; };
-  per_machine_args = import ./per_machine_args.nix { inherit lib callInventoryAdapter; };
-  per_instance_args = import ./per_instance_args.nix { inherit lib callInventoryAdapter; };
+  per_machine_args = import ./per_machine_args.nix { inherit lib createTestClan; };
+  per_instance_args = import ./per_instance_args.nix {
+    inherit lib;
+    callInventoryAdapter = createTestClan;
+  };
 }
--- a/lib/inventory/distributed-service/tests/import_module_spec.nix
+++ b/lib/inventory/distributed-service/tests/import_module_spec.nix
@@ -1,4 +1,4 @@
-{ callInventoryAdapter, ... }:
+{ createTestClan, ... }:
 let
  # Authored module
  # A minimal module looks like this
@@ -23,10 +23,13 @@ let

  resolve =
    spec:
-    callInventoryAdapter {
-      inherit modules machines;
-      instances."instance_foo" = {
-        module = spec;
+    createTestClan {
+      inherit modules;
+      inventory = {
+        inherit machines;
+        instances."instance_foo" = {
+          module = spec;
+        };
      };
    };
 in
@@ -36,25 +39,16 @@ in
      (resolve {
        name = "A";
        input = "self";
-      }).importedModuleWithInstances.instance_foo.resolvedModule;
-    expected = {
-      _class = "clan.service";
-      manifest = {
-        name = "network";
-      };
-    };
+      }).config._services.mappedServices.self-A.manifest.name;
+    expected = "network";
  };
  test_import_remote_module_by_name = {
    expr =
      (resolve {
        name = "uzzi";
        input = "upstream";
-      }).importedModuleWithInstances.instance_foo.resolvedModule;
-    expected = {
-      _class = "clan.service";
-      manifest = {
-        name = "uzzi-from-upstream";
-      };
-    };
+      }).config._services.mappedServices.upstream-uzzi.manifest.name;
+    expected = "uzzi-from-upstream";
+
  };
 }
--- a/lib/inventory/distributed-service/tests/per_instance_args.nix
+++ b/lib/inventory/distributed-service/tests/per_instance_args.nix
@@ -58,39 +58,43 @@ let
    sara = { };
  };
  res = callInventoryAdapter {
-    inherit modules machines;
-    instances."instance_foo" = {
-      module = {
-        name = "A";
-        input = "self";
+    inherit modules;
+
+    inventory = {
+      inherit machines;
+      instances."instance_foo" = {
+        module = {
+          name = "A";
+          input = "self";
+        };
+        roles.peer.machines.jon = {
+          settings.timeout = lib.mkForce "foo-peer-jon";
+        };
+        roles.peer = {
+          settings.timeout = "foo-peer";
+        };
+        roles.controller.machines.jon = { };
      };
-      roles.peer.machines.jon = {
-        settings.timeout = lib.mkForce "foo-peer-jon";
+      instances."instance_bar" = {
+        module = {
+          name = "A";
+          input = "self";
+        };
+        roles.peer.machines.jon = {
+          settings.timeout = "bar-peer-jon";
+        };
      };
-      roles.peer = {
-        settings.timeout = "foo-peer";
+      # TODO: move this into a seperate test.
+      # Seperate out the check that this module is never imported
+      # import the module "B" (undefined)
+      # All machines have this instance
+      instances."instance_zaza" = {
+        module = {
+          name = "B";
+          input = null;
+        };
+        roles.peer.tags.all = { };
      };
-      roles.controller.machines.jon = { };
-    };
-    instances."instance_bar" = {
-      module = {
-        name = "A";
-        input = "self";
-      };
-      roles.peer.machines.jon = {
-        settings.timeout = "bar-peer-jon";
-      };
-    };
-    # TODO: move this into a seperate test.
-    # Seperate out the check that this module is never imported
-    # import the module "B" (undefined)
-    # All machines have this instance
-    instances."instance_zaza" = {
-      module = {
-        name = "B";
-        input = null;
-      };
-      roles.peer.tags.all = { };
    };
  };

@@ -105,9 +109,10 @@ in
 {
  # settings should evaluate
  test_per_instance_arguments = {
+    inherit res;
    expr = {
      instanceName =
-        res.importedModulesEvaluated.self-A.result.allRoles.peer.allInstances."instance_foo".allMachines.jon.passthru.instanceName;
+        res.config._services.mappedServices.self-A.result.allRoles.peer.allInstances."instance_foo".allMachines.jon.passthru.instanceName;

      # settings are specific.
      # Below we access:
@@ -115,11 +120,11 @@ in
      # roles = peer
      # machines = jon
      settings =
-        res.importedModulesEvaluated.self-A.result.allRoles.peer.allInstances.instance_foo.allMachines.jon.passthru.settings;
+        res.config._services.mappedServices.self-A.result.allRoles.peer.allInstances.instance_foo.allMachines.jon.passthru.settings;
      machine =
-        res.importedModulesEvaluated.self-A.result.allRoles.peer.allInstances.instance_foo.allMachines.jon.passthru.machine;
+        res.config._services.mappedServices.self-A.result.allRoles.peer.allInstances.instance_foo.allMachines.jon.passthru.machine;
      roles =
-        res.importedModulesEvaluated.self-A.result.allRoles.peer.allInstances.instance_foo.allMachines.jon.passthru.roles;
+        res.config._services.mappedServices.self-A.result.allRoles.peer.allInstances.instance_foo.allMachines.jon.passthru.roles;
    };
    expected = {
      instanceName = "instance_foo";
@@ -160,9 +165,9 @@ in

  # TODO: Cannot be tested like this anymore
  test_per_instance_settings_vendoring = {
-    x = res.importedModulesEvaluated.self-A;
+    x = res.config._services.mappedServices.self-A;
    expr =
-      res.importedModulesEvaluated.self-A.result.allRoles.peer.allInstances.instance_foo.allMachines.jon.passthru.vendoredSettings;
+      res.config._services.mappedServices.self-A.result.allRoles.peer.allInstances.instance_foo.allMachines.jon.passthru.vendoredSettings;
    expected = {
      timeout = "config.thing";
    };
--- a/lib/inventory/distributed-service/tests/per_machine_args.nix
+++ b/lib/inventory/distributed-service/tests/per_machine_args.nix
@@ -1,4 +1,4 @@
-{ lib, callInventoryAdapter }:
+{ lib, createTestClan }:
 let
  # Authored module
  # A minimal module looks like this
@@ -39,36 +39,40 @@ let
    jon = { };
    sara = { };
  };
-  res = callInventoryAdapter {
-    inherit modules machines;
-    instances."instance_foo" = {
-      module = {
-        name = "A";
-        input = "self";
+  res = createTestClan {
+    inherit modules;
+    inventory = {
+
+      inherit machines;
+      instances."instance_foo" = {
+        module = {
+          name = "A";
+          input = "self";
+        };
+        roles.peer.machines.jon = {
+          settings.timeout = lib.mkForce "foo-peer-jon";
+        };
+        roles.peer = {
+          settings.timeout = "foo-peer";
+        };
      };
-      roles.peer.machines.jon = {
-        settings.timeout = lib.mkForce "foo-peer-jon";
+      instances."instance_bar" = {
+        module = {
+          name = "A";
+          input = "self";
+        };
+        roles.peer.machines.jon = {
+          settings.timeout = "bar-peer-jon";
+        };
      };
-      roles.peer = {
-        settings.timeout = "foo-peer";
+      instances."instance_zaza" = {
+        module = {
+          name = "B";
+          input = null;
+        };
+        roles.peer.tags.all = { };
      };
    };
-    instances."instance_bar" = {
-      module = {
-        name = "A";
-        input = "self";
-      };
-      roles.peer.machines.jon = {
-        settings.timeout = "bar-peer-jon";
-      };
-    };
-    instances."instance_zaza" = {
-      module = {
-        name = "B";
-        input = null;
-      };
-      roles.peer.tags.all = { };
-    };
  };
 in

@@ -79,7 +83,7 @@ in
    inherit res;
    expr = {
      hasMachineSettings =
-        res.importedModulesEvaluated.self-A.result.allMachines.jon.passthru.instances.instance_foo.roles.peer.machines.jon
+        res.config._services.mappedServices.self-A.result.allMachines.jon.passthru.instances.instance_foo.roles.peer.machines.jon
        ? settings;

      # settings are specific.
@@ -88,10 +92,10 @@ in
      # roles = peer
      # machines = jon
      specificMachineSettings =
-        res.importedModulesEvaluated.self-A.result.allMachines.jon.passthru.instances.instance_foo.roles.peer.machines.jon.settings;
+        res.config._services.mappedServices.self-A.result.allMachines.jon.passthru.instances.instance_foo.roles.peer.machines.jon.settings;

      hasRoleSettings =
-        res.importedModulesEvaluated.self-A.result.allMachines.jon.passthru.instances.instance_foo.roles.peer
+        res.config._services.mappedServices.self-A.result.allMachines.jon.passthru.instances.instance_foo.roles.peer
        ? settings;

      # settings are specific.
@@ -100,7 +104,7 @@ in
      # roles = peer
      # machines = *
      specificRoleSettings =
-        res.importedModulesEvaluated.self-A.result.allMachines.jon.passthru.instances.instance_foo.roles.peer;
+        res.config._services.mappedServices.self-A.result.allMachines.jon.passthru.instances.instance_foo.roles.peer;
    };
    expected = {
      hasMachineSettings = true;
--- a/lib/inventory/distributed-service/tests/settings.nix
+++ b/lib/inventory/distributed-service/tests/settings.nix
@@ -1,6 +1,6 @@
-{ callInventoryAdapter, lib, ... }:
+{ createTestClan, lib, ... }:
 let
-  res = callInventoryAdapter {
+  res = createTestClan {
    modules."A" = {
      _class = "clan.service";
      manifest = {
@@ -21,28 +21,31 @@ let
          };
        };
    };
-    machines = {
-      jon = { };
-      sara = { };
-    };
-    instances."instance_foo" = {
-      module = {
-        name = "A";
-        input = "self";
+    inventory = {
+
+      machines = {
+        jon = { };
+        sara = { };
      };
-      # Settings for both jon and sara
-      roles.peer.settings = {
-        timeout = 40;
+      instances."instance_foo" = {
+        module = {
+          name = "A";
+          input = "self";
+        };
+        # Settings for both jon and sara
+        roles.peer.settings = {
+          timeout = 40;
+        };
+        # Jon overrides timeout
+        roles.peer.machines.jon = {
+          settings.timeout = lib.mkForce 42;
+        };
+        roles.peer.machines.sara = { };
      };
-      # Jon overrides timeout
-      roles.peer.machines.jon = {
-        settings.timeout = lib.mkForce 42;
-      };
-      roles.peer.machines.sara = { };
    };
  };

-  config = res.servicesEval.config.mappedServices.self-A;
+  config = res.config._services.mappedServices.self-A;

  #
  applySettings =
--- a/lib/inventory/distributed-service/tests/specialArgs.nix
+++ b/lib/inventory/distributed-service/tests/specialArgs.nix
@@ -1,6 +1,6 @@
-{ callInventoryAdapter, lib, ... }:
+{ createTestClan, lib, ... }:
 let
-  res = callInventoryAdapter {
+  res = createTestClan {
    modules."A" = m: {
      _class = "clan.service";
      config = {
@@ -14,19 +14,21 @@ let
        default = m;
      };
    };
-    machines = {
-      jon = { };
-    };
-    instances."instance_foo" = {
-      module = {
-        name = "A";
-        input = "self";
+    inventory = {
+      machines = {
+        jon = { };
+      };
+      instances."instance_foo" = {
+        module = {
+          name = "A";
+          input = "self";
+        };
+        roles.peer.machines.jon = { };
      };
-      roles.peer.machines.jon = { };
    };
  };

-  specialArgs = lib.attrNames res.servicesEval.config.mappedServices.self-A.test.specialArgs;
+  specialArgs = lib.attrNames res.config._services.mappedServices.self-A.test.specialArgs;
 in
 {
  test_simple = {
--- a/lib/tests.nix
+++ b/lib/tests.nix
@@ -212,6 +212,36 @@ in
      };
    };

+  test_clan_check_simple_fail =
+    let
+      eval = clan {
+        checks.constFail = {
+          assertion = false;
+          message = "This is a constant failure";
+        };
+      };
+    in
+    {
+      result = eval;
+      expr = eval.config;
+      expectedError.type = "ThrownError";
+      expectedError.msg = "This is a constant failure";
+    };
+  test_clan_check_simple_pass =
+    let
+      eval = clan {
+        checks.constFail = {
+          assertion = true;
+          message = "This is a constant success";
+        };
+      };
+    in
+    {
+      result = eval;
+      expr = lib.seq eval.config 42;
+      expected = 42;
+    };
+
  test_get_var_machine =
    let
      varsLib = import ./vars.nix { };
--- a/modules/clan/checks.nix
+++ b/modules/clan/checks.nix
@@ -0,0 +1,16 @@
+{ lib, nixpkgs, ... }:
+{
+  checks.minNixpkgsVersion = {
+    assertion = lib.versionAtLeast nixpkgs.lib.version "25.11";
+    message = ''
+      Nixpkgs version: ${nixpkgs.lib.version} is incompatible with clan-core. (>= 25.11 is recommended)
+      ---
+      Your version of 'nixpkgs' seems too old for clan-core.
+      Please read: https://docs.clan.lol/guides/nixpkgs-flake-input
+
+      You can ignore this check by setting:
+      clan.checks.minNixpkgsVersion.ignore = true;
+      ---
+    '';
+  };
+}
--- a/modules/clan/default.nix
+++ b/modules/clan/default.nix
@@ -1,3 +1,14 @@
+/**
+  Root 'clan' Module
+
+  Defines lib.clan and flake-parts.clan options
+  and all common logic for the 'clan' module.
+
+  - has Class _class = "clan"
+
+  - _module.args.clan-core: reference to clan-core flake
+  - _module.args.clanLib: reference to lib.clan function
+*/
 { clan-core }:
 {
  _class = "clan";
@@ -6,7 +17,9 @@
    inherit (clan-core) clanLib;
  };
  imports = [
+    ./top-level-interface.nix
    ./module.nix
-    ./interface.nix
+    ./distributed-services.nix
+    ./checks.nix
  ];
 }
--- a/modules/clan/distributed-services.nix
+++ b/modules/clan/distributed-services.nix
@@ -0,0 +1,163 @@
+{
+  lib,
+  clanLib,
+  config,
+  clan-core,
+  ...
+}:
+let
+  inherit (lib) mkOption types;
+  # Keep a reference to top-level
+  clanConfig = config;
+
+  inventory = clanConfig.inventory;
+  flakeInputs = clanConfig.self.inputs;
+  clanCoreModules = clan-core.clan.modules;
+
+  grouped = lib.foldlAttrs (
+    acc: instanceName: instance:
+    let
+      inputName = if instance.module.input == null then "<clan-core>" else instance.module.input;
+      id = inputName + "-" + instance.module.name;
+    in
+    acc
+    // {
+      ${id} = acc.${id} or [ ] ++ [
+        {
+          inherit instanceName instance;
+        }
+      ];
+    }
+  ) { } importedModuleWithInstances;
+
+  importedModuleWithInstances = lib.mapAttrs (
+    instanceName: instance:
+    let
+      resolvedModule = clanLib.resolveModule {
+        moduleSpec = instance.module;
+        inherit flakeInputs clanCoreModules;
+      };
+
+      # Every instance includes machines via roles
+      # :: { client :: ... }
+      instanceRoles = lib.mapAttrs (
+        roleName: role:
+        let
+          resolvedMachines = clanLib.inventory.resolveTags {
+            members = {
+              # Explicit members
+              machines = lib.attrNames role.machines;
+              # Resolved Members
+              tags = lib.attrNames role.tags;
+            };
+            inherit (inventory) machines;
+            inherit instanceName roleName;
+          };
+        in
+        # instances.<instanceName>.roles.<roleName> =
+        # Remove "tags", they are resolved into "machines"
+        (removeAttrs role [ "tags" ])
+        // {
+          machines = lib.genAttrs resolvedMachines.machines (
+            machineName:
+            let
+              machineSettings = instance.roles.${roleName}.machines.${machineName}.settings or { };
+            in
+            # TODO: tag settings
+            # Wait for this feature until option introspection for 'settings' is done.
+            # This might get too complex to handle otherwise.
+            # settingsViaTags = lib.filterAttrs (
+            #   tagName: _: machineHasTag machineName tagName
+            # ) instance.roles.${roleName}.tags;
+            {
+              # TODO: Do we want to wrap settings with
+              # setDefaultModuleLocation "inventory.instances.${instanceName}.roles.${roleName}.tags.${tagName}";
+              settings = {
+                imports = [
+                  machineSettings
+                ]; # ++ lib.attrValues (lib.mapAttrs (_tagName: v: v.settings) settingsViaTags);
+              };
+            }
+          );
+        }
+      ) instance.roles;
+    in
+    {
+      inherit (instance) module;
+      inherit resolvedModule instanceRoles;
+    }
+  ) inventory.instances or { };
+in
+{
+  _class = "clan";
+  options._services = mkOption {
+    visible = false;
+    description = ''
+      All service instances
+
+      !!! Danger "Internal API"
+        Do not rely on this API yet.
+
+        - Will be renamed to just 'services' in the future.
+        Once the name can be claimed again.
+        - Structure will change.
+
+        API will be declared as public after beeing simplified.
+    '';
+    type = types.submoduleWith {
+      # TODO: Remove specialArgs
+      specialArgs = {
+        inherit clanLib;
+      };
+      modules = [
+        (import ../../lib/inventory/distributed-service/all-services-wrapper.nix {
+          inherit (clanConfig) directory;
+        })
+        # Dependencies
+        {
+          exportsModule = clanConfig.exportsModule;
+        }
+        {
+          # TODO: Rename to "allServices"
+          # All services
+          mappedServices = lib.mapAttrs (_module_ident: instances: {
+            imports = [
+              # Import the resolved module.
+              # i.e. clan.modules.admin
+              {
+                options.module = lib.mkOption {
+                  type = lib.types.raw;
+                  default = (builtins.head instances).instance.module;
+                };
+              }
+              (builtins.head instances).instance.resolvedModule
+            ] # Include all the instances that correlate to the resolved module
+            ++ (builtins.map (v: {
+              instances.${v.instanceName}.roles = v.instance.instanceRoles;
+            }) instances);
+          }) grouped;
+        }
+      ];
+    };
+    default = { };
+  };
+  options._allMachines = mkOption {
+    internal = true;
+    type = types.raw;
+    default = lib.mapAttrs (machineName: _: {
+      # This is the list of nixosModules for each machine
+      machineImports = lib.foldlAttrs (
+        acc: _module_ident: serviceModule:
+        acc ++ [ serviceModule.result.final.${machineName}.nixosModule or { } ]
+      ) [ ] config._services.mappedServices;
+    }) inventory.machines or { };
+  };
+
+  config = {
+    clanInternals.inventoryClass.machines = config._allMachines;
+    # clanInternals.inventoryClass.distributedServices = config._services;
+
+    # Exports from distributed services
+    exports = config._services.exports;
+  };
+}
--- a/modules/clan/eval-docs.nix
+++ b/modules/clan/eval-docs.nix
@@ -3,12 +3,16 @@
  lib,
  clanModule,
  clanLib,
+  clan-core,
 }:
 let
  eval = lib.evalModules {
    modules = [
      clanModule
    ];
+    specialArgs = {
+      self = clan-core;
+    };
  };

  evalDocs = pkgs.nixosOptionsDoc {
--- a/modules/clan/flake-module.nix
+++ b/modules/clan/flake-module.nix
@@ -12,6 +12,7 @@ in
    }:
    let
      jsonDocs = import ./eval-docs.nix {
+        clan-core = self;
        inherit
          pkgs
          lib
--- a/modules/clan/module.nix
+++ b/modules/clan/module.nix
@@ -100,7 +100,7 @@ let
          _: machine:
          machine.extendModules {
            modules = [
-              (lib.modules.importApply ../machineModules/overridePkgs.nix {
+              (lib.modules.importApply ../../nixosModules/machineModules/overridePkgs.nix {
                pkgs = pkgsFor.${system};
              })
            ];
@@ -167,6 +167,9 @@ in
          { ... }@args:
          let
            _class =
+              # _class was added in https://github.com/NixOS/nixpkgs/pull/395141
+              # Clan relies on it to determine which modules to load
+              # people need to use at least that version of nixpkgs
              args._class or (throw ''
                Your version of nixpkgs is incompatible with the latest clan.
                Please update nixpkgs input to the latest nixos-unstable or nixpkgs-unstable.
@@ -176,7 +179,7 @@ in
          in
          {
            imports = [
-              (lib.modules.importApply ../machineModules/forName.nix {
+              (lib.modules.importApply ../../nixosModules/machineModules/forName.nix {
                inherit (config.inventory) meta;
                inherit
                  name
@@ -216,8 +219,6 @@ in
    inherit nixosConfigurations;
    inherit darwinConfigurations;

-    exports = config.clanInternals.inventoryClass.distributedServices.servicesEval.config.exports;
-
    clanInternals = {
      inventoryClass =
        let
@@ -251,21 +252,9 @@ in
              exportsModule = config.exportsModule;
            }
            (
-              { config, ... }:
+              { ... }:
              {
                staticModules = clan-core.clan.modules;
-
-                distributedServices = clanLib.inventory.mapInstances {
-                  inherit (config)
-                    inventory
-                    directory
-                    flakeInputs
-                    exportsModule
-                    ;
-                  clanCoreModules = clan-core.clan.modules;
-                  prefix = [ "distributedServices" ];
-                };
-                machines = config.distributedServices.allMachines;
              }
            )
          ];
--- a/modules/clan/templates.nix
+++ b/modules/clan/templates.nix
@@ -1,3 +1,28 @@
+/**
+  The templates submodule
+
+  'clan.templates'
+
+  Different kinds supported:
+
+  - clan templates: 'clan.templates.clan'
+  - disko templates: 'clan.templates.disko'
+  - machine templates: 'clan.templates.machine'
+
+  A template has the form:
+
+  ```nix
+  {
+    description: string; # short summary what the template contains
+    path: path; # path to the template
+  }
+  ```
+
+  The clan API copies the template from the given 'path'
+  into a target folder. For example,
+
+  `./machines/<machine-name>` for 'machine' templates.
+*/
 {
  lib,
  ...
--- a/modules/clan/top-level-interface.nix
+++ b/modules/clan/top-level-interface.nix
--- a/modules/inventoryClass/default.nix
+++ b/modules/inventoryClass/default.nix
@@ -67,9 +67,6 @@ in
      type = types.raw;
    };

-    distributedServices = mkOption {
-      type = types.raw;
-    };
    inventory = mkOption {
      type = types.raw;
    };
--- a/nixosModules/machineModules/forName.nix
+++ b/nixosModules/machineModules/forName.nix
@@ -3,6 +3,7 @@
  directory,
  meta,
 }:
+# The following is a nixos/darwin module
 {
  _class,
  lib,
--- a/nixosModules/machineModules/overridePkgs.nix
+++ b/nixosModules/machineModules/overridePkgs.nix
--- a/pkgs/docs-from-code/flake-module.nix
+++ b/pkgs/docs-from-code/flake-module.nix
@@ -64,6 +64,9 @@
          '';
    in
    {
+      legacyPackages = {
+        inherit jsonDocs clanModulesViaService;
+      };
      packages = {
        inherit module-docs;
      };
--- a/pkgs/option-search/flake-module.nix
+++ b/pkgs/option-search/flake-module.nix
@@ -11,151 +11,10 @@
      ...
    }:
    let
-      inherit (lib)
-        mapAttrsToList
-        mapAttrs
-        mkOption
-        types
-        splitString
-        stringLength
-        substring
-        ;
-      inherit (self) clanLib;
-
-      serviceModules = self.clan.modules;

      baseHref = "/option-search/";

-      getRoles =
-        module:
-        (clanLib.evalService {
-          modules = [ module ];
-          prefix = [ ];
-        }).config.roles;
-
-      getManifest =
-        module:
-        (clanLib.evalService {
-          modules = [ module ];
-          prefix = [ ];
-        }).config.manifest;
-
-      settingsModules = module: mapAttrs (_roleName: roleConfig: roleConfig.interface) (getRoles module);
-
      # Map each letter to its capitalized version
-      capitalizeChar =
-        char:
-        {
-          a = "A";
-          b = "B";
-          c = "C";
-          d = "D";
-          e = "E";
-          f = "F";
-          g = "G";
-          h = "H";
-          i = "I";
-          j = "J";
-          k = "K";
-          l = "L";
-          m = "M";
-          n = "N";
-          o = "O";
-          p = "P";
-          q = "Q";
-          r = "R";
-          s = "S";
-          t = "T";
-          u = "U";
-          v = "V";
-          w = "W";
-          x = "X";
-          y = "Y";
-          z = "Z";
-        }
-        .${char};
-
-      title =
-        name:
-        let
-          # split by -
-          parts = splitString "-" name;
-          # capitalize first letter of each part
-          capitalize = part: (capitalizeChar (substring 0 1 part)) + substring 1 (stringLength part) part;
-          capitalizedParts = map capitalize parts;
-        in
-        builtins.concatStringsSep " " capitalizedParts;
-
-      fakeInstanceOptions =
-        name: module:
-        let
-          manifest = getManifest module;
-          description = ''
-            # ${title name} (Clan Service)
-
-            **${manifest.description}**
-
-            ${lib.optionalString (manifest ? readme) manifest.readme}
-
-            ${
-              if manifest.categories != [ ] then
-                "Categories: " + builtins.concatStringsSep ", " manifest.categories
-              else
-                "No categories defined"
-            }
-
-          '';
-        in
-        {
-          options = {
-            instances.${name} = lib.mkOption {
-              inherit description;
-              type = types.submodule {
-                options.roles = mapAttrs (
-                  roleName: roleSettingsModule:
-                  mkOption {
-                    type = types.submodule {
-                      _file = "docs flake-module";
-                      imports = [
-                        { _module.args = { inherit clanLib; }; }
-                        (import ../../modules/inventoryClass/role.nix {
-                          nestedSettingsOption = mkOption {
-                            type = types.raw;
-                            description = ''
-                              See [instances.${name}.roles.${roleName}.settings](${baseHref}?option_scope=0&option=inventory.instances.${name}.roles.${roleName}.settings)
-                            '';
-                          };
-                          settingsOption = mkOption {
-                            type = types.submoduleWith {
-                              modules = [ roleSettingsModule ];
-                            };
-                          };
-                        })
-                      ];
-                    };
-                  }
-                ) (settingsModules module);
-              };
-            };
-          };
-        };
-
-      docModules = [
-        {
-          inherit self;
-        }
-        self.modules.clan.default
-        {
-          options.inventory = lib.mkOption {
-            type = types.submoduleWith {
-              modules = [
-                { noInstanceOptions = true; }
-              ]
-              ++ mapAttrsToList fakeInstanceOptions serviceModules;
-            };
-          };
-        }
-      ];

      baseModule =
        # Module
@@ -208,12 +67,6 @@
              title = "Clan Options";
              # scopes = mapAttrsToList mkScope serviceModules;
              scopes = [
-                {
-                  inherit baseHref;
-                  name = "Flake Options (clan.nix file)";
-                  modules = docModules;
-                  urlPrefix = "https://git.clan.lol/clan/clan-core/src/branch/main/";
-                }
                {
                  name = "Machine Options (clan.core NixOS options)";
                  optionsJSON = "${coreOptions}/share/doc/nixos/options.json";
Author	SHA1	Message	Date
pinpox	c6531ca69a	clanServices/mycelium: add networking export	2025-10-31 11:35:50 +01:00
clan-bot	b6b065e365	Merge pull request 'Update nixpkgs-dev in devFlake' (#5706 ) from update-devFlake-nixpkgs-dev into main	2025-10-31 00:08:41 +00:00
clan-bot	4b1955b189	Update nixpkgs-dev in devFlake	2025-10-31 00:02:00 +00:00
clan-bot	ef7ef8b843	Merge pull request 'Update nixpkgs-dev in devFlake' (#5704 ) from update-devFlake-nixpkgs-dev into main	2025-10-30 20:05:49 +00:00
clan-bot	38c1367322	Update nixpkgs-dev in devFlake	2025-10-30 20:01:49 +00:00
clan-bot	8e72c086fd	Merge pull request 'Update nixpkgs-dev in devFlake' (#5702 ) from update-devFlake-nixpkgs-dev into main	2025-10-30 15:06:22 +00:00
clan-bot	c454b1339d	Update nixpkgs-dev in devFlake	2025-10-30 15:01:51 +00:00
hsjobeki	d1b2d43e5b	Merge pull request 'services: move into clan submodule' (#5701 ) from unify-clan into main Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/5701	2025-10-30 13:00:14 +00:00
Johannes Kirschbauer	da98ca0f1c	clanLib: remove unused mapInstances	2025-10-30 13:54:05 +01:00
Johannes Kirschbauer	1953540d08	tests: update inventory tests to use whole clan modules	2025-10-30 13:54:05 +01:00
Johannes Kirschbauer	be31b9ce21	docs: remove service options from nuschtSearch These hacks are blocking the flake level vars and exports Maybe we bring this back later So far nobody seemed using nuschtSearch	2025-10-30 13:54:05 +01:00
Johannes Kirschbauer	169b4016e6	docs: set self to clan-core for docs	2025-10-30 13:53:49 +01:00
Johannes Kirschbauer	2e55028a1b	services: move into clan submodule	2025-10-30 13:53:49 +01:00
hsjobeki	1d228231f2	Merge pull request 'clan/services: Reduce surface of services wrapper function' (#5700 ) from unify-clan into main Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/5700	2025-10-30 09:49:56 +00:00
Johannes Kirschbauer	affb926450	services: remove duplicate module args	2025-10-30 10:10:55 +01:00
Johannes Kirschbauer	c7f65e929f	inventoryAdapter: replace importedModulesEvaluated by equivalent config	2025-10-30 10:10:31 +01:00
hsjobeki	ba4ff493e8	Merge pull request 'revert: uniqueStrings' (#5699 ) from hsjobeki-patch-1 into main Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/5699	2025-10-30 08:34:59 +00:00
hsjobeki	eb08803e2a	revert `bfb30251e6` revert lib: replace uniqueStrings after upstreamed TODO: Reapply after 25.11 release	2025-10-30 08:29:43 +00:00
clan-bot	bbc9486f0e	Merge pull request 'Update nixpkgs-dev in devFlake' (#5697 ) from update-devFlake-nixpkgs-dev into main	2025-10-29 20:06:16 +00:00
clan-bot	999d709350	Update nixpkgs-dev in devFlake	2025-10-29 20:01:48 +00:00
clan-bot	0b1a330cc2	Merge pull request 'Update nixpkgs-dev in devFlake' (#5696 ) from update-devFlake-nixpkgs-dev into main	2025-10-29 15:06:14 +00:00
clan-bot	995b7cf50d	Update nixpkgs-dev in devFlake	2025-10-29 15:01:49 +00:00
clan-bot	5477b13233	Merge pull request 'Update nuschtos in devFlake' (#5690 ) from update-devFlake-nuschtos into main	2025-10-29 10:08:23 +00:00
clan-bot	d6170e5efb	Update nuschtos in devFlake	2025-10-29 10:01:53 +00:00
clan-bot	18fe117363	Merge pull request 'Update nixpkgs-dev in devFlake' (#5689 ) from update-devFlake-nixpkgs-dev into main	2025-10-29 00:07:47 +00:00
clan-bot	33a868acc2	Update nixpkgs-dev in devFlake	2025-10-29 00:03:27 +00:00
hsjobeki	11372d35e1	Merge pull request 'clan/checks: fix clanLib not checking' (#5685 ) from check into main Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/5685	2025-10-28 10:51:17 +00:00
Johannes Kirschbauer	b7508b2b43	clan/checks: fix clanLib not checking	2025-10-28 11:46:49 +01:00
clan-bot	183817b769	Merge pull request 'Update nixpkgs-dev in devFlake' (#5684 ) from update-devFlake-nixpkgs-dev into main	2025-10-28 10:08:10 +00:00
clan-bot	591e53e9be	Update nixpkgs-dev in devFlake	2025-10-28 10:01:54 +00:00
hsjobeki	a6a6415e31	Merge pull request 'clan/checks: move into lib function; add tests' (#5683 ) from role-settings into main Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/5683	2025-10-28 08:46:41 +00:00
Johannes Kirschbauer	0060ead876	clan/checks: move into lib function; add tests	2025-10-28 09:40:31 +01:00
hsjobeki	224e41d3ad	Merge pull request 'modules: clean up clan module' (#5679 ) from role-settings into main Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/5679	2025-10-28 08:22:46 +00:00
Johannes Kirschbauer	b3323007b2	test: update test filesets	2025-10-28 09:04:50 +01:00
Johannes Kirschbauer	3e950bc66f	docs: add doc-comment for template submodule	2025-10-28 09:04:50 +01:00
Johannes Kirschbauer	9503b46b21	modules: rename arbitrary interface.nix to 'top-level-interface'	2025-10-28 09:04:50 +01:00
Johannes Kirschbauer	a2cec323a2	modules: move nixos modules into nixosModules folder	2025-10-28 09:04:50 +01:00
Johannes Kirschbauer	4239f4d27f	clan/module: explain throw	2025-10-28 09:04:50 +01:00
clan-bot	8ac8264997	Merge pull request 'Update nixpkgs-dev in devFlake' (#5681 ) from update-devFlake-nixpkgs-dev into main	2025-10-27 20:06:57 +00:00
clan-bot	544a53ae9c	Update nixpkgs-dev in devFlake	2025-10-27 20:01:46 +00:00