machines: fix remote-program for darwin nix copy

MacOS doesn't come with a proper login shell for ssh and therefore doesn't have nix in $PATH as it doesn't source /etc/profile. This restores the remote-program parameter that was accidentally removed in commit cff5d61f26.
2025-06-17 13:02:15 +02:00
11 changed files with 89 additions and 278 deletions
--- a/clanServices/garage/default.nix
+++ b/clanServices/garage/default.nix
@@ -8,15 +8,8 @@
  roles.default = {

    perInstance.nixosModule =
+      { config, pkgs, ... }:
      {
-        config,
-        pkgs,
-        lib,
-        ...
-      }:
-      {
-        services.garage.enable = lib.mkDefault true;
-
        systemd.services.garage.serviceConfig = {
          LoadCredential = [
            "rpc_secret_path:${config.clan.core.vars.generators.garage-shared.files.rpc_secret.path}"
--- a/nixosModules/clanCore/zerotier/genmoon.py
+++ b/nixosModules/clanCore/zerotier/genmoon.py
@@ -11,11 +11,11 @@ def main() -> None:
    if len(sys.argv) != 4:
        print("Usage: genmoon.py <moon.json> <endpoint.json> <moons.d>")
        sys.exit(1)
-    moon_json_path = sys.argv[1]
+    moon_json = sys.argv[1]
    endpoint_config = sys.argv[2]
    moons_d = sys.argv[3]

-    moon_json = json.loads(Path(moon_json_path).read_text())
+    moon_json = json.loads(Path(moon_json).read_text())
    moon_json["roots"][0]["stableEndpoints"] = json.loads(
        Path(endpoint_config).read_text()
    )
--- a/pkgs/agit/agit.py
+++ b/pkgs/agit/agit.py
@@ -266,7 +266,6 @@ Examples:
    )

    create_parser.add_argument(
-        "-a",
        "--auto",
        action="store_true",
        help="Skip editor and use commit message automatically",
--- a/pkgs/clan-app/ui/src/components/machine-list-item/index.tsx
+++ b/pkgs/clan-app/ui/src/components/machine-list-item/index.tsx
@@ -47,27 +47,6 @@ export const MachineListItem = (props: MachineListItemProps) => {
      );
      return;
    }
-    const target_host = await callApi("get_host", {
-      field: "targetHost",
-      flake: { identifier: active_clan },
-      name: name,
-    }).promise;
-
-    if (target_host.status == "error") {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    if (target_host.data === null) {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    if (!target_host.data!.data) {
-      console.error("No target host found for the machine");
-      return;
-    }
-
    setInstalling(true);
    await callApi("install_machine", {
      opts: {
@@ -76,14 +55,15 @@ export const MachineListItem = (props: MachineListItemProps) => {
          flake: {
            identifier: active_clan,
          },
+          override_target_host: info?.deploy.targetHost,
        },
        no_reboot: true,
        debug: true,
        nix_options: [],
        password: null,
      },
-      target_host: target_host.data!.data,
-    }).promise.finally(() => setInstalling(false));
+    }).promise;
+    setInstalling(false);
  };

  const handleUpdate = async () => {
@@ -103,53 +83,14 @@ export const MachineListItem = (props: MachineListItemProps) => {
      return;
    }
    setUpdating(true);
-
-    const target_host = await callApi("get_host", {
-      field: "targetHost",
-      flake: { identifier: active_clan },
-      name: name,
-    }).promise;
-
-    if (target_host.status == "error") {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    if (target_host.data === null) {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    if (!target_host.data!.data) {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    const build_host = await callApi("get_host", {
-      field: "buildHost",
-      flake: { identifier: active_clan },
-      name: name,
-    }).promise;
-
-    if (build_host.status == "error") {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    if (build_host.data === null) {
-      console.error("No target host found for the machine");
-      return;
-    }
-
    await callApi("deploy_machine", {
      machine: {
        name: name,
        flake: {
          identifier: active_clan,
        },
+        override_target_host: info?.deploy.targetHost,
      },
-      target_host: target_host.data!.data,
-      build_host: build_host.data?.data || null,
    }).promise;

    setUpdating(false);
--- a/pkgs/clan-app/ui/src/routes/machines/details.tsx
+++ b/pkgs/clan-app/ui/src/routes/machines/details.tsx
@@ -135,27 +135,6 @@ const InstallMachine = (props: InstallMachineProps) => {

    setProgressText("Installing machine ... (2/5)");

-    const target_host = await callApi("get_host", {
-      field: "targetHost",
-      flake: { identifier: curr_uri },
-      name: props.name,
-    }).promise;
-
-    if (target_host.status == "error") {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    if (target_host.data === null) {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    if (!target_host.data!.data) {
-      console.error("No target host found for the machine");
-      return;
-    }
-
    const installPromise = callApi("install_machine", {
      opts: {
        machine: {
@@ -163,11 +142,11 @@ const InstallMachine = (props: InstallMachineProps) => {
          flake: {
            identifier: curr_uri,
          },
+          override_target_host: target,
          private_key: values.sshKey?.name,
        },
        password: "",
      },
-      target_host: target_host.data!.data,
    });

    // Next step
@@ -501,49 +480,6 @@ const MachineForm = (props: MachineDetailsProps) => {

    const target = targetHost();

-    const active_clan = activeClanURI();
-    if (!active_clan) {
-      console.error("No active clan selected");
-      return;
-    }
-
-    const target_host = await callApi("get_host", {
-      field: "targetHost",
-      flake: { identifier: active_clan },
-      name: machine,
-    }).promise;
-
-    if (target_host.status == "error") {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    if (target_host.data === null) {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    if (!target_host.data!.data) {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    const build_host = await callApi("get_host", {
-      field: "buildHost",
-      flake: { identifier: active_clan },
-      name: machine,
-    }).promise;
-
-    if (build_host.status == "error") {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    if (build_host.data === null) {
-      console.error("No target host found for the machine");
-      return;
-    }
-
    setIsUpdating(true);
    const r = await callApi("deploy_machine", {
      machine: {
@@ -551,9 +487,8 @@ const MachineForm = (props: MachineDetailsProps) => {
        flake: {
          identifier: curr_uri,
        },
+        override_target_host: target,
      },
-      target_host: target_host.data!.data,
-      build_host: build_host.data!.data,
    }).promise;
  };

--- a/pkgs/clan-app/ui/src/routes/machines/install/hardware-step.tsx
+++ b/pkgs/clan-app/ui/src/routes/machines/install/hardware-step.tsx
@@ -90,37 +90,11 @@ export const HWStep = (props: StepProps<HardwareValues>) => {
      return;
    }

-    const active_clan = activeClanURI();
-    if (!active_clan) {
-      console.error("No active clan selected");
-      return;
-    }
-
-    const target_host = await callApi("get_host", {
-      field: "targetHost",
-      flake: { identifier: active_clan },
-      name: props.machine_id,
-    }).promise;
-
-    if (target_host.status == "error") {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    if (target_host.data === null) {
-      console.error("No target host found for the machine");
-      return;
-    }
-
-    if (!target_host.data!.data) {
-      console.error("No target host found for the machine");
-      return;
-    }
-
    const r = await callApi("generate_machine_hardware_info", {
      opts: {
        machine: {
          name: props.machine_id,
+          override_target_host: target,
          private_key: sshFile?.name,
          flake: {
            identifier: curr_uri,
@@ -128,7 +102,6 @@ export const HWStep = (props: StepProps<HardwareValues>) => {
        },
        backend: "nixos-facter",
      },
-      target_host: target_host.data!.data,
    });

    // TODO: refresh the machine details
--- a/pkgs/clan-cli/clan_cli/machines/hardware.py
+++ b/pkgs/clan-cli/clan_cli/machines/hardware.py
@@ -12,7 +12,6 @@ from clan_lib.errors import ClanCmdError, ClanError
 from clan_lib.git import commit_file
 from clan_lib.machines.machines import Machine
 from clan_lib.nix import nix_config, nix_eval
-from clan_lib.ssh.remote import HostKeyCheck, Remote

 from clan_cli.completions import add_dynamic_completer, complete_machines

@@ -83,9 +82,7 @@ class HardwareGenerateOptions:


@API.register
-def generate_machine_hardware_info(
-    opts: HardwareGenerateOptions, target_host: Remote
-) -> HardwareConfig:
+def generate_machine_hardware_info(opts: HardwareGenerateOptions) -> HardwareConfig:
    """
    Generate hardware information for a machine
    and place the resulting *.nix file in the machine's directory.
@@ -106,7 +103,9 @@ def generate_machine_hardware_info(
            "--show-hardware-config",
        ]

-    with target_host.ssh_control_master() as ssh, ssh.become_root() as sudo_ssh:
+    host = opts.machine.target_host()
+
+    with host.ssh_control_master() as ssh, ssh.become_root() as sudo_ssh:
        out = sudo_ssh.run(config_command, opts=RunOpts(check=False))
    if out.returncode != 0:
        if "nixos-facter" in out.stderr and "not found" in out.stderr:
@@ -118,7 +117,7 @@ def generate_machine_hardware_info(
            raise ClanError(msg)

        machine.error(str(out))
-        msg = f"Failed to inspect {opts.machine}. Address: {target_host.target}"
+        msg = f"Failed to inspect {opts.machine}. Address: {host.target}"
        raise ClanError(msg)

    backup_file = None
@@ -158,28 +157,17 @@ def generate_machine_hardware_info(


 def update_hardware_config_command(args: argparse.Namespace) -> None:
-    host_key_check = HostKeyCheck.from_str(args.host_key_check)
    machine = Machine(
        flake=args.flake,
        name=args.machine,
-        host_key_check=host_key_check,
+        override_target_host=args.target_host,
    )
    opts = HardwareGenerateOptions(
        machine=machine,
        password=args.password,
        backend=HardwareConfig(args.backend),
    )
-
-    if args.target_host:
-        target_host = Remote.from_deployment_address(
-            machine_name=machine.name,
-            address=args.target_host,
-            host_key_check=host_key_check,
-        )
-    else:
-        target_host = machine.target_host()
-
-    generate_machine_hardware_info(opts, target_host)
+    generate_machine_hardware_info(opts)


 def register_update_hardware_config(parser: argparse.ArgumentParser) -> None:
@@ -196,12 +184,6 @@ def register_update_hardware_config(parser: argparse.ArgumentParser) -> None:
        nargs="?",
        help="ssh address to install to in the form of user@host:2222",
    )
-    parser.add_argument(
-        "--host-key-check",
-        choices=["strict", "ask", "tofu", "none"],
-        default="ask",
-        help="Host key (.ssh/known_hosts) check mode.",
-    )
    parser.add_argument(
        "--password",
        help="Pre-provided password the cli will prompt otherwise if needed.",
--- a/pkgs/clan-cli/clan_cli/machines/install.py
+++ b/pkgs/clan-cli/clan_cli/machines/install.py
@@ -12,7 +12,6 @@ from clan_lib.cmd import Log, RunOpts, run
 from clan_lib.errors import ClanError
 from clan_lib.machines.machines import Machine
 from clan_lib.nix import nix_shell
-from clan_lib.ssh.remote import HostKeyCheck, Remote

 from clan_cli.completions import (
    add_dynamic_completer,
@@ -49,7 +48,7 @@ class InstallOptions:


@API.register
-def install_machine(opts: InstallOptions, target_host: Remote) -> None:
+def install_machine(opts: InstallOptions) -> None:
    machine = opts.machine

    machine.debug(f"installing {machine.name}")
@@ -57,6 +56,7 @@ def install_machine(opts: InstallOptions, target_host: Remote) -> None:
    generate_facts([machine])
    generate_vars([machine])

+    host = machine.target_host()
    with (
        TemporaryDirectory(prefix="nixos-install-") as _base_directory,
    ):
@@ -127,18 +127,14 @@ def install_machine(opts: InstallOptions, target_host: Remote) -> None:
        if opts.build_on:
            cmd += ["--build-on", opts.build_on.value]

-        if target_host.port:
-            cmd += ["--ssh-port", str(target_host.port)]
+        if host.port:
+            cmd += ["--ssh-port", str(host.port)]
        if opts.kexec:
            cmd += ["--kexec", opts.kexec]

        if opts.debug:
            cmd.append("--debug")
-
-        # Add nix options to nixos-anywhere
-        cmd.extend(opts.nix_options)
-
-        cmd.append(target_host.target)
+        cmd.append(host.target)
        if opts.use_tor:
            # nix copy does not support tor socks proxy
            # cmd.append("--ssh-option")
@@ -162,7 +158,7 @@ def install_command(args: argparse.Namespace) -> None:
    try:
        # Only if the caller did not specify a target_host via args.target_host
        # Find a suitable target_host that is reachable
-        target_host_str = args.target_host
+        target_host = args.target_host
        deploy_info: DeployInfo | None = ssh_command_parse(args)

        use_tor = False
@@ -170,9 +166,9 @@ def install_command(args: argparse.Namespace) -> None:
            host = find_reachable_host(deploy_info)
            if host is None:
                use_tor = True
-                target_host_str = deploy_info.tor.target
+                target_host = deploy_info.tor.target
            else:
-                target_host_str = host.target
+                target_host = host.target

        if args.password:
            password = args.password
@@ -181,20 +177,12 @@ def install_command(args: argparse.Namespace) -> None:
        else:
            password = None

-        machine = Machine(name=args.machine, flake=args.flake, nix_options=args.option)
-        host_key_check = (
-            HostKeyCheck.from_str(args.host_key_check)
-            if args.host_key_check
-            else HostKeyCheck.ASK
+        machine = Machine(
+            name=args.machine,
+            flake=args.flake,
+            nix_options=args.option,
+            override_target_host=target_host,
        )
-        if target_host_str is not None:
-            target_host = Remote.from_deployment_address(
-                machine_name=machine.name,
-                address=target_host_str,
-                host_key_check=host_key_check,
-            )
-        else:
-            target_host = machine.target_host().with_data(host_key_check=host_key_check)

        if machine._class_ == "darwin":
            msg = "Installing macOS machines is not yet supported"
@@ -205,7 +193,9 @@ def install_command(args: argparse.Namespace) -> None:
            raise ClanError(msg)

        if not args.yes:
-            ask = input(f"Install {args.machine} to {target_host.target}? [y/N] ")
+            ask = input(
+                f"Install {args.machine} to {machine.target_host().target}? [y/N] "
+            )
            if ask != "y":
                return None

@@ -223,7 +213,6 @@ def install_command(args: argparse.Namespace) -> None:
                identity_file=args.identity_file,
                use_tor=use_tor,
            ),
-            target_host=target_host,
        )
    except KeyboardInterrupt:
        log.warning("Interrupted by user")
--- a/pkgs/clan-cli/clan_cli/machines/update.py
+++ b/pkgs/clan-cli/clan_cli/machines/update.py
@@ -55,6 +55,12 @@ def upload_sources(machine: Machine, ssh: Remote) -> str:
        is_local_input(node) for node in flake_data["locks"]["nodes"].values()
    )

+    # Construct the remote URL with proper parameters for Darwin
+    remote_url = f"ssh://{ssh.target}"
+    # MacOS doesn't come with a proper login shell for ssh and therefore doesn't have nix in $PATH as it doesn't source /etc/profile
+    if machine._class_ == "darwin":
+        remote_url += "?remote-program=bash -lc 'exec nix-daemon --stdio'"
+
    if not has_path_inputs:
        # Just copy the flake to the remote machine, we can substitute other inputs there.
        path = flake_data["path"]
@@ -62,7 +68,7 @@ def upload_sources(machine: Machine, ssh: Remote) -> str:
            [
                "copy",
                "--to",
-                f"ssh://{ssh.target}",
+                remote_url,
                "--no-check-sigs",
                path,
            ]
@@ -84,7 +90,7 @@ def upload_sources(machine: Machine, ssh: Remote) -> str:
            "flake",
            "archive",
            "--to",
-            f"ssh://{ssh.target}",
+            remote_url,
            "--json",
            flake_url,
        ]
@@ -104,12 +110,10 @@ def upload_sources(machine: Machine, ssh: Remote) -> str:


@API.register
-def deploy_machine(
-    machine: Machine, target_host: Remote, build_host: Remote | None
-) -> None:
+def deploy_machine(machine: Machine) -> None:
    with ExitStack() as stack:
-        target_host = stack.enter_context(target_host.ssh_control_master())
-
+        target_host = stack.enter_context(machine.target_host().ssh_control_master())
+        build_host = machine.build_host()
        if build_host is not None:
            build_host = stack.enter_context(build_host.ssh_control_master())

@@ -200,6 +204,24 @@ def deploy_machine(
            )


+def deploy_machines(machines: list[Machine]) -> None:
+    """
+    Deploy to all hosts in parallel
+    """
+
+    with AsyncRuntime() as runtime:
+        for machine in machines:
+            runtime.async_run(
+                AsyncOpts(
+                    tid=machine.name, async_ctx=AsyncContext(prefix=machine.name)
+                ),
+                deploy_machine,
+                machine,
+            )
+        runtime.join_all()
+        runtime.check_all()
+
+
 def update_command(args: argparse.Namespace) -> None:
    try:
        if args.flake is None:
@@ -212,19 +234,21 @@ def update_command(args: argparse.Namespace) -> None:
            args.machines if args.machines else list_full_machines(args.flake).keys()
        )

+        if args.target_host is not None and len(args.machines) > 1:
+            msg = "Target Host can only be set for one machines"
+            raise ClanError(msg)
+
        for machine_name in selected_machines:
            machine = Machine(
                name=machine_name,
                flake=args.flake,
                nix_options=args.option,
+                override_target_host=args.target_host,
+                override_build_host=args.build_host,
                host_key_check=HostKeyCheck.from_str(args.host_key_check),
            )
            machines.append(machine)

-        if args.target_host is not None and len(machines) > 1:
-            msg = "Target Host can only be set for one machines"
-            raise ClanError(msg)
-
        def filter_machine(m: Machine) -> bool:
            if m.deployment.get("requireExplicitUpdate", False):
                return False
@@ -267,30 +291,8 @@ def update_command(args: argparse.Namespace) -> None:
                    f"clanInternals.machines.{system}.{{{','.join(machine_names)}}}.config.system.clan.deployment.file",
                ]
            )
-
-            host_key_check = HostKeyCheck.from_str(args.host_key_check)
-            with AsyncRuntime() as runtime:
-                for machine in machines:
-                    if args.target_host:
-                        target_host = Remote.from_deployment_address(
-                            machine_name=machine.name,
-                            address=args.target_host,
-                            host_key_check=host_key_check,
-                        )
-                    else:
-                        target_host = machine.target_host()
-                    runtime.async_run(
-                        AsyncOpts(
-                            tid=machine.name,
-                            async_ctx=AsyncContext(prefix=machine.name),
-                        ),
-                        deploy_machine,
-                        machine=machine,
-                        target_host=target_host,
-                        build_host=machine.build_host(),
-                    )
-                runtime.join_all()
-                runtime.check_all()
+            # Run the deplyoyment
+            deploy_machines(machines_to_update)

    except KeyboardInterrupt:
        log.warning("Interrupted by user")
--- a/pkgs/clan-cli/clan_lib/machines/machines.py
+++ b/pkgs/clan-cli/clan_lib/machines/machines.py
@@ -32,6 +32,8 @@ class Machine:
    flake: Flake

    nix_options: list[str] = field(default_factory=list)
+    override_target_host: None | str = None
+    override_build_host: None | str = None
    private_key: Path | None = None
    host_key_check: HostKeyCheck = HostKeyCheck.STRICT

@@ -141,6 +143,14 @@ class Machine:
        return self.flake.path

    def target_host(self) -> Remote:
+        if self.override_target_host:
+            return Remote.from_deployment_address(
+                machine_name=self.name,
+                address=self.override_target_host,
+                host_key_check=self.host_key_check,
+                private_key=self.private_key,
+            )
+
        remote = get_host(self.name, self.flake, field="targetHost")
        if remote is None:
            msg = f"'targetHost' is not set for machine '{self.name}'"
@@ -168,6 +178,15 @@ class Machine:
        The host where the machine is built and deployed from.
        Can be the same as the target host.
        """
+
+        if self.override_build_host:
+            return Remote.from_deployment_address(
+                machine_name=self.name,
+                address=self.override_build_host,
+                host_key_check=self.host_key_check,
+                private_key=self.private_key,
+            )
+
        remote = get_host(self.name, self.flake, field="buildHost")

        if remote:
--- a/pkgs/clan-cli/clan_lib/ssh/remote.py
+++ b/pkgs/clan-cli/clan_lib/ssh/remote.py
@@ -54,28 +54,6 @@ class Remote:
        except ValueError:
            return False

-    def with_data(self, host_key_check: HostKeyCheck | None = None) -> "Remote":
-        """
-        Returns a new Remote instance with the same data but with a different host_key_check.
-        """
-        return Remote(
-            address=self.address,
-            user=self.user,
-            command_prefix=self.command_prefix,
-            port=self.port,
-            private_key=self.private_key,
-            password=self.password,
-            forward_agent=self.forward_agent,
-            host_key_check=host_key_check
-            if host_key_check is not None
-            else self.host_key_check,
-            verbose_ssh=self.verbose_ssh,
-            ssh_options=self.ssh_options,
-            tor_socks=self.tor_socks,
-            _control_path_dir=self._control_path_dir,
-            _askpass_path=self._askpass_path,
-        )
-
    @property
    def target(self) -> str:
        return f"{self.user}@{self.address}"