yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: yadunut:service-static-hosts
Branches Tags
yadunut:main yadunut:update-devFlake-clan-core-for-checks yadunut:update-nixpkgs yadunut:push-unvrqnoxxpxs yadunut:push-pmmlnrxvqntt yadunut:push-lxuyokqwsqmr yadunut:check yadunut:ke-docs-testing-container yadunut:push-qxwmroxwwppo yadunut:monitoring-network yadunut:update-nixpkgs-2025-10-20 yadunut:exports-endpoints yadunut:wireguard yadunut:hgl-site yadunut:push-tnkqqznukmkw yadunut:clan-25.05 yadunut:fix-c yadunut:feat/snapshot-tests yadunut:write-access yadunut:ke-fix-cr yadunut:ke-qa-nixpkgs-input yadunut:lopter-lo-fix-error-msg yadunut:hgl-ui-textfield yadunut:zerotier_refactor yadunut:docs-framework yadunut:simplify_http_backend yadunut:test-update-vars yadunut:deps-poc yadunut:vars-docs yadunut:yggdrasil yadunut:ui/fix-install-state-after-install yadunut:revers-update-vars-break yadunut:fix-modules-spagetti yadunut:sachk-main yadunut:pr-5024 yadunut:ke-docs-add-nixos-rebuild-switch yadunut:mdformat yadunut:fix-typography yadunut:serve-json-telegraf yadunut:remove-deprecations yadunut:remove-module-pkgs yadunut:clean-dead-code yadunut:monitoring-service-prometheus yadunut:service-static-hosts yadunut:remove-facts yadunut:vm-mamanger-remove yadunut:cli-clan-inspect yadunut:tor yadunut:terst yadunut:flake-compat yadunut:fix/combobox-form-binding yadunut:docs-options yadunut:init-restic yadunut:migration-docs yadunut:ui/reduce-opacity-sidebar-pane yadunut:migrate-syncthing yadunut:remove-build-clan yadunut:remove-modules-2 yadunut:remove-modules yadunut:nim65s-multi-wifi yadunut:feat/options-styling yadunut:clan-autorefresh yadunut:assertions yadunut:push-uymllnlsszzv yadunut:ke-facts-cli-warning yadunut:module-migration-add-warning yadunut:update-devFlake-private-nixpkgs-dev yadunut:update-templates-services-2 yadunut:ke-disko-shell-completions yadunut:templates-2 yadunut:prep-ui-version2 yadunut:try-fix-flash-test yadunut:pr-4283-generate_test_vars-fix-it yadunut:ssh-proxy yadunut:pr-3785 yadunut:vars-new yadunut:update-templates-again yadunut:revert-delete-state-version yadunut:speed-up-vars-check yadunut:agit-4042 yadunut:generate-test-vars-precache yadunut:kenji/ke-fix-ssh-deploy yadunut:fix-users yadunut:ssh-fix yadunut:remove-auto-upgrade yadunut:fix-flake-cache-chroot yadunut:nix_transform_host_options yadunut:push-trllkluxupnn yadunut:migrate-postgresql yadunut:feat/terminal-ui-component yadunut:feat/clan-uri-in-route yadunut:admin-migrate-service yadunut:pinned-clan-core yadunut:improve-container yadunut:Qubasa-replace_machine_name_with_machine_obj yadunut:control-master yadunut:check-the-checks yadunut:updated yadunut:validation-hash yadunut:push-wqqzvqtllpmt yadunut:Qubasa-main yadunut:enable-more-macos yadunut:p2p-updates yadunut:lassulus yadunut:Qubasa-debugging-docs yadunut:options-warnings yadunut:vars-deploy-test yadunut:init/manpage yadunut:a-kenji-improve/editor yadunut:complete-clan-modules yadunut:clan/cli/facts-noisy-1443 yadunut:clan/examples yadunut:init/editors yadunut:add-pre-commit yadunut:feat/clan-install-json yadunut:init/manpages yadunut:a-kenji-clan/install yadunut:init/flatpak yadunut:clana
yadunut:ui-version1 yadunut:demo-v2.2 yadunut:demo-v2.1 yadunut:demo-v2.0 yadunut:demo-v1.1 yadunut:demo-v1.0
..
compare: yadunut:remove-module-pkgs
Branches Tags
yadunut:main yadunut:update-devFlake-clan-core-for-checks yadunut:update-nixpkgs yadunut:push-unvrqnoxxpxs yadunut:push-pmmlnrxvqntt yadunut:push-lxuyokqwsqmr yadunut:check yadunut:ke-docs-testing-container yadunut:push-qxwmroxwwppo yadunut:monitoring-network yadunut:update-nixpkgs-2025-10-20 yadunut:exports-endpoints yadunut:wireguard yadunut:hgl-site yadunut:push-tnkqqznukmkw yadunut:clan-25.05 yadunut:fix-c yadunut:feat/snapshot-tests yadunut:write-access yadunut:ke-fix-cr yadunut:ke-qa-nixpkgs-input yadunut:lopter-lo-fix-error-msg yadunut:hgl-ui-textfield yadunut:zerotier_refactor yadunut:docs-framework yadunut:simplify_http_backend yadunut:test-update-vars yadunut:deps-poc yadunut:vars-docs yadunut:yggdrasil yadunut:ui/fix-install-state-after-install yadunut:revers-update-vars-break yadunut:fix-modules-spagetti yadunut:sachk-main yadunut:pr-5024 yadunut:ke-docs-add-nixos-rebuild-switch yadunut:mdformat yadunut:fix-typography yadunut:serve-json-telegraf yadunut:remove-deprecations yadunut:remove-module-pkgs yadunut:clean-dead-code yadunut:monitoring-service-prometheus yadunut:service-static-hosts yadunut:remove-facts yadunut:vm-mamanger-remove yadunut:cli-clan-inspect yadunut:tor yadunut:terst yadunut:flake-compat yadunut:fix/combobox-form-binding yadunut:docs-options yadunut:init-restic yadunut:migration-docs yadunut:ui/reduce-opacity-sidebar-pane yadunut:migrate-syncthing yadunut:remove-build-clan yadunut:remove-modules-2 yadunut:remove-modules yadunut:nim65s-multi-wifi yadunut:feat/options-styling yadunut:clan-autorefresh yadunut:assertions yadunut:push-uymllnlsszzv yadunut:ke-facts-cli-warning yadunut:module-migration-add-warning yadunut:update-devFlake-private-nixpkgs-dev yadunut:update-templates-services-2 yadunut:ke-disko-shell-completions yadunut:templates-2 yadunut:prep-ui-version2 yadunut:try-fix-flash-test yadunut:pr-4283-generate_test_vars-fix-it yadunut:ssh-proxy yadunut:pr-3785 yadunut:vars-new yadunut:update-templates-again yadunut:revert-delete-state-version yadunut:speed-up-vars-check yadunut:agit-4042 yadunut:generate-test-vars-precache yadunut:kenji/ke-fix-ssh-deploy yadunut:fix-users yadunut:ssh-fix yadunut:remove-auto-upgrade yadunut:fix-flake-cache-chroot yadunut:nix_transform_host_options yadunut:push-trllkluxupnn yadunut:migrate-postgresql yadunut:feat/terminal-ui-component yadunut:feat/clan-uri-in-route yadunut:admin-migrate-service yadunut:pinned-clan-core yadunut:improve-container yadunut:Qubasa-replace_machine_name_with_machine_obj yadunut:control-master yadunut:check-the-checks yadunut:updated yadunut:validation-hash yadunut:push-wqqzvqtllpmt yadunut:Qubasa-main yadunut:enable-more-macos yadunut:p2p-updates yadunut:lassulus yadunut:Qubasa-debugging-docs yadunut:options-warnings yadunut:vars-deploy-test yadunut:init/manpage yadunut:a-kenji-improve/editor yadunut:complete-clan-modules yadunut:clan/cli/facts-noisy-1443 yadunut:clan/examples yadunut:init/editors yadunut:add-pre-commit yadunut:feat/clan-install-json yadunut:init/manpages yadunut:a-kenji-clan/install yadunut:init/flatpak yadunut:clana
yadunut:ui-version1 yadunut:demo-v2.2 yadunut:demo-v2.1 yadunut:demo-v2.0 yadunut:demo-v1.1 yadunut:demo-v1.0

40 Commits
service-st ... remove-mod

Author SHA1 Message Date
pinpox
956281ba38 Remove clanModules 2025-08-18 14:34:05 +02:00
clan-bot
3fb8b6587d Merge pull request 'Update nixpkgs-dev in devFlake' (#4791) from update-devFlake-nixpkgs-dev into main 2025-08-17 00:08:28 +00:00
clan-bot
6aee353b43 Update nixpkgs-dev in devFlake 2025-08-17 00:01:48 +00:00
hsjobeki
e109361e81 Merge pull request 'clanModules: remove unused code' (#4785) from clean-dead-code into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4785
 2025-08-16 11:03:16 +00:00
Johannes Kirschbauer
3c34f81a44 inventory/tests: remove unused tests 2025-08-16 12:56:30 +02:00
Johannes Kirschbauer
72e7c2e9b9 clanModules: cleanup some more unused code 2025-08-16 12:56:30 +02:00
Johannes Kirschbauer
03968d8fbc api/inventory: remove leaked schemas 2025-08-16 12:56:30 +02:00
Johannes Kirschbauer
2f27b3941e lib/inventory: limit access to defined keys 2025-08-16 12:56:30 +02:00
clan-bot
e9dc5b9ba6 Merge pull request 'Update nixpkgs-dev in devFlake' (#4787) from update-devFlake-nixpkgs-dev into main 2025-08-16 10:07:46 +00:00
clan-bot
e4ef885cd5 Update nixpkgs-dev in devFlake 2025-08-16 10:01:45 +00:00
Johannes Kirschbauer
9fe457ebd5 lib/clanModules: update nix_models 2025-08-16 11:59:16 +02:00
Johannes Kirschbauer
4a51aa9316 clanModules: remove unused test code 2025-08-16 11:58:55 +02:00
Johannes Kirschbauer
308a10d6e6 clanModules: remove unused code 2025-08-16 11:48:13 +02:00
clan-bot
90f513a08f Merge pull request 'Update nixpkgs' (#4784) from update-nixpkgs into main 2025-08-16 00:21:23 +00:00
clan-bot
4ddc61d132 Update nixpkgs 2025-08-16 00:01:27 +00:00
clan-bot
fc0088e9ea Merge pull request 'Update nix-darwin' (#4783) from update-nix-darwin into main 2025-08-15 20:16:14 +00:00
clan-bot
71094f7fa1 Update nix-darwin 2025-08-15 20:00:52 +00:00
clan-bot
a8516cf9c6 Merge pull request 'Update nixpkgs-dev in devFlake' (#4782) from update-devFlake-nixpkgs-dev into main 2025-08-15 15:08:18 +00:00
clan-bot
a89e2f877a Update nixpkgs-dev in devFlake 2025-08-15 15:01:50 +00:00
Mic92
ed78e49c47 Merge pull request 'vms/inspect: mark test as pure' (#4781) from no-impure into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4781
 2025-08-15 11:54:46 +00:00
Jörg Thalheim
3ef0a7919d vms/inspect: mark test as pure 2025-08-15 13:31:27 +02:00
Jörg Thalheim
36812d5f95 test_vars_deployment: simplify test to just start one vm 2025-08-15 13:30:30 +02:00
Mic92
f5bcdb4ba0 Merge pull request 'flakes/inspect: mark test as pure' (#4779) from no-impure into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4779
 2025-08-15 11:28:22 +00:00
Jörg Thalheim
b69ad0eca5 backups/list: mark as pure 2025-08-15 13:10:41 +02:00
Jörg Thalheim
b221c29694 flakes/inspect: mark test as pure 2025-08-15 13:08:30 +02:00
Luis Hebendanz
7dc7f09173 Merge pull request 'clanServices: telegraf -> add basic auth' (#4777) from Qubasa/clan-core:basic_auth_telegraf into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4777
 2025-08-15 11:07:44 +00:00
Mic92
ec3d224e1d Merge pull request 'tests_secrets_generate: mark as pure' (#4766) from no-impure into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4766
 2025-08-15 11:06:47 +00:00
Luis Hebendanz
00c5312080 Merge pull request 'docs: Revamp Getting Started guide for clarity and usability' (#4776) from scriptogre/clan-core:update-getting-started-docs into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4776
 2025-08-15 11:04:52 +00:00
Qubasa
7811a56d2b clanServices: telegraf -> add basic auth 
treefmt
 2025-08-15 18:02:31 +07:00
Jörg Thalheim
e9401177b7 installation: make sure target host is actually down 2025-08-15 12:51:20 +02:00
Jörg Thalheim
ef56258e8b impure-checks: reduce to 6 jobs 2025-08-15 12:51:20 +02:00
Jörg Thalheim
c4d9b39a17 tests_secrets_generate: mark as pure 2025-08-15 12:51:20 +02:00
Mic92
1f59b75c20 Merge pull request 'Delete old files when deploying docs' (#4775) from deploy-docs-delete into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4775
 2025-08-15 10:24:10 +00:00
scriptogre
6b6da7b897 docs: Revamp and simplify Getting Started guide 2025-08-15 13:19:39 +03:00
pinpox
4391c19ee9 Delete old files when deploying docs 2025-08-15 12:04:46 +02:00
hsjobeki
eb993b7060 Merge pull request 'ui/vars: add more vars to install story' (#4747) from ui-install-3 into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4747
 2025-08-15 09:14:46 +00:00
Johannes Kirschbauer
08cb6993a8 install/progress: display usb-stick 2025-08-15 11:10:57 +02:00
Johannes Kirschbauer
872f640211 install/assets: init usb-stick png image 2025-08-15 11:04:10 +02:00
Johannes Kirschbauer
c58f7c573d ui/install: clean up design 2025-08-15 11:04:09 +02:00
Johannes Kirschbauer
7b807a0745 ui/vars: add more vars to install story 2025-08-15 11:04:09 +02:00
59 changed files with 310 additions and 2189 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -39,7 +39,6 @@ select
# Generated files
pkgs/clan-app/ui/api/API.json
pkgs/clan-app/ui/api/API.ts
pkgs/clan-app/ui/api/Inventory.ts
pkgs/clan-app/ui/api/modules_schemas.json
pkgs/clan-app/ui/api/schema.json
pkgs/clan-app/ui/.fonts

27
checks/flake-module.nix
View File

@@ -139,33 +139,6 @@ in
nixosTests
// flakeOutputs
// {
# TODO: Automatically provide this check to downstream users to check their modules
clan-modules-json-compatible =
let
allSchemas = lib.mapAttrs (
_n: m:
let
schema =
(self.clanLib.evalService {
modules = [ m ];
prefix = [
"checks"
system
];
}).config.result.api.schema;
in
schema
) self.clan.modules;
in
pkgs.runCommand "combined-result"
{
schemaFile = builtins.toFile "schemas.json" (builtins.toJSON allSchemas);
}
''
mkdir -p $out
cat $schemaFile > $out/allSchemas.json
'';
clan-core-for-checks = pkgs.runCommand "clan-core-for-checks" { } ''
cp -r ${privateInputs.clan-core-for-checks} $out
chmod -R +w $out

2
checks/impure/flake-module.nix
View File

@@ -40,7 +40,7 @@
jobs=$(nproc)
# Spawning worker in pytest is relatively slow, so we limit the number of jobs to 13
# (current number of impure tests)
jobs="$((jobs > 13 ? 13 : jobs))"
jobs="$((jobs > 6 ? 6 : jobs))"
nix develop "$ROOT#clan-cli" -c bash -c "TMPDIR=/tmp python -m pytest -n $jobs -m impure ./clan_cli $@"

2
checks/installation/flake-module.nix
View File

@@ -241,7 +241,7 @@
target.shutdown()
except BrokenPipeError:
# qemu has already exited
pass
target.connected = False
# Create a new machine instance that boots from the installed system
installed_machine = create_test_machine(target, "${pkgs.qemu_test}", name="after_install")

30
clanServices/monitoring/telegraf.nix
View File

@@ -4,7 +4,12 @@
{
nixosModule =
{ pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
networking.firewall.interfaces = lib.mkIf (settings.allowAllInterfaces == false) (
@@ -18,8 +23,29 @@
networking.firewall.allowedTCPPorts = lib.mkIf (settings.allowAllInterfaces == true) [ 9273 ];
clan.core.vars.generators."telegraf-password" = {
files.telegraf-password.neededFor = "users";
files.telegraf-password.restartUnits = [ "telegraf.service" ];
runtimeInputs = [
pkgs.coreutils
pkgs.xkcdpass
pkgs.mkpasswd
];
script = ''
PASSWORD=$(xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n")
echo "BASIC_AUTH_PWD=$PASSWORD" > "$out"/telegraf-password
'';
};
services.telegraf = {
enable = true;
environmentFiles = [
(builtins.toString
config.clan.core.vars.generators."telegraf-password".files.telegraf-password.path
)
];
extraConfig = {
agent.interval = "60s";
inputs = {
@@ -49,6 +75,8 @@
outputs.prometheus_client = {
listen = ":9273";
metric_version = 2;
basic_username = "prometheus";
basic_password = "$${BASIC_AUTH_PWD}";
};
};
};

35
clanServices/static-hosts/default.nix
View File

@@ -1,35 +0,0 @@
{ packages }:
{ exports', ... }:
{
_class = "clan.service";
manifest.name = "clan-core/static-hosts";
manifest.description = "This is a test";
roles.default = { };
perMachine =
{ machine, roles, ... }:
{
nixosModule =
{ lib, ... }:
let
networks = lib.filter (n: n.networking != null) (builtins.attrValues exports'.instances);
sortedNetworks = lib.lists.sort (p: q: p.priority < q.priority) networks;
hostInNetwork = host: network: network ? ${host};
bestHost =
host:
(lib.findFirst (network: hostInNetwork host network) null sortedNetworks)
.networking.peers.${host}.host.plain or null;
in
{
networking.extraHosts = map (host: "${bestHost host} ${host}.clan") (
lib.attrNames roles.default.machines
);
};
};
}

12
clanServices/static-hosts/evening.nix
View File

@@ -1,12 +0,0 @@
{
roles.evening.perInstance =
{ settings, ... }:
{
nixosModule =
{ ... }:
{
imports = [ ];
environment.etc.hello.text = "${settings.greeting} World!";
};
};
}

22
clanServices/static-hosts/flake-module.nix
View File

@@ -1,22 +0,0 @@
{
self,
lib,
...
}:
let
module = lib.modules.importApply ./default.nix {
inherit (self) packages;
};
in
{
clan.modules.static-hosts = module;
perSystem =
{ ... }:
{
clan.nixosTests.static-hosts = {
imports = [ ./tests/vm/default.nix ];
clan.modules.static-hosts = module;
};
};
}

42
clanServices/static-hosts/tests/eval-tests.nix
View File

@@ -1,42 +0,0 @@
{
module,
clanLib,
...
}:
let
testFlake = clanLib.clan {
self = { };
# Point to the folder of the module
# TODO: make this optional
directory = ./..;
# Create some test machines
machines.jon = {
nixpkgs.hostPlatform = "x86_64-linux";
};
machines.sara = {
nixpkgs.hostPlatform = "x86_64-linux";
};
# Register the module for the test
modules.hello-world = module;
# Use the module in the test
inventory.instances = {
"hello" = {
module.name = "hello-world";
module.input = "self";
roles.evening.machines.jon = { };
};
};
};
in
{
test_simple = {
config = testFlake.config;
expr = { };
expected = { };
};
}

39
clanServices/static-hosts/tests/vm/default.nix
View File

@@ -1,39 +0,0 @@
{
name = "service-hello-service";
clan = {
directory = ./.;
inventory = {
machines.peer1 = { };
machines.peer2 = { };
instances."test" = {
module.name = "hello-service";
module.input = "self";
# Assign the roles to the two machines
roles.morning.machines.peer1 = { };
roles.evening.machines.peer2 = {
# Set roles settings for the peers, where we want to differ from
# the role defaults
settings = {
greeting = "Good night";
};
};
};
};
};
testScript =
{ ... }:
''
start_all()
value = peer1.succeed("greet-world")
assert value.strip() == "Good morning World! I'm peer1", value
value = peer2.succeed("greet-world")
assert value.strip() == "Good night World! I'm peer2", value
'';
}

4
clanServices/static-hosts/tests/vm/sops/users/admin/key.json
View File

@@ -1,4 +0,0 @@
{
"publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"type": "age"
}

1
clanServices/static-hosts/tests/vm/vars/per-machine/peer1/hello/hello/value
View File

@@ -1 +0,0 @@
Hello world from peer1

20
clanServices/wireguard/default.nix
View File

@@ -1,4 +1,3 @@
{ self }:
/*
There are two roles: peers and controllers:
- Every controller has an endpoint set
@@ -68,7 +67,6 @@ let
...
}:
{
networking.extraHosts =
let
domain = if settings.domain == null then instanceName else settings.domain;
@@ -171,22 +169,6 @@ in
...
}:
{
exports.networking.peers.${machine.name}.host.plain =
let
prefix =
if
builtins.pathExists (
self + "/vars/per-machine/${machine.name}/wireguard-network-${instanceName}/prefix/value"
)
then
builtins.readFile (
self + "/vars/per-machine/${machine.name}/wireguard-network-${instanceName}/prefix/value"
)
else
throw "path does not exist";
in
prefix + "::1";
# Set default domain to instanceName
# Peers connect to all controllers
@@ -422,7 +404,6 @@ in
perMachine =
{ instances, machine, ... }:
{
nixosModule =
{ pkgs, lib, ... }:
let
@@ -443,7 +424,6 @@ in
);
in
{
# Add assertions for role conflicts
assertions = lib.forEach machineRoleConflicts (conflict: {
assertion = false;

4
clanServices/wireguard/flake-module.nix
View File

@@ -1,6 +1,6 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { inherit self;};
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules.wireguard = module;

6
devFlake/flake.lock generated
View File

@@ -84,11 +84,11 @@
},
"nixpkgs-dev": {
"locked": {
"lastModified": 1755166611,
"narHash": "sha256-sk8pK8kWz4IE4ErAjKE1d8tMChY6VQR32U4yS68FIog=",
"lastModified": 1755375481,
"narHash": "sha256-43PgCQFgFD1nM/7dncytV0c5heNHe/gXrEud18ZWcZU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1a341e3c908f4a3105e737bd13af0318dc06fbe3",
"rev": "35f1742e4f1470817ff8203185e2ce0359947f12",
"type": "github"
},
"original": {

1
docs/nix/deploy-docs.nix
View File

@@ -40,6 +40,7 @@ writeShellScriptBin "deploy-docs" ''
rsync \
--checksum \
--delete \
-e "ssh -o StrictHostKeyChecking=no $sshExtraArgs" \
-a ${docs}/ \
www@clan.lol:/var/www/docs.clan.lol

24
docs/nix/flake-module.nix
View File

@@ -18,27 +18,8 @@
inherit (self) clanModules;
clan-core = self;
inherit pkgs;
evalClanModules = self.clanLib.evalClan.evalClanModules;
modulesRolesOptions = self.clanLib.evalClan.evalClanModulesWithRoles {
allModules = self.clanModules;
inherit pkgs;
clan-core = self;
};
};
# Frontmatter for clanModules
clanModulesFrontmatter =
let
docs = pkgs.nixosOptionsDoc {
options = self.clanLib.modules.frontmatterOptions;
transformOptions = self.clanLib.docs.stripStorePathsFromDeclarations;
};
in
docs.optionsJSON;
# Options available when imported via ` inventory.${moduleName}....${rolesName} `
clanModulesViaRoles = pkgs.writeText "info.json" (builtins.toJSON jsonDocs.clanModulesViaRoles);
# clan service options
clanModulesViaService = pkgs.writeText "info.json" (builtins.toJSON jsonDocs.clanModulesViaService);
@@ -88,12 +69,10 @@
}
}
export CLAN_CORE_DOCS=${jsonDocs.clanCore}/share/doc/nixos/options.json
# A file that contains the links to all clanModule docs
export CLAN_MODULES_VIA_ROLES=${clanModulesViaRoles}
export CLAN_MODULES_VIA_SERVICE=${clanModulesViaService}
export CLAN_SERVICE_INTERFACE=${self'.legacyPackages.clan-service-module-interface}/share/doc/nixos/options.json
# Frontmatter format for clanModules
export CLAN_MODULES_FRONTMATTER_DOCS=${clanModulesFrontmatter}/share/doc/nixos/options.json
export BUILD_CLAN_PATH=${buildClanOptions}/share/doc/nixos/options.json
@@ -107,7 +86,6 @@
legacyPackages = {
inherit
jsonDocs
clanModulesViaRoles
clanModulesViaService
;
};

53
docs/nix/get-module-docs.nix
View File

@@ -1,7 +1,5 @@
{
modulesRolesOptions,
nixosOptionsDoc,
evalClanModules,
lib,
pkgs,
clan-core,
@@ -10,21 +8,36 @@
let
inherit (clan-core.clanLib.docs) stripStorePathsFromDeclarations;
transformOptions = stripStorePathsFromDeclarations;
nixosConfigurationWithClan =
let
evaled = lib.evalModules {
class = "nixos";
modules = [
# Basemodule
(
{ config, ... }:
{
imports = (import (pkgs.path + "/nixos/modules/module-list.nix"));
nixpkgs.pkgs = pkgs;
clan.core.name = "dummy";
system.stateVersion = config.system.nixos.release;
# Set this to work around a bug where `clan.core.settings.machine.name`
# is forced due to `networking.interfaces` being forced
# somewhere in the nixpkgs options
facter.detected.dhcp.enable = lib.mkForce false;
}
)
{
clan.core.settings.directory = clan-core;
}
clan-core.nixosModules.clanCore
];
};
in
evaled;
in
{
clanModulesViaRoles = lib.mapAttrs (
_moduleName: rolesOptions:
lib.mapAttrs (
_roleName: options:
(nixosOptionsDoc {
inherit options;
warningsAreErrors = true;
inherit transformOptions;
}).optionsJSON
) rolesOptions
) modulesRolesOptions;
# Test with:
# nix build .\#legacyPackages.x86_64-linux.clanModulesViaService
clanModulesViaService = lib.mapAttrs (
@@ -38,7 +51,6 @@ in
{
roles = lib.mapAttrs (
_roleName: role:
(nixosOptionsDoc {
transformOptions =
opt:
@@ -54,20 +66,13 @@ in
warningsAreErrors = true;
}).optionsJSON
) evaluatedService.config.roles;
manifest = evaluatedService.config.manifest;
}
) clan-core.clan.modules;
clanCore =
(nixosOptionsDoc {
options =
((evalClanModules {
modules = [ ];
inherit pkgs clan-core;
}).options
).clan.core or { };
options = nixosConfigurationWithClan.options.clan.core;
warningsAreErrors = true;
inherit transformOptions;
}).optionsJSON;

240
docs/nix/render_options/__init__.py
View File

@@ -33,22 +33,13 @@ from clan_lib.errors import ClanError
from clan_lib.services.modules import (
CategoryInfo,
Frontmatter,
extract_frontmatter,
get_roles,
)
# Get environment variables
CLAN_CORE_PATH = Path(os.environ["CLAN_CORE_PATH"])
CLAN_CORE_DOCS = Path(os.environ["CLAN_CORE_DOCS"])
CLAN_MODULES_FRONTMATTER_DOCS = os.environ.get("CLAN_MODULES_FRONTMATTER_DOCS")
BUILD_CLAN_PATH = os.environ.get("BUILD_CLAN_PATH")
## Clan modules ##
# Some modules can be imported via nix natively
CLAN_MODULES_VIA_NIX = os.environ.get("CLAN_MODULES_VIA_NIX")
# Some modules can be imported via inventory
CLAN_MODULES_VIA_ROLES = os.environ.get("CLAN_MODULES_VIA_ROLES")
# Options how to author clan.modules
# perInstance, perMachine, ...
CLAN_SERVICE_INTERFACE = os.environ.get("CLAN_SERVICE_INTERFACE")
@@ -190,23 +181,6 @@ def module_header(module_name: str, has_inventory_feature: bool = False) -> str:
return f"# {module_name}{indicator}\n\n"
def module_nix_usage(module_name: str) -> str:
return f"""## Usage via Nix
**This module can be also imported directly in your nixos configuration. Although it is recommended to use the [inventory](../../concepts/inventory.md) interface if available.**
Some modules are considered 'low-level' or 'expert modules' and are not available via the inventory interface.
```nix
{{config, lib, inputs, ...}}: {{
imports = [ inputs.clan-core.clanModules.{module_name} ];
# ...
}}
```
"""
clan_core_descr = """
`clan.core` is always present in a clan machine
@@ -223,68 +197,6 @@ The following options are available for this module.
"""
def produce_clan_modules_frontmatter_docs() -> None:
if not CLAN_MODULES_FRONTMATTER_DOCS:
msg = f"Environment variables are not set correctly: $CLAN_CORE_DOCS={CLAN_CORE_DOCS}"
raise ClanError(msg)
if not OUT:
msg = f"Environment variables are not set correctly: $out={OUT}"
raise ClanError(msg)
with Path(CLAN_MODULES_FRONTMATTER_DOCS).open() as f:
options: dict[str, dict[str, Any]] = json.load(f)
# header
output = """# Frontmatter
Every clan module has a `frontmatter` section within its readme. It provides
machine readable metadata about the module.
!!! example
The used format is `TOML`
The content is separated by `---` and the frontmatter must be placed at the very top of the `README.md` file.
```toml
---
description = "A description of the module"
categories = ["category1", "category2"]
[constraints]
roles.client.max = 10
roles.server.min = 1
---
# Readme content
...
```
"""
output += """## Overview
This provides an overview of the available attributes of the `frontmatter`
within the `README.md` of a clan module.
"""
# for option_name, info in options.items():
# if option_name == "_module.args":
# continue
# output += render_option(option_name, info)
root = options_to_tree(options, debug=True)
for option in root.suboptions:
output += options_docs_from_tree(option, init_level=2)
outfile = Path(OUT) / "clanModules/frontmatter/index.md"
outfile.parent.mkdir(
parents=True,
exist_ok=True,
)
with outfile.open("w") as of:
of.write(output)
def produce_clan_core_docs() -> None:
if not CLAN_CORE_DOCS:
msg = f"Environment variables are not set correctly: $CLAN_CORE_DOCS={CLAN_CORE_DOCS}"
@@ -505,154 +417,6 @@ Learn how to use `clanServices` in practice in the [Using clanServices guide](..
of.write(output)
def produce_clan_modules_docs() -> None:
if not CLAN_MODULES_VIA_NIX:
msg = f"Environment variables are not set correctly: $CLAN_MODULES_VIA_NIX={CLAN_MODULES_VIA_NIX}"
raise ClanError(msg)
if not CLAN_MODULES_VIA_ROLES:
msg = f"Environment variables are not set correctly: $CLAN_MODULES_VIA_ROLES={CLAN_MODULES_VIA_ROLES}"
raise ClanError(msg)
if not CLAN_CORE_PATH:
msg = f"Environment variables are not set correctly: $CLAN_CORE_PATH={CLAN_CORE_PATH}"
raise ClanError(msg)
if not OUT:
msg = f"Environment variables are not set correctly: $out={OUT}"
raise ClanError(msg)
modules_index = "# Modules Overview\n\n"
modules_index += clan_modules_descr
modules_index += "## Overview\n\n"
modules_index += '<div class="grid cards" markdown>\n\n'
with Path(CLAN_MODULES_VIA_ROLES).open() as f2:
role_links: dict[str, dict[str, str]] = json.load(f2)
with Path(CLAN_MODULES_VIA_NIX).open() as f:
links: dict[str, str] = json.load(f)
for module_name, options_file in links.items():
print(f"Rendering ClanModule: {module_name}")
readme_file = CLAN_CORE_PATH / "clanModules" / module_name / "README.md"
with readme_file.open() as f:
readme = f.read()
frontmatter: Frontmatter
frontmatter, readme_content = extract_frontmatter(readme, str(readme_file))
# skip if experimental feature enabled
if "experimental" in frontmatter.features:
print(f"Skipping {module_name}: Experimental feature")
continue
modules_index += build_option_card(module_name, frontmatter)
##### Print module documentation #####
# 1. Header
output = module_header(module_name, "inventory" in frontmatter.features)
# 2. Description from README.md
if frontmatter.description:
output += f"*{frontmatter.description}*\n\n"
# 2. Deprecation note if the module is deprecated
if "deprecated" in frontmatter.features:
output += f"""
!!! Warning "Deprecated"
The `{module_name}` module is deprecated.*
Use 'clanServices/{module_name}' or a similar successor instead
"""
else:
output += f"""
!!! Warning "Will be deprecated"
The `{module_name}` module might eventually be migrated to 'clanServices'*
See: [clanServices](../../guides/clanServices.md)
"""
# 3. Categories from README.md
output += "## Categories\n\n"
output += render_categories(frontmatter.categories, frontmatter.categories_info)
output += "\n---\n\n"
# 3. README.md content
output += f"{readme_content}\n"
# 4. Usage
##### Print usage via Inventory #####
# get_roles(str) -> list[str] | None
# if not isinstance(options_file, str):
roles = get_roles(CLAN_CORE_PATH / "clanModules" / module_name)
if roles:
# Render inventory usage
output += """## Usage via Inventory\n\n"""
output += render_roles(roles, module_name)
for role in roles:
role_options_file = role_links[module_name][role]
# Abort if the options file is not found
if not isinstance(role_options_file, str):
print(
f"Error: module: {module_name} in role: {role} - options file not found, Got {role_options_file}"
)
exit(1)
no_options = f"""### Options of `{role}` role
**The `{module_name}` `{role}` doesnt offer / require any options to be set.**
"""
heading = f"""### Options of `{role}` role
The following options are available when using the `{role}` role.
"""
output += print_options(
role_options_file,
heading,
no_options,
replace_prefix=f"clan.{module_name}",
)
else:
# No roles means no inventory usage
output += """## Usage via Inventory
**This module cannot be used via the inventory interface.**
"""
##### Print usage via Nix / nixos #####
if not isinstance(options_file, str):
print(
f"Skipping {module_name}: Cannot be used via import clanModules.{module_name}"
)
output += """## Usage via Nix
**This module cannot be imported directly in your nixos configuration.**
"""
else:
output += module_nix_usage(module_name)
no_options = "** This module doesnt require any options to be set.**"
output += print_options(options_file, options_head, no_options)
outfile = Path(OUT) / f"clanModules/{module_name}.md"
outfile.parent.mkdir(
parents=True,
exist_ok=True,
)
with outfile.open("w") as of:
of.write(output)
modules_index += "</div>"
modules_index += "\n"
modules_outfile = Path(OUT) / "clanModules/index.md"
with modules_outfile.open("w") as of:
of.write(modules_index)
def build_option_card(module_name: str, frontmatter: Frontmatter) -> str:
"""
Build the overview index card for each reference target option.
@@ -863,8 +627,4 @@ if __name__ == "__main__": #
produce_clan_core_docs()
produce_clan_service_author_docs()
# produce_clan_modules_docs()
produce_clan_service_docs()
# produce_clan_modules_frontmatter_docs()

137
docs/site/guides/getting-started/index.md
View File

@@ -1,110 +1,129 @@
# :material-clock-fast: Getting Started
Ready to create your own Clan and manage a fleet of machines? Follow these simple steps to get started.
Ready to manage your fleet of machines?
This guide walks your through setting up your own declarative infrastructure using clan, git and flakes. By the end of this, you will have one or more machines integrated and installed. You can then import your existing NixOS configuration into this setup if you wish.
We will create a declarative infrastructure using **clan**, **git**, and **nix flakes**.
The following steps are meant to be executed on the machine on which to administer the infrastructure.
In order to get started you should have at least one machine with either physical or ssh access available as an installation target. Your local machine can also be used as an installation target if it is already running NixOS.
You'll finish with a centrally managed fleet, ready to import your existing NixOS configuration.
## Prerequisites
=== "**Linux**"
Make sure you have the following:
Clan requires Nix to be installed on your system. Run the following command to install Nix:
* 💻 **Administration Machine**: Run the setup commands from this machine.
* 🛠️ **Nix**: The Nix package manager, installed on your administration machine.
??? info "**How to install Nix (Linux / MacOS / NixOS)**"
**On Linux or macOS:**
1. Run the recommended installer:
```shellSession
curl --proto '=https' --tlsv1.2 -sSf -L [https://install.determinate.systems/nix](https://install.determinate.systems/nix) | sh -s -- install
```
2. After installation, ensure flakes are enabled by adding this line to `~/.config/nix/nix.conf`:
```
experimental-features = nix-command flakes
```
**On NixOS:**
Nix is already installed. You only need to enable flakes for your user in your `configuration.nix`:
```nix
{
nix.settings.experimental-features = [ "nix-command" "flakes" ];
}
```
Then, run `nixos-rebuild switch` to apply the changes.
* 🎯 **Target Machine(s)**: A remote machine with SSH, or your local machine (if NixOS).
## Create a New Clan
1. Navigate to your desired directory:
```shellSession
cd <your-directory>
```
2. Create a new clan flake:
**Note:** This creates a new directory in your current location
```shellSession
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
nix run https://git.clan.lol/clan/clan-core/archive/main.tar.gz#clan-cli --refresh -- flakes create
```
If you have previously installed Nix, make sure `experimental-features = nix-command flakes` is present in `~/.config/nix/nix.conf` or `/etc/nix/nix.conf`. If this is not the case, please add it to `~/.config/nix/nix.conf`.
3. Enter a **name** in the prompt:
=== "**NixOS**"
If you run NixOS the `nix` binary is already installed.
You will also need to enable the `nix-command` and `flakes` experimental features in your `configuration.nix`:
```nix
{ nix.settings.experimental-features = [ "nix-command" "flakes" ]; }
```terminalSession
Enter a name for the new clan: my-clan
```
=== "**macOS**"
## Project Structure
Clan requires Nix to be installed on your system. Run the following command to install Nix:
Your new directory, `my-clan`, should contain the following structure:
```shellSession
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
```
```
my-clan/
├── clan.nix
├── flake.lock
├── flake.nix
├── modules/
└── sops/
```
If you have previously installed Nix, make sure `experimental-features = nix-command flakes` is present in `~/.config/nix/nix.conf` or `/etc/nix/nix.conf`. If this is not the case, please add it to `~/.config/nix/nix.conf`.
!!! note "Templates"
This is the structure for the `default` template.
## Create a new clan
Use `clan templates list` and `clan templates --help` for available templates & more. Keep in mind that the exact files may change as templates evolve.
Initialize a new clan flake
## Activate the Environment
To get started, `cd` into your new project directory.
```shellSession
nix run https://git.clan.lol/clan/clan-core/archive/main.tar.gz#clan-cli --refresh -- flakes create
cd my-clan
```
This should prompt for a *name*:
```terminalSession
Enter a name for the new clan: my-clan
```
Enter a *name*, confirm with *enter*. A directory with that name will be created and initialized.
!!! Note
This command uses the `default` template
See `clan templates list` and the `--help` reference for how to use other templates.
## Explore the Project Structure
Take a look at all project files:
For example, you might see something like:
```{ .console .no-copy }
$ cd my-clan
$ ls
clan.nix flake.lock flake.nix modules sops
```
Dont worry if your output looks different — Clan templates evolve over time.
To interact with your newly created clan the you need to load the `clan` cli-package it into your environment by running:
Now, activate the environment using one of the following methods.
=== "Automatic (direnv, recommended)"
- prerequisite: [install nix-direnv](https://github.com/nix-community/nix-direnv)
**Prerequisite**: You must have [nix-direnv](https://github.com/nix-community/nix-direnv) installed.
Run `direnv allow` to automatically load the environment whenever you enter this directory.
```shellSession
direnv allow
```
=== "Manual (nix develop)"
Run nix develop to load the environment for your current shell session.
```shellSession
nix develop
```
verify that you can run `clan` commands:
## Verify the Setup
Once your environment is active, verify that the clan command is available by running:
```shellSession
clan show
```
You should see something like this:
You should see the default metadata for your new clan:
```shellSession
Name: __CHANGE_ME__
Description: None
```
To change the name of your clan edit `meta.name` in the `clan.nix` or `flake.nix` file
This confirms your setup is working correctly.
You can now change the default name by editing the `meta.name` field in your `clan.nix` file.
```{.nix title="clan.nix" hl_lines="3"}
{

12
flake.lock generated
View File

@@ -71,11 +71,11 @@
]
},
"locked": {
"lastModified": 1751313918,
"narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=",
"lastModified": 1755275010,
"narHash": "sha256-lEApCoWUEWh0Ifc3k1JdVjpMtFFXeL2gG1qvBnoRc2I=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf",
"rev": "7220b01d679e93ede8d7b25d6f392855b81dd475",
"type": "github"
},
"original": {
@@ -115,10 +115,10 @@
"nixpkgs": {
"locked": {
"lastModified": 315532800,
"narHash": "sha256-2ILJtWugqmMyZnaWnHh+5yyw8RZWbKu9rVdeWmrBVhY=",
"rev": "a595dde4d0d31606e19dcec73db02279db59d201",
"narHash": "sha256-moy1MfcGj+Pd+lU3PHYQUJq9OP0Evv9me8MjtmHlnRM=",
"rev": "32f313e49e42f715491e1ea7b306a87c16fe0388",
"type": "tarball",
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre844295.a595dde4d0d3/nixexprs.tar.xz"
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre844992.32f313e49e42/nixexprs.tar.xz"
},
"original": {
"type": "tarball",

1
flake.nix
View File

@@ -67,7 +67,6 @@
clan = {
meta.name = "clan-core";
inventory = {
services = { };
machines = {
"test-darwin-machine" = {
machineClass = "darwin";

1
lib/default.nix
View File

@@ -33,7 +33,6 @@ lib.fix (
evalService = clanLib.callLib ./modules/inventory/distributed-service/evalService.nix { };
# ------------------------------------
# ClanLib functions
evalClan = clanLib.callLib ./modules/inventory/eval-clan-modules { };
inventory = clanLib.callLib ./modules/inventory { };
modules = clanLib.callLib ./modules/inventory/frontmatter { };
test = clanLib.callLib ./test { };

108
lib/modules/inventory/eval-clan-modules/default.nix
View File

@@ -1,108 +0,0 @@
{
lib,
clanLib,
}:
let
baseModule =
{ pkgs }:
# Module
{ config, ... }:
{
imports = (import (pkgs.path + "/nixos/modules/module-list.nix"));
nixpkgs.pkgs = pkgs;
clan.core.name = "dummy";
system.stateVersion = config.system.nixos.release;
# Set this to work around a bug where `clan.core.settings.machine.name`
# is forced due to `networking.interfaces` being forced
# somewhere in the nixpkgs options
facter.detected.dhcp.enable = lib.mkForce false;
};
# This function takes a list of module names and evaluates them
# [ module ] -> { config, options, ... }
evalClanModulesLegacy =
{
modules,
pkgs,
clan-core,
}:
let
evaled = lib.evalModules {
class = "nixos";
modules = [
(baseModule { inherit pkgs; })
{
clan.core.settings.directory = clan-core;
}
clan-core.nixosModules.clanCore
]
++ modules;
};
in
# lib.warn ''
# doesn't respect role specific interfaces.
# The following {module}/default.nix file trying to be imported.
# Modules: ${builtins.toJSON modulenames}
# This might result in incomplete or incorrect interfaces.
# FIX: Use evalClanModuleWithRole instead.
# ''
evaled;
/*
This function takes a list of module names and evaluates them
Returns a set of interfaces as described below:
Fn :: { ${moduleName} = Module; } -> {
${moduleName} :: {
${roleName}: JSONSchema
}
}
*/
evalClanModulesWithRoles =
{
allModules,
clan-core,
pkgs,
}:
let
res = builtins.mapAttrs (
moduleName: module:
let
frontmatter = clanLib.modules.getFrontmatter allModules.${moduleName} moduleName;
roles =
if builtins.elem "inventory" frontmatter.features or [ ] then
assert lib.isPath module;
clan-core.clanLib.modules.getRoles "Documentation: inventory.modules" allModules moduleName
else
[ ];
in
lib.listToAttrs (
lib.map (role: {
name = role;
value =
(lib.evalModules {
class = "nixos";
modules = [
(baseModule { inherit pkgs; })
clan-core.nixosModules.clanCore
{
clan.core.settings.directory = clan-core;
}
# Role interface
(module + "/roles/${role}.nix")
];
}).options.clan.${moduleName} or { };
}) roles
)
) allModules;
in
res;
in
{
evalClanModules = evalClanModulesLegacy;
inherit evalClanModulesWithRoles;
}

45
lib/modules/inventory/flake-module.nix
View File

@@ -1,12 +1,8 @@
{
self,
inputs,
options,
...
}:
let
inputOverrides = self.clanLib.flake-inputs.getOverrides inputs;
in
{
imports = [
./distributed-service/flake-module.nix
@@ -15,16 +11,13 @@ in
{
pkgs,
lib,
config,
system,
self',
...
}:
{
devShells.inventory-schema = pkgs.mkShell {
name = "clan-inventory-schema";
inputsFrom = with config.checks; [
eval-lib-inventory
inputsFrom = [
self'.devShells.default
];
};
@@ -51,41 +44,5 @@ in
warningsAreErrors = true;
transformOptions = self.clanLib.docs.stripStorePathsFromDeclarations;
}).optionsJSON;
# Run: nix-unit --extra-experimental-features flakes --flake .#legacyPackages.x86_64-linux.evalTests
legacyPackages.evalTests-inventory = import ./tests {
inherit lib;
clan-core = self;
inherit (self) clanLib;
inherit (self.inputs) nix-darwin;
};
checks = {
eval-lib-inventory = pkgs.runCommand "tests" { nativeBuildInputs = [ pkgs.nix-unit ]; } ''
export HOME="$(realpath .)"
export NIX_ABORT_ON_WARN=1
nix-unit --eval-store "$HOME" \
--extra-experimental-features flakes \
--show-trace \
${inputOverrides} \
--flake ${
lib.fileset.toSource {
root = ../../..;
fileset = lib.fileset.unions [
../../../flake.nix
../../../flake.lock
(lib.fileset.fileFilter (file: file.name == "flake-module.nix") ../../..)
../../../flakeModules
../../../lib
../../../nixosModules/clanCore
../../../machines
../../../inventory.json
];
}
}#legacyPackages.${system}.evalTests-inventory
touch $out
'';
};
};
}

50
lib/modules/inventory/frontmatter/default.nix
View File

@@ -3,51 +3,6 @@ let
# Trim the .nix extension from a filename
trimExtension = name: builtins.substring 0 (builtins.stringLength name - 4) name;
jsonWithoutHeader = clanLib.jsonschema {
includeDefaults = true;
header = { };
};
getModulesSchema =
{
modules,
clan-core,
pkgs,
}:
lib.mapAttrs
(
_moduleName: rolesOptions:
lib.mapAttrs (_roleName: options: jsonWithoutHeader.parseOptions options { }) rolesOptions
)
(
clanLib.evalClan.evalClanModulesWithRoles {
allModules = modules;
inherit pkgs clan-core;
}
);
evalFrontmatter =
{
moduleName,
instanceName,
resolvedRoles,
allModules,
}:
lib.evalModules {
modules = [
(getFrontmatter allModules.${moduleName} moduleName)
./interface.nix
{
constraints.imports = [
(lib.modules.importApply ../constraints {
inherit moduleName resolvedRoles instanceName;
allRoles = getRoles "inventory.modules" allModules moduleName;
})
];
}
];
};
# For Documentation purposes only
frontmatterOptions =
(lib.evalModules {
@@ -119,17 +74,12 @@ let
builtins.readDir (checkedPath)
)
);
checkConstraints = args: (evalFrontmatter args).config.constraints.assertions;
getFrontmatter = _modulepath: _modulename: "clanModules are removed!";
in
{
inherit
frontmatterOptions
getModulesSchema
getFrontmatter
checkConstraints
getRoles
;
}

44
lib/modules/inventory/schemas/default.nix
View File

@@ -1,29 +1,14 @@
{
self,
self',
lib,
pkgs,
flakeOptions,
...
}:
let
modulesSchema = self.clanLib.modules.getModulesSchema {
modules = self.clanModules;
inherit pkgs;
clan-core = self;
};
jsonLib = self.clanLib.jsonschema { inherit includeDefaults; };
includeDefaults = true;
frontMatterSchema = jsonLib.parseOptions self.clanLib.modules.frontmatterOptions { };
inventorySchema = jsonLib.parseModule ({
imports = [ ../../inventoryClass/interface.nix ];
_module.args = { inherit (self) clanLib; };
});
opts = (flakeOptions.flake.type.getSubOptions [ "flake" ]);
clanOpts = opts.clan.type.getSubOptions [ "clan" ];
include = [
@@ -38,13 +23,6 @@ let
];
clanSchema = jsonLib.parseOptions (lib.filterAttrs (n: _v: lib.elem n include) clanOpts) { };
renderSchema = pkgs.writers.writePython3Bin "render-schema" {
flakeIgnore = [
"F401"
"E501"
];
} ./render_schema.py;
clan-schema-abstract = pkgs.stdenv.mkDerivation {
name = "clan-schema-files";
buildInputs = [ pkgs.cue ];
@@ -63,29 +41,7 @@ in
{
inherit
flakeOptions
frontMatterSchema
clanSchema
inventorySchema
modulesSchema
renderSchema
clan-schema-abstract
;
# Inventory schema, with the modules schema added per role
inventory =
pkgs.runCommand "rendered"
{
buildInputs = [
pkgs.python3
self'.packages.clan-cli
];
}
''
export INVENTORY_SCHEMA_PATH=${builtins.toFile "inventory-schema.json" (builtins.toJSON inventorySchema)}
export MODULES_SCHEMA_PATH=${builtins.toFile "modules-schema.json" (builtins.toJSON modulesSchema)}
mkdir $out
# The python script will place the schemas in the output directory
exec python3 ${renderSchema}/bin/render-schema
'';
}

162
lib/modules/inventory/schemas/render_schema.py
View File

@@ -1,162 +0,0 @@
"""
Python script to join the abstract inventory schema, with the concrete clan modules
Inventory has slots which are 'Any' type.
We dont want to evaluate the clanModules interface in nix, when evaluating the inventory
"""
import json
import os
from pathlib import Path
from typing import Any
from clan_lib.errors import ClanError
# Get environment variables
INVENTORY_SCHEMA_PATH = Path(os.environ["INVENTORY_SCHEMA_PATH"])
# { [moduleName] :: { [roleName] :: SCHEMA }}
MODULES_SCHEMA_PATH = Path(os.environ["MODULES_SCHEMA_PATH"])
OUT = os.environ.get("out")
if not INVENTORY_SCHEMA_PATH:
msg = f"Environment variables are not set correctly: INVENTORY_SCHEMA_PATH={INVENTORY_SCHEMA_PATH}."
raise ClanError(msg)
if not MODULES_SCHEMA_PATH:
msg = f"Environment variables are not set correctly: MODULES_SCHEMA_PATH={MODULES_SCHEMA_PATH}."
raise ClanError(msg)
if not OUT:
msg = f"Environment variables are not set correctly: OUT={OUT}."
raise ClanError(msg)
def service_roles_to_schema(
schema: dict[str, Any],
service_name: str,
roles: list[str],
roles_schemas: dict[str, dict[str, Any]],
# Original service properties: {'config': Schema, 'machines': Schema, 'meta': Schema, 'extraModules': Schema, ...?}
orig: dict[str, Any],
) -> dict[str, Any]:
"""
Add roles to the service schema
"""
# collect all the roles for the service, to form a type union
all_roles_schema: list[dict[str, Any]] = []
for role_name, role_schema in roles_schemas.items():
role_schema["title"] = f"{module_name}-config-role-{role_name}"
all_roles_schema.append(role_schema)
role_schema = {}
for role in roles:
role_schema[role] = {
"type": "object",
"additionalProperties": False,
"properties": {
**orig["roles"]["additionalProperties"]["properties"],
"config": {
**roles_schemas.get(role, {}),
"title": f"{service_name}-config-role-{role}",
"type": "object",
"default": {},
"additionalProperties": False,
},
},
}
machines_schema = {
"type": "object",
"additionalProperties": {
"type": "object",
"properties": {
**orig["machines"]["additionalProperties"]["properties"],
"config": {
"title": f"{service_name}-config",
"oneOf": all_roles_schema,
"type": "object",
"default": {},
"additionalProperties": False,
},
},
},
}
services["properties"][service_name] = {
"type": "object",
"additionalProperties": {
"type": "object",
"additionalProperties": False,
"properties": {
# Original inventory schema
**orig,
# Inject the roles schemas
"roles": {
"title": f"{service_name}-roles",
"type": "object",
"properties": role_schema,
"additionalProperties": False,
},
"machines": machines_schema,
"config": {
"title": f"{service_name}-config",
"oneOf": all_roles_schema,
"type": "object",
"default": {},
"additionalProperties": False,
},
},
},
}
return schema
if __name__ == "__main__":
print("Joining inventory schema with modules schema")
print(f"Inventory schema path: {INVENTORY_SCHEMA_PATH}")
print(f"Modules schema path: {MODULES_SCHEMA_PATH}")
modules_schema = {}
with Path.open(MODULES_SCHEMA_PATH) as f:
modules_schema = json.load(f)
inventory_schema = {}
with Path.open(INVENTORY_SCHEMA_PATH) as f:
inventory_schema = json.load(f)
services = inventory_schema["properties"]["services"]
original_service_props = services["additionalProperties"]["additionalProperties"][
"properties"
].copy()
# Init the outer services schema
# Properties (service names) will be filled in the next step
services = {
"type": "object",
"properties": {
# Service names
},
"additionalProperties": False,
}
for module_name, roles_schemas in modules_schema.items():
# Add the roles schemas to the service schema
roles = list(roles_schemas.keys())
if roles:
services = service_roles_to_schema(
services,
module_name,
roles,
roles_schemas,
original_service_props,
)
inventory_schema["properties"]["services"] = services
outpath = Path(OUT)
with (outpath / "schema.json").open("w") as f:
json.dump(inventory_schema, f, indent=2)
with (outpath / "modules_schemas.json").open("w") as f:
json.dump(modules_schema, f, indent=2)

90
lib/modules/inventory/tests/default.nix
View File

@@ -1,90 +0,0 @@
{
clan-core,
nix-darwin,
lib,
clanLib,
}:
let
# TODO: Unify these tests with clan tests
clan =
m:
lib.evalModules {
specialArgs = { inherit clan-core nix-darwin clanLib; };
modules = [
clan-core.modules.clan.default
{
self = { };
}
m
];
};
in
{
test_inventory_a =
let
eval = clan {
inventory = {
machines = {
A = { };
};
services = {
legacyModule = { };
};
modules = {
legacyModule = ./legacyModule;
};
};
directory = ./.;
};
in
{
inherit eval;
expr = {
legacyModule = lib.filterAttrs (
name: _: name == "isClanModule"
) eval.config.clanInternals.inventoryClass.machines.A.compiledServices.legacyModule;
};
expected = {
legacyModule = {
};
};
};
test_inventory_empty =
let
eval = clan {
inventory = { };
directory = ./.;
};
in
{
# Empty inventory should return an empty module
expr = eval.config.clanInternals.inventoryClass.machines;
expected = { };
};
test_inventory_module_doesnt_exist =
let
eval = clan {
directory = ./.;
inventory = {
services = {
fanatasy.instance_1 = {
roles.default.machines = [ "machine_1" ];
};
};
machines = {
"machine_1" = { };
};
};
};
in
{
inherit eval;
expr = eval.config.clanInternals.inventoryClass.machines.machine_1.machineImports;
expectedError = {
type = "ThrownError";
msg = "ClanModule not found*";
};
};
}

4
lib/modules/inventory/tests/legacyModule/README.md
View File

@@ -1,4 +0,0 @@
---
features = [ "inventory" ]
---
Description

9
lib/modules/inventory/tests/legacyModule/roles/default.nix
View File

@@ -1,9 +0,0 @@
{
lib,
clan-core,
...
}:
{
# Just some random stuff
options.test = lib.mapAttrs clan-core;
}

78
lib/modules/inventoryClass/assertions.nix
View File

@@ -1,78 +0,0 @@
# Integrity validation of the inventory
{ config, lib, ... }:
{
# Assertion must be of type
# { assertion :: bool, message :: string, severity :: "error" | "warning" }
imports = [
# Check that each machine used in a service is defined in the top-level machines
{
assertions = lib.foldlAttrs (
ass1: serviceName: c:
ass1
++ lib.foldlAttrs (
ass2: instanceName: instanceConfig:
let
topLevelMachines = lib.attrNames config.machines;
# All machines must be defined in the top-level machines
assertions = lib.foldlAttrs (
assertions: roleName: role:
assertions
++ builtins.filter (a: !a.assertion) (
builtins.map (m: {
assertion = builtins.elem m topLevelMachines;
message = ''
Machine '${m}' is not defined in the inventory. This might still work, if the machine is defined via nix.
Defined in service: '${serviceName}' instance: '${instanceName}' role: '${roleName}'.
Inventory machines:
${builtins.concatStringsSep "\n" (map (n: "'${n}'") topLevelMachines)}
'';
severity = "warning";
}) role.machines
)
) [ ] instanceConfig.roles;
in
ass2 ++ assertions
) [ ] c
) [ ] config.services;
}
# Check that each tag used in a role is defined in at least one machines tags
{
assertions = lib.foldlAttrs (
ass1: serviceName: c:
ass1
++ lib.foldlAttrs (
ass2: instanceName: instanceConfig:
let
allTags = lib.foldlAttrs (
tags: _machineName: machine:
tags ++ machine.tags
) [ ] config.machines;
# All machines must be defined in the top-level machines
assertions = lib.foldlAttrs (
assertions: roleName: role:
assertions
++ builtins.filter (a: !a.assertion) (
builtins.map (m: {
assertion = builtins.elem m allTags;
message = ''
Tag '${m}' is not defined in the inventory.
Defined in service: '${serviceName}' instance: '${instanceName}' role: '${roleName}'.
Available tags:
${builtins.concatStringsSep "\n" (map (n: "'${n}'") allTags)}
'';
severity = "error";
}) role.tags
)
) [ ] instanceConfig.roles;
in
ass2 ++ assertions
) [ ] c
) [ ] config.services;
}
];
}

263
lib/modules/inventoryClass/builder/default.nix
View File

@@ -1,268 +1,5 @@
{
lib,
config,
clanLib,
...
}:
let
inherit (config) inventory directory;
resolveTags =
# Inventory, { machines :: [string], tags :: [string] }
{
serviceName,
instanceName,
roleName,
inventory,
members,
}:
{
machines =
members.machines or [ ]
++ (builtins.foldl' (
acc: tag:
let
# For error printing
availableTags = lib.foldlAttrs (
acc: _: v:
v.tags or [ ] ++ acc
) [ ] (inventory.machines);
tagMembers = builtins.attrNames (
lib.filterAttrs (_n: v: builtins.elem tag v.tags or [ ]) inventory.machines
);
in
if tagMembers == [ ] then
lib.warn ''
inventory.services.${serviceName}.${instanceName}: - ${roleName} tags: no machine with tag '${tag}' found.
Available tags: ${builtins.toJSON (lib.unique availableTags)}
'' [ ]
else
acc ++ tagMembers
) [ ] members.tags or [ ]);
};
checkService =
modulepath: serviceName:
builtins.elem "inventory" (clanLib.modules.getFrontmatter modulepath serviceName).features or [ ];
compileMachine =
{ machineConfig }:
{
machineImports = [
(lib.optionalAttrs (machineConfig.deploy.targetHost or null != null) {
config.clan.core.networking.targetHost = lib.mkForce machineConfig.deploy.targetHost;
})
(lib.optionalAttrs (machineConfig.deploy.buildHost or null != null) {
config.clan.core.networking.buildHost = lib.mkForce machineConfig.deploy.buildHost;
})
];
assertions = { };
};
resolveImports =
{
supportedRoles,
resolvedRolesPerInstance,
serviceConfigs,
serviceName,
machineName,
getRoleFile,
}:
(lib.foldlAttrs (
# : [ Modules ] -> String -> ServiceConfig -> [ Modules ]
acc2: instanceName: serviceConfig:
let
resolvedRoles = resolvedRolesPerInstance.${instanceName};
isInService = builtins.any (members: builtins.elem machineName members.machines) (
builtins.attrValues resolvedRoles
);
# all roles where the machine is present
machineRoles = builtins.attrNames (
lib.filterAttrs (_role: roleConfig: builtins.elem machineName roleConfig.machines) resolvedRoles
);
machineServiceConfig = (serviceConfig.machines.${machineName} or { }).config or { };
globalConfig = serviceConfig.config or { };
globalExtraModules = serviceConfig.extraModules or [ ];
machineExtraModules = serviceConfig.machines.${machineName}.extraModules or [ ];
roleServiceExtraModules = builtins.foldl' (
acc: role: acc ++ serviceConfig.roles.${role}.extraModules or [ ]
) [ ] machineRoles;
# TODO: maybe optimize this don't lookup the role in inverse roles. Imports are not lazy
roleModules = builtins.map (
role:
if builtins.elem role supportedRoles && inventory.modules ? ${serviceName} then
getRoleFile role
else
throw "Module ${serviceName} doesn't have role: '${role}'. Role: ${
inventory.modules.${serviceName}
}/roles/${role}.nix not found."
) machineRoles;
roleServiceConfigs = builtins.filter (m: m != { }) (
builtins.map (role: serviceConfig.roles.${role}.config or { }) machineRoles
);
extraModules = map (s: if builtins.typeOf s == "string" then "${directory}/${s}" else s) (
globalExtraModules ++ machineExtraModules ++ roleServiceExtraModules
);
features =
(clanLib.modules.getFrontmatter inventory.modules.${serviceName} serviceName).features or [ ];
deprecationWarning = lib.optionalAttrs (builtins.elem "deprecated" features) {
warnings = [
''
The '${serviceName}' module has been migrated from `inventory.services` to `inventory.instances`
See https://docs.clan.lol/guides/clanServices/ for usage.
''
];
};
in
if !(serviceConfig.enabled or true) then
acc2
else if isInService then
acc2
++ [
deprecationWarning
{
imports = roleModules ++ extraModules;
clan.inventory.services.${serviceName}.${instanceName} = {
roles = resolvedRoles;
# TODO: Add inverseRoles to the service config if needed
# inherit inverseRoles;
};
}
(lib.optionalAttrs (globalConfig != { } || machineServiceConfig != { } || roleServiceConfigs != [ ])
{
clan.${serviceName} = lib.mkMerge (
[
globalConfig
machineServiceConfig
]
++ roleServiceConfigs
);
}
)
]
else
acc2
) [ ] (serviceConfigs));
in
{
imports = [
./interface.nix
];
config = {
machines = builtins.mapAttrs (
machineName: machineConfig: m:
let
compiledServices = lib.mapAttrs (
_: serviceConfigs:
(
{ config, ... }:
let
serviceName = config.serviceName;
getRoleFile = role: builtins.seq role inventory.modules.${serviceName} + "/roles/${role}.nix";
in
{
_file = "inventory/builder.nix";
_module.args = {
inherit
resolveTags
inventory
clanLib
machineName
serviceConfigs
;
};
imports = [
./roles.nix
];
machineImports = resolveImports {
supportedRoles = config.supportedRoles;
resolvedRolesPerInstance = config.resolvedRolesPerInstance;
inherit
serviceConfigs
serviceName
machineName
getRoleFile
;
};
# Assertions
assertions = {
"checkservice.${serviceName}" = {
assertion = checkService inventory.modules.${serviceName} serviceName;
message = ''
Service ${serviceName} cannot be used in inventory. It does not declare the 'inventory' feature.
To allow it add the following to the beginning of the README.md of the module:
---
...
features = [ "inventory" ]
---
Also make sure to test the module with the 'inventory' feature enabled.
'';
};
};
}
)
) (config.inventory.services or { });
compiledMachine = compileMachine {
inherit
machineConfig
;
};
machineImports = (
compiledMachine.machineImports
++ builtins.foldl' (
acc: service:
let
failedAssertions = (lib.filterAttrs (_: v: !v.assertion) service.assertions);
failedAssertionsImports =
if failedAssertions != { } then
[
{
clan.inventory.assertions = failedAssertions;
}
]
else
[
{
clan.inventory.assertions = {
"alive.assertion.inventory" = {
assertion = true;
message = ''
No failed assertions found for machine ${machineName}. This will never be displayed.
It is here for testing purposes.
'';
};
};
}
];
in
acc
++ service.machineImports
# Import failed assertions
++ failedAssertionsImports
) [ ] (builtins.attrValues m.config.compiledServices)
);
in
{
inherit machineImports compiledServices compiledMachine;
}
) (inventory.machines or { });
};
}

77
lib/modules/inventoryClass/builder/interface.nix
View File

@@ -16,76 +16,13 @@ in
type = types.raw;
};
machines = mkOption {
type = types.attrsOf (
submodule (
{ name, ... }:
let
machineName = name;
in
{
options = {
compiledMachine = mkOption {
type = types.raw;
};
compiledServices = mkOption {
# type = types.attrsOf;
type = types.attrsOf (
types.submoduleWith {
modules = [
(
{ name, ... }:
let
serviceName = name;
in
{
options = {
machineName = mkOption {
default = machineName;
readOnly = true;
};
serviceName = mkOption {
default = serviceName;
readOnly = true;
};
# Outputs
machineImports = mkOption {
type = types.listOf types.raw;
};
supportedRoles = mkOption {
type = types.listOf types.str;
};
matchedRoles = mkOption {
type = types.listOf types.str;
};
machinesRoles = mkOption {
type = types.attrsOf (types.listOf types.str);
};
resolvedRolesPerInstance = mkOption {
type = types.attrsOf (
types.attrsOf (submodule {
options.machines = mkOption {
type = types.listOf types.str;
};
})
);
};
assertions = mkOption {
type = types.attrsOf types.raw;
};
};
}
)
];
}
);
};
machineImports = mkOption {
type = types.listOf types.raw;
};
};
}
)
);
type = types.attrsOf (submodule ({
options = {
machineImports = mkOption {
type = types.listOf types.raw;
};
};
}));
};
};
}

65
lib/modules/inventoryClass/builder/roles.nix
View File

@@ -1,65 +0,0 @@
{
lib,
config,
resolveTags,
inventory,
clanLib,
machineName,
serviceConfigs,
...
}:
let
serviceName = config.serviceName;
in
{
# Roles resolution
# : List String
supportedRoles = clanLib.modules.getRoles "inventory.modules" inventory.modules serviceName;
matchedRoles = builtins.attrNames (
lib.filterAttrs (_: ms: builtins.elem machineName ms) config.machinesRoles
);
resolvedRolesPerInstance = lib.mapAttrs (
instanceName: instanceConfig:
let
resolvedRoles = lib.genAttrs config.supportedRoles (
roleName:
resolveTags {
members = instanceConfig.roles.${roleName} or { };
inherit
instanceName
serviceName
roleName
inventory
;
}
);
usedRoles = builtins.attrNames instanceConfig.roles;
unmatchedRoles = builtins.filter (role: !builtins.elem role config.supportedRoles) usedRoles;
in
if unmatchedRoles != [ ] then
throw ''
Roles ${builtins.toJSON unmatchedRoles} are not defined in the service ${serviceName}.
Instance: '${instanceName}'
Please use one of available roles: ${builtins.toJSON config.supportedRoles}
''
else
resolvedRoles
) serviceConfigs;
machinesRoles = builtins.zipAttrsWith (
_n: vs:
let
flat = builtins.foldl' (acc: s: acc ++ s.machines) [ ] vs;
in
lib.unique flat
) (builtins.attrValues config.resolvedRolesPerInstance);
assertions = lib.concatMapAttrs (
instanceName: resolvedRoles:
clanLib.modules.checkConstraints {
moduleName = serviceName;
allModules = inventory.modules;
inherit resolvedRoles instanceName;
}
) config.resolvedRolesPerInstance;
}

220
lib/modules/inventoryClass/interface.nix
View File

@@ -31,70 +31,13 @@ let
'';
};
};
moduleConfig = lib.mkOption {
default = { };
# TODO: use types.deferredModule
# clan.borgbackup MUST be defined as submodule
type = types.attrsOf types.anything;
description = ''
Configuration of the specific clanModule.
!!! Note
Configuration is passed to the nixos configuration scoped to the module.
```nix
clan.<serviceName> = { ... # Config }
```
'';
};
extraModulesOption = lib.mkOption {
description = ''
List of additionally imported `.nix` expressions.
Supported types:
- **Strings**: Interpreted relative to the 'directory' passed to `lib.clan`.
- **Paths**: should be relative to the current file.
- **Any**: Nix expression must be serializable to JSON.
!!! Note
**The import only happens if the machine is part of the service or role.**
Other types are passed through to the nixos configuration.
???+ Example
To import the `special.nix` file
```
. Clan Directory
flake.nix
...
modules
special.nix
...
```
```nix
{
extraModules = [ "modules/special.nix" ];
}
```
'';
apply = value: if lib.isString value then value else builtins.seq (builtins.toJSON value) value;
default = [ ];
type = types.listOf (
types.oneOf [
types.str
types.anything
]
);
};
in
{
imports = [
./assertions.nix
(lib.mkRemovedOptionModule [ "services" ] ''
The `inventory.services` option has been removed. Use `inventory.instances` instead.
See: https://docs.clan.lol/concepts/inventory/#services
'')
];
options = {
# Internal things
@@ -415,160 +358,5 @@ in
);
default = { };
};
services = lib.mkOption {
# TODO: deprecate these options
# services are deprecated in favor of `instances`
# visible = false;
description = ''
Services of the inventory.
- The first `<name>` is the moduleName. It must be a valid clanModule name.
- The second `<name>` is an arbitrary instance name.
???+ Example
```nix
# ClanModule name. See the module documentation for the available modules.
# Instance name, can be anything, some services might use it as a unique identifier.
services.borgbackup."instance_1" = {
roles.client.machines = ["machineA"];
};
```
!!! Note
Services MUST be added to machines via `roles` exclusively.
See [`roles.<rolename>.machines`](#inventory.services.roles.machines) or [`roles.<rolename>.tags`](#inventory.services.roles.tags) for more information.
'';
default = { };
type = types.attrsOf (
types.attrsOf (
types.submodule (
# instance name
{ name, ... }:
{
options.enabled = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Enable or disable the complete service.
If the service is disabled, it will not be added to any machine.
!!! Note
This flag is primarily used to temporarily disable a service.
I.e. A 'backup service' without any 'server' might be incomplete and would cause failure if enabled.
'';
};
options.meta = metaOptionsWith name;
options.extraModules = extraModulesOption;
options.config = moduleConfig // {
description = ''
Configuration of the specific clanModule.
!!! Note
Configuration is passed to the nixos configuration scoped to the module.
```nix
clan.<serviceName> = { ... # Config }
```
???+ Example
For `services.borgbackup` the config is the passed to the machine with the prefix of `clan.borgbackup`.
This means all config values are mapped to the `borgbackup` clanModule exclusively (`config.clan.borgbackup`).
```nix
{
services.borgbackup."instance_1".config = {
destinations = [ ... ];
# See the 'borgbackup' module docs for all options
};
}
```
!!! Note
The module author is responsible for supporting multiple instance configurations in different roles.
See each clanModule's documentation for more information.
'';
};
options.machines = lib.mkOption {
description = ''
Attribute set of machines specific config for the service.
Will be merged with other service configs, such as the role config and the global config.
For machine specific overrides use `mkForce` or other higher priority methods.
???+ Example
```{.nix hl_lines="4-7"}
services.borgbackup."instance_1" = {
roles.client.machines = ["machineA"];
machines.machineA.config = {
# Additional specific config for the machine
# This is merged with all other config places
};
};
```
'';
default = { };
type = types.attrsOf (
types.submodule {
options.extraModules = extraModulesOption;
options.config = moduleConfig // {
description = ''
Additional configuration of the specific machine.
See how [`service.<name>.<name>.config`](#inventory.services.config) works in general for further information.
'';
};
}
);
};
options.roles = lib.mkOption {
default = { };
type = types.attrsOf (
types.submodule {
options.machines = lib.mkOption {
default = [ ];
type = types.listOf types.str;
example = [ "machineA" ];
description = ''
List of machines which are part of the role.
The machines are referenced by their `attributeName` in the `inventory.machines` attribute set.
Memberships are declared here to determine which machines are part of the service.
Alternatively, `tags` can be used to determine the membership, more dynamically.
'';
};
options.tags = lib.mkOption {
default = [ ];
apply = lib.unique;
type = types.listOf types.str;
description = ''
List of tags which are used to determine the membership of the role.
The tags are matched against the `inventory.machines.<machineName>.tags` attribute set.
If a machine has at least one tag of the role, it is part of the role.
'';
};
options.config = moduleConfig // {
description = ''
Additional configuration of the specific role.
See how [`service.<name>.<name>.config`](#inventory.services.config) works in general for further information.
'';
};
options.extraModules = extraModulesOption;
}
);
};
}
)
)
);
};
};
}

6
lib/modules/inventoryClass/inventory-introspection.nix
View File

@@ -11,6 +11,10 @@
default =
builtins.removeAttrs (clanLib.introspection.getPrios { options = config.inventory.options; })
# tags are freeformType which is not supported yet.
[ "tags" ];
# services is removed and throws an error if accessed.
[
"tags"
"services"
];
};
}

236
nixosModules/clanCore/postgresql/default.nix
View File

@@ -1,236 +0,0 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.clan.core.postgresql;
createDatabaseState =
db:
let
folder = "/var/backup/postgres/${db.name}";
current = "${folder}/pg-dump";
compression = lib.optionalString (lib.versionAtLeast config.services.postgresql.package.version "16") "--compress=zstd";
in
{
folders = [ folder ];
preBackupScript = ''
export PATH=${
lib.makeBinPath [
config.services.postgresql.package
config.systemd.package
pkgs.coreutils
pkgs.util-linux
pkgs.zstd
]
}
while [[ "$(systemctl is-active postgresql)" == activating ]]; do
sleep 1
done
mkdir -p "${folder}"
runuser -u postgres -- pg_dump ${compression} --dbname=${db.name} -Fc -c > "${current}.tmp"
mv "${current}.tmp" ${current}
'';
postRestoreScript = ''
export PATH=${
lib.makeBinPath [
config.services.postgresql.package
config.systemd.package
pkgs.coreutils
pkgs.util-linux
pkgs.zstd
pkgs.gnugrep
]
}
while [[ "$(systemctl is-active postgresql)" == activating ]]; do
sleep 1
done
echo "Waiting for postgres to be ready..."
while ! runuser -u postgres -- psql --port=${builtins.toString config.services.postgresql.settings.port} -d postgres -c "" ; do
if ! systemctl is-active postgresql; then exit 1; fi
sleep 0.1
done
if [[ -e "${current}" ]]; then
(
systemctl stop ${lib.concatStringsSep " " db.restore.stopOnRestore}
trap "systemctl start ${lib.concatStringsSep " " db.restore.stopOnRestore}" EXIT
mkdir -p "${folder}"
if runuser -u postgres -- psql -d postgres -c "SELECT 1 FROM pg_database WHERE datname = '${db.name}'" | grep -q 1; then
runuser -u postgres -- dropdb "${db.name}"
fi
runuser -u postgres -- pg_restore -C -d postgres "${current}"
)
else
echo No database backup found, skipping restore
fi
'';
};
createDatabase = db: ''
CREATE DATABASE "${db.name}" ${
lib.concatStringsSep " " (
lib.mapAttrsToList (name: value: "${name} = '${value}'") db.create.options
)
}
'';
userClauses = lib.mapAttrsToList (
_: user:
''$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"' ''
) cfg.users;
databaseClauses = lib.mapAttrsToList (
name: db:
lib.optionalString db.create.enable ''$PSQL -d postgres -c "SELECT 1 FROM pg_database WHERE datname = '${name}'" | grep -q 1 || $PSQL -d postgres -c ${lib.escapeShellArg (createDatabase db)} ''
) cfg.databases;
in
{
options.clan.core.postgresql = {
enable = lib.mkEnableOption "Whether to enable PostgreSQL Server";
# we are reimplemeting ensureDatabase and ensureUser options here to allow to create databases with options
databases = lib.mkOption {
description = "Databases to create";
default = { };
type = lib.types.attrsOf (
lib.types.submodule (
{ name, ... }:
{
options = {
name = lib.mkOption {
type = lib.types.str;
default = name;
description = "Database name.";
};
service = lib.mkOption {
type = lib.types.str;
default = name;
description = "Service name that we associate with the database.";
};
# set to false, in case the upstream module uses ensureDatabase option
create.enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Create the database if it does not exist.";
};
create.options = lib.mkOption {
description = "Options to pass to the CREATE DATABASE command.";
type = lib.types.lazyAttrsOf lib.types.str;
default = { };
example = {
TEMPLATE = "template0";
LC_COLLATE = "C";
LC_CTYPE = "C";
ENCODING = "UTF8";
OWNER = "foo";
};
};
restore.stopOnRestore = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "List of systemd services to stop before restoring the database.";
};
};
}
)
);
};
users = lib.mkOption {
description = "Users to create";
default = { };
type = lib.types.attrsOf (
lib.types.submodule (
{ name, ... }:
{
options.name = lib.mkOption {
description = "User name";
type = lib.types.str;
default = name;
};
}
)
);
};
};
config = lib.mkIf (config.clan.core.postgresql.enable) {
clan.core.settings.state-version.enable = true;
# services.postgresql.package = lib.mkDefault pkgs.postgresql_16;
services.postgresql.enable = true;
services.postgresql.settings = {
wal_level = "replica";
max_wal_senders = 3;
};
# We are duplicating a bit the upstream module but allow to create databases with options
systemd.services.postgresql.postStart = ''
PSQL="psql --port=${builtins.toString config.services.postgresql.settings.port}"
while ! $PSQL -d postgres -c "" 2> /dev/null; do
if ! kill -0 "$MAINPID"; then exit 1; fi
sleep 0.1
done
${lib.concatStringsSep "\n" userClauses}
${lib.concatStringsSep "\n" databaseClauses}
'';
clan.core.state = lib.mapAttrs' (
_: db: lib.nameValuePair db.service (createDatabaseState db)
) config.clan.core.postgresql.databases;
environment.systemPackages = builtins.map (
db:
let
folder = "/var/backup/postgres/${db.name}";
current = "${folder}/pg-dump";
in
pkgs.writeShellScriptBin "postgres-db-restore-command-${db.name}" ''
export PATH=${
lib.makeBinPath [
config.services.postgresql.package
config.systemd.package
pkgs.coreutils
pkgs.util-linux
pkgs.zstd
pkgs.gnugrep
]
}
while [[ "$(systemctl is-active postgresql)" == activating ]]; do
sleep 1
done
echo "Waiting for postgres to be ready..."
while ! runuser -u postgres -- psql --port=${builtins.toString config.services.postgresql.settings.port} -d postgres -c "" ; do
if ! systemctl is-active postgresql; then exit 1; fi
sleep 0.1
done
if [[ -e "${current}" ]]; then
(
${lib.optionalString (db.restore.stopOnRestore != [ ]) ''
systemctl stop ${builtins.toString db.restore.stopOnRestore}
trap "systemctl start ${builtins.toString db.restore.stopOnRestore}" EXIT
''}
mkdir -p "${folder}"
if runuser -u postgres -- psql -d postgres -c "SELECT 1 FROM pg_database WHERE datname = '${db.name}'" | grep -q 1; then
runuser -u postgres -- dropdb "${db.name}"
fi
runuser -u postgres -- pg_restore -C -d postgres "${current}"
)
else
echo No database backup found, skipping restore
fi
''
) (builtins.attrValues config.clan.core.postgresql.databases);
};
}

BIN
pkgs/clan-app/ui/logos/usb-stick-min.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.8 KiB

7
pkgs/clan-app/ui/src/hooks/api.ts
View File

@@ -1,17 +1,10 @@
import { API } from "@/api/API";
import { Schema as Inventory } from "@/api/Inventory";
export type OperationNames = keyof API;
type Services = NonNullable<Inventory["services"]>;
type ServiceNames = keyof Services;
export type OperationArgs<T extends OperationNames> = API[T]["arguments"];
export type OperationResponse<T extends OperationNames> = API[T]["return"];
export type ClanServiceInstance<T extends ServiceNames> = NonNullable<
Services[T]
>[string];
export type SuccessQuery<T extends OperationNames> = Extract<
OperationResponse<T>,
{ status: "success" }

57
pkgs/clan-app/ui/src/workflows/Install/Install.stories.tsx
View File

@@ -64,11 +64,66 @@ const mockFetcher: Fetcher = <K extends OperationNames>(
description: "Name of the gritty",
prompt_type: "line",
display: {
label: "Gritty Name",
label: "(1) Name",
group: "User",
required: true,
},
},
{
name: "gritty.foo",
description: "Name of the gritty",
prompt_type: "line",
display: {
label: "(2) Password",
group: "Root",
required: true,
},
},
{
name: "gritty.bar",
description: "Name of the gritty",
prompt_type: "line",
display: {
label: "(3) Gritty",
group: "Root",
required: true,
},
},
],
},
{
name: "funny.dodo",
prompts: [
{
name: "gritty.name",
description: "Name of the gritty",
prompt_type: "line",
display: {
label: "(4) Name",
group: "User",
required: true,
},
},
{
name: "gritty.foo",
description: "Name of the gritty",
prompt_type: "line",
display: {
label: "(5) Password",
group: "Lonely",
required: true,
},
},
{
name: "gritty.bar",
description: "Name of the gritty",
prompt_type: "line",
display: {
label: "(6) Batty",
group: "Root",
required: true,
},
},
],
},
],

17
pkgs/clan-app/ui/src/workflows/Install/steps/createInstaller.tsx
View File

@@ -19,6 +19,7 @@ import Icon from "@/src/components/Icon/Icon";
import { useSystemStorageOptions } from "@/src/hooks/queries";
import { useApiClient } from "@/src/hooks/ApiClient";
import { onMount } from "solid-js";
import cx from "classnames";
const Prose = () => (
<StepLayout
@@ -272,6 +273,7 @@ const ChooseDisk = () => {
)}
</Field>
<Alert
transparent
type="error"
icon="Info"
title="You're about to format this drive"
@@ -314,8 +316,17 @@ const FlashProgress = () => {
};
return (
<div class="flex size-full flex-col items-center justify-center bg-inv-4">
<div class="mb-6 flex w-full max-w-md flex-col items-center gap-3 fg-inv-1">
<div
class={cx(
"relative flex size-full flex-col items-center justify-center bg-inv-4",
)}
>
<img
src="/logos/usb-stick-min.png"
alt="usb logo"
class="absolute z-0 top-2"
/>
<div class="mb-6 flex w-full max-w-md flex-col items-center gap-3 fg-inv-1 z-10">
<Typography
hierarchy="title"
size="default"
@@ -327,7 +338,7 @@ const FlashProgress = () => {
<LoadingBar />
<Button
hierarchy="primary"
class="w-fit"
class="w-fit mt-3"
size="s"
onClick={handleCancel}
>

49
pkgs/clan-app/ui/src/workflows/Install/steps/installSteps.tsx
View File

@@ -60,6 +60,7 @@ const ConfigureAddress = () => {
});
const [isReachable, setIsReachable] = createSignal<string | null>(null);
const [loading, setLoading] = createSignal<boolean>(false);
const client = useApiClient();
// TODO: push values to the parent form Store
@@ -80,12 +81,15 @@ const ConfigureAddress = () => {
return;
}
setLoading(true);
const call = client.fetch("check_machine_ssh_login", {
remote: {
address,
},
});
const result = await call.result;
setLoading(false);
console.log("SSH login check result:", result);
if (result.status === "success") {
setIsReachable(address);
@@ -118,28 +122,28 @@ const ConfigureAddress = () => {
)}
</Field>
</Fieldset>
<Button
disabled={!getValue(formStore, "targetHost")}
endIcon="ArrowRight"
onClick={tryReachable}
hierarchy="secondary"
>
Test Connection
</Button>
</div>
}
footer={
<div class="flex justify-between">
<BackButton />
<NextButton
type="submit"
disabled={
<Show
when={
!isReachable() ||
isReachable() !== getValue(formStore, "targetHost")
}
fallback={<NextButton type="submit">Next</NextButton>}
>
Next
</NextButton>
<Button
endIcon="ArrowRight"
onClick={tryReachable}
hierarchy="secondary"
loading={loading()}
>
Test Connection
</Button>
</Show>
</div>
}
/>
@@ -435,7 +439,7 @@ const PromptsFields = (props: PromptsFieldsProps) => {
};
return (
<Form onSubmit={handleSubmit} class="h-full">
<Form onSubmit={handleSubmit}>
<StepLayout
body={
<div class="flex flex-col gap-2">
@@ -580,7 +584,7 @@ const InstallSummary = () => {
progress: runInstall,
}));
await runInstall.result; // Wait for the installation to finish
await runInstall.result;
stepSignal.setActiveStep("install:done");
};
@@ -645,8 +649,13 @@ const InstallProgress = () => {
);
return (
<div class="flex size-full flex-col items-center justify-center bg-inv-4">
<div class="mb-6 flex w-full max-w-md flex-col items-center gap-3 fg-inv-1">
<div class="relative flex size-full flex-col items-center justify-center bg-inv-4">
<img
src="/logos/usb-stick-min.png"
alt="usb logo"
class="absolute z-0 top-2"
/>
<div class="mb-6 flex w-full max-w-md flex-col items-center gap-3 fg-inv-1 z-10">
<Typography
hierarchy="title"
size="default"
@@ -655,10 +664,11 @@ const InstallProgress = () => {
>
Machine is beeing installed
</Typography>
<LoadingBar />
<Typography
hierarchy="label"
size="default"
class="py-2"
class=""
color="secondary"
inverted
>
@@ -694,10 +704,9 @@ const InstallProgress = () => {
</Match>
</Switch>
</Typography>
<LoadingBar />
<Button
hierarchy="primary"
class="w-fit"
class="w-fit mt-3"
size="s"
onClick={handleCancel}
>

1
pkgs/clan-cli/clan_cli/conftest.py
View File

@@ -11,5 +11,4 @@ pytest_plugins = [
"clan_cli.tests.runtime",
"clan_cli.tests.fixtures_flakes",
"clan_cli.tests.stdout",
"clan_cli.tests.nix_config",
]

24
pkgs/clan-cli/clan_cli/tests/nix_config.py
View File

@@ -1,24 +0,0 @@
import json
import subprocess
from dataclasses import dataclass
import pytest
@dataclass
class ConfigItem:
aliases: list[str]
defaultValue: bool # noqa: N815
description: str
documentDefault: bool # noqa: N815
experimentalFeature: str # noqa: N815
value: str | bool | list[str] | dict[str, str]
@pytest.fixture(scope="session")
def nix_config() -> dict[str, ConfigItem]:
proc = subprocess.run(
["nix", "config", "show", "--json"], check=True, stdout=subprocess.PIPE
)
data = json.loads(proc.stdout)
return {name: ConfigItem(**c) for name, c in data.items()}

2
pkgs/clan-cli/clan_cli/tests/test_backups.py
View File

@@ -3,7 +3,7 @@ from clan_cli.tests.fixtures_flakes import FlakeForTest
from clan_cli.tests.helpers import cli
@pytest.mark.impure
@pytest.mark.with_core
def test_backups(
test_flake_with_core: FlakeForTest,
) -> None:

4
pkgs/clan-cli/clan_cli/tests/test_flake/flake.nix
View File

@@ -6,9 +6,7 @@
inputs':
let
# fake clan-core input
fake-clan-core = {
clanModules.fake-module = ./fake-module.nix;
};
fake-clan-core = { };
inputs = inputs' // {
clan-core = fake-clan-core;
};

2
pkgs/clan-cli/clan_cli/tests/test_flakes_cli.py
View File

@@ -9,7 +9,7 @@ if TYPE_CHECKING:
pass
@pytest.mark.impure
@pytest.mark.with_core
def test_flakes_inspect(
test_flake_with_core: FlakeForTest, capture_output: CaptureOutput
) -> None:

44
pkgs/clan-cli/clan_cli/tests/test_inventory.py
View File

@@ -1,44 +0,0 @@
from clan_lib.nix_models.clan import Inventory
from clan_lib.nix_models.clan import InventoryMachine as Machine
from clan_lib.nix_models.clan import InventoryMeta as Meta
from clan_lib.nix_models.clan import InventoryService as Service
def test_make_meta_minimal() -> None:
# Name is required
res = Meta(
{
"name": "foo",
}
)
assert res == {"name": "foo"}
def test_make_inventory_minimal() -> None:
# Meta is required
res = Inventory(
{
"meta": Meta(
{
"name": "foo",
}
),
}
)
assert res == {"meta": {"name": "foo"}}
def test_make_machine_minimal() -> None:
# Empty is valid
res = Machine({})
assert res == {}
def test_make_service_minimal() -> None:
# Empty is valid
res = Service({})
assert res == {}

1
pkgs/clan-cli/clan_cli/tests/test_inventory_serde.py
View File

@@ -53,7 +53,6 @@ def test_inventory_deserialize_variants(
# Check that all keys are present
assert "meta" in inventory
assert "machines" in inventory
assert "services" in inventory
# assert "tags" in inventory
# assert "modules" in inventory
assert "instances" in inventory

2
pkgs/clan-cli/clan_cli/tests/test_secrets_generate.py
View File

@@ -14,7 +14,7 @@ if TYPE_CHECKING:
from .age_keys import KeyPair
@pytest.mark.impure
@pytest.mark.with_core
def test_generate_secret(
monkeypatch: pytest.MonkeyPatch,
test_flake_with_core: FlakeForTest,

67
pkgs/clan-cli/clan_cli/tests/test_vars_deployment.py
View File

@@ -7,24 +7,23 @@ import pytest
from clan_cli.tests.age_keys import SopsSetup
from clan_cli.tests.fixtures_flakes import ClanFlake
from clan_cli.tests.helpers import cli
from clan_cli.tests.nix_config import ConfigItem
from clan_cli.vms.run import inspect_vm, spawn_vm
from clan_lib import cmd
from clan_lib.flake import Flake
from clan_lib.machines.machines import Machine
from clan_lib.nix import nix_eval, run
from clan_lib.nix import nix_config, nix_eval, run
@pytest.mark.impure
@pytest.mark.skipif(sys.platform == "darwin", reason="preload doesn't work on darwin")
def test_vm_deployment(
flake: ClanFlake,
nix_config: dict[str, ConfigItem],
sops_setup: SopsSetup,
) -> None:
# machine 1
config = nix_config()
machine1_config = flake.machines["m1_machine"]
machine1_config["nixpkgs"]["hostPlatform"] = nix_config["system"].value
machine1_config["nixpkgs"]["hostPlatform"] = config["system"]
machine1_config["clan"]["virtualisation"]["graphics"] = False
machine1_config["services"]["getty"]["autologinUser"] = "root"
machine1_config["services"]["openssh"]["enable"] = True
@@ -48,19 +47,6 @@ def test_vm_deployment(
echo hello > "$out"/shared_secret
echo hello > "$out"/no_deploy_secret
"""
# machine 2
machine2_config = flake.machines["m2_machine"]
machine2_config["nixpkgs"]["hostPlatform"] = nix_config["system"].value
machine2_config["clan"]["virtualisation"]["graphics"] = False
machine2_config["services"]["getty"]["autologinUser"] = "root"
machine2_config["services"]["openssh"]["enable"] = True
machine2_config["users"]["users"]["root"]["openssh"]["authorizedKeys"]["keys"] = [
# put your key here when debugging and pass ssh_port in run_vm_in_thread call below
]
machine2_config["networking"]["firewall"]["enable"] = False
machine2_config["clan"]["core"]["vars"]["generators"]["my_shared_generator"] = (
m1_shared_generator.copy()
)
flake.refresh()
@@ -68,17 +54,16 @@ def test_vm_deployment(
cli.run(["vars", "generate", "--flake", str(flake.path)])
# check sops secrets not empty
for machine in ["m1_machine", "m2_machine"]:
sops_secrets = json.loads(
run(
nix_eval(
[
f"{flake.path}#nixosConfigurations.{machine}.config.sops.secrets",
]
)
).stdout.strip()
)
assert sops_secrets != {}
sops_secrets = json.loads(
run(
nix_eval(
[
f"{flake.path}#nixosConfigurations.m1_machine.config.sops.secrets",
]
)
).stdout.strip()
)
assert sops_secrets != {}
my_secret_path = run(
nix_eval(
[
@@ -87,28 +72,23 @@ def test_vm_deployment(
)
).stdout.strip()
assert "no-such-path" not in my_secret_path
for machine in ["m1_machine", "m2_machine"]:
shared_secret_path = run(
nix_eval(
[
f"{flake.path}#nixosConfigurations.{machine}.config.clan.core.vars.generators.my_shared_generator.files.shared_secret.path",
]
)
).stdout.strip()
assert "no-such-path" not in shared_secret_path
shared_secret_path = run(
nix_eval(
[
f"{flake.path}#nixosConfigurations.m1_machine.config.clan.core.vars.generators.my_shared_generator.files.shared_secret.path",
]
)
).stdout.strip()
assert "no-such-path" not in shared_secret_path
# run nix flake lock
cmd.run(["nix", "flake", "lock"], cmd.RunOpts(cwd=flake.path))
vm1_config = inspect_vm(machine=Machine("m1_machine", Flake(str(flake.path))))
vm2_config = inspect_vm(machine=Machine("m2_machine", Flake(str(flake.path))))
with ExitStack() as stack:
vm1 = stack.enter_context(spawn_vm(vm1_config, stdin=subprocess.DEVNULL))
vm2 = stack.enter_context(spawn_vm(vm2_config, stdin=subprocess.DEVNULL))
qga_m1 = stack.enter_context(vm1.qga_connect())
qga_m2 = stack.enter_context(vm2.qga_connect())
# run these always successful commands to make sure all vms have started before continuing
qga_m1.run(["echo"])
qga_m2.run(["echo"])
# check my_secret is deployed
result = qga_m1.run(["cat", "/run/secrets/vars/m1_generator/my_secret"])
assert result.stdout == "hello\n"
@@ -117,11 +97,6 @@ def test_vm_deployment(
["cat", "/run/secrets/vars/my_shared_generator/shared_secret"]
)
assert result.stdout == "hello\n"
# check shared_secret is deployed on m2
result = qga_m2.run(
["cat", "/run/secrets/vars/my_shared_generator/shared_secret"]
)
assert result.stdout == "hello\n"
# check no_deploy_secret is not deployed
result = qga_m1.run(
["test", "-e", "/run/secrets/vars/my_shared_generator/no_deploy_secret"],

2
pkgs/clan-cli/clan_cli/tests/test_vms_cli.py
View File

@@ -15,7 +15,7 @@ if TYPE_CHECKING:
no_kvm = not Path("/dev/kvm").exists()
@pytest.mark.impure
@pytest.mark.with_core
def test_inspect(
test_flake_with_core: FlakeForTest, capture_output: CaptureOutput
) -> None:

9
pkgs/clan-cli/clan_lib/nix_models/clan.py
View File

@@ -97,18 +97,10 @@ class InventoryMeta(TypedDict):
class InventoryService(TypedDict):
pass
InventoryInstancesType = dict[str, InventoryInstance]
InventoryMachinesType = dict[str, InventoryMachine]
InventoryMetaType = InventoryMeta
InventoryModulesType = dict[str, dict[str, Any] | list[Any] | bool | float | int | str | None]
InventoryServicesType = dict[str, InventoryService]
InventoryTagsType = dict[str, list[str]]
class Inventory(TypedDict):
@@ -116,7 +108,6 @@ class Inventory(TypedDict):
machines: NotRequired[InventoryMachinesType]
meta: NotRequired[InventoryMetaType]
modules: NotRequired[InventoryModulesType]
services: NotRequired[InventoryServicesType]
tags: NotRequired[InventoryTagsType]

5
pkgs/clan-cli/clan_lib/persist/inventory_store.py
View File

@@ -11,7 +11,6 @@ from clan_lib.nix_models.clan import (
InventoryInstancesType,
InventoryMachinesType,
InventoryMetaType,
InventoryServicesType,
InventoryTagsType,
)
@@ -106,7 +105,6 @@ class InventorySnapshot(TypedDict):
machines: NotRequired[InventoryMachinesType]
instances: NotRequired[InventoryInstancesType]
meta: NotRequired[InventoryMetaType]
services: NotRequired[InventoryServicesType]
tags: NotRequired[InventoryTagsType]
@@ -163,7 +161,8 @@ class InventoryStore:
return sanitized
def get_readonly_raw(self) -> Inventory:
return self._flake.select("clanInternals.inventoryClass.inventory")
attrs = "{" + ",".join(self._keys) + "}"
return self._flake.select(f"clanInternals.inventoryClass.inventory.{attrs}")
def _get_persisted(self) -> InventorySnapshot:
"""

8
pkgs/clan-cli/clan_lib/persist/inventory_store_test.py
View File

@@ -101,7 +101,7 @@ def test_simple_read_write(setup_test_files: Path) -> None:
store = InventoryStore(
flake=MockFlake(nix_file),
inventory_file_name=json_file.name,
_keys=[], # disable toplevel filtering
_keys=["foo", "protected"],
)
store._flake.invalidate_cache()
data: dict = store.read() # type: ignore
@@ -149,7 +149,7 @@ def test_simple_deferred(setup_test_files: Path) -> None:
inventory_file_name=json_file.name,
# Needed to allow auto-transforming deferred modules
_allowed_path_transforms=["foo.*"],
_keys=[], # disable toplevel filtering
_keys=["foo"], # disable toplevel filtering
)
data = store.read()
@@ -230,7 +230,7 @@ def test_manipulate_list(setup_test_files: Path) -> None:
store = InventoryStore(
flake=MockFlake(nix_file),
inventory_file_name=json_file.name,
_keys=[], # disable toplevel filtering
_keys=["empty", "predefined"],
)
data = store.read()
@@ -275,7 +275,7 @@ def test_static_list_items(setup_test_files: Path) -> None:
store = InventoryStore(
flake=MockFlake(nix_file),
inventory_file_name=json_file.name,
_keys=[], # disable toplevel filtering
_keys=["empty", "predefined"],
)
data = store.read()

9
pkgs/clan-cli/clan_lib/tests/test_create.py
View File

@@ -5,7 +5,7 @@ import shutil
import sys
from dataclasses import dataclass
from pathlib import Path
from typing import Any, cast
from typing import cast
import clan_cli.clan.create
import pytest
@@ -26,7 +26,6 @@ from clan_lib.nix import nix_command
from clan_lib.nix_models.clan import (
InventoryInstancesType,
InventoryMachine,
InventoryServicesType,
Unknown,
)
from clan_lib.nix_models.clan import InventoryMachineDeploy as MachineDeploy
@@ -41,7 +40,6 @@ log = logging.getLogger(__name__)
@dataclass
class InventoryWrapper:
services: InventoryServicesType
instances: InventoryInstancesType
@@ -65,8 +63,6 @@ def create_base_inventory(ssh_keys_pairs: list[SSHKeyPair]) -> InventoryWrapper:
ssh_keys.append(InvSSHKeyEntry(f"user_{num}", ssh_key.public.read_text()))
"""Create the base inventory structure."""
legacy_services: dict[str, Any] = {}
instances = InventoryInstancesType(
{
"admin-inst": {
@@ -88,7 +84,7 @@ def create_base_inventory(ssh_keys_pairs: list[SSHKeyPair]) -> InventoryWrapper:
}
)
return InventoryWrapper(services=legacy_services, instances=instances)
return InventoryWrapper(instances=instances)
# TODO: We need a way to calculate the narHash of the current clan-core
@@ -212,7 +208,6 @@ def test_clan_create_api(
== "clan-core/admin"
)
set_value_by_path(inventory, "services", inventory_conf.services)
set_value_by_path(inventory, "instances", inventory_conf.instances)
store.write(
inventory,

5
pkgs/clan-cli/default.nix
View File

@@ -17,6 +17,8 @@
pythonRuntime,
setupNixInNix,
templateDerivation,
zerotierone,
minifakeroot,
}:
let
pyDeps = ps: [
@@ -215,7 +217,10 @@ pythonRuntime.pkgs.buildPythonApplication {
pkgs.mkpasswd
pkgs.xkcdpass
pkgs.pass
zerotierone
minifakeroot
nix-select
../../nixosModules/clanCore/zerotier/generate.py
# needed by flash list tests
nixpkgs.legacyPackages.x86_64-linux.kbd

11
pkgs/clan-cli/flake-module.nix
View File

@@ -16,13 +16,14 @@
clanCoreWithVendoredDeps = self'.packages.clan-core-flake.override {
clanCore = self.filter {
include = [
"clanModules"
"flakeModules"
"lib"
"nixosModules"
"flake.lock"
"templates"
"clanServices"
"pkgs/zerotierone"
"pkgs/minifakeroot"
];
};
};
@@ -44,6 +45,7 @@
clan-cli = pkgs.callPackage ./default.nix {
inherit (inputs) nixpkgs nix-select;
inherit (self.legacyPackages.${system}) setupNixInNix;
inherit (self'.packages) zerotierone minifakeroot;
templateDerivation = templateDerivation;
pythonRuntime = pkgs.python3;
clan-core-path = clanCoreWithVendoredDeps;
@@ -55,6 +57,7 @@
clan-cli-full = pkgs.callPackage ./default.nix {
inherit (inputs) nixpkgs nix-select;
inherit (self.legacyPackages.${system}) setupNixInNix;
inherit (self'.packages) zerotierone minifakeroot;
clan-core-path = clanCoreWithVendoredDeps;
templateDerivation = templateDerivation;
pythonRuntime = pkgs.python3;
@@ -96,12 +99,6 @@
# It treats it not as the type of an empty object, but as non-nullish.
# Should be fixed in json2ts: https://github.com/bcherny/json-schema-to-typescript/issues/557
sed -i -e 's/{}/Record<string, never>/g' $out/API.ts
# Retrieve python API Typescript types
# delete the reserved tags from typechecking because the conversion library doesn't support them
jq 'del(.properties.tags.properties)' ${self'.legacyPackages.schemas.inventory}/schema.json > schema.json
json2ts --input schema.json > $out/Inventory.ts
cp ${self'.legacyPackages.schemas.inventory}/* $out
'';
};
clan-lib-openapi = pkgs.stdenv.mkDerivation {