2025-03-05 Clan Changelog

Clan is a toolkit that makes it easier to manage networks of VPN-connected NixOS machines.
The ultimate goal is to lower the barrier to self-host services massively to allow anyone to achieve this without special hardware. As of now using clan still requires NixOS knowledge but already
nicely combines a bunch of our open-source project that you may know (nixos-anywhere, sops-nix, nixos-generators, disko, …) in a uniform CLI.

Added

• passage support for out-of-band, age-encrypted secrets.
• New demo ISO that generates all necessary secrets on boot.
• Test to ensure clan machine install --update-hardware-config works.
• New evaluation caching infrastructure and comparisons
  

In Progress / Research

• Started work on peer-to-peer updates.
• Initial research on:
  • Netboot/PXE boot.
  • Secure Boot.
  • Fully automated VPN benchmarks.
  • Debugging capabilities for clanModules.
• Created mockups for a TUI.

Fixes

• Zerotier: Fixed build for macOS.
• Race condition: Fixed issue in Flake prefetch class.
• Git repositories: Fixed clan flakes create inside git repos.
• Function fix: Fixed copy_from_nixstore and added more tests for clan templates.
• VM Output: Fixed clan vms run garbled output issue.

Improvements

• Created an inventory ADR/proposal for the new inventory interface.
• Data Mesher:
  • New documentation deployed at data-mesher.docs.clan.lol.
  • Added support for per-network encryption keys.
  • Refinements to config and NixOS module.
  • Added simulation-style testing.
  • Started using ADRs to document project state and historical decisions.
• Guides:
  • Improved Disk Encryption Guide.
  • Improved Debugging Guide.
• Implemented nixos-anywhere phases API into clan.

Contributors

• Welcomed a new first-time contributor: vdbe.