2025-04-09 Clan Weekly Changelog

Clan is a toolkit that makes it easier to manage networks of VPN-connected NixOS machines.
The ultimate goal is to lower the barrier to self-host services massively to allow anyone to achieve this without special hardware. As of now using clan still requires NixOS knowledge but already nicely combines a bunch of our open-source project that you may know (nixos-anywhere, sops-nix, nixos-generators, disko, …) in a uniform CLI.

Changelog

• Blog article: Design preview of a clan UI builder: How to Democratise DevOps | Clan @amunsen
• Add basic support for managing Mac machines with Clan @Enzime
  • clan machines update <machine> is not supported yet
  • clan machines update will ignore Macs
• Added support for multiple user keys when using SOPS in secrets @brianmcgee
  • PR ready, just working through some build issues with installation test
  • Will tackle age plugin support via SOPS once this is merged
• NixOS Facter @brianmcgee @Mic92
  • added a —version flag
  • bumped hwinfo input
  • made some report entries ephemeral by default
  • changed default logging to nothing
  • fixed usages of default in option definitions which was breaking docs eval in clan-core
  • added minimal udev version check feat: add a check for a minimal udev version by brianmcgee · Pull Request #194 · nix-community/nixos-facter · GitHub
  • Open PRs:
    • report changes to address the fact Nix only supports signed int64 fix: nix cannot support uint64 by brianmcgee · Pull Request #193 · nix-community/nixos-facter · GitHub
• General CI improvements @Mic92
  • Made installation test faster and more stable
  • Remove 50 buildsteps out of (244 - 180), less scheduling
  • More test stability by reducing build workers to (now half the CPU counts)
• Fixed a performance bug in Nix that when trying to access Nix store path with flakes @Mic92
  • create cache entry for paths already in the nix store by Mic92 · Pull Request #12911 · NixOS/nix · GitHub This is now merged in nixpkgs
• Migrate user-password to vars @Mic92
• Data Mesher @brianmcgee @pinpox
  • Integration testing with real-world Clans is blocked
    • @pinpox is resolving an issue with zerotier before he can test data-mesher in his personal Clan
    • @brianmcgee is working through extending Clan core to be able to support moving his personal setup to Clan.
      • Blockers are:
        • Multiple keys per user in secrets
        • Age plugins support with secrets (Yubikey)
  • If anyone else wants to give it a stab in the meantime, feel free
• Migrate ZeroTier to the new clan.services @hsjobeki @Enzime
  • Seems to work so far, now migrating from facts to vars
  • Blocked by vars testing
  • Discovered that ZeroTier is completely untested → testing seems urgent
• Many small internal refactorings @hsjobeki
  • rename clan-core.lib to clanLib
  • move test folder into clan_cli project @a-kenji, @hsjobeki
  • add inventory as fixture parameter for pytest fixture: ‘flake_with_clan_core’ (empty by default)
• Inventory additions @hsjobeki
  • started new ‘clan.service’ documentation - This module system will replace the prior ‘clanModules’
  • introduce extendSettings instead of a functor. Downside, settings can only be extended once, but functors are too weird.
  • Init clan/python tests for testing interaction between nix <→ python
  • Trying to fix and extend our nixos testframework to support vars with inventory
• Migrated all vpn bench modules to the new inventory @Qubasa
  • Made benchmark fallible to support unsupported benchmarks by some VPNs @Qubasa
  • New VPN Clan module Hyprspace!! Can be included remotely too!
• New ADR init Always Call the Correct Clan Version from Flake Input @Qubasa
• Inventory test framework is up - example @DavHau

Join us on matrix.