Machine names are immutable by design. Once a name hits your infrastructure, it becomes deeply embedded in secrets, vars, service references, and other machines' configs. Best practice in DevOps is to burn a name. If you decommission a machine, retire the name with it and pick a fresh one for its replacement.
If you still need to deeply rename a machine, the steps below will get you there.
Renaming oldbox to newbox.
| Place | Path |
|---|---|
| Machine directory | machines/<name>/ |
| Vars | vars/per-machine/<name>/ |
| Inventory | flake.nix, inventory.machines, inventory.instances |
| Other machines | .nix files that mention this machine by name |
| Secrets | sops/ directories and symlinks, passage, etc. |
grep -rn "oldbox" --include="*.nix" --include="*.json" .Zero hits outside the machine's own directory means a simple rename (steps 2 to 5).
mv -T machines/oldbox machines/newboxClan discovers machines by directory name.
The -T flag prevents mv from putting oldbox inside an existing newbox directory.
rename.shOLDNAME=nas
NEWNAME=bob
mv -T vars/per-machine/$OLDNAME vars/per-machine/$NEWNAME
for d in sops/secrets/$OLDNAME-*; do
mv -T "$d" "${d/$OLDNAME-/$NEWNAME-}"
done
# fixup symlinks
find sops/ -type l -lname "*machines/$OLDNAME*" | while read link; do
dir=$(dirname "$link")
target=$(readlink "$link" | sed "s|machines/$OLDNAME|machines/$NEWNAME|")
rm "$link"
ln -s "$target" "$dir/$NEWNAME"
done
find vars/ -type l -lname "*machines/$OLDNAME*" | while read link; do
dir=$(dirname "$link")
target=$(readlink "$link" | sed "s|machines/$OLDNAME|machines/$NEWNAME|")
rm "$link"
ln -s "$target" "$dir/$NEWNAME"
done If you are using password-store instead of sops do this
OLDNAME=oldbox
NEWNAME=newbox
mv -T vars/per-machine/$OLDNAME vars/per-machine/$NEWNAME
for d in sops/secrets/$OLDNAME-*; do
mv -T "$d" "${d/$OLDNAME-/$NEWNAME-}"
done
# If you use 'pass'
pass mv machines/oldbox machines/newbox
# If you use 'passage'
passage mv machines/oldbox machines/newboxIn machines/newbox/configuration.nix:
- networking.hostName = "oldbox";
+ networking.hostName = "newbox";If you set targetHost:
- clan.core.networking.targetHost = "root@oldbox";
+ clan.core.networking.targetHost = "root@newbox";Rename the machine key and fix service role assignments in flake.nix:
inventory = {
machines = {
- oldbox.tags = [ "server" ];
+ newbox.tags = [ "server" ];
};
instances = {
some-service = {
roles.server.machines = {
- oldbox = {};
+ newbox = {};
};
};
};
};Go through the grep output from step 1 and update every reference in other machines' configs, shared modules, DNS zone files, nginx configs, etc.
Check nothing is left:
grep -rn "oldbox" --include="*.nix" --include="*.json" . | grep -v '.git/'git add --allclan machines listVerify newbox appears and oldbox does not.
After renaming, vars may be out of date. Regenerate them for your entire clan:
clan vars generate --regenerateOr, if you prefer to limit the scope, regenerate only for the affected machines:
clan vars generate newbox --regenerateVars (secrets, keys, tokens) may contain references to the old machine name or may have been generated in a context that assumed the old name. Regenerating ensures everything is consistent with the new name.
clan vars list newbox
nix eval .#nixosConfigurations.newbox.config.networking.hostName
nix eval .#nixosConfigurations.newbox.config.system.build.toplevel.drvPath
find sops/ vars/ -type l ! -exec test -e {} \; -print 2>/dev/null
# Check for any broken symlink
grep -rn "oldbox" --include="*.nix" --include="*.json" . | grep -v '.git/'
# Check if the old name is still referenced