Machines

Manage machines and their configuration

Usage: clan machines

Commands

  • b:

  • build:

  • create:

  • delete:

  • generations: list generations of machines

  • init-hardware-config: This command will use kexec to boot the target into a minimal NixOS environment to gather the hardware information.If you want to manually ssh into the target after this command use ssh root@<ip> -i ~/.config/clan/nixos-anywhere/keys/id_ed25519

    The target must be a Linux based system reachable via SSH.

  • install: Install a configured machine over the network.The target must be a Linux based system reachable via SSH. Installing a machine means overwriting the target's disk.

  • list:

  • u:

  • update:

  • update-hardware-config: Generates hardware specifics for a machine.Such as the host platform, available kernel modules, etc. The target must be a Linux based system reachable via SSH.

This subcommand provides an interface to machines managed by Clan.

Examples

$ clan machines list

List all the machines managed by Clan.

$ clan machines update [MACHINES]

Will update the specified machines [MACHINES], if [MACHINES] is omitted, the command will attempt to update every configured machine.

$ clan machines install [MACHINE] --target-host [TARGET_HOST]

Will install the specified machine [MACHINE] to the specified [TARGET_HOST]. If the --target-host flag is omitted will try to find host information by checking the deployment configuration inside the specified machine.

Machines b

Usage: clan machines b

Positional arguments
  1. machines: <MACHINE> Machine(s) to build. If no machines are specified, all machines will be built.
Options
  • --tags: Tags that machines should be queried for. Multiple tags will intersect.
  • --format: (Default: toplevel) Build format: 'toplevel' for special builds, or any format name for config.system.build.images.{format} (e.g., 'iso', 'sd-card'). Default: %(default)s.
  • --dry-run: Perform a dry run to validate the configuration without actually building.
  • --no-link: Do not create result symlinks.
  • --no-secrets: Do not embed secrets into the built image. By default, image formats (e.g., iso) embed the machine's secret decryption key.
  • --no-sandbox: Disable sandboxing when executing generators and image scripts. WARNING: potentially executing untrusted code from external clan modules.
  • --system: Target system to build for (e.g. 'x86_64-linux', 'aarch64-linux'). Routes the build through clanInternals.machines.., which mkForces nixpkgs.hostPlatform to . Use for installer-style machines that don't pin nixpkgs.hostPlatform; for normal machines, omit and let the machine's own hostPlatform win.
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Machines build

Usage: clan machines build

Positional arguments
  1. machines: <MACHINE> Machine(s) to build. If no machines are specified, all machines will be built.
Options
  • --tags: Tags that machines should be queried for. Multiple tags will intersect.
  • --format: (Default: toplevel) Build format: 'toplevel' for special builds, or any format name for config.system.build.images.{format} (e.g., 'iso', 'sd-card'). Default: %(default)s.
  • --dry-run: Perform a dry run to validate the configuration without actually building.
  • --no-link: Do not create result symlinks.
  • --no-secrets: Do not embed secrets into the built image. By default, image formats (e.g., iso) embed the machine's secret decryption key.
  • --no-sandbox: Disable sandboxing when executing generators and image scripts. WARNING: potentially executing untrusted code from external clan modules.
  • --system: Target system to build for (e.g. 'x86_64-linux', 'aarch64-linux'). Routes the build through clanInternals.machines.., which mkForces nixpkgs.hostPlatform to . Use for installer-style machines that don't pin nixpkgs.hostPlatform; for normal machines, omit and let the machine's own hostPlatform win.
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Machines create

Usage: clan machines create

Positional arguments
  1. machine_name: The name of the machine to create
Options
  • --tags: Tags to associate with the machine. Can be used to assign multiple machines to services.
  • --target-host: Address of the machine to install and update, in the format of user@host:1234
  • -t, --template: (Default: new-machine) Reference to the template to use for the machine. default="new-machine". In the format <flake_ref>#template_name Where <flake_ref> is a flake reference (e.g. github:org/repo) or a local path (e.g. '.' ). Omitting <flake_ref># will use the builtin templates (e.g. just 'new-machine' from clan-core ).
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Machines delete

Usage: clan machines delete

Positional arguments
  1. name:
Options
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Machines generations

list generations of machines

Usage: clan machines generations

Positional arguments
  1. machines: <MACHINE> Machine to update. If no machines are specified, all machines that don't require explicit updates will be updated.
Options
  • --tags: Tags that machines should be queried for. Multiple tags will intersect.
  • --host-key-check: (Default: ask) Host key (.ssh/known_hosts) check mode.
  • --target-host: Address of the machine to update, in the format of user@host:1234.
  • --skip-outdated-check: Skip checking if the current generation is outdated (faster).
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Machines init-hardware-config

This command will use kexec to boot the target into a minimal NixOS environment to gather the hardware information. If you want to manually ssh into the target after this command use ssh root@<ip> -i ~/.config/clan/nixos-anywhere/keys/id_ed25519

The target must be a Linux based system reachable via SSH.

Usage: clan machines init-hardware-config

Positional arguments
  1. machine: the name of the machine
Options
  • --target-host: ssh address to install to in the form of user@host:2222
  • -y, --yes: do not ask for confirmation.
  • --host-key-check: (Default: ask) Host key (.ssh/known_hosts) check mode.
  • --password: Pre-provided password the cli will prompt otherwise if needed.
  • --backend: (Default: nixos-facter) The type of hardware report to generate.
  • -i: specify which SSH private key file to use
  • --kexec: use another kexec tarball to bootstrap NixOS
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Machines install

Install a configured machine over the network. The target must be a Linux based system reachable via SSH. Installing a machine means overwriting the target's disk.

Usage: clan machines install

Positional arguments
  1. machine: machine to install
Options
  • --kexec: use another kexec tarball to bootstrap NixOS
  • --no-reboot: do not reboot after installation (deprecated)
  • --host-key-check: (Default: ask) Host key (.ssh/known_hosts) check mode.
  • --build-on: where to build the NixOS configuration
  • --yes: do not ask for confirmation
  • --update-hardware-config: (Default: none) Update the hardware configuration (auto-prompted if missing in interactive mode)
  • --no-persist-state: Disable persisting the result of the installation after it is done
  • --phases: comma separated list of phases to run. Default is: kexec,disko,install,reboot
  • -j, --json: specify the json file for ssh data (generated by starting the clan installer)
  • --target-host: ssh address to install to in the form of user@host:2222
  • --password: specify the password for the ssh connection (generated by starting the clan installer)
  • -i: specify which SSH private key file to use
  • -P, --png: specify the json file for ssh data as the qrcode image (generated by starting the clan installer)
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Machines list

Usage: clan machines list

Options
  • --tags: Tags that machines should be queried for. Multiple tags will intersect.
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Machines u

Usage: clan machines u

Positional arguments
  1. machines: <MACHINE> Machine to update. If no machines are specified, all machines that don't require explicit updates will be updated.
Options
  • --tags: Tags that machines should be queried for. Multiple tags will intersect.
  • --host-key-check: (Default: ask) Host key (.ssh/known_hosts) check mode.
  • --target-host: Address of the machine to update, in the format of user@host:1234.
  • --build-host: The machine on which to build the machine configuration. Pass 'localhost' to build on the local machine, or an ssh address like user@host:1234
  • --upload-inputs: Upload all flake inputs from the local machine instead of the build host/target host. This is useful if downloading the inputs requires authentication which is only available to the local machine
  • --specialisation: Activate a NixOS specialisation on the target machine. Specialisations are named, pre-built alternative system configurations that can be switched to without rebuilding. See specialisations guide
  • --no-check: Skip NixOS pre-switch safety checks (switch inhibitors). Use when you know the live switch is safe despite critical component changes. Equivalent to setting NIXOS_NO_CHECK=1.
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Machines update

Usage: clan machines update

Positional arguments
  1. machines: <MACHINE> Machine to update. If no machines are specified, all machines that don't require explicit updates will be updated.
Options
  • --tags: Tags that machines should be queried for. Multiple tags will intersect.
  • --host-key-check: (Default: ask) Host key (.ssh/known_hosts) check mode.
  • --target-host: Address of the machine to update, in the format of user@host:1234.
  • --build-host: The machine on which to build the machine configuration. Pass 'localhost' to build on the local machine, or an ssh address like user@host:1234
  • --upload-inputs: Upload all flake inputs from the local machine instead of the build host/target host. This is useful if downloading the inputs requires authentication which is only available to the local machine
  • --specialisation: Activate a NixOS specialisation on the target machine. Specialisations are named, pre-built alternative system configurations that can be switched to without rebuilding. See specialisations guide
  • --no-check: Skip NixOS pre-switch safety checks (switch inhibitors). Use when you know the live switch is safe despite critical component changes. Equivalent to setting NIXOS_NO_CHECK=1.
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable

Machines update-hardware-config

Generates hardware specifics for a machine. Such as the host platform, available kernel modules, etc. The target must be a Linux based system reachable via SSH.

Usage: clan machines update-hardware-config

Positional arguments
  1. machine: the name of the machine
Options
  • --target-host: ssh address to install to in the form of user@host:2222
  • -y, --yes: do not ask for confirmation.
  • --host-key-check: (Default: ask) Host key (.ssh/known_hosts) check mode.
  • --password: Pre-provided password the cli will prompt otherwise if needed.
  • --backend: (Default: nixos-facter) The type of hardware report to generate.
  • -i: specify which SSH private key file to use
  • --debug: Enable debug logging
  • --option: <('name', 'value')> Nix option to set
  • --flake: <PATH> path to the flake where the clan resides in, can be a remote flake or local, can be set through the [CLAN_DIR] environment variable