Stage 4e, take 2. Point the clan-community input at our fork's branch
that sanitizes machine.name for data-mesher's file-name validator
(upstream PR: clan/clan-community#25). Revisit this pin once merged.
- flake.nix: clan-community.url → fork + fix branch
- flake-modules/clan.nix: re-adds meta.domain = "clan",
inventory.instances.data-mesher (sunken-ship bootstrap, both default),
inventory.instances.dm-pull-deploy (sunken-ship push, both default
action="switch"), and clanHostsModule that puts /etc/hosts entries
for <host>.clan → each machine's ZT IPv6 so libp2p multiaddr
resolution works without a clan-domain DNS server.
- Generator vars for data-mesher + dm-pull-deploy signing keys were
regenerated on sunken-ship (data-mesher isn't packaged for
aarch64-darwin, so clan vars generate runs on Linux).
Stage 4e-a of the clan migration. Set up signed-file gossip
(data-mesher, experimental, clan-core) and pull-based NixOS deploy
(dm-pull-deploy, experimental, clan-community) across both servers.
- sunken-ship is the data-mesher bootstrap node + dm-pull-deploy push
role; phantom-ship joins via /dns/sunken-ship.clan/tcp/7946/... — the
hostname resolves via /etc/hosts (clanHostsModule) to sunken-ship's
ZT IPv6 since we don't run a DNS server for the clan domain.
- Both machines run the dm-pull-deploy default role with
action="switch": they watch /var/lib/data-mesher/files/home/
dm_pull_deploy/target and nixos-rebuild switch against the pushed
git+…?rev=…&narHash=… flake ref on each change.
- Signing keys (shared + per-host status) generated via clan vars
generate, ran on sunken-ship because data-mesher isn't packaged for
aarch64-darwin.
The legacy dotfiles-rebuild timer stays installed as a fallback until
dm-pull-deploy is proven; a smart push timer on sunken-ship (calls
dm-send-deploy only when origin/main moves) comes next.
