Release 25.11
We are excited to announce the first stable release of Clan! 
Going forward, we will release branches of Clan based on each stable NixOS release. The release branches will continue to receive backports for essential bug fixes and security updates, and great care will be taken to avoid introducing breaking changes.
To access more recent changes in Clan or nixpkgs, the unstable branch will
still be available.
Since Clan is tightly coupled to NixOS, users are expected to use the
corresponding stable nixpkgs input branch. Breaking changes may only happen
when updating to a newer stable release in the future and will be documented in
the release notes, with a clear migration path.
Highlights
Vars
The vars system is Clan's declarative solution for managing generated files, secrets, and dynamic configuration in your NixOS deployments. It allows automatically generating and securely storing secrets from within your Nix configuration and using them where needed.
Inventory and Clan Services
The inventory is an abstract service layer for configuring distributed services across machine boundaries. Among other things it allows using Clan Services. These expand the concept of NixOS modules over your whole infrastructure instead of acting on a single machine. They introduce the concept of roles, which can be assigned to machines, e.g. a backup Clan Service might have client and target roles.
CLI
The Clan CLI provides a powerful tool to interact with your Clan. It allows deploying and updating one or more machines in parallel, managing secrets, installing to new machines, accessing them via SSH and much more. A full list of subcommands can be explored in the docs or using the provided auto-completions. Its API and Interfaces are committed and won't change without proper deprecation notes and life cycles.
Unstable Features
The following features are already used, but not considered fully stable yet. They are subject to change and might not provide clear migrations.
Networking
Clan provides automatic networking with fallback mechanisms to reliably connect to your machines. It allows specifying one or more methods of reaching a machine (VPNs, Tor, direct connection) and provides a uniform way to address it. The configured connections will then be tried in order of their configured priority with fallback.
Clan Exports
Exports are a mechanism for Clan Services to share structured data. They provide a way for different machines and service instances to discover and access information they need from each other, without the need to evaluate the full configuration of a different machine.
Clan Tests
While originally intended only for internal use, we have noticed people starting to use them. Our testing framework allows testing services as VM or container based tests. They support secret generation and networking, allowing for full integration tests of infrastructure.
Services
These are the services currently provided in clan-core. Clan's architecture provides the ability to write your own services. We also have started a list of community services.
| Service | Stable | Experimental | Deprecated |
|---|---|---|---|
| borgbackup | ✓ | ||
| data-mesher | ✓ | ||
| dyndns | ✓ | ||
| emergency-access | ✓ | ||
| garage | ✓ | ||
| importer | ✓ | ||
| kde | ✓ | ||
| localbackup | ✓ | ||
| matrix-synapse | ✓ | ||
| mycelium | ✓ | ||
| packages | ✓ | ||
| sshd | ✓ | ||
| static-hosts | ✓ | ||
| syncthing | ✓ | ||
| trusted-nix-caches | ✓ | ||
| users | ✓ | ||
| wifi | ✓ | ||
| wireguard | ✓ | ||
| zerotier | ✓ | ||
| certificates | ✓ | ||
| coredns | ✓ | ||
| hello-world | ✓ | ||
| internet | ✓ | ||
| monitoring | ✓ | ||
| tor | ✓ | ||
| yggdrasil | ✓ | ||
| admin | ✓ |
Feedback
We welcome your feedback and contributions. Join the conversation on Matrix or report issues on our issue tracker.