Troubleshooting
Deployment Issues
Section titled “Deployment Issues”clan machines deploy fails with SSH errors
Section titled “clan machines deploy fails with SSH errors”Error: Connection refused / Permission denied- Verify the machine is reachable:
ping <machine>.local - Check SSH key is in
lib/ssh-keys.nixand deployed viasshdinstance - Verify
deploy.targetHostinflake.nixis correct - For Darwin: ensure
luxus@<machine>.local(not root) - For NixOS: ensure
root@<machine>.local
nix-daemon: not found when deploying Darwin from another host
Section titled “nix-daemon: not found when deploying Darwin from another host”remote-program=bash -lc 'exec nix-daemon --stdio'--stdio: line 1: exec: nix-daemon: not foundFailed to upload sourcesClan uploads flake sources to the Darwin target before building. That SSH session runs nix-daemon by name, but standalone Nix installs keep it under /nix/var/nix/profiles/default/bin, which is often missing from non-interactive login shells.
Permanent fix: modules/darwin/nix-clan-deploy.nix adds that path via environment.systemPath. Apply it once on the Mac (chicken-and-egg: remote deploy cannot work until this is active):
## on zoe/emily, from a checkout of this flakedarwin-rebuild switch --flake .#zoeOne-time unblock (if you cannot rebuild yet): replace stale shell symlinks (e.g. from prior HM use) and put the daemon on PATH for bash -lc:
rm -f ~/.bash_profile ~/.profile ~/.bashrcprintf '%s\n' 'export PATH="/nix/var/nix/profiles/default/bin:$PATH"' > ~/.bash_profileThen retry clan machines update zoe from lea.
Nix evaluation errors
Section titled “Nix evaluation errors”Error: attribute 'X' missing- Run
nix flake check --no-buildto identify the issue - Check that all referenced modules exist (run
scripts/validate-inventory.sh) - Verify flake inputs are up to date:
nix flake update
Secret generation prompts loop forever
Section titled “Secret generation prompts loop forever”clan vars generate --machine <machine>- Check that the secret’s
promptTypeis correct inlib/secret-registry.nix - For
hiddentype: input is masked; press Enter after typing - For
linetype: input is visible - If a secret was already set, it won’t re-prompt unless the var is deleted first
MicroVM won’t start
Section titled “MicroVM won’t start”- Check host prerequisites:
systemctl status microvm@<vm> - Verify prep service ran:
systemctl status agent-vm-prep-<vm> - Check secret bundle:
ls /var/lib/microvm-bundles/<hostname>/secrets/ - Check project mount exists:
ls /srv/agent-projects/<name>/ - Run
scripts/verify-agent-vms.shfrom emily; see Agent VM Architecture
Hjem Issues
Section titled “Hjem Issues”Profile import conflicts
Section titled “Profile import conflicts”error: The option 'rum.programs.X' in '/path/to/A.nix' is already declared in '/path/to/B.nix'- Don’t import overlapping app modules twice (e.g. git in both
minimal-darwin.nixand a separategit.nix) - Choose one base profile per machine, then layer extras on top
- Profile hierarchy:
minimal-darwin→base→development→ platform-specific
Package build failures on Darwin
Section titled “Package build failures on Darwin”- Some packages don’t support
aarch64-darwin— checklib.optionals (!pkgs.stdenv.isDarwin) - Streamlink has
doCheck = falseoverlay in emily’s config for this reason - Use
nixpkgs-reviewto test package builds locally
Clan Vars / Secrets
Section titled “Clan Vars / Secrets”Secret not available at deploy time
Section titled “Secret not available at deploy time”- Ensure the secret is in
lib/machine-env-matrix.nixfor that machine - Run
clan vars generate --machine <machine>to populate - Check that
lib/vars-generators.nixis imported in the machine config
How to reset a secret
Section titled “How to reset a secret”## List all vars for a machineclan vars list <machine>
## Delete and regenerate a specific secretclan vars delete <machine> <generator-name>clan vars generate --machine <machine>Build Performance
Section titled “Build Performance”Evaluation is slow
Section titled “Evaluation is slow”- Documentation is disabled in
modules/nixos/common.nix(documentation.enable = false) - Use binary caches listed in
flake.nixnixConfig - Run
cachix use luxusto enable the project cache
Large closure size
Section titled “Large closure size”- Use
nix path-info -rsSh .#nixosConfigurations.<machine>.config.system.build.toplevelto inspect - Consider using
minimal-*.nixprofiles for machines that don’t need dev tools - The
packages-llm.nixandpackages-core.nixadd significant packages
Common Commands
Section titled “Common Commands”| Task | Command |
|---|---|
| Check flake | nix flake check --no-build |
| Deploy | just update-<machine> or clan machines update <machine> (see justfile) |
| Generate secrets | clan vars generate --machine <machine> |
| List secrets | clan vars list <machine> |
| Format code | nix fmt |
| Validate inventory | scripts/validate-inventory.sh |
| Compare machines | scripts/diff-machines.sh <m1> <m2> |
| Evaluate config | nix eval .#nixosConfigurations.<machine>.config.system.build.toplevel.drvPath --no-write-lock-file |
Resolved Cleanups (2026)
Section titled “Resolved Cleanups (2026)”- SDDM greeter idle blanking on primary (#85) is obsolete: lea now uses greetd + noctalia-greeter by default (see services/desktop/default.nix, modules/hosts/lea/default.nix).
- kmonad removed entirely from lea (#110): EurKEY XKB layout is used instead. No kmonad references remain in the tree.
- Per-app
QT_QUICK_CONTROLS_STYLE=Basicworkarounds eliminated (#111): EasyEffects and similar now use the consolidated global QML/Union environment fromlib/kde-settings-qml.nix+hjem/profiles/kwin-noctalia.nix. - Hjem migration children (#87–#94, #96) closed: full fleet migrated off Home Manager (see
modules/clan/hjem-users.nix,hjem/, flake.nix has no home-manager input).
See inventory.md, configuration-matrix.md and services/README.md for current state.