yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'pass-fixes' (#2476) from lassulus/clan-core:pass-fixes into main

Browse Source
This commit is contained in:
clan-bot
2024-11-22 21:42:34 +00:00
parent 3651fefc54 19dce7694f
commit 0261d59053
2 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
nixosModules/clanCore/vars/secret/password-store.nix
View File

@@ -24,7 +24,7 @@ let
mount --bind --make-private /run/secrets.tmp /run/secrets.tmp mount --bind --make-private /run/secrets.tmp /run/secrets.tmp
mount --bind --make-private /run/secrets /run/secrets mount --bind --make-private /run/secrets /run/secrets
tar -xf "$src" -C /run/secrets.tmp tar -xf "$src" -C /run/secrets.tmp
move-mount --beneath --move /run/secrets.tmp /run/secrets move-mount --beneath --move /run/secrets.tmp /run/secrets >/dev/null
umount -R /run/secrets.tmp umount -R /run/secrets.tmp
rmdir /run/secrets.tmp rmdir /run/secrets.tmp
umount --lazy /run/secrets umount --lazy /run/secrets
@@ -44,7 +44,7 @@ in
lib.mkIf (config.clan.core.vars.settings.secretStore == "password-store") lib.mkIf (config.clan.core.vars.settings.secretStore == "password-store")
{ {
fileModule = file: { fileModule = file: {
path = "/run/secrets/vars/${file.config.generatorName}/${file.config.name}"; path = "/run/secrets/${file.config.generatorName}/${file.config.name}";
}; };
secretUploadDirectory = lib.mkDefault "/etc/secrets"; secretUploadDirectory = lib.mkDefault "/etc/secrets";
secretModule = "clan_cli.vars.secret_modules.password_store"; secretModule = "clan_cli.vars.secret_modules.password_store";

21
pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py
View File

@@ -126,7 +126,13 @@ class SecretStore(SecretStoreBase):
# we sort the hashes to make sure that the order is always the same # we sort the hashes to make sure that the order is always the same
hashes.sort() hashes.sort()
return b"\n".join(hashes)
manifest = []
for gen_name, generator in self.machine.vars_generators.items():
for f_name in generator["files"]:
manifest.append(f"{gen_name}/{f_name}".encode())
manifest += hashes
return b"\n".join(manifest)
@override @override
def needs_upload(self) -> bool: def needs_upload(self) -> bool:
@@ -147,13 +153,18 @@ class SecretStore(SecretStoreBase):
def upload(self, output_dir: Path) -> None: def upload(self, output_dir: Path) -> None:
with tarfile.open(output_dir / "secrets.tar.gz", "w:gz") as tar: with tarfile.open(output_dir / "secrets.tar.gz", "w:gz") as tar:
for gen_name, generator in self.machine.vars_generators.items(): for gen_name, generator in self.machine.vars_generators.items():
tar_dir = tarfile.TarInfo(name=gen_name) dir_exists = False
tar_dir.type = tarfile.DIRTYPE
tar_dir.mode = 0o511
tar.addfile(tarinfo=tar_dir)
for f_name, file in generator["files"].items(): for f_name, file in generator["files"].items():
if not file["deploy"]: if not file["deploy"]:
continue continue
if not file["secret"]:
continue
if not dir_exists:
tar_dir = tarfile.TarInfo(name=gen_name)
tar_dir.type = tarfile.DIRTYPE
tar_dir.mode = 0o511
tar.addfile(tarinfo=tar_dir)
dir_exists = True
tar_file = tarfile.TarInfo(name=f"{gen_name}/{f_name}") tar_file = tarfile.TarInfo(name=f"{gen_name}/{f_name}")
content = self.get(gen_name, f_name, generator["share"]) content = self.get(gen_name, f_name, generator["share"])
tar_file.size = len(content) tar_file.size = len(content)