yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'root-password: fix password-store support' (#1789) from inventory-fixes into main

Browse Source
This commit is contained in:
clan-bot
2024-07-21 16:14:47 +00:00
parent 1db0321163 a1a36606e4
commit 6c7e9bafea
6 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
clanModules/root-password/default.nix
View File

@@ -1,9 +1,18 @@
{ pkgs, config, ... }: {
pkgs,
config,
lib,
...
}:
{ {
users.mutableUsers = false; users.mutableUsers = false;
users.users.root.hashedPasswordFile = users.users.root.hashedPasswordFile =
config.clan.core.facts.services.root-password.secret.password-hash.path; config.clan.core.facts.services.root-password.secret.password-hash.path;
sops.secrets."${config.clan.core.machineName}-password-hash".neededForUsers = true;
sops.secrets."${config.clan.core.machineName}-password-hash".neededForUsers = lib.mkIf (
config.clan.core.facts.secretStore == "sops"
) true;
clan.core.facts.services.root-password = { clan.core.facts.services.root-password = {
secret.password = { }; secret.password = { };
secret.password-hash = { }; secret.password-hash = { };

2
nixosModules/clanCore/vm.nix
View File

@@ -88,7 +88,7 @@ let
fsType = "ext4"; fsType = "ext4";
}; };
${config.clan.core.secretsUploadDirectory} = { ${config.clan.core.facts.secretUploadDirectory} = {
device = "secrets"; device = "secrets";
fsType = "9p"; fsType = "9p";
neededForBoot = true; neededForBoot = true;

4
pkgs/clan-cli/tests/machines/vm1/default.nix
View File

@@ -3,10 +3,10 @@
clan.core.networking.targetHost = "__CLAN_TARGET_ADDRESS__"; clan.core.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
system.stateVersion = lib.version; system.stateVersion = lib.version;
sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__"; sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
clan.core.secretsUploadDirectory = "__CLAN_SOPS_KEY_DIR__"; clan.core.facts.secretUploadDirectory = "__CLAN_SOPS_KEY_DIR__";
clan.virtualisation.graphics = false; clan.virtualisation.graphics = false;
clan.core.networking.zerotier.controller.enable = true; clan.core.facts.networking.zerotier.controller.enable = true;
networking.useDHCP = false; networking.useDHCP = false;
systemd.services.shutdown-after-boot = { systemd.services.shutdown-after-boot = {

2
pkgs/clan-cli/tests/machines/vm_with_secrets/default.nix
View File

@@ -3,7 +3,7 @@
clan.core.networking.targetHost = "__CLAN_TARGET_ADDRESS__"; clan.core.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
system.stateVersion = lib.version; system.stateVersion = lib.version;
sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__"; sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
clan.core.secretsUploadDirectory = "__CLAN_SOPS_KEY_DIR__"; clan.core.facts.secretUploadDirectory = "__CLAN_SOPS_KEY_DIR__";
clan.virtualisation.graphics = false; clan.virtualisation.graphics = false;
clan.core.networking.zerotier.controller.enable = true; clan.core.networking.zerotier.controller.enable = true;

4
pkgs/clan-cli/tests/test_flake_with_core/flake.nix
View File

@@ -18,7 +18,7 @@
clan.core.networking.targetHost = "__CLAN_TARGET_ADDRESS__"; clan.core.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
system.stateVersion = lib.version; system.stateVersion = lib.version;
sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__"; sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
clan.core.secretsUploadDirectory = "__CLAN_SOPS_KEY_DIR__"; clan.core.facts.secretUploadDirectory = "__CLAN_SOPS_KEY_DIR__";
clan.core.sops.defaultGroups = [ "admins" ]; clan.core.sops.defaultGroups = [ "admins" ];
clan.virtualisation.graphics = false; clan.virtualisation.graphics = false;
@@ -48,7 +48,7 @@
clan.core.networking.targetHost = "__CLAN_TARGET_ADDRESS__"; clan.core.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
system.stateVersion = lib.version; system.stateVersion = lib.version;
sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__"; sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
clan.core.secretsUploadDirectory = "__CLAN_SOPS_KEY_DIR__"; clan.core.facts.secretUploadDirectory = "__CLAN_SOPS_KEY_DIR__";
clan.core.networking.zerotier.networkId = "82b44b162ec6c013"; clan.core.networking.zerotier.networkId = "82b44b162ec6c013";
}; };
}; };

4
pkgs/clan-cli/tests/test_flake_with_core_and_pass/flake.nix
View File

@@ -25,8 +25,8 @@
clan.core.networking.targetHost = "__CLAN_TARGET_ADDRESS__"; clan.core.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
system.stateVersion = lib.version; system.stateVersion = lib.version;
clan.core.secretStore = "password-store"; clan.core.facts.secretStore = "password-store";
clan.core.secretsUploadDirectory = lib.mkForce "__CLAN_SOPS_KEY_DIR__/secrets"; clan.core.facts.secretUploadDirectory = lib.mkForce "__CLAN_SOPS_KEY_DIR__/secrets";
clan.core.networking.zerotier.controller.enable = true; clan.core.networking.zerotier.controller.enable = true;