From 710d34b9b4377cf09c4c1a3b9d03fddcc4188300 Mon Sep 17 00:00:00 2001 From: a-kenji Date: Wed, 21 Aug 2024 13:50:50 +0200 Subject: [PATCH 1/4] formatter: rm uncommented code --- formatter.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/formatter.nix b/formatter.nix index a0786c697..33f87e5ac 100644 --- a/formatter.nix +++ b/formatter.nix @@ -43,9 +43,6 @@ "*.yaml" "*.yml" ]; - # plugins = [ - # "${self'.packages.prettier-plugin-tailwindcss}/lib/node_modules/prettier-plugin-tailwindcss/dist/index.mjs" - # ]; }; treefmt.programs.mypy.directories = { From b2530f0b19c663720445e94e0c01601b70ce1946 Mon Sep 17 00:00:00 2001 From: Qubasa Date: Wed, 21 Aug 2024 13:52:25 +0200 Subject: [PATCH 2/4] clan-app: Fix nix run .#clan-app --- pkgs/clan-app/clan_app/app.py | 5 ++-- pkgs/clan-app/default.nix | 1 + pkgs/clan-cli/tests/test_vars.py | 40 +++++++++++++++++++++----------- 3 files changed, 29 insertions(+), 17 deletions(-) diff --git a/pkgs/clan-app/clan_app/app.py b/pkgs/clan-app/clan_app/app.py index 910703bd4..bf55d6ca8 100644 --- a/pkgs/clan-app/clan_app/app.py +++ b/pkgs/clan-app/clan_app/app.py @@ -1,5 +1,6 @@ #!/usr/bin/env python3 import logging +import os from typing import Any, ClassVar import gi @@ -56,9 +57,7 @@ class MainApplication(Adw.Application): None, ) - site_index: Path = ( - Path(__file__).parent.parent / Path("clan_app/.webui/index.html") - ).resolve() + site_index: Path = Path(os.getenv("WEBUI_PATH", ".")).resolve() / "index.html" self.content_uri = f"file://{site_index}" self.window: MainWindow | None = None self.connect("activate", self.on_activate) diff --git a/pkgs/clan-app/default.nix b/pkgs/clan-app/default.nix index e54cc5966..3a1b8a023 100644 --- a/pkgs/clan-app/default.nix +++ b/pkgs/clan-app/default.nix @@ -75,6 +75,7 @@ python3.pkgs.buildPythonApplication rec { makeWrapperArgs = [ "--set FONTCONFIG_FILE ${fontconfig.out}/etc/fonts/fonts.conf" + "--set WEBUI_PATH $out/${python3.sitePackages}/clan_app/.webui" # This prevents problems with mixed glibc versions that might occur when the # cli is called through a browser built against another glibc "--unset LD_LIBRARY_PATH" diff --git a/pkgs/clan-cli/tests/test_vars.py b/pkgs/clan-cli/tests/test_vars.py index 570d89f46..c31041648 100644 --- a/pkgs/clan-cli/tests/test_vars.py +++ b/pkgs/clan-cli/tests/test_vars.py @@ -79,7 +79,9 @@ def test_generate_public_var( ) monkeypatch.chdir(flake.path) cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) - store = in_repo.FactStore(Machine(name="my_machine", flake=FlakeId(flake.path))) + store = in_repo.FactStore( + Machine(name="my_machine", flake=FlakeId(str(flake.path))) + ) assert store.exists("my_generator", "my_value") assert store.get("my_generator", "my_value").decode() == "hello\n" @@ -103,10 +105,12 @@ def test_generate_secret_var_sops( sops_setup.init() cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) in_repo_store = in_repo.FactStore( - Machine(name="my_machine", flake=FlakeId(flake.path)) + Machine(name="my_machine", flake=FlakeId(str(flake.path))) ) assert not in_repo_store.exists("my_generator", "my_secret") - sops_store = sops.SecretStore(Machine(name="my_machine", flake=FlakeId(flake.path))) + sops_store = sops.SecretStore( + Machine(name="my_machine", flake=FlakeId(str(flake.path))) + ) assert sops_store.exists("my_generator", "my_secret") assert sops_store.get("my_generator", "my_secret").decode() == "hello\n" @@ -132,10 +136,12 @@ def test_generate_secret_var_sops_with_default_group( cli.run(["secrets", "groups", "add-user", "my_group", sops_setup.user]) cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) in_repo_store = in_repo.FactStore( - Machine(name="my_machine", flake=FlakeId(flake.path)) + Machine(name="my_machine", flake=FlakeId(str(flake.path))) ) assert not in_repo_store.exists("my_generator", "my_secret") - sops_store = sops.SecretStore(Machine(name="my_machine", flake=FlakeId(flake.path))) + sops_store = sops.SecretStore( + Machine(name="my_machine", flake=FlakeId(str(flake.path))) + ) assert sops_store.exists("my_generator", "my_secret") assert sops_store.get("my_generator", "my_secret").decode() == "hello\n" @@ -184,7 +190,7 @@ def test_generate_secret_var_password_store( ) cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) store = password_store.SecretStore( - Machine(name="my_machine", flake=FlakeId(flake.path)) + Machine(name="my_machine", flake=FlakeId(str(flake.path))) ) assert store.exists("my_generator", "my_secret") assert store.get("my_generator", "my_secret").decode() == "hello\n" @@ -224,18 +230,22 @@ def test_generate_secret_for_multiple_machines( cli.run(["vars", "generate", "--flake", str(flake.path)]) # check if public vars have been created correctly in_repo_store1 = in_repo.FactStore( - Machine(name="machine1", flake=FlakeId(flake.path)) + Machine(name="machine1", flake=FlakeId(str(flake.path))) ) in_repo_store2 = in_repo.FactStore( - Machine(name="machine2", flake=FlakeId(flake.path)) + Machine(name="machine2", flake=FlakeId(str(flake.path))) ) assert in_repo_store1.exists("my_generator", "my_value") assert in_repo_store2.exists("my_generator", "my_value") assert in_repo_store1.get("my_generator", "my_value").decode() == "machine1\n" assert in_repo_store2.get("my_generator", "my_value").decode() == "machine2\n" # check if secret vars have been created correctly - sops_store1 = sops.SecretStore(Machine(name="machine1", flake=FlakeId(flake.path))) - sops_store2 = sops.SecretStore(Machine(name="machine2", flake=FlakeId(flake.path))) + sops_store1 = sops.SecretStore( + Machine(name="machine1", flake=FlakeId(str(flake.path))) + ) + sops_store2 = sops.SecretStore( + Machine(name="machine2", flake=FlakeId(str(flake.path))) + ) assert sops_store1.exists("my_generator", "my_secret") assert sops_store2.exists("my_generator", "my_secret") assert sops_store1.get("my_generator", "my_secret").decode() == "machine1\n" @@ -263,7 +273,7 @@ def test_dependant_generators( monkeypatch.chdir(flake.path) cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) in_repo_store = in_repo.FactStore( - Machine(name="my_machine", flake=FlakeId(flake.path)) + Machine(name="my_machine", flake=FlakeId(str(flake.path))) ) assert in_repo_store.exists("parent_generator", "my_value") assert in_repo_store.get("parent_generator", "my_value").decode() == "hello\n" @@ -302,7 +312,7 @@ def test_prompt( monkeypatch.setattr("sys.stdin", StringIO(input_value)) cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) in_repo_store = in_repo.FactStore( - Machine(name="my_machine", flake=FlakeId(flake.path)) + Machine(name="my_machine", flake=FlakeId(str(flake.path))) ) assert in_repo_store.exists("my_generator", "my_value") assert in_repo_store.get("my_generator", "my_value").decode() == input_value @@ -339,9 +349,11 @@ def test_share_flag( monkeypatch.chdir(flake.path) sops_setup.init() cli.run(["vars", "generate", "--flake", str(flake.path), "my_machine"]) - sops_store = sops.SecretStore(Machine(name="my_machine", flake=FlakeId(flake.path))) + sops_store = sops.SecretStore( + Machine(name="my_machine", flake=FlakeId(str(flake.path))) + ) in_repo_store = in_repo.FactStore( - Machine(name="my_machine", flake=FlakeId(flake.path)) + Machine(name="my_machine", flake=FlakeId(str(flake.path))) ) # check secrets stored correctly assert sops_store.exists("shared_generator", "my_secret", shared=True) From 2a8958f4947ca5745c5e0ba92ee51375b6ddfd4c Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 21 Aug 2024 14:28:25 +0200 Subject: [PATCH 3/4] vars: fix - upload machines own secrets only --- .../clanCore/vars/secret/sops/default.nix | 12 +++-------- .../vars/secret/sops/eval-tests/default.nix | 9 +++++---- .../clanCore/vars/secret/sops/funcs.nix | 20 ++++++++----------- pkgs/clan-cli/tests/test_vars_deployment.py | 4 ++-- 4 files changed, 18 insertions(+), 27 deletions(-) diff --git a/nixosModules/clanCore/vars/secret/sops/default.nix b/nixosModules/clanCore/vars/secret/sops/default.nix index 43c0983d1..17e95f30e 100644 --- a/nixosModules/clanCore/vars/secret/sops/default.nix +++ b/nixosModules/clanCore/vars/secret/sops/default.nix @@ -10,17 +10,11 @@ let inherit (import ./funcs.nix { inherit lib; }) listVars; - varsDirMachines = config.clan.core.clanDir + "/sops/vars/per-machine"; + varsDirMachines = + config.clan.core.clanDir + "/sops/vars/per-machine/${config.clan.core.machineName}"; varsDirShared = config.clan.core.clanDir + "/sops/vars/shared"; - varsUnfiltered = (listVars varsDirMachines) ++ (listVars varsDirShared); - filterVars = - vars: - builtins.elem vars.machine [ - config.clan.core.machineName - "shared" - ]; - vars = lib.filter filterVars varsUnfiltered; + vars = lib.traceValSeq (listVars varsDirMachines) ++ (listVars varsDirShared); in { diff --git a/nixosModules/clanCore/vars/secret/sops/eval-tests/default.nix b/nixosModules/clanCore/vars/secret/sops/eval-tests/default.nix index d775350a0..b1e2b4616 100644 --- a/nixosModules/clanCore/vars/secret/sops/eval-tests/default.nix +++ b/nixosModules/clanCore/vars/secret/sops/eval-tests/default.nix @@ -21,23 +21,24 @@ in }; test_listSecrets = { - expr = listVars ./populated/vars; + expr = listVars "per_machine" ./populated/vars/my_machine; expected = [ { - machine = "my_machine"; generator = "my_generator"; name = "my_secret"; + id = "per_machine/my_generator/my_secret"; + sopsFile = "${./populated/vars/my_machine}/my_generator/my_secret/secret"; } ]; }; test_listSecrets_no_vars = { - expr = listVars noVars; + expr = listVars "per_machine" noVars; expected = [ ]; }; test_listSecrets_empty_vars = { - expr = listVars emtpyVars; + expr = listVars "per_machine" emtpyVars; expected = [ ]; }; } diff --git a/nixosModules/clanCore/vars/secret/sops/funcs.nix b/nixosModules/clanCore/vars/secret/sops/funcs.nix index 4b6dded74..70b565a43 100644 --- a/nixosModules/clanCore/vars/secret/sops/funcs.nix +++ b/nixosModules/clanCore/vars/secret/sops/funcs.nix @@ -14,17 +14,13 @@ rec { listVars = varsDir: - flip concatMap (readDirNames varsDir) ( - machine_name: - flip concatMap (readDirNames (varsDir + "/${machine_name}")) ( - generator_name: - flip map (readDirNames (varsDir + "/${machine_name}/${generator_name}")) (secret_name: { - machine = machine_name; - generator = generator_name; - name = secret_name; - id = "${machine_name}/${generator_name}/${secret_name}"; - sopsFile = "${varsDir}/${machine_name}/${generator_name}/${secret_name}/secret"; - }) - ) + flip concatMap (readDirNames (varsDir)) ( + generator_name: + flip map (readDirNames (varsDir + "/${generator_name}")) (secret_name: { + generator = generator_name; + name = secret_name; + id = "${generator_name}/${secret_name}"; + sopsFile = "${varsDir}/${generator_name}/${secret_name}/secret"; + }) ); } diff --git a/pkgs/clan-cli/tests/test_vars_deployment.py b/pkgs/clan-cli/tests/test_vars_deployment.py index 2b2c361d7..7ea04a488 100644 --- a/pkgs/clan-cli/tests/test_vars_deployment.py +++ b/pkgs/clan-cli/tests/test_vars_deployment.py @@ -35,8 +35,8 @@ def test_vm_deployment( cli.run(["vars", "generate", "my_machine"]) run_vm_in_thread("my_machine") qga = qga_connect("my_machine") - qga.run("ls /run/secrets/my_machine/my_generator/my_secret", check=True) - _, out, _ = qga.run("cat /run/secrets/my_machine/my_generator/my_secret") + qga.run("ls /run/secrets/my_generator/my_secret", check=True) + _, out, _ = qga.run("cat /run/secrets/my_generator/my_secret") assert out == "hello\n" qga.exec_cmd("poweroff") wait_vm_down("my_machine") From 0cd29daf88bd09e511826fb36b88917cf44b4f67 Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 21 Aug 2024 14:59:05 +0200 Subject: [PATCH 4/4] Revert "vars: fix - upload machines own secrets only" This reverts commit 2a8958f4947ca5745c5e0ba92ee51375b6ddfd4c. --- .../clanCore/vars/secret/sops/default.nix | 12 ++++++++--- .../vars/secret/sops/eval-tests/default.nix | 9 ++++----- .../clanCore/vars/secret/sops/funcs.nix | 20 +++++++++++-------- pkgs/clan-cli/tests/test_vars_deployment.py | 4 ++-- 4 files changed, 27 insertions(+), 18 deletions(-) diff --git a/nixosModules/clanCore/vars/secret/sops/default.nix b/nixosModules/clanCore/vars/secret/sops/default.nix index 17e95f30e..43c0983d1 100644 --- a/nixosModules/clanCore/vars/secret/sops/default.nix +++ b/nixosModules/clanCore/vars/secret/sops/default.nix @@ -10,11 +10,17 @@ let inherit (import ./funcs.nix { inherit lib; }) listVars; - varsDirMachines = - config.clan.core.clanDir + "/sops/vars/per-machine/${config.clan.core.machineName}"; + varsDirMachines = config.clan.core.clanDir + "/sops/vars/per-machine"; varsDirShared = config.clan.core.clanDir + "/sops/vars/shared"; - vars = lib.traceValSeq (listVars varsDirMachines) ++ (listVars varsDirShared); + varsUnfiltered = (listVars varsDirMachines) ++ (listVars varsDirShared); + filterVars = + vars: + builtins.elem vars.machine [ + config.clan.core.machineName + "shared" + ]; + vars = lib.filter filterVars varsUnfiltered; in { diff --git a/nixosModules/clanCore/vars/secret/sops/eval-tests/default.nix b/nixosModules/clanCore/vars/secret/sops/eval-tests/default.nix index b1e2b4616..d775350a0 100644 --- a/nixosModules/clanCore/vars/secret/sops/eval-tests/default.nix +++ b/nixosModules/clanCore/vars/secret/sops/eval-tests/default.nix @@ -21,24 +21,23 @@ in }; test_listSecrets = { - expr = listVars "per_machine" ./populated/vars/my_machine; + expr = listVars ./populated/vars; expected = [ { + machine = "my_machine"; generator = "my_generator"; name = "my_secret"; - id = "per_machine/my_generator/my_secret"; - sopsFile = "${./populated/vars/my_machine}/my_generator/my_secret/secret"; } ]; }; test_listSecrets_no_vars = { - expr = listVars "per_machine" noVars; + expr = listVars noVars; expected = [ ]; }; test_listSecrets_empty_vars = { - expr = listVars "per_machine" emtpyVars; + expr = listVars emtpyVars; expected = [ ]; }; } diff --git a/nixosModules/clanCore/vars/secret/sops/funcs.nix b/nixosModules/clanCore/vars/secret/sops/funcs.nix index 70b565a43..4b6dded74 100644 --- a/nixosModules/clanCore/vars/secret/sops/funcs.nix +++ b/nixosModules/clanCore/vars/secret/sops/funcs.nix @@ -14,13 +14,17 @@ rec { listVars = varsDir: - flip concatMap (readDirNames (varsDir)) ( - generator_name: - flip map (readDirNames (varsDir + "/${generator_name}")) (secret_name: { - generator = generator_name; - name = secret_name; - id = "${generator_name}/${secret_name}"; - sopsFile = "${varsDir}/${generator_name}/${secret_name}/secret"; - }) + flip concatMap (readDirNames varsDir) ( + machine_name: + flip concatMap (readDirNames (varsDir + "/${machine_name}")) ( + generator_name: + flip map (readDirNames (varsDir + "/${machine_name}/${generator_name}")) (secret_name: { + machine = machine_name; + generator = generator_name; + name = secret_name; + id = "${machine_name}/${generator_name}/${secret_name}"; + sopsFile = "${varsDir}/${machine_name}/${generator_name}/${secret_name}/secret"; + }) + ) ); } diff --git a/pkgs/clan-cli/tests/test_vars_deployment.py b/pkgs/clan-cli/tests/test_vars_deployment.py index 7ea04a488..2b2c361d7 100644 --- a/pkgs/clan-cli/tests/test_vars_deployment.py +++ b/pkgs/clan-cli/tests/test_vars_deployment.py @@ -35,8 +35,8 @@ def test_vm_deployment( cli.run(["vars", "generate", "my_machine"]) run_vm_in_thread("my_machine") qga = qga_connect("my_machine") - qga.run("ls /run/secrets/my_generator/my_secret", check=True) - _, out, _ = qga.run("cat /run/secrets/my_generator/my_secret") + qga.run("ls /run/secrets/my_machine/my_generator/my_secret", check=True) + _, out, _ = qga.run("cat /run/secrets/my_machine/my_generator/my_secret") assert out == "hello\n" qga.exec_cmd("poweroff") wait_vm_down("my_machine")