From ddab4b5b944d0462050939da6836a3635e92631d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 27 May 2025 15:39:09 +0200
Subject: [PATCH] re-store controllmaster in various places where it got
 removed.

---
 pkgs/clan-cli/clan_cli/facts/upload.py        |  8 +++----
 pkgs/clan-cli/clan_cli/ssh/deploy_info.py     |  2 +-
 pkgs/clan-cli/clan_cli/ssh/upload.py          |  8 ++-----
 .../vars/secret_modules/password_store.py     | 17 +++++++--------
 pkgs/clan-cli/clan_cli/vars/upload.py         |  4 ++--
 pkgs/clan-cli/clan_lib/backups/list.py        | 21 +++++++++----------
 pkgs/clan-cli/clan_lib/backups/restore.py     |  3 +--
 7 files changed, 28 insertions(+), 35 deletions(-)

diff --git a/pkgs/clan-cli/clan_cli/facts/upload.py b/pkgs/clan-cli/clan_cli/facts/upload.py
index 464df85dc..583defa27 100644
--- a/pkgs/clan-cli/clan_cli/facts/upload.py
+++ b/pkgs/clan-cli/clan_cli/facts/upload.py
@@ -4,6 +4,7 @@ from pathlib import Path
 from tempfile import TemporaryDirectory
 
 from clan_lib.machines.machines import Machine
+from clan_lib.ssh.remote import Remote
 
 from clan_cli.completions import add_dynamic_completer, complete_machines
 from clan_cli.ssh.upload import upload
@@ -11,9 +12,7 @@ from clan_cli.ssh.upload import upload
 log = logging.getLogger(__name__)
 
 
-def upload_secrets(machine: Machine) -> None:
-    host = machine.target_host()
-
+def upload_secrets(machine: Machine, host: Remote) -> None:
     if not machine.secret_facts_store.needs_upload(host):
         machine.info("Secrets already uploaded")
         return
@@ -27,7 +26,8 @@ def upload_secrets(machine: Machine) -> None:
 
 def upload_command(args: argparse.Namespace) -> None:
     machine = Machine(name=args.machine, flake=args.flake)
-    upload_secrets(machine)
+    with machine.target_host().ssh_control_master() as host:
+        upload_secrets(machine, host)
 
 
 def register_upload_parser(parser: argparse.ArgumentParser) -> None:
diff --git a/pkgs/clan-cli/clan_cli/ssh/deploy_info.py b/pkgs/clan-cli/clan_cli/ssh/deploy_info.py
index 580d59797..0a99988d0 100644
--- a/pkgs/clan-cli/clan_cli/ssh/deploy_info.py
+++ b/pkgs/clan-cli/clan_cli/ssh/deploy_info.py
@@ -88,7 +88,7 @@ def ssh_shell_from_deploy(
     deploy_info: DeployInfo, runtime: AsyncRuntime, host_key_check: HostKeyCheck
 ) -> None:
     if host := find_reachable_host(deploy_info, host_key_check):
-       host.interactive_ssh()
+        host.interactive_ssh()
     else:
         log.info("Could not reach host via clearnet 'addrs'")
         log.info(f"Trying to reach host via tor '{deploy_info.tor}'")
diff --git a/pkgs/clan-cli/clan_cli/ssh/upload.py b/pkgs/clan-cli/clan_cli/ssh/upload.py
index 159e732c4..e9e9cb90c 100644
--- a/pkgs/clan-cli/clan_cli/ssh/upload.py
+++ b/pkgs/clan-cli/clan_cli/ssh/upload.py
@@ -98,12 +98,8 @@ def upload(
             raise ClanError(msg)
 
         # TODO accept `input` to be  an IO object instead of bytes so that we don't have to read the tarfile into memory.
-        with (
-            tar_path.open("rb") as f,
-            host.ssh_control_master() as ssh,
-            ssh.become_root() as sudo_ssh,
-        ):
-            sudo_ssh.run(
+        with tar_path.open("rb") as f:
+            host.run(
                 [
                     "bash",
                     "-c",
diff --git a/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py b/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py
index 80f5843cc..3f56ceccc 100644
--- a/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py
+++ b/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py
@@ -149,15 +149,14 @@ class SecretStore(StoreBase):
 
     def needs_upload(self, host: Remote) -> bool:
         local_hash = self.generate_hash()
-        with host.ssh_control_master() as ssh:
-            remote_hash = ssh.run(
-                # TODO get the path to the secrets from the machine
-                [
-                    "cat",
-                    f"{self.machine.deployment['password-store']['secretLocation']}/.{self._store_backend}_info",
-                ],
-                RunOpts(log=Log.STDERR, check=False),
-            ).stdout.strip()
+        remote_hash = host.run(
+            # TODO get the path to the secrets from the machine
+            [
+                "cat",
+                f"{self.machine.deployment['password-store']['secretLocation']}/.{self._store_backend}_info",
+            ],
+            RunOpts(log=Log.STDERR, check=False),
+        ).stdout.strip()
 
         if not remote_hash:
             print("remote hash is empty")
diff --git a/pkgs/clan-cli/clan_cli/vars/upload.py b/pkgs/clan-cli/clan_cli/vars/upload.py
index 63236f12a..de79ae427 100644
--- a/pkgs/clan-cli/clan_cli/vars/upload.py
+++ b/pkgs/clan-cli/clan_cli/vars/upload.py
@@ -28,8 +28,8 @@ def upload_command(args: argparse.Namespace) -> None:
         populate_secret_vars(machine, directory)
         return
 
-    host = machine.target_host()
-    upload_secret_vars(machine, host)
+    with machine.target_host().ssh_control_master() as host:
+        upload_secret_vars(machine, host)
 
 
 def register_upload_parser(parser: argparse.ArgumentParser) -> None:
diff --git a/pkgs/clan-cli/clan_lib/backups/list.py b/pkgs/clan-cli/clan_lib/backups/list.py
index e6b377e5c..4af07f1ee 100644
--- a/pkgs/clan-cli/clan_lib/backups/list.py
+++ b/pkgs/clan-cli/clan_lib/backups/list.py
@@ -17,11 +17,10 @@ def list_provider(machine: Machine, host: Remote, provider: str) -> list[Backup]
     results = []
     backup_metadata = machine.eval_nix("config.clan.core.backups")
     list_command = backup_metadata["providers"][provider]["list"]
-    with host.ssh_control_master() as ssh:
-        proc = ssh.run(
-            [list_command],
-            RunOpts(log=Log.NONE, check=False),
-        )
+    proc = host.run(
+        [list_command],
+        RunOpts(log=Log.NONE, check=False),
+    )
     if proc.returncode != 0:
         # TODO this should be a warning, only raise exception if no providers succeed
         msg = f"Failed to list backups for provider {provider}:"
@@ -44,12 +43,12 @@ def list_provider(machine: Machine, host: Remote, provider: str) -> list[Backup]
 def list_backups(machine: Machine, provider: str | None = None) -> list[Backup]:
     backup_metadata = machine.eval_nix("config.clan.core.backups")
     results = []
-    host = machine.target_host()
-    if provider is None:
-        for _provider in backup_metadata["providers"]:
-            results += list_provider(machine, host, _provider)
+    with machine.target_host().ssh_control_master() as host:
+        if provider is None:
+            for _provider in backup_metadata["providers"]:
+                results += list_provider(machine, host, _provider)
 
-    else:
-        results += list_provider(machine, host, provider)
+        else:
+            results += list_provider(machine, host, provider)
 
     return results
diff --git a/pkgs/clan-cli/clan_lib/backups/restore.py b/pkgs/clan-cli/clan_lib/backups/restore.py
index 6cef57022..c813df5be 100644
--- a/pkgs/clan-cli/clan_lib/backups/restore.py
+++ b/pkgs/clan-cli/clan_lib/backups/restore.py
@@ -58,8 +58,7 @@ def restore_backup(
     service: str | None = None,
 ) -> None:
     errors = []
-    host = machine.target_host()
-    with host.ssh_control_master():
+    with machine.target_host().ssh_control_master() as host:
         if service is None:
             backup_folders = machine.eval_nix("config.clan.core.state")
             for _service in backup_folders: