yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
10,839 Commits 120 Branches 6 Tags
update-nixpkgs-2025-10-20
Commit Graph

270 Commits

Author SHA1 Message Date
Jörg Thalheim
9469968851 fix: handle OSError when age keys are too long to be file paths 
Prevents "File name too long" errors when users provide age keys directly
to 'clan secrets users add', as Path.is_file() would fail before the key
validation could run.

Fixes: https://git.clan.lol/clan/clan-core/issues/5522
 2025-10-14 13:15:54 +01:00
Louis Opter
a06a7a7a2c clan-cli/secrets: update some error message in encrypt_secret (#5271) 
Found that while reading through some code.

Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/5271
Co-authored-by: Louis Opter <louis@opter.org>
Co-committed-by: Louis Opter <louis@opter.org>
 2025-10-08 07:41:14 +00:00
Jörg Thalheim
10ed2cc7f7 sops: don't leak secret key in debug logs 2025-10-07 11:31:12 +02:00
Jörg Thalheim
4cb17d42e1 PLR2004: fix 2025-08-26 16:21:15 +02:00
Jörg Thalheim
c9a709783a BLE001: fix 2025-08-26 12:01:47 +02:00
Jörg Thalheim
8f8426de52 PGH003: fix 2025-08-26 11:36:38 +02:00
Jörg Thalheim
1d0e0f243e PLW2901: fix 2025-08-25 15:17:06 +02:00
Mic92
8134ffd787 Merge pull request 'ruff-4-perf-fixes' (#4935) from ruff-4-perf-fixes into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4935
 2025-08-25 13:12:14 +00:00
Jörg Thalheim
c65bb0b1ce PERF401: fix 2025-08-25 15:06:32 +02:00
Mic92
05665b1c7e Merge pull request 'ruff-3-arg-fixes' (#4934) from ruff-3-arg-fixes into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4934
 2025-08-25 12:54:04 +00:00
Jörg Thalheim
04457b1272 ARG001: fix 2025-08-25 14:46:12 +02:00
Jörg Thalheim
6a2dfb8176 S101: fix 2025-08-25 14:11:25 +02:00
Jörg Thalheim
0ec2c32ff8 ruff: apply automatic unsafe fixes 2025-08-25 11:34:41 +02:00
Jörg Thalheim
ea2d6aab65 ruff: apply automatic fixes 2025-08-25 11:34:41 +02:00
Johannes Kirschbauer
31d3997358 Secrets: fix tests 2025-08-10 13:06:42 +02:00
Johannes Kirschbauer
62b748624d Secrets: allow to generate additional keys with --new 2025-08-10 13:04:34 +02:00
Johannes Kirschbauer
29f440a482 Sops: generate key should always 'generate' a key pair when beeing called 
Check if you want to generate a new key as a caller
 2025-08-10 13:04:34 +02:00
Michael Hoang
2f2f3b6898 cli: fix missing newline in error message 2025-08-08 15:19:19 +10:00
DavHau
cc69892e3b create clan: better info about existing sop keys 
When creating a new clan, the key selection now looks like this:
```
Found existing admin keys on this machine:
1: type: AGE
   pubkey: age1xyz...
   source: /home/grmpf/.config/sops/age/keys.txt
2: type: PGP
   pubkey: abc...
   source: SOPS_PGP_FP
Select keys to use (comma-separated list of numbers, or leave empty to select all):
```

This is achieved by adding a `source` attribute to `SopsKey`.
 2025-07-23 13:22:19 +07:00
Jörg Thalheim
377056e80c clan flakes create: initialize keys automatically (#4435) 
fixes https://git.clan.lol/clan/clan-core/issues/2665
fixes https://git.clan.lol/clan/clan-core/issues/4407

Co-authored-by: DavHau <d.hauer.it@gmail.com>
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4435
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-committed-by: Jörg Thalheim <joerg@thalheim.io>
 2025-07-23 04:44:55 +00:00
a-kenji
6347bb7f3a pkgs/clan: Further unify clan flake validation 
Further unify clan flake validation and improve test coverage.
 2025-07-15 13:03:49 +02:00
hsjobeki
7001a82196 Merge pull request 'api/tasks: prefix impure actions with run' (#4239) from api-cleanup into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4239
 2025-07-07 11:28:07 +00:00
Johannes Kirschbauer
19d86cc431 api/clan: rename 'update_clan_meta' -> 'set_clan_details' 2025-07-07 12:51:32 +02:00
Johannes Kirschbauer
1180ace4d7 api/admin: remove maybe_get_admin_public_keys 2025-07-07 12:43:11 +02:00
Michael Hoang
5667ad2994 cli: don't log every public key we find 2025-07-07 15:23:46 +10:00
a-kenji
aaac5b5b7c pkgs/clan: Improve error message on clan secrets users add 
Improve error message on `clan secrets users add [user] --age-key
`AGE-PLUGIN-YUBIKEY`

Since there is no way to get the recipient through the AGE-PLUGIN-YUBIKEY,
we should fail fast and give an actionable error to the user.
 2025-06-25 17:30:59 +02:00
Michael Hoang
7f667ccc16 cli: don't error when more than one SOPS key found locally 2025-06-13 14:37:19 +07:00
Michael Hoang
5dc321cfb0 cli: fix secrets key update failing when used with Nix in Nix 2025-06-13 13:36:29 +07:00
Michael Hoang
6dd6a641f5 cli: fix clan secrets key update not working when age plugins defined 2025-06-10 14:07:10 +07:00
Michael Hoang
4b26108b3d cli: don't generate a sops key that is world readable 
Fixes https://git.clan.lol/clan/clan-core/issues/3808
 2025-06-06 12:15:19 +10:00
DavHau
de3a08ab63 sops: initialize age_plugins early 
This avoids re-initializing the Flake object deep in the tree, which in turn leads to issue when overriding the Flake for testing, eg the URl would reset.
 2025-05-31 11:27:17 +07:00
Johannes Kirschbauer
2312a65c17 Chore: rename secrets.get_machine to avoid ambiguity 2025-05-26 17:52:46 +02:00
lassulus
f2bf142e80 clan-cli: clan_cli.git -> clan_lib.git 2025-05-20 14:35:14 +02:00
lassulus
ed89352ea1 clan-cli: clan_cli.dirs -> clan_lib.dirs 2025-05-20 12:08:30 +02:00
lassulus
9a0c6f55bd clan-cli: clan_cli.cmd -> clan_lib.cmd 2025-05-19 19:07:24 +02:00
lassulus
cb74273da4 clan-cli: move clan_cli.nix to clan_lib.nix 2025-05-19 18:40:36 +02:00
lassulus
fa052f45bd clan_lib: move clan_lib.flake.flake to clan_lib.flake 2025-05-16 19:28:36 +02:00
Johannes Kirschbauer
07b676e901 Fix: missing recipient should print a message 2025-05-16 18:09:53 +02:00
Johannes Kirschbauer
fe0507b47c refactor: move clan_cli.error to clan_lib.error 2025-05-16 16:14:39 +02:00
lassulus
5423b9af41 clan_cli: move flake class to clan_lib 2025-05-16 13:38:47 +02:00
DavHau
02ca5bd870 gui: make update machine work 
Also fix error when age plugins not defined
 2025-04-30 15:28:49 +07:00
Brian McGee
651b277bb9 feat: configure age plugins for SOPS in buildClan 2025-04-29 16:02:32 +10:00
Brian McGee
e281b689df fix: multiple user keys in secrets 
We were not loading all the user keys, only the first one.
 2025-04-29 15:47:54 +10:00
Brian McGee
1bfe318865 feat: support age plugins 
Extends how we parse the contents of `SOPS_AGE_KEY` / `SOPS_AGE_KEY_FILE` / `keys.txt`, allowing a user to prepend a comment before any `AGE-PLUGIN-` secret key entry to indicate its corresponding public key.

For example:

```
AGE-PLUGIN-FIDO2-HMAC-xxxxxxxxxxxxx
```

The comment can use any prefix (e.g. `# public key: age1xxxx`, `# recipient: age1xxx`) as we are looking directly for `age1xxxx` within the line.

This change is necessary to support `age` plugins as there is no unified mechanism to recover the public key from a plugin's secret key.

If a plugin secret key does not have a preceding public key comment, an error will be thrown when attempting to set a secret.
 2025-04-29 15:47:54 +10:00
Johannes Kirschbauer
f6628ec1a9 Refactor(clan_lib): move clan_cli.api into clan_lib.api 2025-04-26 19:51:35 +02:00
Jörg Thalheim
723d72255c Reapply "remove nix_shell_legacy" 
This reverts commit c5001f19fc.
 2025-04-21 13:23:50 +02:00
Johannes Kirschbauer
c5001f19fc Revert "remove nix_shell_legacy" 
This reverts commit f3512b853a.
 2025-04-18 14:49:54 +02:00
Jörg Thalheim
f3512b853a remove nix_shell_legacy 2025-04-16 21:03:58 +02:00
Jörg Thalheim
837789010e rename nix_shell_legacy to nix_shell and run_cmd to nix_shell 
Than it's more obvious that we need to migrate.
 2025-04-16 18:27:01 +00:00
Brian McGee
aa4fe27e51 feat(clan-cli): support multiple keys for a user 2025-04-09 09:58:58 +00:00