yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
5,677 Commits 120 Branches 6 Tags
0d9963c1a667e429d2ea3f4b80df31eacb9140b1
Commit Graph

1775 Commits

Author SHA1 Message Date
Louis Opter
f4e621af88 clan-cli: secrets.sops: improve age keys detection 
This change allows you to e.g. directly pass `$(age-keygen)` on the
command line.
 2024-11-27 06:27:53 +00:00
Louis Opter
775be88a9c clan-cli: filter any sops recipients set in the environment for encryption 
This forces sops to use our config file, otherwise if any of the
environment variables set to specify recipients is present then
`--config` will be ignored (see [env_check]).

That's simple enough, still I ended up refactoring how we call sops for
correctness, and to align with its behavior. The code now distinguishes
between public and private keys explicitly. `secrets.decrypt_secret`
does not try to lookup for public and private keys anymore.

With this changeset, some people might have to adjust their environment
as public age and PGP keys will be discovered like sops would do. In
particular if multiple public keys are discovered, then the user will
have to specify which one to use for the clan.

This also makes the following changes:

- try to use `/dev/shm` when swapping a secret (it's what [pass] does
  fwiw);
- alias immediate values for readability;
- remove some float comparison that could never succeed, and use sops'
  exit status instead;
- remove unused function `maybe_get_sops_key`.

[env_check]: 8c567aa8a7/cmd/sops/main.go (L2229)
[pass]: http://passwordstore.org/
 2024-11-27 06:27:53 +00:00
Jörg Thalheim
c9e80f38ca vars: make interface more type-safe 2024-11-26 17:08:26 +01:00
a-kenji
22af137e17 pkgs/cli: Add --password flag to machines install 
Add `--password` flag to `clan machines install`,
which allows installing through the `nixos-image` installer
manually without extra configuration.
 2024-11-26 15:01:43 +01:00
Jörg Thalheim
fc9fcc5aa5 less verbose logging if commands fail 2024-11-26 14:38:59 +01:00
Jörg Thalheim
39db147e48 test_vars: mock ask function instead of sys.stdin 2024-11-26 11:56:38 +00:00
Johannes Kirschbauer
0811dd8e3e API/serde: add handling for serializing enum classes 2024-11-26 10:44:06 +00:00
DavHau
1881d7f0a5 vars: fix migration - secrets end up in public store 2024-11-26 17:02:11 +07:00
Qubasa
1063ac661a clan-cli: Remove tty.py 2024-11-25 20:32:36 +01:00
Qubasa
b9154fddd2 clan-cli: Refactor ssh classes to dataclasses 2024-11-25 19:47:17 +01:00
Qubasa
4e6051acdc docs: Fix nix flake check problem with diskId 2024-11-25 18:39:16 +01:00
lassulus
22c5e8ca8b cli password-store: upload generators folder only if it has secrets 2024-11-22 22:34:09 +01:00
lassulus
52b2b1c350 password-store: include filenames in manifest for upload check 2024-11-22 22:34:09 +01:00
lassulus
2c839ae768 cli password-store: skip uploading non secret files 2024-11-22 22:34:09 +01:00
Qubasa
a0b013d3cc clan-cli: Fix inventory update.sh 2024-11-22 22:23:10 +01:00
Qubasa
979e5e839d clan-cli: Refactor ssh part 2, Refactor custom_logger 2024-11-22 22:08:50 +01:00
Johannes Kirschbauer
6a6306f7f0 Clan-cli/api: init dynamic get module interface 2024-11-22 13:58:30 +01:00
Johannes Kirschbauer
0e556302c1 Clan-cli/api: list external modules 2024-11-21 17:04:35 +01:00
Johannes Kirschbauer
88114ebfdc Clan-cli: update inventory classes.py 2024-11-21 15:38:17 +00:00
Qubasa
a4f3d9d1fc clan-cli: Refactor ssh folder part 1 2024-11-21 13:02:22 +01:00
a-kenji
5a9d58ec59 pkgs/cli: Fix generation of hardware configuration for machines install 
Correctly use the `value` of the `enum`, which is expected by
`nixos-anywhere`.
 2024-11-20 16:15:45 +01:00
a-kenji
1c9ca82055 pkgs/cli: Fix tag creation for clan machines create 2024-11-20 15:12:05 +01:00
danjujan
1e20a4cda9 vms/qemu: fix opengl detection 2024-11-20 10:20:30 +00:00
Jörg Thalheim
952a5f3ee7 vars: add VarStatus dataclass to make return type more readable 2024-11-20 10:20:06 +00:00
DavHau
d4c8b2e4ed vars: implement invalidation mechanism 
This adds options `invalidationData` to generators.

`invalidationData` can be used by an author of a generator to signal if a re-generation is required after updating the logic.

Whenever a generator with invalidation data is executed, a hash of that data is stored by the respective public and/or secret backends.

The stored hashes will be checked on future deployments, and a re-generation is triggered whenever a hash doesn't match what's defined in nix.
 2024-11-20 16:27:22 +07:00
Jörg Thalheim
68a5d072b2 vars: don't print stack trace if generator fails 2024-11-19 09:46:14 +00:00
Jörg Thalheim
2b270a8951 vars: introduce ensure_machine_has_access method for sops 
this should help avoiding overriding existing shared secrets by not
triggering vars regeneration if a machine has no access.

wip
 2024-11-19 09:46:14 +00:00
Jörg Thalheim
609dc90775 remove ssh.id_ed25519 from facts test 
we have moved this to vars now.
 2024-11-19 09:46:14 +00:00
Johannes Kirschbauer
3a46119722 Modules/api: export constraints, filter by inventory 2024-11-19 10:36:29 +01:00
DavHau
2127c7f5cb vars: add test for 'clan vars get' 2024-11-19 13:32:27 +07:00
DavHau
1d66d32163 tests: improve performance, keep flake.lock between tests 
- deprecate fixture generate_flake in favor of class ClanFlake
- allow creating flake templates that can be copied, including their state, like git and lock files, in order to avoid expensive re-initialization
 2024-11-18 17:01:58 +07:00
lassulus
8f0c575425 password-store owner & group support 2024-11-16 01:18:59 +01:00
Qubasa
26730cd662 clan-cli: upload.py -> Replace rsync with native ssh command 2024-11-15 22:03:47 +07:00
a-kenji
b894a41a60 pkgs/cli: Add comment to add_common_flags function 2024-11-15 12:06:10 +01:00
a-kenji
25b90983af pkgs/cli: Fix adding common flags for aliases 2024-11-15 10:49:03 +00:00
Jörg Thalheim
4de97616bc vars: introduce ensure_machine_has_access method for sops 
this should help avoiding overriding existing shared secrets by not
triggering vars regeneration if a machine has no access.

wip
 2024-11-14 15:37:55 +00:00
Jörg Thalheim
673717fe8c vars/get: use machine_name as variable name 2024-11-14 15:37:55 +00:00
Jörg Thalheim
91d2018bb7 vars/sops: simplify conditional in exists 2024-11-14 15:37:55 +00:00
clan-bot
0695b82edd Merge pull request 'pkgs/cli: Improve help description' (#2415) from kenji/clan-core:kenji-cli/show/improve/description into main 2024-11-14 14:40:22 +00:00
a-kenji
9c08e90083 pkgs/cli: Improve help description 2024-11-14 15:34:24 +01:00
clan-bot
cda12b0f22 Merge pull request 'pkgs/cli: Improve clan secrets help' (#2416) from kenji/clan-core:kenji-cli/secrets/help into main 2024-11-14 14:18:43 +00:00
clan-bot
d05b1323b1 Merge pull request 'pkgs/cli: Remove superfluous comment string' (#2414) from kenji/clan-core:kenji-cli/improve/show-comment into main 2024-11-14 14:15:52 +00:00
clan-bot
d17e00c177 Merge pull request 'pkgs/cli: Fix typo in test fixtures' (#2412) from kenji/clan-core:kenji-fix/typo-fixture into main 2024-11-14 14:13:12 +00:00
a-kenji
332e521340 pkgs/cli: Improve clan secrets help 2024-11-14 15:07:16 +01:00
a-kenji
52f5bc048b pkgs/cli: Remove superfluous comment string 2024-11-14 15:04:19 +01:00
a-kenji
eb31b1cfa0 pkgs/cli: Improve help output of show subcommand 2024-11-14 15:03:14 +01:00
a-kenji
edef77091a pkgs/cli: Fix typo in test fixtures 2024-11-14 15:00:44 +01:00
lassulus
faf0946c99 cli vars password-store: fix file locations 2024-11-14 12:07:52 +01:00
a-kenji
edd7253dea pkgs/cli: Fix typo in comment 2024-11-14 10:17:44 +01:00
DavHau
a5ec3c45d5 clan-cli: remove --no-write-lock-file from nix invocations 2024-11-14 14:11:06 +07:00