clan-bot
1511b14b3c
Merge pull request 'fix vars migration prompts. add secretsForUsers to vars interface and implement that for pass' ( #2551 ) from lassulus/clan-core:vars-stuff into main
2024-12-04 09:03:24 +00:00
DavHau
37ad4eaad5
vars: print() -> log.info()
2024-12-04 14:08:50 +07:00
DavHau
f5226ec7ff
vars: Improve logging for migration
2024-12-04 12:42:03 +07:00
lassulus
c6a713d393
cli vars generate: log in global context what is global
2024-12-03 22:29:25 +01:00
lassulus
d89ee46d7f
vars password-store: add neededForUsers option
2024-12-03 22:28:39 +01:00
lassulus
2916798e84
vars generate: show prompts only if not migrating
2024-12-03 22:25:16 +01:00
Qubasa
164c621dc0
clan-cli: Fix ignored debug flag in clan vms run, refactor Host.run to use RunOpts
2024-12-03 16:01:51 +01:00
lassulus
1b83fd27a8
cli vars: remove get_all from baseclass
2024-12-02 11:30:09 +01:00
DavHau
681c671391
vars/migration: remove useless check
2024-11-29 17:23:31 +07:00
DavHau
66ce80c096
vars: rename: invalidation -> validation
2024-11-29 17:23:31 +07:00
DavHau
03bcf6bba3
vars: generate docs for cli and module
2024-11-29 17:23:31 +07:00
lassulus
513431148e
vars: make upload actually upload
2024-11-28 21:00:12 +01:00
lassulus
d4fb4efd1f
cli vars upload: fix sops
2024-11-28 17:52:04 +01:00
clan-bot
a97d719a52
Merge pull request 'remove secretsUploadDirectory from common module' ( #2509 ) from lassulus/clan-core:no-secrets-upload-dir into main
2024-11-28 15:46:51 +00:00
lassulus
c00ac4a246
vars: remove secretsUploadDirectory from common module
2024-11-28 16:38:06 +01:00
Qubasa
d2719f3179
clan-cli: cmd.run now has its options extracted to a dataclass
2024-11-28 15:26:37 +01:00
Louis Opter
1ba27196d8
clan-cli: rebase sops changes on top of vars changes
...
vars changes in question are from commit: 54b8f5904e
2024-11-27 06:27:53 +00:00
Jörg Thalheim
45dfbf54db
vars: make interface more type-safe
2024-11-26 17:08:26 +01:00
Jörg Thalheim
8eb37903e0
test_vars: mock ask function instead of sys.stdin
2024-11-26 11:56:38 +00:00
DavHau
173436632d
vars: fix migration - secrets end up in public store
2024-11-26 17:02:11 +07:00
Qubasa
27b40849d1
clan-cli: Refactor ssh classes to dataclasses
2024-11-25 19:47:17 +01:00
Qubasa
41a84f5970
docs: Fix nix flake check problem with diskId
2024-11-25 18:39:16 +01:00
lassulus
19dce7694f
cli password-store: upload generators folder only if it has secrets
2024-11-22 22:34:09 +01:00
lassulus
045c9119f3
password-store: include filenames in manifest for upload check
2024-11-22 22:34:09 +01:00
lassulus
13b7d3c7ec
cli password-store: skip uploading non secret files
2024-11-22 22:34:09 +01:00
Qubasa
8866a85765
clan-cli: Refactor ssh part 2, Refactor custom_logger
2024-11-22 22:08:50 +01:00
Jörg Thalheim
5bf2afdf0e
vars: add VarStatus dataclass to make return type more readable
2024-11-20 10:20:06 +00:00
DavHau
3f62e143ec
vars: implement invalidation mechanism
...
This adds options `invalidationData` to generators.
`invalidationData` can be used by an author of a generator to signal if a re-generation is required after updating the logic.
Whenever a generator with invalidation data is executed, a hash of that data is stored by the respective public and/or secret backends.
The stored hashes will be checked on future deployments, and a re-generation is triggered whenever a hash doesn't match what's defined in nix.
2024-11-20 16:27:22 +07:00
Jörg Thalheim
a4e03a85eb
vars: don't print stack trace if generator fails
2024-11-19 09:46:14 +00:00
Jörg Thalheim
9c6e04fa3f
vars: introduce ensure_machine_has_access method for sops
...
this should help avoiding overriding existing shared secrets by not
triggering vars regeneration if a machine has no access.
wip
2024-11-19 09:46:14 +00:00
lassulus
8e1697a089
password-store owner & group support
2024-11-16 01:18:59 +01:00
Qubasa
250eed0798
clan-cli: upload.py -> Replace rsync with native ssh command
2024-11-15 22:03:47 +07:00
Jörg Thalheim
c98055c781
vars: introduce ensure_machine_has_access method for sops
...
this should help avoiding overriding existing shared secrets by not
triggering vars regeneration if a machine has no access.
wip
2024-11-14 15:37:55 +00:00
Jörg Thalheim
8f1e5ed1eb
vars/get: use machine_name as variable name
2024-11-14 15:37:55 +00:00
Jörg Thalheim
4a389b0fb3
vars/sops: simplify conditional in exists
2024-11-14 15:37:55 +00:00
lassulus
7ae7ac8bd1
cli vars password-store: fix file locations
2024-11-14 12:07:52 +01:00
lassulus
11ce774820
clan_cli vars: actually upload
2024-11-13 13:23:42 +01:00
DavHau
54b8f5904e
vars: allow re-encrypting secrets when recipient keys were added.
...
When the users of a secret change, when for example a new admin user is added, an error will be thrown when generating vars, prompting the user to pass --fix to re-encrypt the secrets
2024-11-13 18:49:30 +07:00
DavHau
236d9eaec3
vars,facts: update_check -> needs_upload
2024-11-13 13:34:15 +07:00
Jörg Thalheim
8e4067ee03
vars: fix case if we have two vars with where one is the prefix of another one
2024-11-12 16:11:39 +00:00
Jörg Thalheim
34410c6e17
vars: update message if vars are up-to-date
2024-11-08 15:43:10 +01:00
DavHau
7208c6dc82
vars: fix shared dependency was not resolved correctly
2024-10-23 20:43:33 +07:00
DavHau
db0fdba384
cli: set needs_user_terminal for all ssh commands
2024-10-23 19:40:50 +07:00
Jörg Thalheim
4230ae6750
ruff: enable warning lints
2024-10-23 09:06:02 +00:00
DavHau
cc43a46c53
vars: show full var_id when prompting
2024-10-16 13:13:41 +07:00
Jörg Thalheim
d97bda9c0d
{vars,facts}/upload: fix ipv6 support
2024-10-10 17:03:32 +02:00
DavHau
d9597dab05
vars,facts: add sops.defaultGroups to new machines
...
Prior to this, when initializing new machines, only the current user had access to it's key which prevents other admin users to deploy this machine later
2024-10-10 19:31:03 +07:00
Jörg Thalheim
36573589ef
{vars,facts}/generate: ensure that args.flake is passed
2024-10-08 17:51:55 +00:00
Jörg Thalheim
8101996c16
pass in flakeid to vm_state_dir
2024-10-08 17:51:55 +00:00
Jörg Thalheim
4e1d4afa9b
vars/keygen: adept to new sops api
2024-10-04 16:36:35 +00:00
