yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
4,321 Commits 120 Branches 6 Tags
1666513e919b61ec084f6fc9702898255169a918
Commit Graph

61 Commits

Author SHA1 Message Date
Jörg Thalheim
1666513e91 Revert "Merge pull request 'Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main"' (#2202) from revert into main" 
This reverts commit a5496e8db0, reversing
changes made to 9bb1aef245.
 2024-10-04 16:36:35 +00:00
DavHau
8f16cf0282 Revert "vars: refactor - copy logic to sops secret module" 
This reverts commit ae53ea7399.
 2024-10-04 18:20:53 +02:00
Jörg Thalheim
084ebf9edc Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main" 
This reverts commit 5668fd05a0, reversing
changes made to dd17fbdc6d.

Reverting for now as Dave's recent change conflicts with this change.
 2024-10-04 17:54:29 +02:00
Louis Opter
d18c0fa3ae Fix: do not assume users use age keys in vars/sops 
With added support for PGP for users keys, do not assume an age key is
going to be present in secrets files.
 2024-10-04 15:36:30 +00:00
DavHau
11c37ebeba vars/keygen: fix + cleanup tests 
- generate keys in ./sops instead of ./sops/vars for now
- don't initialize all flakes with sops keys, only generate when needed
- use the new 'clan vars keygen' in tests
 2024-10-04 17:25:17 +02:00
DavHau
2a9ced1e26 vars: add 'clan vars keygen' 2024-10-04 16:13:49 +02:00
DavHau
ae53ea7399 vars: refactor - copy logic to sops secret module 
This is in preparation for moving the storage away from ./sops to ./vars/sops
 2024-10-04 14:31:22 +02:00
Jörg Thalheim
4826582547 add more custom prefixes for temporary directories 2024-10-01 20:54:19 +02:00
clan-bot
a57f409224 Merge pull request 'generate: don't set type=bool in argparse.BooleanOptionalAction' (#2190) from fix-warning into main 2024-10-01 17:04:49 +00:00
Jörg Thalheim
f9a42831e4 start to name temporary directories in more places 2024-10-01 18:57:59 +02:00
Jörg Thalheim
a5e18fda08 generate: don't set type=bool in argparse.BooleanOptionalAction 2024-10-01 18:48:54 +02:00
Qubasa
945c491d05 clan flash: Remove root requirement for flash, add a flash-template 2024-09-24 13:42:21 +02:00
DavHau
e49d1f0127 vars/sops: improve shared secrets, switching backend 
When a second machine checks for a shared secret, now the exists() call returns negative and only when updating the secrets for that machine, the machine is added to the sops receivers.

Also throw proper errors when the user switches backends without cleaning the files first.
 2024-09-20 15:06:54 +02:00
DavHau
0a8b7f38a8 vars: implement migration 
Migrating generated files from the facts subsystem to the vars subsystem is now possible.

HowTo:
1. declare `clan.core.vars.generators.<generator>.migrateFact = my_service` where `my_service` refers to a service from `clan.core.facts.services`
2. run `clan vers generate your_machine` or `clan machines update your_machine`

Vars will only be migrated for a generator if:
1. The facts service specified via `migrateFact` does exist
2. None of the vars to generate exist yet
3. All public var names exist in the public facts store
4. All secret var names exist in the secret fact store

If the migration is deemed possible, the generator script will not be executed. Instead the files from the public or secret facts store are read and stored into the corresponding vars store
 2024-09-19 17:57:03 +02:00
DavHau
01c833f2bc vars/generate: improve output when vars are updated 
fixes #2076

- print old and new value if possible
- also inform the user if something hasn't changed
 2024-09-18 16:57:01 +02:00
DavHau
bd79e6aef6 vars: generate proper commit messages 
fixes #2126
 2024-09-17 20:22:18 +02:00
DavHau
81cb28b6c0 vars/sops/shared: add machines key on demand 2024-09-12 20:17:05 +02:00
DavHau
eafcb0f870 vars/list: display '<not set>' also for secrets 2024-09-12 17:24:29 +02:00
DavHau
85477d51f6 vars: get rid of meta.json 2024-09-12 16:52:44 +02:00
DavHau
e905407989 vars/sops: load sops info from nix instead of filesystem 2024-09-12 16:30:21 +02:00
DavHau
a79ec63720 vars/password-store: implement upload and hashing 2024-09-09 22:13:16 +02:00
DavHau
0893b04458 vars/password-store: use standard paths; fix share flag 2024-09-09 21:20:03 +02:00
DavHau
803f43dfd1 vars: improve generator pipeline 
Compute the whole closure of to-be-executed generators upfront before executing anything

Properly compute closures for the 4 different scenarios:

1. full_closure: run all generators for a selected machine in topological order
2. all_missing_closure: run just the missing generators including their dependents
3. requested_closure: run only a selected list of generators including their missing dependencies and their dependents
4. minimal_closure: Run just enough to ensure that the list of selected generators are in a consistent state. Don't execute anything if nothing is missing.
 2024-09-06 21:32:17 +02:00
DavHau
6bb93d087c vars: refactor - ask prompts before running any generators 2024-09-06 16:08:46 +02:00
DavHau
3089296328 clan-cli: fix cyclic import problem 2024-09-06 15:38:12 +02:00
DavHau
5cd9960ed4 vars: improve generator execution pipeline 
- ensure all dependents are re-generated as well
- refactor: separate out computation of generator update closure
 2024-09-06 14:30:49 +02:00
DavHau
a57525d5c6 vars: add api endpoint set_prompts 2024-09-04 18:06:11 +02:00
DavHau
ed1738c0cd vars: add get_prompts api endpoint 
vars: add test for api endpoint get_prompts
 2024-09-04 17:36:50 +02:00
clan-bot
87d47c7c31 Merge pull request 'apply TRY lint' (#2035) from joerg-ci into main 2024-09-04 13:20:11 +00:00
DavHau
3f23ad4f79 vars: set vars via cli; improve getting vars via cli; 2024-09-04 14:48:42 +02:00
DavHau
59593c2e39 vars: add 'get' command to cli 2024-09-03 19:19:20 +02:00
Jörg Thalheim
29909e49d3 apply TRY lint 2024-09-03 18:13:46 +02:00
DavHau
924f5e41c6 vars: global metadata paths for all store backends 
This also changes the paths where sops stores teh secret -> all sops secrets will have to be re-generated
 2024-09-03 16:30:01 +02:00
DavHau
6e16e54968 vars: make simplify vars store abstraction 2024-09-02 18:44:00 +02:00
Jörg Thalheim
1fa0e72bea use pathlib everywhere 2024-09-02 18:26:13 +02:00
Jörg Thalheim
483d8ce521 add SIM lint 2024-09-02 16:39:30 +02:00
Jörg Thalheim
cb16cda3fa add RET, Q, RSE lint 2024-09-02 15:58:49 +02:00
Jörg Thalheim
e150b37fb8 enable ASYNC, DTZ, YTT and EM lints 2024-09-02 14:07:06 +02:00
Jörg Thalheim
22d6e5e153 enable comprehensions linting rules 2024-09-02 13:35:52 +02:00
Jörg Thalheim
b313f2d066 make all same-module imports relative, the rest absolute 
This makes sorting more consitent.
 2024-09-02 13:00:19 +02:00
DavHau
64d29cd28c vars: improve check command and add tests 2024-09-01 16:45:09 +02:00
DavHau
b627eafc80 vars: fix listing vars + add test 2024-09-01 16:10:25 +02:00
DavHau
04010bba90 vars: implement listing all vars 2024-09-01 16:03:37 +02:00
DavHau
62ccd0ed4b vars: introduce deploy=true/false for generated files 2024-09-01 14:32:46 +02:00
DavHau
a88b47c1f5 vars: rename 'facts' _ 'vars' in docs 2024-08-23 18:00:38 +02:00
Jörg Thalheim
30bbb142e2 Merge remote-tracking branch 'origin/main' into rework-installation 2024-08-21 13:38:04 +02:00
DavHau
6892202bf2 vars: add test for deployment 2024-08-13 15:29:51 +02:00
DavHau
d1c2f0b622 vars: introduce share flag 2024-08-03 15:26:53 +07:00
Jörg Thalheim
8ccd8af3cc Merge remote-tracking branch 'origin/main' into rework-installation 2024-07-24 21:58:57 +02:00
DavHau
1b3dc65b89 vars/sops: store secrets in /sops/vars 2024-07-24 18:42:50 +07:00