yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
4,346 Commits 119 Branches 6 Tags
1d026f68ce797d16563fd0c4eca68ae4cd58d262
Commit Graph

4346 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Johannes Kirschbauer
1d026f68ce Fix: modules wrong path coercion 2024-10-07 22:47:49 +02:00
clan-bot
8004d9910b Merge pull request 'Automatic flake update - nixos-facter-modules - 2024-10-07T00:00+00:00' (#2211) from flake-update-nixos-facter-modules-2024-10-07 into main 2024-10-07 00:57:48 +00:00
clan-bot
9dfca642c0 Merge pull request 'Automatic flake update - 2024-10-07T00:00+00:00' (#2213) from flake-update-2024-10-07 into main 2024-10-07 00:48:57 +00:00
clan-bot
96503bf0bb Merge pull request 'Automatic flake update - treefmt-nix - 2024-10-07T00:00+00:00' (#2216) from flake-update-treefmt-nix-2024-10-07 into main 2024-10-07 00:47:32 +00:00
clan-bot
617d038fa7 Merge pull request 'Automatic flake update - sops-nix - 2024-10-07T00:00+00:00' (#2215) from flake-update-sops-nix-2024-10-07 into main 2024-10-07 00:45:13 +00:00
clan-bot
34c9115479 Merge pull request 'Automatic flake update - nixos-images - 2024-10-07T00:00+00:00' (#2212) from flake-update-nixos-images-2024-10-07 into main 2024-10-07 00:43:34 +00:00
clan-bot
5ba6b6e54c Merge pull request 'Automatic flake update - disko - 2024-10-07T00:00+00:00' (#2209) from flake-update-disko-2024-10-07 into main 2024-10-07 00:39:29 +00:00
clan-bot
78e8041b26 Merge pull request 'Automatic flake update - flake-parts - 2024-10-07T00:00+00:00' (#2210) from flake-update-flake-parts-2024-10-07 into main 2024-10-07 00:39:16 +00:00
clan-bot
65fb7e0144 Merge pull request 'Automatic flake update - nixpkgs - 2024-10-07T00:00+00:00' (#2214) from flake-update-nixpkgs-2024-10-07 into main 2024-10-07 00:39:15 +00:00
Clan Merge Bot
4c53eb1f26 update flake lock - treefmt-nix - 2024-10-07T00:00+00:00 
Flake lock file updates:

• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/879b29ae9a0378904fbbefe0dadaed43c8905754' (2024-09-27)
  → 'github:numtide/treefmt-nix/4446c7a6fc0775df028c5a3f6727945ba8400e64' (2024-10-03)
 2024-10-07 00:00:33 +00:00
Clan Merge Bot
01162eab39 update flake lock - sops-nix - 2024-10-07T00:00+00:00 
Flake lock file updates:

• Updated input 'sops-nix':
    'github:Mic92/sops-nix/127a96f49ddc377be6ba76964411bab11ae27803' (2024-09-27)
  → 'github:Mic92/sops-nix/2750ed784e93e745a33fb55be7c2657adfb57c00' (2024-10-06)
 2024-10-07 00:00:31 +00:00
Clan Merge Bot
eaff8e58d9 update flake lock - nixpkgs - 2024-10-07T00:00+00:00 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/7eee17a8a5868ecf596bbb8c8beb527253ea8f4d' (2024-09-29)
  → 'github:NixOS/nixpkgs/50b3bd3fed0442bcbf7f58355e990da84af1749d' (2024-10-06)
 2024-10-07 00:00:29 +00:00
Clan Merge Bot
7b5357538e update flake lock - 2024-10-07T00:00+00:00 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/b709e1cc33fcde71c7db43850a55ebe6449d0959' (2024-09-28)
  → 'github:nix-community/disko/48ebb577855fb2398653f033b3b2208a9249203d' (2024-10-05)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a' (2024-09-12)
  → 'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
• Updated input 'nixos-facter-modules':
    'github:numtide/nixos-facter-modules/e1ac6a83a5733788833fdff12aa074b5bdfdc965' (2024-09-29)
  → 'github:numtide/nixos-facter-modules/ec6ef7d5495bb5db1b6991791625eb22d108e954' (2024-09-30)
• Updated input 'nixos-images':
    'github:nix-community/nixos-images/acd37edb645a00b051f2ac88e02a2eb0ed459db6' (2024-09-26)
  → 'github:nix-community/nixos-images/c6d733b5cb6c07b5650298d3d6b685dc5dece7f8' (2024-10-03)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/7eee17a8a5868ecf596bbb8c8beb527253ea8f4d' (2024-09-29)
  → 'github:NixOS/nixpkgs/50b3bd3fed0442bcbf7f58355e990da84af1749d' (2024-10-06)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/127a96f49ddc377be6ba76964411bab11ae27803' (2024-09-27)
  → 'github:Mic92/sops-nix/2750ed784e93e745a33fb55be7c2657adfb57c00' (2024-10-06)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/879b29ae9a0378904fbbefe0dadaed43c8905754' (2024-09-27)
  → 'github:numtide/treefmt-nix/4446c7a6fc0775df028c5a3f6727945ba8400e64' (2024-10-03)
 2024-10-07 00:00:25 +00:00
Clan Merge Bot
6bc74d99a6 update flake lock - nixos-images - 2024-10-07T00:00+00:00 
Flake lock file updates:

• Updated input 'nixos-images':
    'github:nix-community/nixos-images/acd37edb645a00b051f2ac88e02a2eb0ed459db6' (2024-09-26)
  → 'github:nix-community/nixos-images/c6d733b5cb6c07b5650298d3d6b685dc5dece7f8' (2024-10-03)
 2024-10-07 00:00:08 +00:00
Clan Merge Bot
c5514ffa73 update flake lock - nixos-facter-modules - 2024-10-07T00:00+00:00 
Flake lock file updates:

• Updated input 'nixos-facter-modules':
    'github:numtide/nixos-facter-modules/e1ac6a83a5733788833fdff12aa074b5bdfdc965' (2024-09-29)
  → 'github:numtide/nixos-facter-modules/ec6ef7d5495bb5db1b6991791625eb22d108e954' (2024-09-30)
 2024-10-07 00:00:05 +00:00
Clan Merge Bot
3f60796f70 update flake lock - flake-parts - 2024-10-07T00:00+00:00 
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a' (2024-09-12)
  → 'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
 2024-10-07 00:00:03 +00:00
Clan Merge Bot
1a1f21b9ac update flake lock - disko - 2024-10-07T00:00+00:00 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/b709e1cc33fcde71c7db43850a55ebe6449d0959' (2024-09-28)
  → 'github:nix-community/disko/48ebb577855fb2398653f033b3b2208a9249203d' (2024-10-05)
 2024-10-07 00:00:01 +00:00
clan-bot
266ce64035 Merge pull request 'clan-cli: Improve CmdOut output' (#2207) from Qubasa/clan-core:Qubasa-main into main 2024-10-06 23:44:12 +00:00
Qubasa
0f79c6a850 clan-cli: Improve CmdOut output 2024-10-07 01:36:40 +02:00
clan-bot
9d3dd233f5 Merge pull request 'clan-cli: Add --host-key-check to machine update' (#2206) from Qubasa/clan-core:Qubasa-main into main 2024-10-05 21:40:03 +00:00
Qubasa
7bd50b03b3 clan-cli: Add --host-key-check to machine update 2024-10-05 23:33:44 +02:00
clan-bot
8df6ed40b5 Merge pull request 'clan-cli: Fix bug where --target_host is getting ignored' (#2205) from Qubasa/clan-core:Qubasa-main into main 2024-10-05 16:59:17 +00:00
Qubasa
34711c419c clan-cli: Fix bug where --target_host is getting ignored 2024-10-05 18:51:44 +02:00
Mic92
f920098d66 Merge pull request 'vars/keygen: adapt to new sops api' (#2204) from gpg-take-2 into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2204
 2024-10-04 16:36:35 +00:00
Jörg Thalheim
4e1d4afa9b vars/keygen: adept to new sops api 2024-10-04 16:36:35 +00:00
Jörg Thalheim
76aa8d2d82 Revert "Merge pull request 'Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main"' (#2202) from revert into main" 
This reverts commit 23f5abee0d, reversing
changes made to 66a94c91ae.
 2024-10-04 16:36:35 +00:00
clan-bot
f84470fe9f Merge pull request 'Revert "vars: refactor - copy logic to sops secret module"' (#2203) from DavHau/clan-core:DavHau-vars-migration into main 2024-10-04 16:27:24 +00:00
DavHau
2b3fba9dd0 Revert "vars: refactor - copy logic to sops secret module" 
This reverts commit 83d850dac4.
 2024-10-04 18:20:53 +02:00
Mic92
23f5abee0d Merge pull request 'Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main"' (#2202) from revert into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2202
 2024-10-04 16:12:27 +00:00
Jörg Thalheim
d134d94a1e Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main" 
This reverts commit b956b94039, reversing
changes made to b1af3d5d6d.

Reverting for now as Dave's recent change conflicts with this change.
 2024-10-04 17:54:29 +02:00
Mic92
66a94c91ae Merge pull request 'iwd: add AutoConnect option' (#2194) from nim65s/clan-core:autoconnect into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2194
 2024-10-04 15:39:13 +00:00
Guilhem Saurel
147cb0b002 iwd: add AutoConnect option 2024-10-04 15:39:13 +00:00
Mic92
b956b94039 Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2186
 2024-10-04 15:36:30 +00:00
Louis Opter
dbe8927a77 Update tests for clan secrets 2024-10-04 15:36:30 +00:00
Louis Opter
103ad87bc9 Improvements for clan secrets key generate. 
I am not sure to understand what `extract_public_key` was for. It seems
like `age-keygen -y` will just work fine for a file like
`extract_public_key` is looking for. Unless someone intentionally made a
file with a comment like that without the private key in it.

Messages are moved to stdout rather being logged. It feels like the
output is meaningful in the first step users are going to take. Also
makes testing easier, as log messages are captured differently than
stdout. The call to add an user is changed to be easier to copy paste
and work whether PGP or age is in use.

A description for the command is added instead of help which does not
seem to be displayed.
 2024-10-04 15:36:30 +00:00
Louis Opter
7999465d89 Make clan_cli.secrets.sops.SopsKey immutable and remove its __eq__ method 
Immutability seems sensible for this type.

There is some ambiguity on how to compare keys, in particular when `user.name == ""`, but the rest matches.
 2024-10-04 15:36:30 +00:00
Louis Opter
6848b3b6b3 fix: clan secrets user get dump the user identity correctly 2024-10-04 15:36:30 +00:00
Louis Opter
6694c2b60d Fix key dump in clan secrets key show 
```
In [4]: str(Type.AGE)
Out[4]: Type.AGE

In [5]: Type.AGE.name.lower()
Out[5]: age
```
 2024-10-04 15:36:30 +00:00
Jörg Thalheim
be5f10e241 secrets/show: pretty print json 2024-10-04 15:36:30 +00:00
Jörg Thalheim
4a3030d6ed secrets: replace Key, key type tuple with SopsKey class 2024-10-04 15:36:30 +00:00
Jörg Thalheim
541a73692f fix serialisation of SopsKey type 2024-10-04 15:36:30 +00:00
Jörg Thalheim
db065ea06b error if we cannot load a dataclass from file 2024-10-04 15:36:30 +00:00
Jörg Thalheim
d909078033 default key type to age and rename to age-key/pgp-key 2024-10-04 15:36:30 +00:00
Jörg Thalheim
24973370b3 secrets: do not shadow python builtins 2024-10-04 15:36:30 +00:00
Louis Opter
710b832066 Fix: do not assume users use age keys in vars/sops 
With added support for PGP for users keys, do not assume an age key is
going to be present in secrets files.
 2024-10-04 15:36:30 +00:00
Louis Opter
30d0afe75b Fix: use new sops api in clan secrets machines 2024-10-04 15:36:30 +00:00
Louis Opter
61ceb44a71 Draft: clan-cli: secrets: Add support for PGP keys with sops-nix 
To use a PGP key instead of an age key you can set `SOPS_PGP_FP`. (You
can use `gpg -k --fingerprint --fingerprint` to get your PGP encryption
key fingerprint, remove spaces from it).

The internal manifest file already supported a type field, and so I built
from there.

With those changes, I was able to add my PGP key, and update all my
secrets with it, instead of the age key originally generated:

```
% clan secrets key show | jq
{
  "key": "ADB6276965590A096004F6D1E114CBAE8FA29165",
  "type": "pgp"
}
% clan secrets key update
% for s in $(clan secrets list) ; do clan secrets users add-secret kal-pgp-from-2022-12-to-2024-12 "$s"; done
% for s in $(clan secrets list) ; do clan secrets users remove-secret --debug kal "$s" ; done
```
 2024-10-04 15:36:30 +00:00
clan-bot
b1af3d5d6d Merge pull request 'vars/keygen: fix + cleanup tests' (#2201) from DavHau/clan-core:DavHau-vars-migration into main 2024-10-04 15:32:31 +00:00
DavHau
a257769abd vars/keygen: fix + cleanup tests 
- generate keys in ./sops instead of ./sops/vars for now
- don't initialize all flakes with sops keys, only generate when needed
- use the new 'clan vars keygen' in tests
 2024-10-04 17:25:17 +02:00
clan-bot
3b9f20b943 Merge pull request 'vars: add 'clan vars keygen'' (#2200) from DavHau/clan-core:DavHau-vars-migration into main 2024-10-04 14:21:10 +00:00