yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
7,738 Commits 120 Branches 6 Tags
217f55adec6fda3681c2e3efba214f773e05ea64
Commit Graph

1807 Commits

Author SHA1 Message Date
Jörg Thalheim
f4d34b1326 fix upload when sudo prompts are needed 2025-05-04 10:51:49 +02:00
Mic92
3b5c22ebcf Merge pull request 'Miscellaneous ssh fixes.' (#3487) from misc-fixes into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3487
 2025-05-04 08:51:31 +00:00
Jörg Thalheim
f6899166c7 cmd: don't shadow time module 2025-05-04 10:39:50 +02:00
Jörg Thalheim
f5277c989a Host: always set needs_user_terminal for ssh commands, only override prefix if given by user 2025-05-04 10:39:39 +02:00
Jörg Thalheim
03731a2a67 run_local: allow stdin to be a file descriptor 2025-05-04 10:39:28 +02:00
Jörg Thalheim
091a56f57d update_hardware_config: use host.run rather than adhoc ssh command 2025-05-04 10:30:46 +02:00
Jörg Thalheim
7351f7994c rename connect_ssh_shell to interactive_ssh 
better name than secure shell shell
 2025-05-04 10:28:43 +02:00
Jörg Thalheim
5770ea036c move password/tor_socks into Host attributes 
we set those parameters usually just once.
 2025-05-04 10:28:43 +02:00
Jörg Thalheim
c430ff6253 configure ControlMaster and ControlPath for SSH connections 
This should speed up deployments by not having to reconnect to the server on each command
 2025-05-04 09:48:37 +02:00
Jörg Thalheim
b79446f97e facts/sops: no longer upload age key 
The vars backend already does this for us.
This avoids duplicated work.
 2025-05-04 09:29:29 +02:00
Mic92
2d97119a3b Merge pull request 'Avoid a few cases of chmod-after-creation' (#3438) from tangential/clan-core:it-s_a_race into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3438
 2025-05-04 07:08:43 +00:00
Mic92
20ab5a67c1 Merge pull request 'clanCore/vars/sops: only copy required secrets to store' (#3457) from vdbe/clan-core:clanCore/vars/sops/only-copy-used into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3457
 2025-05-04 06:41:37 +00:00
vdbe
b08a2bdb75 clanCore/vars/sops: only copy required secrets to store 
Create a store path per in repo secret/var to be copied, this prevents
unused secrets from being leaked.

For example the `root-password` generator contains both the hashed and
unhashed password but only the hash is used.
 2025-05-04 08:08:58 +02:00
Mic92
e8c85e3237 Merge pull request 'Set terminal on nix flake update/archive' (#3468) from fix-shell-on-copy into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3468
 2025-05-04 05:59:58 +00:00
DavHau
9186961ccb GUI/vars: add endpoints for getting prompts and generating vars 2025-05-03 14:44:51 +07:00
DavHau
ca594bbe95 refactor(vars): move migration logic to extra file 2025-05-03 07:33:11 +00:00
DavHau
f8e7292bc4 GUI: generate sops key when creating clan 2025-05-03 13:00:27 +07:00
pinpox
a99c832ed9 Set terminal on nix flake update/archive 
When using resident SSH-keys (-sk), e.g. from a Yubikey that require a
Pin, a terminal is needed to be able to enter it during deployment.
 2025-05-02 15:41:29 +02:00
lassulus
e6ebca8588 clan-cli select: fix returning early on list select 2025-05-02 00:16:21 +09:00
Mic92
db215a48b5 Merge pull request 'correct capitilization for targetHost in error message' (#3461) from target-host into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3461
 2025-05-01 13:21:42 +00:00
Jörg Thalheim
ea1c8b9503 correct capitilization for targetHost in error message 2025-05-01 15:11:05 +02:00
lassulus
47bcec69ab clan_cli flake caching: fix caching of store files 2025-05-01 13:40:12 +09:00
hsjobeki
7b4b700c33 Merge pull request 'Refactor(inventory): move prio 'introspection' into inventoryClass to minimize the 'clanInternals' api' (#3440) from hsjobeki/clan-core:ui-fixups into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3440
 2025-04-30 10:24:34 +00:00
Johannes Kirschbauer
e07551cecf Refactor(inventory): move prio 'introspection' into inventoryClass to minimize the 'clanInternals' api 2025-04-30 11:02:58 +02:00
DavHau
8a4fe1405a gui: make update machine work 
Also fix error when age plugins not defined
 2025-04-30 15:28:49 +07:00
DavHau
f7e0345ab3 app: open welcome page if clan doesn't exist 
Previously if a user started the app and the last opened clan directory does not exist anymore, it would still show the clan screen but without any machines.

This changes catches this case and throws the user back to the clan selection page
 2025-04-30 14:48:05 +07:00
Brian McGee
a438fe77a7 feat: configure age plugins for SOPS in buildClan 2025-04-29 16:02:32 +10:00
Brian McGee
d3e1c0b4e4 fix: multiple user keys in secrets 
We were not loading all the user keys, only the first one.
 2025-04-29 15:47:54 +10:00
Brian McGee
1694a977f1 feat: support age plugins 
Extends how we parse the contents of `SOPS_AGE_KEY` / `SOPS_AGE_KEY_FILE` / `keys.txt`, allowing a user to prepend a comment before any `AGE-PLUGIN-` secret key entry to indicate its corresponding public key.

For example:

```
AGE-PLUGIN-FIDO2-HMAC-xxxxxxxxxxxxx
```

The comment can use any prefix (e.g. `# public key: age1xxxx`, `# recipient: age1xxx`) as we are looking directly for `age1xxxx` within the line.

This change is necessary to support `age` plugins as there is no unified mechanism to recover the public key from a plugin's secret key.

If a plugin secret key does not have a preceding public key comment, an error will be thrown when attempting to set a secret.
 2025-04-29 15:47:54 +10:00
Jonathan Thiessen
839f8fb347 Avoid a few cases of chmod-after-creation 2025-04-28 17:11:21 -07:00
Michael Hoang
c73652a401 cli: don't depend on the entire clan-core 2025-04-28 13:20:07 +10:00
Michael Hoang
c347badd7f cli: fallback to bundled Nixpkgs 2025-04-28 13:10:00 +10:00
Michael Hoang
6c8ef6e9be cli: don't use select from clanLib 2025-04-28 12:52:00 +10:00
Johannes Kirschbauer
070114ae9f Fix(clan_lib.api): fix cyclic import problem for api schema export 2025-04-26 20:19:23 +02:00
Johannes Kirschbauer
acbe619883 Refactor(clan_lib): move clan_cli.api into clan_lib.api 2025-04-26 19:51:35 +02:00
Luis Hebendanz
7b6483bfad Merge pull request 'clan-cli: Expose private_key to Machine class, in the future we should merge Machine and Host class' (#3407) from Qubasa/clan-core:vpb-patches2 into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3407
 2025-04-25 12:26:00 +00:00
Qubasa
130a5bc593 clan-cli: Improve remote destination depth validation with detailed error messaging 2025-04-25 14:00:40 +02:00
Qubasa
9d45376f95 clan-cli: Expose private_key to Machine class, in the future we should merge Machine and Host class 2025-04-25 13:38:03 +02:00
Mic92
e78bd89426 Merge pull request 'clanCore/vars: allow mode to be set' (#3404) from visualphoenix/clan-core:mode_fix into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3404
 2025-04-25 09:44:25 +00:00
Raymond Barbiero
222915a9ed clanCore/vars: allow mode to be set 
fmt
 2025-04-25 11:29:43 +02:00
Michael Hoang
cc4b009f06 lib: move select.select -> select for backwards compat with old CLIs 2025-04-25 17:30:06 +10:00
Michael Hoang
60ff14d6b7 cli: fix restoring backups 
There was a bug in `select` that made it output attrsets instead of
lists so we fix the broken refactor done in
5ac629f549.
 2025-04-25 16:52:13 +10:00
lassulus
89adacebec templates: fix usage with new select 2025-04-25 16:26:45 +10:00
lassulus
5feccf4e57 Refactor select with new maybe selector 
This is a great refactor of the select functionality in the flake class.
This now uses the same parser as the nix code, but runs it in python for
nice stacktraces.

Also we now have a maybe selector which can be used by prepending the
selector with a ?

Tests have been expanded to make sure the code is more stable and easier
to understand
 2025-04-25 16:26:45 +10:00
Johannes Kirschbauer
7076f1b0e6 Chore(clan/clan_uri): Remove ClanURI class from clan_cli 2025-04-23 16:53:11 +02:00
Jörg Thalheim
c7a3f35fb1 temporary disabling the VM test until we have vars fixed 
We are currently missing injecting public vars back into the vm.
To unblock the CI, we disable the test for a bit.
 2025-04-23 11:26:05 +02:00
hsjobeki
6f2b7aa6d1 Merge pull request 'vars-fix-overeager-chache-invalidation' (#3385) from hsjobeki/clan-core:vars-fix-overeager-chache-invalidation into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3385
 2025-04-22 18:28:27 +00:00
Johannes Kirschbauer
d3927f50ae Tests/fix: forbid dynamic invalidation 
We cannot support dynamic hashInvalidation.
This means the invalidation can change *after* or *before* a 'vars generate'
But not during the generation itself. This causes heavy performance overhead.
Additionally this introduces a fixed-point-iteration (compare: fixed-point-iteration vs. fixed-point-function)
This iteration takes ~ 1min for two bare-bones machine with 1 generator (see: checks/data-mesher)
 2025-04-22 20:19:15 +02:00
Michael Hoang
1168395336 cli/machines: don't allow installing on macOS 2025-04-23 03:13:39 +10:00
Jörg Thalheim
c2030eb3ba drop test_secrets_password_store 
we are phasing out facts and the only fact we had left for testing, got
now dropped. We still have a sops facts test, which we might also drop
soon.
 2025-04-22 18:20:35 +02:00