yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
5,012 Commits 120 Branches 6 Tags
4b22869dec388700c212268c188a518160eb8047
Commit Graph

106 Commits

Author SHA1 Message Date
DavHau
a11820b1d6 vars: Improve logging for migration 2024-12-04 12:42:03 +07:00
Qubasa
570bceff4e clan-cli: Fix ignored debug flag in clan vms run, refactor Host.run to use RunOpts 2024-12-03 16:01:51 +01:00
lassulus
c9f0e88164 cli vars: remove get_all from baseclass 2024-12-02 11:30:09 +01:00
DavHau
8d007867b3 vars/migration: remove useless check 2024-11-29 17:23:31 +07:00
DavHau
5c5a87d416 vars: rename: invalidation -> validation 2024-11-29 17:23:31 +07:00
DavHau
fbbfcc0aa5 vars: generate docs for cli and module 2024-11-29 17:23:31 +07:00
lassulus
936a9f555b vars: make upload actually upload 2024-11-28 21:00:12 +01:00
lassulus
b746f393a6 cli vars upload: fix sops 2024-11-28 17:52:04 +01:00
clan-bot
894e31f983 Merge pull request 'remove secretsUploadDirectory from common module' (#2509) from lassulus/clan-core:no-secrets-upload-dir into main 2024-11-28 15:46:51 +00:00
lassulus
8337a3ec41 vars: remove secretsUploadDirectory from common module 2024-11-28 16:38:06 +01:00
Qubasa
1f98df96e3 clan-cli: cmd.run now has its options extracted to a dataclass 2024-11-28 15:26:37 +01:00
Louis Opter
07cd22393a clan-cli: rebase sops changes on top of vars changes 
vars changes in question are from commit: 8b94bc71bc

With this changeset the age specific sops logic that was added is now
generic.

To keep things simple, this changeset modifies `SopsKey` so that
`username` is ignored when comparing different keys. I don't really see
us relying on `username` and this makes `SopsKey` hashable, and usable
in a `set`, which is nice when you check that you have a particular key.
 2024-11-27 06:27:53 +00:00
Jörg Thalheim
c9e80f38ca vars: make interface more type-safe 2024-11-26 17:08:26 +01:00
Jörg Thalheim
39db147e48 test_vars: mock ask function instead of sys.stdin 2024-11-26 11:56:38 +00:00
DavHau
1881d7f0a5 vars: fix migration - secrets end up in public store 2024-11-26 17:02:11 +07:00
Qubasa
b9154fddd2 clan-cli: Refactor ssh classes to dataclasses 2024-11-25 19:47:17 +01:00
Qubasa
4e6051acdc docs: Fix nix flake check problem with diskId 2024-11-25 18:39:16 +01:00
lassulus
22c5e8ca8b cli password-store: upload generators folder only if it has secrets 2024-11-22 22:34:09 +01:00
lassulus
52b2b1c350 password-store: include filenames in manifest for upload check 2024-11-22 22:34:09 +01:00
lassulus
2c839ae768 cli password-store: skip uploading non secret files 2024-11-22 22:34:09 +01:00
Qubasa
979e5e839d clan-cli: Refactor ssh part 2, Refactor custom_logger 2024-11-22 22:08:50 +01:00
Jörg Thalheim
952a5f3ee7 vars: add VarStatus dataclass to make return type more readable 2024-11-20 10:20:06 +00:00
DavHau
d4c8b2e4ed vars: implement invalidation mechanism 
This adds options `invalidationData` to generators.

`invalidationData` can be used by an author of a generator to signal if a re-generation is required after updating the logic.

Whenever a generator with invalidation data is executed, a hash of that data is stored by the respective public and/or secret backends.

The stored hashes will be checked on future deployments, and a re-generation is triggered whenever a hash doesn't match what's defined in nix.
 2024-11-20 16:27:22 +07:00
Jörg Thalheim
68a5d072b2 vars: don't print stack trace if generator fails 2024-11-19 09:46:14 +00:00
Jörg Thalheim
2b270a8951 vars: introduce ensure_machine_has_access method for sops 
this should help avoiding overriding existing shared secrets by not
triggering vars regeneration if a machine has no access.

wip
 2024-11-19 09:46:14 +00:00
lassulus
8f0c575425 password-store owner & group support 2024-11-16 01:18:59 +01:00
Qubasa
26730cd662 clan-cli: upload.py -> Replace rsync with native ssh command 2024-11-15 22:03:47 +07:00
Jörg Thalheim
4de97616bc vars: introduce ensure_machine_has_access method for sops 
this should help avoiding overriding existing shared secrets by not
triggering vars regeneration if a machine has no access.

wip
 2024-11-14 15:37:55 +00:00
Jörg Thalheim
673717fe8c vars/get: use machine_name as variable name 2024-11-14 15:37:55 +00:00
Jörg Thalheim
91d2018bb7 vars/sops: simplify conditional in exists 2024-11-14 15:37:55 +00:00
lassulus
faf0946c99 cli vars password-store: fix file locations 2024-11-14 12:07:52 +01:00
lassulus
ddc7afd67d clan_cli vars: actually upload 2024-11-13 13:23:42 +01:00
DavHau
8b94bc71bc vars: allow re-encrypting secrets when recipient keys were added. 
When the users of a secret change, when for example a new admin user is added, an error will be thrown when generating vars, prompting the user to pass --fix to re-encrypt the secrets
 2024-11-13 18:49:30 +07:00
DavHau
4ec218a200 vars,facts: update_check -> needs_upload 2024-11-13 13:34:15 +07:00
Jörg Thalheim
b67919b94d vars: fix case if we have two vars with where one is the prefix of another one 2024-11-12 16:11:39 +00:00
Jörg Thalheim
eb1daad08d vars: update message if vars are up-to-date 2024-11-08 15:43:10 +01:00
DavHau
33d049915c vars: fix shared dependency was not resolved correctly 2024-10-23 20:43:33 +07:00
DavHau
08fb34aa01 cli: set needs_user_terminal for all ssh commands 2024-10-23 19:40:50 +07:00
Jörg Thalheim
4af1954abf ruff: enable warning lints 2024-10-23 09:06:02 +00:00
DavHau
b379bffeea vars: show full var_id when prompting 2024-10-16 13:13:41 +07:00
Jörg Thalheim
420958f19d {vars,facts}/upload: fix ipv6 support 2024-10-10 17:03:32 +02:00
DavHau
29f70640ef vars,facts: add sops.defaultGroups to new machines 
Prior to this, when initializing new machines, only the current user had access to it's key which prevents other admin users to deploy this machine later
 2024-10-10 19:31:03 +07:00
Jörg Thalheim
db11e7cb92 {vars,facts}/generate: ensure that args.flake is passed 2024-10-08 17:51:55 +00:00
Jörg Thalheim
0a568be528 pass in flakeid to vm_state_dir 2024-10-08 17:51:55 +00:00
Jörg Thalheim
558fa436e8 vars/keygen: adept to new sops api 2024-10-04 16:36:35 +00:00
Jörg Thalheim
1666513e91 Revert "Merge pull request 'Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main"' (#2202) from revert into main" 
This reverts commit a5496e8db0, reversing
changes made to 9bb1aef245.
 2024-10-04 16:36:35 +00:00
DavHau
8f16cf0282 Revert "vars: refactor - copy logic to sops secret module" 
This reverts commit ae53ea7399.
 2024-10-04 18:20:53 +02:00
Jörg Thalheim
084ebf9edc Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main" 
This reverts commit 5668fd05a0, reversing
changes made to dd17fbdc6d.

Reverting for now as Dave's recent change conflicts with this change.
 2024-10-04 17:54:29 +02:00
Louis Opter
d18c0fa3ae Fix: do not assume users use age keys in vars/sops 
With added support for PGP for users keys, do not assume an age key is
going to be present in secrets files.
 2024-10-04 15:36:30 +00:00
DavHau
11c37ebeba vars/keygen: fix + cleanup tests 
- generate keys in ./sops instead of ./sops/vars for now
- don't initialize all flakes with sops keys, only generate when needed
- use the new 'clan vars keygen' in tests
 2024-10-04 17:25:17 +02:00