yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
4,324 Commits 120 Branches 6 Tags
5967bb347c0ea595a209608ac6436c3aecfa4607
Commit Graph

186 Commits

Author SHA1 Message Date
Jörg Thalheim
1666513e91 Revert "Merge pull request 'Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main"' (#2202) from revert into main" 
This reverts commit a5496e8db0, reversing
changes made to 9bb1aef245.
 2024-10-04 16:36:35 +00:00
Jörg Thalheim
084ebf9edc Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main" 
This reverts commit 5668fd05a0, reversing
changes made to dd17fbdc6d.

Reverting for now as Dave's recent change conflicts with this change.
 2024-10-04 17:54:29 +02:00
Louis Opter
ab46e3c1e2 Improvements for clan secrets key generate. 
I am not sure to understand what `extract_public_key` was for. It seems
like `age-keygen -y` will just work fine for a file like
`extract_public_key` is looking for. Unless someone intentionally made a
file with a comment like that without the private key in it.

Messages are moved to stdout rather being logged. It feels like the
output is meaningful in the first step users are going to take. Also
makes testing easier, as log messages are captured differently than
stdout. The call to add an user is changed to be easier to copy paste
and work whether PGP or age is in use.

A description for the command is added instead of help which does not
seem to be displayed.
 2024-10-04 15:36:30 +00:00
Louis Opter
611d8b40f3 Make clan_cli.secrets.sops.SopsKey immutable and remove its __eq__ method 
Immutability seems sensible for this type.

There is some ambiguity on how to compare keys, in particular when `user.name == ""`, but the rest matches.
 2024-10-04 15:36:30 +00:00
Louis Opter
69b9f1ae23 fix: clan secrets user get dump the user identity correctly 2024-10-04 15:36:30 +00:00
Louis Opter
cf492b15aa Fix key dump in clan secrets key show 
```
In [4]: str(Type.AGE)
Out[4]: Type.AGE

In [5]: Type.AGE.name.lower()
Out[5]: age
```
 2024-10-04 15:36:30 +00:00
Jörg Thalheim
5d87bc2435 secrets/show: pretty print json 2024-10-04 15:36:30 +00:00
Jörg Thalheim
105e6bd86a secrets: replace Key, key type tuple with SopsKey class 2024-10-04 15:36:30 +00:00
Jörg Thalheim
160fe82576 fix serialisation of SopsKey type 2024-10-04 15:36:30 +00:00
Jörg Thalheim
ca4ff0611c default key type to age and rename to age-key/pgp-key 2024-10-04 15:36:30 +00:00
Jörg Thalheim
4cd4334b1c secrets: do not shadow python builtins 2024-10-04 15:36:30 +00:00
Louis Opter
b2e796145a Fix: use new sops api in clan secrets machines 2024-10-04 15:36:30 +00:00
Louis Opter
7a673ea95f Draft: clan-cli: secrets: Add support for PGP keys with sops-nix 
To use a PGP key instead of an age key you can set `SOPS_PGP_FP`. (You
can use `gpg -k --fingerprint --fingerprint` to get your PGP encryption
key fingerprint, remove spaces from it).

The internal manifest file already supported a type field, and so I built
from there.

With those changes, I was able to add my PGP key, and update all my
secrets with it, instead of the age key originally generated:

```
% clan secrets key show | jq
{
  "key": "ADB6276965590A096004F6D1E114CBAE8FA29165",
  "type": "pgp"
}
% clan secrets key update
% for s in $(clan secrets list) ; do clan secrets users add-secret kal-pgp-from-2022-12-to-2024-12 "$s"; done
% for s in $(clan secrets list) ; do clan secrets users remove-secret --debug kal "$s" ; done
```
 2024-10-04 15:36:30 +00:00
DavHau
4a0207f0b3 sops: refactor some function names for clarity 2024-10-02 13:56:43 +02:00
DavHau
bd79e6aef6 vars: generate proper commit messages 
fixes #2126
 2024-09-17 20:22:18 +02:00
DavHau
81cb28b6c0 vars/sops/shared: add machines key on demand 2024-09-12 20:17:05 +02:00
Johannes Kirschbauer
ebd7aa8422 API: add sops keyfile checks 2024-09-04 15:29:06 +02:00
Jörg Thalheim
29909e49d3 apply TRY lint 2024-09-03 18:13:46 +02:00
Johannes Kirschbauer
facc0bd226 UI: Init iwd service for single wifi 2024-09-03 17:24:31 +02:00
DavHau
924f5e41c6 vars: global metadata paths for all store backends 
This also changes the paths where sops stores teh secret -> all sops secrets will have to be re-generated
 2024-09-03 16:30:01 +02:00
Jörg Thalheim
1fa0e72bea use pathlib everywhere 2024-09-02 18:26:13 +02:00
Jörg Thalheim
483d8ce521 add SIM lint 2024-09-02 16:39:30 +02:00
Jörg Thalheim
cb16cda3fa add RET, Q, RSE lint 2024-09-02 15:58:49 +02:00
Jörg Thalheim
e150b37fb8 enable ASYNC, DTZ, YTT and EM lints 2024-09-02 14:07:06 +02:00
Jörg Thalheim
22d6e5e153 enable comprehensions linting rules 2024-09-02 13:35:52 +02:00
Jörg Thalheim
109d1faf9e enable bug-bear linting rules 2024-09-02 13:26:07 +02:00
Jörg Thalheim
b313f2d066 make all same-module imports relative, the rest absolute 
This makes sorting more consitent.
 2024-09-02 13:00:19 +02:00
DavHau
62ccd0ed4b vars: introduce deploy=true/false for generated files 2024-09-01 14:32:46 +02:00
Johannes Kirschbauer
ede5cbcf13 Fix: regression list_machines. Split into multiple functions 
list_inventory_machines, list_nixos_machine, list_sops_machines
The caller of the function should specify which machines they wants to see
 2024-08-03 12:43:35 +02:00
a-kenji
452c00f5f1 clan/secrets: improve naming of secret key 
Change the secret key help wording to: `secret-name`,
to convey that it is the key and not the value.

Fixes: #1696
 2024-07-30 12:54:22 +02:00
DavHau
1b3dc65b89 vars/sops: store secrets in /sops/vars 2024-07-24 18:42:50 +07:00
DavHau
d7d3c404fa sops/refactor: lay groundwork for secrets with arbitrary paths 2024-07-24 18:12:19 +07:00
DavHau
4300838986 secrets: refactor parameter naming 2024-07-24 17:50:03 +07:00
DavHau
cee0e74476 clan-cli/secrets: refactor: rename secret -> secret_path 2024-07-23 18:18:32 +07:00
Jörg Thalheim
64956a7a0a Revert "clan-cli: deprecate nix_shell() in favor of run_cmd()" 
This reverts commit a598b878a5.
 2024-07-17 14:04:49 +02:00
DavHau
a598b878a5 clan-cli: deprecate nix_shell() in favor of run_cmd() 2024-07-16 14:03:17 +07:00
Jörg Thalheim
6037ad1ce0 move FlakeId to flake id 
move FlakeId to flake id
 2024-07-03 18:28:55 +02:00
Jörg Thalheim
2f1dac6962 make machine class now a dataclass 2024-07-03 12:34:43 +02:00
Qubasa
7b0e1b437b clan-cli: Add validity check for age key generation 2024-06-21 15:07:53 +02:00
a-kenji
996dc47da5 clan: add dynamic-completions to clan secrets set 2024-06-04 15:21:00 +02:00
a-kenji
755d7c6470 clan: add dynamic completions to clan secrets machines 2024-06-04 15:02:35 +02:00
a-kenji
6ab585da1f clan: add dynamic completions for clan secrets import-sops 2024-06-04 13:40:24 +02:00
a-kenji
e2bf74ff27 clan: add dynamic completions for clan secrets users 2024-06-04 13:30:38 +02:00
a-kenji
10ab6f0155 clan: add dynamic completion for clan secret groups 2024-06-04 13:30:38 +02:00
a-kenji
0661051baa clan: clan secrets groups add machine completions 2024-06-04 13:30:11 +02:00
a-kenji
b9046cbae0 clan: fix help message 2024-06-04 10:28:34 +00:00
a-kenji
9b6a9f0515 clan: add more machine completion functions to secrets 2024-06-04 11:07:24 +02:00
a-kenji
cc401675fe clan: add dyncamic completions for secrets 2024-06-03 21:47:14 +02:00
a-kenji
bda4e4302f clan: add dynamic machine completions to clan secrets subcommands 2024-06-03 17:32:33 +02:00
lassulus
05ed378199 Revert "clan-cli: cmd.py uses pseudo terminal now. Remove tty.py. Refactor password_store.py to use cmd.py." 
This reverts commit 58f5bc0be0.
 2024-06-03 12:25:20 +02:00