yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
6,879 Commits 120 Branches 6 Tags
6194c2a62574e87bfd4937cd02e2cf7e13da62b7
Commit Graph

2066 Commits

Author SHA1 Message Date
Qubasa
1f66e90db1 clan-cli: fix bubblewrap not finding bash when IN_NIX_SANDBOX=1 if prev environment doesn't have it in PATH 2025-05-05 22:19:17 +02:00
hsjobeki
89fbf723ca Merge pull request 'API(cli): add method to Flake class to allow calling nix functions' (#3502) from hsjobeki/clan-core:improvements-2 into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3502
 2025-05-05 20:16:28 +00:00
Qubasa
548fdfb877 clan-cli: add test_create in clan_lib test folder 2025-05-05 22:16:02 +02:00
Johannes Kirschbauer
e44d34ef99 feat(clanLib): init evalServiceSchema 2025-05-05 21:55:29 +02:00
Johannes Kirschbauer
acc6797c22 API(cli): add method to Flake class to allow calling nix functions 2025-05-05 21:46:20 +02:00
DavHau
6829c7f2dd vars: improve API of generate_vars_for_machine 
receive list of generator names as an argument instead of generator objects
 2025-05-05 15:55:04 +07:00
Jörg Thalheim
b01691cb64 bind ssh controlmaster to live time of CLI 2025-05-04 16:28:14 +02:00
Jörg Thalheim
8434f0fc35 fix ssh control master check (#3488) 
Co-authored-by: pinpox <git@pablo.tools>
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3488
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-committed-by: Jörg Thalheim <joerg@thalheim.io>
 2025-05-04 12:49:53 +00:00
Jörg Thalheim
6539a6a24f Revert "Merge pull request 'Fix deploying with sudo + password' (#3470) from target-host into main" 
This reverts commit 8a849eb90f, reversing
changes made to 3b5c22ebcf.
 2025-05-04 13:37:39 +02:00
Jörg Thalheim
15f691d5aa tests_secrets_cli: improve assertion message for pgp key 2025-05-04 10:51:49 +02:00
Jörg Thalheim
82949237b7 fix terminal output when terminal is put into interactive mode 2025-05-04 10:51:49 +02:00
Jörg Thalheim
7abb8bb662 update: fix sudo password prompt 2025-05-04 10:51:49 +02:00
Jörg Thalheim
f4d34b1326 fix upload when sudo prompts are needed 2025-05-04 10:51:49 +02:00
Mic92
3b5c22ebcf Merge pull request 'Miscellaneous ssh fixes.' (#3487) from misc-fixes into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3487
 2025-05-04 08:51:31 +00:00
Jörg Thalheim
f6899166c7 cmd: don't shadow time module 2025-05-04 10:39:50 +02:00
Jörg Thalheim
f5277c989a Host: always set needs_user_terminal for ssh commands, only override prefix if given by user 2025-05-04 10:39:39 +02:00
Jörg Thalheim
03731a2a67 run_local: allow stdin to be a file descriptor 2025-05-04 10:39:28 +02:00
Jörg Thalheim
091a56f57d update_hardware_config: use host.run rather than adhoc ssh command 2025-05-04 10:30:46 +02:00
Jörg Thalheim
7351f7994c rename connect_ssh_shell to interactive_ssh 
better name than secure shell shell
 2025-05-04 10:28:43 +02:00
Jörg Thalheim
5770ea036c move password/tor_socks into Host attributes 
we set those parameters usually just once.
 2025-05-04 10:28:43 +02:00
Jörg Thalheim
c430ff6253 configure ControlMaster and ControlPath for SSH connections 
This should speed up deployments by not having to reconnect to the server on each command
 2025-05-04 09:48:37 +02:00
Jörg Thalheim
b79446f97e facts/sops: no longer upload age key 
The vars backend already does this for us.
This avoids duplicated work.
 2025-05-04 09:29:29 +02:00
Mic92
6d75a5596e Merge pull request 'chore(deps): update nixpkgs digest to f21e454' (#3445) from renovate/nixpkgs-digest into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3445
 2025-05-04 07:16:50 +00:00
Mic92
2d97119a3b Merge pull request 'Avoid a few cases of chmod-after-creation' (#3438) from tangential/clan-core:it-s_a_race into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3438
 2025-05-04 07:08:43 +00:00
Jörg Thalheim
d0ff114f6b disable age-plugin-se for now on aarch64-linuxql 
disable
 2025-05-04 09:07:06 +02:00
Mic92
20ab5a67c1 Merge pull request 'clanCore/vars/sops: only copy required secrets to store' (#3457) from vdbe/clan-core:clanCore/vars/sops/only-copy-used into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3457
 2025-05-04 06:41:37 +00:00
vdbe
b08a2bdb75 clanCore/vars/sops: only copy required secrets to store 
Create a store path per in repo secret/var to be copied, this prevents
unused secrets from being leaked.

For example the `root-password` generator contains both the hashed and
unhashed password but only the hash is used.
 2025-05-04 08:08:58 +02:00
Mic92
e8c85e3237 Merge pull request 'Set terminal on nix flake update/archive' (#3468) from fix-shell-on-copy into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3468
 2025-05-04 05:59:58 +00:00
DavHau
9186961ccb GUI/vars: add endpoints for getting prompts and generating vars 2025-05-03 14:44:51 +07:00
DavHau
ca594bbe95 refactor(vars): move migration logic to extra file 2025-05-03 07:33:11 +00:00
DavHau
f8e7292bc4 GUI: generate sops key when creating clan 2025-05-03 13:00:27 +07:00
pinpox
a99c832ed9 Set terminal on nix flake update/archive 
When using resident SSH-keys (-sk), e.g. from a Yubikey that require a
Pin, a terminal is needed to be able to enter it during deployment.
 2025-05-02 15:41:29 +02:00
lassulus
e6ebca8588 clan-cli select: fix returning early on list select 2025-05-02 00:16:21 +09:00
Mic92
db215a48b5 Merge pull request 'correct capitilization for targetHost in error message' (#3461) from target-host into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3461
 2025-05-01 13:21:42 +00:00
Jörg Thalheim
ea1c8b9503 correct capitilization for targetHost in error message 2025-05-01 15:11:05 +02:00
lassulus
47bcec69ab clan_cli flake caching: fix caching of store files 2025-05-01 13:40:12 +09:00
hsjobeki
7b4b700c33 Merge pull request 'Refactor(inventory): move prio 'introspection' into inventoryClass to minimize the 'clanInternals' api' (#3440) from hsjobeki/clan-core:ui-fixups into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3440
 2025-04-30 10:24:34 +00:00
Johannes Kirschbauer
e07551cecf Refactor(inventory): move prio 'introspection' into inventoryClass to minimize the 'clanInternals' api 2025-04-30 11:02:58 +02:00
DavHau
8a4fe1405a gui: make update machine work 
Also fix error when age plugins not defined
 2025-04-30 15:28:49 +07:00
DavHau
f7e0345ab3 app: open welcome page if clan doesn't exist 
Previously if a user started the app and the last opened clan directory does not exist anymore, it would still show the clan screen but without any machines.

This changes catches this case and throws the user back to the clan selection page
 2025-04-30 14:48:05 +07:00
DavHau
93090b74e5 ci performance: add check to ensure nothing depends on the whole repo 
Since this project is an ever growing monorepo, having derivations depending on the whole repo leads to bad CI performance, as the cache is busted on every commit.

-> We never want any derivations depend on the whole repo

...except: the test that tests that nothing depends on the whole repo, which is added by this commit.

For now only add this check to packages to allow contributors to build it locally.
We might want to add it to the CI later once all occurrences are fixed.
 2025-04-30 13:17:33 +07:00
Brian McGee
a438fe77a7 feat: configure age plugins for SOPS in buildClan 2025-04-29 16:02:32 +10:00
Brian McGee
d3e1c0b4e4 fix: multiple user keys in secrets 
We were not loading all the user keys, only the first one.
 2025-04-29 15:47:54 +10:00
Brian McGee
1694a977f1 feat: support age plugins 
Extends how we parse the contents of `SOPS_AGE_KEY` / `SOPS_AGE_KEY_FILE` / `keys.txt`, allowing a user to prepend a comment before any `AGE-PLUGIN-` secret key entry to indicate its corresponding public key.

For example:

```
AGE-PLUGIN-FIDO2-HMAC-xxxxxxxxxxxxx
```

The comment can use any prefix (e.g. `# public key: age1xxxx`, `# recipient: age1xxx`) as we are looking directly for `age1xxxx` within the line.

This change is necessary to support `age` plugins as there is no unified mechanism to recover the public key from a plugin's secret key.

If a plugin secret key does not have a preceding public key comment, an error will be thrown when attempting to set a secret.
 2025-04-29 15:47:54 +10:00
Jonathan Thiessen
839f8fb347 Avoid a few cases of chmod-after-creation 2025-04-28 17:11:21 -07:00
Michael Hoang
c73652a401 cli: don't depend on the entire clan-core 2025-04-28 13:20:07 +10:00
Michael Hoang
c347badd7f cli: fallback to bundled Nixpkgs 2025-04-28 13:10:00 +10:00
Michael Hoang
6c8ef6e9be cli: don't use select from clanLib 2025-04-28 12:52:00 +10:00
Johannes Kirschbauer
b87d5a238c chore: remove unused moduleSchemas and related API endpoint for legacy modules 
We didn't reach the state where we would display these schemas in the
UI.
We might need to wire this up in a similar way for the newer
clan.services
 2025-04-27 13:14:09 +02:00
Johannes Kirschbauer
070114ae9f Fix(clan_lib.api): fix cyclic import problem for api schema export 2025-04-26 20:19:23 +02:00