yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
4,310 Commits 120 Branches 6 Tags
69b9f1ae235f51ac3ed3b479a159bf6373ec9b9a
Commit Graph

182 Commits

Author SHA1 Message Date
Louis Opter
69b9f1ae23 fix: clan secrets user get dump the user identity correctly 2024-10-04 15:36:30 +00:00
Louis Opter
cf492b15aa Fix key dump in clan secrets key show 
```
In [4]: str(Type.AGE)
Out[4]: Type.AGE

In [5]: Type.AGE.name.lower()
Out[5]: age
```
 2024-10-04 15:36:30 +00:00
Jörg Thalheim
5d87bc2435 secrets/show: pretty print json 2024-10-04 15:36:30 +00:00
Jörg Thalheim
105e6bd86a secrets: replace Key, key type tuple with SopsKey class 2024-10-04 15:36:30 +00:00
Jörg Thalheim
160fe82576 fix serialisation of SopsKey type 2024-10-04 15:36:30 +00:00
Jörg Thalheim
ca4ff0611c default key type to age and rename to age-key/pgp-key 2024-10-04 15:36:30 +00:00
Jörg Thalheim
4cd4334b1c secrets: do not shadow python builtins 2024-10-04 15:36:30 +00:00
Louis Opter
b2e796145a Fix: use new sops api in clan secrets machines 2024-10-04 15:36:30 +00:00
Louis Opter
7a673ea95f Draft: clan-cli: secrets: Add support for PGP keys with sops-nix 
To use a PGP key instead of an age key you can set `SOPS_PGP_FP`. (You
can use `gpg -k --fingerprint --fingerprint` to get your PGP encryption
key fingerprint, remove spaces from it).

The internal manifest file already supported a type field, and so I built
from there.

With those changes, I was able to add my PGP key, and update all my
secrets with it, instead of the age key originally generated:

```
% clan secrets key show | jq
{
  "key": "ADB6276965590A096004F6D1E114CBAE8FA29165",
  "type": "pgp"
}
% clan secrets key update
% for s in $(clan secrets list) ; do clan secrets users add-secret kal-pgp-from-2022-12-to-2024-12 "$s"; done
% for s in $(clan secrets list) ; do clan secrets users remove-secret --debug kal "$s" ; done
```
 2024-10-04 15:36:30 +00:00
DavHau
4a0207f0b3 sops: refactor some function names for clarity 2024-10-02 13:56:43 +02:00
DavHau
bd79e6aef6 vars: generate proper commit messages 
fixes #2126
 2024-09-17 20:22:18 +02:00
DavHau
81cb28b6c0 vars/sops/shared: add machines key on demand 2024-09-12 20:17:05 +02:00
Johannes Kirschbauer
ebd7aa8422 API: add sops keyfile checks 2024-09-04 15:29:06 +02:00
Jörg Thalheim
29909e49d3 apply TRY lint 2024-09-03 18:13:46 +02:00
Johannes Kirschbauer
facc0bd226 UI: Init iwd service for single wifi 2024-09-03 17:24:31 +02:00
DavHau
924f5e41c6 vars: global metadata paths for all store backends 
This also changes the paths where sops stores teh secret -> all sops secrets will have to be re-generated
 2024-09-03 16:30:01 +02:00
Jörg Thalheim
1fa0e72bea use pathlib everywhere 2024-09-02 18:26:13 +02:00
Jörg Thalheim
483d8ce521 add SIM lint 2024-09-02 16:39:30 +02:00
Jörg Thalheim
cb16cda3fa add RET, Q, RSE lint 2024-09-02 15:58:49 +02:00
Jörg Thalheim
e150b37fb8 enable ASYNC, DTZ, YTT and EM lints 2024-09-02 14:07:06 +02:00
Jörg Thalheim
22d6e5e153 enable comprehensions linting rules 2024-09-02 13:35:52 +02:00
Jörg Thalheim
109d1faf9e enable bug-bear linting rules 2024-09-02 13:26:07 +02:00
Jörg Thalheim
b313f2d066 make all same-module imports relative, the rest absolute 
This makes sorting more consitent.
 2024-09-02 13:00:19 +02:00
DavHau
62ccd0ed4b vars: introduce deploy=true/false for generated files 2024-09-01 14:32:46 +02:00
Johannes Kirschbauer
ede5cbcf13 Fix: regression list_machines. Split into multiple functions 
list_inventory_machines, list_nixos_machine, list_sops_machines
The caller of the function should specify which machines they wants to see
 2024-08-03 12:43:35 +02:00
a-kenji
452c00f5f1 clan/secrets: improve naming of secret key 
Change the secret key help wording to: `secret-name`,
to convey that it is the key and not the value.

Fixes: #1696
 2024-07-30 12:54:22 +02:00
DavHau
1b3dc65b89 vars/sops: store secrets in /sops/vars 2024-07-24 18:42:50 +07:00
DavHau
d7d3c404fa sops/refactor: lay groundwork for secrets with arbitrary paths 2024-07-24 18:12:19 +07:00
DavHau
4300838986 secrets: refactor parameter naming 2024-07-24 17:50:03 +07:00
DavHau
cee0e74476 clan-cli/secrets: refactor: rename secret -> secret_path 2024-07-23 18:18:32 +07:00
Jörg Thalheim
64956a7a0a Revert "clan-cli: deprecate nix_shell() in favor of run_cmd()" 
This reverts commit a598b878a5.
 2024-07-17 14:04:49 +02:00
DavHau
a598b878a5 clan-cli: deprecate nix_shell() in favor of run_cmd() 2024-07-16 14:03:17 +07:00
Jörg Thalheim
6037ad1ce0 move FlakeId to flake id 
move FlakeId to flake id
 2024-07-03 18:28:55 +02:00
Jörg Thalheim
2f1dac6962 make machine class now a dataclass 2024-07-03 12:34:43 +02:00
Qubasa
7b0e1b437b clan-cli: Add validity check for age key generation 2024-06-21 15:07:53 +02:00
a-kenji
996dc47da5 clan: add dynamic-completions to clan secrets set 2024-06-04 15:21:00 +02:00
a-kenji
755d7c6470 clan: add dynamic completions to clan secrets machines 2024-06-04 15:02:35 +02:00
a-kenji
6ab585da1f clan: add dynamic completions for clan secrets import-sops 2024-06-04 13:40:24 +02:00
a-kenji
e2bf74ff27 clan: add dynamic completions for clan secrets users 2024-06-04 13:30:38 +02:00
a-kenji
10ab6f0155 clan: add dynamic completion for clan secret groups 2024-06-04 13:30:38 +02:00
a-kenji
0661051baa clan: clan secrets groups add machine completions 2024-06-04 13:30:11 +02:00
a-kenji
b9046cbae0 clan: fix help message 2024-06-04 10:28:34 +00:00
a-kenji
9b6a9f0515 clan: add more machine completion functions to secrets 2024-06-04 11:07:24 +02:00
a-kenji
cc401675fe clan: add dyncamic completions for secrets 2024-06-03 21:47:14 +02:00
a-kenji
bda4e4302f clan: add dynamic machine completions to clan secrets subcommands 2024-06-03 17:32:33 +02:00
lassulus
05ed378199 Revert "clan-cli: cmd.py uses pseudo terminal now. Remove tty.py. Refactor password_store.py to use cmd.py." 
This reverts commit 58f5bc0be0.
 2024-06-03 12:25:20 +02:00
Qubasa
58f5bc0be0 clan-cli: cmd.py uses pseudo terminal now. Remove tty.py. Refactor password_store.py to use cmd.py. 2024-06-02 16:52:31 +02:00
Jörg Thalheim
84f75de34c split list machines into show machine command 2024-05-31 16:56:09 +02:00
Qubasa
a60978240c Fix template. Improve docu. Add disko as default imported module. 2024-05-10 15:39:46 +02:00
Jörg Thalheim
4b2c0cbd39 sops: fix setting secret from pipe 2024-04-30 14:04:49 +02:00