- generate a flake.lock file for each template by copying the clan-core flake.lock and modifying it
- call nix build with --store for tests inside the sandbox
This forces sops to use our config file, otherwise if any of the
environment variables set to specify recipients is present then
`--config` will be ignored (see [env_check]).
That's simple enough, still I ended up refactoring how we call sops for
correctness, and to align with its behavior. The code now distinguishes
between public and private keys explicitly. `secrets.decrypt_secret`
does not try to lookup for public and private keys anymore.
With this changeset, some people might have to adjust their environment
as public age and PGP keys will be discovered like sops would do. In
particular if multiple public keys are discovered, then the user will
have to specify which one to use for the clan.
This also makes the following changes:
- try to use `/dev/shm` when swapping a secret (it's what [pass] does
fwiw);
- alias immediate values for readability;
- remove some float comparison that could never succeed, and use sops'
exit status instead;
- remove unused function `maybe_get_sops_key`.
[env_check]: 8c567aa8a7/cmd/sops/main.go (L2229)
[pass]: http://passwordstore.org/
Add the `--tags` flag to `clan machines list`
This now supports the machine tagging system from the inventory.
Multiple tags are the intersection of the tags of a specific machine.
Example two machines with overlapping tags:
```
server: ["intel"]
laptop: ["intel", "graphical"]
```
- `clan machines list --tags intel` will output:
```
server
laptop
```
- `clan machines list --tags intel graphical` will output:
```
laptop
```
- `clan machines list --tags graphical` will output:
```
laptop
```
Query `target-host` for `clan machines install` from the nixos
configuration (deployment.json), if possible.
Remove `TARGET_HOST` option and introduce `--target-host` command
line flag.
This brings the installation subcommand in line with the update
subcommand - improving consistency and usability.
Closes: #2309
Add the `--target-host` flag to `clan machines create`.
This allows setting the `deploy.targetHost` for the newly created
machine via the inventory.
Closes: #2339
Change the log message tense from present to continuous for improved clarity.
The message "Add file" has been changed to "Adding file" to provide a clear
indication that the file addition is an ongoing process, not a
command (for the user).
