yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
6,544 Commits 120 Branches 6 Tags
78f96ec53338d15d37b5b81e0106f41358dd454f
Commit Graph

1974 Commits

Author SHA1 Message Date
Brian McGee
a438fe77a7 feat: configure age plugins for SOPS in buildClan 2025-04-29 16:02:32 +10:00
Brian McGee
d3e1c0b4e4 fix: multiple user keys in secrets 
We were not loading all the user keys, only the first one.
 2025-04-29 15:47:54 +10:00
Brian McGee
1694a977f1 feat: support age plugins 
Extends how we parse the contents of `SOPS_AGE_KEY` / `SOPS_AGE_KEY_FILE` / `keys.txt`, allowing a user to prepend a comment before any `AGE-PLUGIN-` secret key entry to indicate its corresponding public key.

For example:

```
AGE-PLUGIN-FIDO2-HMAC-xxxxxxxxxxxxx
```

The comment can use any prefix (e.g. `# public key: age1xxxx`, `# recipient: age1xxx`) as we are looking directly for `age1xxxx` within the line.

This change is necessary to support `age` plugins as there is no unified mechanism to recover the public key from a plugin's secret key.

If a plugin secret key does not have a preceding public key comment, an error will be thrown when attempting to set a secret.
 2025-04-29 15:47:54 +10:00
Michael Hoang
c73652a401 cli: don't depend on the entire clan-core 2025-04-28 13:20:07 +10:00
Michael Hoang
c347badd7f cli: fallback to bundled Nixpkgs 2025-04-28 13:10:00 +10:00
Michael Hoang
6c8ef6e9be cli: don't use select from clanLib 2025-04-28 12:52:00 +10:00
Johannes Kirschbauer
b87d5a238c chore: remove unused moduleSchemas and related API endpoint for legacy modules 
We didn't reach the state where we would display these schemas in the
UI.
We might need to wire this up in a similar way for the newer
clan.services
 2025-04-27 13:14:09 +02:00
Johannes Kirschbauer
070114ae9f Fix(clan_lib.api): fix cyclic import problem for api schema export 2025-04-26 20:19:23 +02:00
Johannes Kirschbauer
acbe619883 Refactor(clan_lib): move clan_cli.api into clan_lib.api 2025-04-26 19:51:35 +02:00
Johannes Kirschbauer
3b889649ec Refactor(clan_cli): init clan_lib folder 2025-04-26 19:50:11 +02:00
Mic92
e335556767 Merge pull request 'nixpkgs source: delete existing symlink' (#3411) from nixpkgs-build into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3411
 2025-04-25 14:41:23 +00:00
Jörg Thalheim
97564052ab nixpkgs source: delete existing symlink 2025-04-25 16:31:35 +02:00
Luis Hebendanz
7b6483bfad Merge pull request 'clan-cli: Expose private_key to Machine class, in the future we should merge Machine and Host class' (#3407) from Qubasa/clan-core:vpb-patches2 into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3407
 2025-04-25 12:26:00 +00:00
Qubasa
130a5bc593 clan-cli: Improve remote destination depth validation with detailed error messaging 2025-04-25 14:00:40 +02:00
Qubasa
9d45376f95 clan-cli: Expose private_key to Machine class, in the future we should merge Machine and Host class 2025-04-25 13:38:03 +02:00
Mic92
e78bd89426 Merge pull request 'clanCore/vars: allow mode to be set' (#3404) from visualphoenix/clan-core:mode_fix into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3404
 2025-04-25 09:44:25 +00:00
Raymond Barbiero
222915a9ed clanCore/vars: allow mode to be set 
fmt
 2025-04-25 11:29:43 +02:00
Michael Hoang
cc4b009f06 lib: move select.select -> select for backwards compat with old CLIs 2025-04-25 17:30:06 +10:00
Michael Hoang
60ff14d6b7 cli: fix restoring backups 
There was a bug in `select` that made it output attrsets instead of
lists so we fix the broken refactor done in
5ac629f549.
 2025-04-25 16:52:13 +10:00
lassulus
34ac45bd13 clan-cli flake-module: get select from new lib location 2025-04-25 16:26:45 +10:00
lassulus
89adacebec templates: fix usage with new select 2025-04-25 16:26:45 +10:00
lassulus
5feccf4e57 Refactor select with new maybe selector 
This is a great refactor of the select functionality in the flake class.
This now uses the same parser as the nix code, but runs it in python for
nice stacktraces.

Also we now have a maybe selector which can be used by prepending the
selector with a ?

Tests have been expanded to make sure the code is more stable and easier
to understand
 2025-04-25 16:26:45 +10:00
Johannes Kirschbauer
7076f1b0e6 Chore(clan/clan_uri): Remove ClanURI class from clan_cli 2025-04-23 16:53:11 +02:00
Jörg Thalheim
c7a3f35fb1 temporary disabling the VM test until we have vars fixed 
We are currently missing injecting public vars back into the vm.
To unblock the CI, we disable the test for a bit.
 2025-04-23 11:26:05 +02:00
hsjobeki
6f2b7aa6d1 Merge pull request 'vars-fix-overeager-chache-invalidation' (#3385) from hsjobeki/clan-core:vars-fix-overeager-chache-invalidation into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3385
 2025-04-22 18:28:27 +00:00
Johannes Kirschbauer
d3927f50ae Tests/fix: forbid dynamic invalidation 
We cannot support dynamic hashInvalidation.
This means the invalidation can change *after* or *before* a 'vars generate'
But not during the generation itself. This causes heavy performance overhead.
Additionally this introduces a fixed-point-iteration (compare: fixed-point-iteration vs. fixed-point-function)
This iteration takes ~ 1min for two bare-bones machine with 1 generator (see: checks/data-mesher)
 2025-04-22 20:19:15 +02:00
Michael Hoang
1168395336 cli/machines: don't allow installing on macOS 2025-04-23 03:13:39 +10:00
Jörg Thalheim
043077269a drop overrides of nix version 2025-04-22 18:20:35 +02:00
Jörg Thalheim
c2030eb3ba drop test_secrets_password_store 
we are phasing out facts and the only fact we had left for testing, got
now dropped. We still have a sops facts test, which we might also drop
soon.
 2025-04-22 18:20:35 +02:00
Jörg Thalheim
ffaa30d894 vms/run: upload vars 2025-04-22 18:20:35 +02:00
Jörg Thalheim
847e3ac4ab drop unused machine_get_fact 2025-04-22 18:20:35 +02:00
Jörg Thalheim
7392570859 use machine.{secrets,public}_{vars,fact}_store everywhere 2025-04-22 18:20:35 +02:00
Jörg Thalheim
fe6fd41a4d zerotier: migrate from facts to vars 2025-04-22 18:20:35 +02:00
Johannes Kirschbauer
b47f2b6870 vars: move overeager cache invalidation after one generator closure is regenrated. 
Invalidation doesn't need to be done after each generator is executed.
We cannot interpolate values from other generators into another
generator. The generators are executed in order. The finalScript of each
generator stays constant.
After the complete closure is generated the caller of generate may
decide to invalidate the flake cache
 2025-04-22 16:42:21 +02:00
Michael Hoang
de12036630 cli: support updating nix-darwin machines 2025-04-22 23:39:47 +10:00
Michael Hoang
91a2739ea3 cli: fix unnecessary sudo when unspecified user defaults to root 2025-04-22 23:39:46 +10:00
Michael Hoang
b5901d5577 cli: only use sudo when deploying locally 2025-04-22 23:14:03 +10:00
Michael Hoang
a0117c51c1 cli: use sudo consistently when running nixos-rebuild switch 2025-04-22 23:14:03 +10:00
Michael Hoang
2bbf4b168a Back out "cli: don't update macOS machines" 
This backs out commit 72ed0e258a.
 2025-04-22 23:14:03 +10:00
Jörg Thalheim
b4880d09a9 Machines: remove unused method argument from self.nix() 2025-04-21 15:18:14 +02:00
Jörg Thalheim
df08fea1c1 devshell/clan-cli: fix CLAN_PROVIDED_PACKAGES having too many packages 2025-04-21 15:18:14 +02:00
Jörg Thalheim
80e739bd1b Reapply "remove nix_shell_legacy" 
This reverts commit 1232fb5af2.
 2025-04-21 13:23:50 +02:00
Johannes Kirschbauer
872d54b594 chore(select/cache): rename 'prefetch' to 'invalidate_cache' 2025-04-20 13:34:52 +02:00
Michael Hoang
23ae0e6712 vars: make wording nicer when multiple vars are found 2025-04-18 19:18:42 +02:00
Johannes Kirschbauer
1232fb5af2 Revert "remove nix_shell_legacy" 
This reverts commit 8cde32c76f.
 2025-04-18 14:49:54 +02:00
Johannes Kirschbauer
ebb1be084f test(cli/select): add simple caching test 2025-04-18 14:06:59 +02:00
Jörg Thalheim
8cde32c76f remove nix_shell_legacy 2025-04-16 21:03:58 +02:00
Jörg Thalheim
10cd98e158 rename CLAN_STATIC_PROGRAMS -> CLAN_PROVIDED_PACKAGES 2025-04-16 18:27:01 +00:00
Jörg Thalheim
2240a3a533 rename nix_shell_legacy to nix_shell and run_cmd to nix_shell 
Than it's more obvious that we need to migrate.
 2025-04-16 18:27:01 +00:00
Jörg Thalheim
56a0b0a994 run_cmd: print what commands are allowed in if the current command is not in the allow list 2025-04-16 19:50:27 +02:00