clan-bot
2b763152fb
Merge pull request 'fix vars migration prompts. add secretsForUsers to vars interface and implement that for pass' ( #2551 ) from lassulus/clan-core:vars-stuff into main
2024-12-04 09:03:24 +00:00
DavHau
439cde691f
vars: print() -> log.info()
2024-12-04 14:08:50 +07:00
DavHau
a11820b1d6
vars: Improve logging for migration
2024-12-04 12:42:03 +07:00
lassulus
996c5bdda1
cli vars generate: log in global context what is global
2024-12-03 22:29:25 +01:00
lassulus
e6eaa3cc03
vars password-store: add neededForUsers option
2024-12-03 22:28:39 +01:00
lassulus
9f5cd917de
vars generate: show prompts only if not migrating
2024-12-03 22:25:16 +01:00
Qubasa
570bceff4e
clan-cli: Fix ignored debug flag in clan vms run, refactor Host.run to use RunOpts
2024-12-03 16:01:51 +01:00
lassulus
c9f0e88164
cli vars: remove get_all from baseclass
2024-12-02 11:30:09 +01:00
DavHau
8d007867b3
vars/migration: remove useless check
2024-11-29 17:23:31 +07:00
DavHau
5c5a87d416
vars: rename: invalidation -> validation
2024-11-29 17:23:31 +07:00
DavHau
fbbfcc0aa5
vars: generate docs for cli and module
2024-11-29 17:23:31 +07:00
lassulus
936a9f555b
vars: make upload actually upload
2024-11-28 21:00:12 +01:00
lassulus
b746f393a6
cli vars upload: fix sops
2024-11-28 17:52:04 +01:00
clan-bot
894e31f983
Merge pull request 'remove secretsUploadDirectory from common module' ( #2509 ) from lassulus/clan-core:no-secrets-upload-dir into main
2024-11-28 15:46:51 +00:00
lassulus
8337a3ec41
vars: remove secretsUploadDirectory from common module
2024-11-28 16:38:06 +01:00
Qubasa
1f98df96e3
clan-cli: cmd.run now has its options extracted to a dataclass
2024-11-28 15:26:37 +01:00
Louis Opter
07cd22393a
clan-cli: rebase sops changes on top of vars changes
...
vars changes in question are from commit: 8b94bc71bc
2024-11-27 06:27:53 +00:00
Jörg Thalheim
c9e80f38ca
vars: make interface more type-safe
2024-11-26 17:08:26 +01:00
Jörg Thalheim
39db147e48
test_vars: mock ask function instead of sys.stdin
2024-11-26 11:56:38 +00:00
DavHau
1881d7f0a5
vars: fix migration - secrets end up in public store
2024-11-26 17:02:11 +07:00
Qubasa
b9154fddd2
clan-cli: Refactor ssh classes to dataclasses
2024-11-25 19:47:17 +01:00
Qubasa
4e6051acdc
docs: Fix nix flake check problem with diskId
2024-11-25 18:39:16 +01:00
lassulus
22c5e8ca8b
cli password-store: upload generators folder only if it has secrets
2024-11-22 22:34:09 +01:00
lassulus
52b2b1c350
password-store: include filenames in manifest for upload check
2024-11-22 22:34:09 +01:00
lassulus
2c839ae768
cli password-store: skip uploading non secret files
2024-11-22 22:34:09 +01:00
Qubasa
979e5e839d
clan-cli: Refactor ssh part 2, Refactor custom_logger
2024-11-22 22:08:50 +01:00
Jörg Thalheim
952a5f3ee7
vars: add VarStatus dataclass to make return type more readable
2024-11-20 10:20:06 +00:00
DavHau
d4c8b2e4ed
vars: implement invalidation mechanism
...
This adds options `invalidationData` to generators.
`invalidationData` can be used by an author of a generator to signal if a re-generation is required after updating the logic.
Whenever a generator with invalidation data is executed, a hash of that data is stored by the respective public and/or secret backends.
The stored hashes will be checked on future deployments, and a re-generation is triggered whenever a hash doesn't match what's defined in nix.
2024-11-20 16:27:22 +07:00
Jörg Thalheim
68a5d072b2
vars: don't print stack trace if generator fails
2024-11-19 09:46:14 +00:00
Jörg Thalheim
2b270a8951
vars: introduce ensure_machine_has_access method for sops
...
this should help avoiding overriding existing shared secrets by not
triggering vars regeneration if a machine has no access.
wip
2024-11-19 09:46:14 +00:00
lassulus
8f0c575425
password-store owner & group support
2024-11-16 01:18:59 +01:00
Qubasa
26730cd662
clan-cli: upload.py -> Replace rsync with native ssh command
2024-11-15 22:03:47 +07:00
Jörg Thalheim
4de97616bc
vars: introduce ensure_machine_has_access method for sops
...
this should help avoiding overriding existing shared secrets by not
triggering vars regeneration if a machine has no access.
wip
2024-11-14 15:37:55 +00:00
Jörg Thalheim
673717fe8c
vars/get: use machine_name as variable name
2024-11-14 15:37:55 +00:00
Jörg Thalheim
91d2018bb7
vars/sops: simplify conditional in exists
2024-11-14 15:37:55 +00:00
lassulus
faf0946c99
cli vars password-store: fix file locations
2024-11-14 12:07:52 +01:00
lassulus
ddc7afd67d
clan_cli vars: actually upload
2024-11-13 13:23:42 +01:00
DavHau
8b94bc71bc
vars: allow re-encrypting secrets when recipient keys were added.
...
When the users of a secret change, when for example a new admin user is added, an error will be thrown when generating vars, prompting the user to pass --fix to re-encrypt the secrets
2024-11-13 18:49:30 +07:00
DavHau
4ec218a200
vars,facts: update_check -> needs_upload
2024-11-13 13:34:15 +07:00
Jörg Thalheim
b67919b94d
vars: fix case if we have two vars with where one is the prefix of another one
2024-11-12 16:11:39 +00:00
Jörg Thalheim
eb1daad08d
vars: update message if vars are up-to-date
2024-11-08 15:43:10 +01:00
DavHau
33d049915c
vars: fix shared dependency was not resolved correctly
2024-10-23 20:43:33 +07:00
DavHau
08fb34aa01
cli: set needs_user_terminal for all ssh commands
2024-10-23 19:40:50 +07:00
Jörg Thalheim
4af1954abf
ruff: enable warning lints
2024-10-23 09:06:02 +00:00
DavHau
b379bffeea
vars: show full var_id when prompting
2024-10-16 13:13:41 +07:00
Jörg Thalheim
420958f19d
{vars,facts}/upload: fix ipv6 support
2024-10-10 17:03:32 +02:00
DavHau
29f70640ef
vars,facts: add sops.defaultGroups to new machines
...
Prior to this, when initializing new machines, only the current user had access to it's key which prevents other admin users to deploy this machine later
2024-10-10 19:31:03 +07:00
Jörg Thalheim
db11e7cb92
{vars,facts}/generate: ensure that args.flake is passed
2024-10-08 17:51:55 +00:00
Jörg Thalheim
0a568be528
pass in flakeid to vm_state_dir
2024-10-08 17:51:55 +00:00
Jörg Thalheim
558fa436e8
vars/keygen: adept to new sops api
2024-10-04 16:36:35 +00:00
