yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
4,510 Commits 119 Branches 6 Tags
8a6f9e36952427d4b08beed59945ea870ab44b3f
Commit Graph

4510 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Louis Opter
6848b3b6b3 fix: clan secrets user get dump the user identity correctly 2024-10-04 15:36:30 +00:00
Louis Opter
6694c2b60d Fix key dump in clan secrets key show 
```
In [4]: str(Type.AGE)
Out[4]: Type.AGE

In [5]: Type.AGE.name.lower()
Out[5]: age
```
 2024-10-04 15:36:30 +00:00
Jörg Thalheim
be5f10e241 secrets/show: pretty print json 2024-10-04 15:36:30 +00:00
Jörg Thalheim
4a3030d6ed secrets: replace Key, key type tuple with SopsKey class 2024-10-04 15:36:30 +00:00
Jörg Thalheim
541a73692f fix serialisation of SopsKey type 2024-10-04 15:36:30 +00:00
Jörg Thalheim
db065ea06b error if we cannot load a dataclass from file 2024-10-04 15:36:30 +00:00
Jörg Thalheim
d909078033 default key type to age and rename to age-key/pgp-key 2024-10-04 15:36:30 +00:00
Jörg Thalheim
24973370b3 secrets: do not shadow python builtins 2024-10-04 15:36:30 +00:00
Louis Opter
710b832066 Fix: do not assume users use age keys in vars/sops 
With added support for PGP for users keys, do not assume an age key is
going to be present in secrets files.
 2024-10-04 15:36:30 +00:00
Louis Opter
30d0afe75b Fix: use new sops api in clan secrets machines 2024-10-04 15:36:30 +00:00
Louis Opter
61ceb44a71 Draft: clan-cli: secrets: Add support for PGP keys with sops-nix 
To use a PGP key instead of an age key you can set `SOPS_PGP_FP`. (You
can use `gpg -k --fingerprint --fingerprint` to get your PGP encryption
key fingerprint, remove spaces from it).

The internal manifest file already supported a type field, and so I built
from there.

With those changes, I was able to add my PGP key, and update all my
secrets with it, instead of the age key originally generated:

```
% clan secrets key show | jq
{
  "key": "ADB6276965590A096004F6D1E114CBAE8FA29165",
  "type": "pgp"
}
% clan secrets key update
% for s in $(clan secrets list) ; do clan secrets users add-secret kal-pgp-from-2022-12-to-2024-12 "$s"; done
% for s in $(clan secrets list) ; do clan secrets users remove-secret --debug kal "$s" ; done
```
 2024-10-04 15:36:30 +00:00
clan-bot
b1af3d5d6d Merge pull request 'vars/keygen: fix + cleanup tests' (#2201) from DavHau/clan-core:DavHau-vars-migration into main 2024-10-04 15:32:31 +00:00
DavHau
a257769abd vars/keygen: fix + cleanup tests 
- generate keys in ./sops instead of ./sops/vars for now
- don't initialize all flakes with sops keys, only generate when needed
- use the new 'clan vars keygen' in tests
 2024-10-04 17:25:17 +02:00
clan-bot
3b9f20b943 Merge pull request 'vars: add 'clan vars keygen'' (#2200) from DavHau/clan-core:DavHau-vars-migration into main 2024-10-04 14:21:10 +00:00
DavHau
3357a0082e vars: add 'clan vars keygen' 2024-10-04 16:13:49 +02:00
clan-bot
91a06147bf Merge pull request 'vars: refactor - copy logic to sops secret module' (#2199) from DavHau/clan-core:DavHau-vars-migration into main 2024-10-04 12:40:55 +00:00
clan-bot
c32a13463d Merge pull request 'Interfaces: unclutter meta interface, file conflict position tracking' (#2198) from hsjobeki/clan-core:hsjobeki-roles-interface into main 2024-10-04 12:38:53 +00:00
DavHau
83d850dac4 vars: refactor - copy logic to sops secret module 
This is in preparation for moving the storage away from ./sops to ./vars/sops
 2024-10-04 14:31:22 +02:00
Johannes Kirschbauer
d812445e90 Meta.name: not nullable, since deduped 2024-10-04 14:30:50 +02:00
Johannes Kirschbauer
71d3d03b43 Interfaces: unclutter meta interface, file conflict position tracking 2024-10-04 13:48:11 +02:00
Luis Hebendanz
091ff4e736 Merge pull request 'clanModules: Fix disk-id and machine-id' (#2196) from Qubasa/clan-core:Qubasa-main into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2196
 2024-10-03 13:43:06 +00:00
Qubasa
e28f2406f5 clanModules: Fix disk-id and machine-id 2024-10-03 15:42:56 +02:00
Luis Hebendanz
e21b09a5c1 Merge pull request 'clanModules: Fix disk-id and machine-id' (#2195) from Qubasa/clan-core:Qubasa-main into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2195
 2024-10-03 13:40:37 +00:00
Qubasa
f15a3b057e clanModules: Fix disk-id and machine-id 2024-10-03 15:40:14 +02:00
clan-bot
1eba93b150 Merge pull request 'sops: refactor some function names for clarity' (#2171) from DavHau/clan-core:DavHau-vars-migration into main 2024-10-02 12:03:37 +00:00
DavHau
1f1be62c60 sops: refactor some function names for clarity 2024-10-02 13:56:43 +02:00
hsjobeki
e5b7e2773d Merge pull request 'Inventory: improve role imports' (#2189) from hsjobeki/clan-core:hsjobeki-main into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2189
 2024-10-02 09:08:36 +00:00
Johannes Kirschbauer
d96cf90a52 Inventory/interface: optional instances, allow to use modules without inventory 2024-10-02 11:01:06 +02:00
Johannes Kirschbauer
4a469ed312 Inventory/tests: don't expect the default.nix to be imported anymore 2024-10-02 10:49:06 +02:00
Johannes Kirschbauer
a083a1f443 Fix: Admin module relative dependency 2024-10-02 10:36:48 +02:00
Johannes Kirschbauer
c6cbfcca42 Inventory/borgbackup: fixup structure 2024-10-02 10:01:45 +02:00
Johannes Kirschbauer
0819562a0b Inventory/modules: use explicit roles only 2024-10-02 10:01:44 +02:00
Johannes Kirschbauer
59889944b3 Inventory/test: add borgbackup to inventory test machine 2024-10-02 10:01:44 +02:00
Johannes Kirschbauer
6612a8ad0f Inventory/docs: display explizit roles only 2024-10-02 10:01:44 +02:00
Johannes Kirschbauer
de882cb02f Inventory: improve role imports 2024-10-02 10:01:44 +02:00
clan-bot
10c7fb0a57 Merge pull request 'Fix leaks in vm tests' (#2192) from fix-warning into main 2024-10-02 06:42:45 +00:00
Jörg Thalheim
eb8d99116c test superflous test_vm_qmp 
we already have other tests covering this and VMs + NixOS are slow
 2024-10-01 20:57:07 +02:00
Jörg Thalheim
16fefb27bb add temp_dir fixture 2024-10-01 20:54:19 +02:00
Jörg Thalheim
2a2818d050 add more custom prefixes for temporary directories 2024-10-01 20:54:19 +02:00
Jörg Thalheim
93b1391e4c abort tests on python warning 2024-10-01 20:54:19 +02:00
Jörg Thalheim
082c3c1416 fix resource leaks in qmp tests 2024-10-01 20:54:19 +02:00
clan-bot
91408f4c72 Merge pull request 'fix resource leaks' (#2191) from fix-warning into main 2024-10-01 18:03:58 +00:00
Jörg Thalheim
46c0b7cb2e don't leak memory in global table unless we want to record performance 2024-10-01 19:32:00 +02:00
Jörg Thalheim
d5d6774124 fix file descriptor leak in cmd.run() 
we were leaking pipes.
 2024-10-01 19:27:47 +02:00
clan-bot
e014800f03 Merge pull request 'generate: don't set type=bool in argparse.BooleanOptionalAction' (#2190) from fix-warning into main 2024-10-01 17:04:49 +00:00
Jörg Thalheim
237327ead3 start to name temporary directories in more places 2024-10-01 18:57:59 +02:00
Jörg Thalheim
716c6c9139 generate: don't set type=bool in argparse.BooleanOptionalAction 2024-10-01 18:48:54 +02:00
clan-bot
12fb2c48e4 Merge pull request 'docs: improve flake-parts reference' (#2187) from hsjobeki/clan-core:hsjobeki-roles-interface into main 2024-10-01 09:28:13 +00:00
Johannes Kirschbauer
1b77b118e2 docs: improve flake-parts reference 2024-10-01 11:21:30 +02:00
clan-bot
6fc0954551 Merge pull request 'Automatic flake update - treefmt-nix - 2024-09-30T00:00+00:00' (#2185) from flake-update-treefmt-nix-2024-09-30 into main 2024-09-30 00:43:42 +00:00