yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
10,166 Commits 120 Branches 6 Tags
8da25d52950a9a1b74a914af3641e61ab113081c
Commit Graph

267 Commits

Author SHA1 Message Date
Jörg Thalheim
4cb17d42e1 PLR2004: fix 2025-08-26 16:21:15 +02:00
Jörg Thalheim
c9a709783a BLE001: fix 2025-08-26 12:01:47 +02:00
Jörg Thalheim
8f8426de52 PGH003: fix 2025-08-26 11:36:38 +02:00
Jörg Thalheim
1d0e0f243e PLW2901: fix 2025-08-25 15:17:06 +02:00
Mic92
8134ffd787 Merge pull request 'ruff-4-perf-fixes' (#4935) from ruff-4-perf-fixes into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4935
 2025-08-25 13:12:14 +00:00
Jörg Thalheim
c65bb0b1ce PERF401: fix 2025-08-25 15:06:32 +02:00
Mic92
05665b1c7e Merge pull request 'ruff-3-arg-fixes' (#4934) from ruff-3-arg-fixes into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4934
 2025-08-25 12:54:04 +00:00
Jörg Thalheim
04457b1272 ARG001: fix 2025-08-25 14:46:12 +02:00
Jörg Thalheim
6a2dfb8176 S101: fix 2025-08-25 14:11:25 +02:00
Jörg Thalheim
0ec2c32ff8 ruff: apply automatic unsafe fixes 2025-08-25 11:34:41 +02:00
Jörg Thalheim
ea2d6aab65 ruff: apply automatic fixes 2025-08-25 11:34:41 +02:00
Johannes Kirschbauer
31d3997358 Secrets: fix tests 2025-08-10 13:06:42 +02:00
Johannes Kirschbauer
62b748624d Secrets: allow to generate additional keys with --new 2025-08-10 13:04:34 +02:00
Johannes Kirschbauer
29f440a482 Sops: generate key should always 'generate' a key pair when beeing called 
Check if you want to generate a new key as a caller
 2025-08-10 13:04:34 +02:00
Michael Hoang
2f2f3b6898 cli: fix missing newline in error message 2025-08-08 15:19:19 +10:00
DavHau
cc69892e3b create clan: better info about existing sop keys 
When creating a new clan, the key selection now looks like this:
```
Found existing admin keys on this machine:
1: type: AGE
   pubkey: age1xyz...
   source: /home/grmpf/.config/sops/age/keys.txt
2: type: PGP
   pubkey: abc...
   source: SOPS_PGP_FP
Select keys to use (comma-separated list of numbers, or leave empty to select all):
```

This is achieved by adding a `source` attribute to `SopsKey`.
 2025-07-23 13:22:19 +07:00
Jörg Thalheim
377056e80c clan flakes create: initialize keys automatically (#4435) 
fixes https://git.clan.lol/clan/clan-core/issues/2665
fixes https://git.clan.lol/clan/clan-core/issues/4407

Co-authored-by: DavHau <d.hauer.it@gmail.com>
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4435
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
Co-committed-by: Jörg Thalheim <joerg@thalheim.io>
 2025-07-23 04:44:55 +00:00
a-kenji
6347bb7f3a pkgs/clan: Further unify clan flake validation 
Further unify clan flake validation and improve test coverage.
 2025-07-15 13:03:49 +02:00
hsjobeki
7001a82196 Merge pull request 'api/tasks: prefix impure actions with run' (#4239) from api-cleanup into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4239
 2025-07-07 11:28:07 +00:00
Johannes Kirschbauer
19d86cc431 api/clan: rename 'update_clan_meta' -> 'set_clan_details' 2025-07-07 12:51:32 +02:00
Johannes Kirschbauer
1180ace4d7 api/admin: remove maybe_get_admin_public_keys 2025-07-07 12:43:11 +02:00
Michael Hoang
5667ad2994 cli: don't log every public key we find 2025-07-07 15:23:46 +10:00
a-kenji
aaac5b5b7c pkgs/clan: Improve error message on clan secrets users add 
Improve error message on `clan secrets users add [user] --age-key
`AGE-PLUGIN-YUBIKEY`

Since there is no way to get the recipient through the AGE-PLUGIN-YUBIKEY,
we should fail fast and give an actionable error to the user.
 2025-06-25 17:30:59 +02:00
Michael Hoang
7f667ccc16 cli: don't error when more than one SOPS key found locally 2025-06-13 14:37:19 +07:00
Michael Hoang
5dc321cfb0 cli: fix secrets key update failing when used with Nix in Nix 2025-06-13 13:36:29 +07:00
Michael Hoang
6dd6a641f5 cli: fix clan secrets key update not working when age plugins defined 2025-06-10 14:07:10 +07:00
Michael Hoang
4b26108b3d cli: don't generate a sops key that is world readable 
Fixes https://git.clan.lol/clan/clan-core/issues/3808
 2025-06-06 12:15:19 +10:00
DavHau
de3a08ab63 sops: initialize age_plugins early 
This avoids re-initializing the Flake object deep in the tree, which in turn leads to issue when overriding the Flake for testing, eg the URl would reset.
 2025-05-31 11:27:17 +07:00
Johannes Kirschbauer
2312a65c17 Chore: rename secrets.get_machine to avoid ambiguity 2025-05-26 17:52:46 +02:00
lassulus
f2bf142e80 clan-cli: clan_cli.git -> clan_lib.git 2025-05-20 14:35:14 +02:00
lassulus
ed89352ea1 clan-cli: clan_cli.dirs -> clan_lib.dirs 2025-05-20 12:08:30 +02:00
lassulus
9a0c6f55bd clan-cli: clan_cli.cmd -> clan_lib.cmd 2025-05-19 19:07:24 +02:00
lassulus
cb74273da4 clan-cli: move clan_cli.nix to clan_lib.nix 2025-05-19 18:40:36 +02:00
lassulus
fa052f45bd clan_lib: move clan_lib.flake.flake to clan_lib.flake 2025-05-16 19:28:36 +02:00
Johannes Kirschbauer
07b676e901 Fix: missing recipient should print a message 2025-05-16 18:09:53 +02:00
Johannes Kirschbauer
fe0507b47c refactor: move clan_cli.error to clan_lib.error 2025-05-16 16:14:39 +02:00
lassulus
5423b9af41 clan_cli: move flake class to clan_lib 2025-05-16 13:38:47 +02:00
DavHau
02ca5bd870 gui: make update machine work 
Also fix error when age plugins not defined
 2025-04-30 15:28:49 +07:00
Brian McGee
651b277bb9 feat: configure age plugins for SOPS in buildClan 2025-04-29 16:02:32 +10:00
Brian McGee
e281b689df fix: multiple user keys in secrets 
We were not loading all the user keys, only the first one.
 2025-04-29 15:47:54 +10:00
Brian McGee
1bfe318865 feat: support age plugins 
Extends how we parse the contents of `SOPS_AGE_KEY` / `SOPS_AGE_KEY_FILE` / `keys.txt`, allowing a user to prepend a comment before any `AGE-PLUGIN-` secret key entry to indicate its corresponding public key.

For example:

```
AGE-PLUGIN-FIDO2-HMAC-xxxxxxxxxxxxx
```

The comment can use any prefix (e.g. `# public key: age1xxxx`, `# recipient: age1xxx`) as we are looking directly for `age1xxxx` within the line.

This change is necessary to support `age` plugins as there is no unified mechanism to recover the public key from a plugin's secret key.

If a plugin secret key does not have a preceding public key comment, an error will be thrown when attempting to set a secret.
 2025-04-29 15:47:54 +10:00
Johannes Kirschbauer
f6628ec1a9 Refactor(clan_lib): move clan_cli.api into clan_lib.api 2025-04-26 19:51:35 +02:00
Jörg Thalheim
723d72255c Reapply "remove nix_shell_legacy" 
This reverts commit c5001f19fc.
 2025-04-21 13:23:50 +02:00
Johannes Kirschbauer
c5001f19fc Revert "remove nix_shell_legacy" 
This reverts commit f3512b853a.
 2025-04-18 14:49:54 +02:00
Jörg Thalheim
f3512b853a remove nix_shell_legacy 2025-04-16 21:03:58 +02:00
Jörg Thalheim
837789010e rename nix_shell_legacy to nix_shell and run_cmd to nix_shell 
Than it's more obvious that we need to migrate.
 2025-04-16 18:27:01 +00:00
Brian McGee
aa4fe27e51 feat(clan-cli): support multiple keys for a user 2025-04-09 09:58:58 +00:00
DavHau
ba1ad5bd43 sops: prioritize SOPS_AGE_KEY_FILE over local key 
... instead of loading both keys and raise an error

This is important for testing when one wants to override SOPS_AGE_KEY_FILE

New prio: `SOPS_AGE_KEY` > `SOPS_AGE_KEY_FILE` > `~/.config/sops/age/keys.txt`
 2025-04-09 08:45:34 +00:00
Jörg Thalheim
be37194b9a sops: fix compatibility with new format 
The new format can have null values now.
 2025-04-08 17:44:23 +02:00
Jörg Thalheim
d3a1b29c6b make gnupg a dependency of sops 
if anything uses a gnupg key, we need the gnupg binary.
Sucks a bit, but at least it makes it work everywhere.
 2025-03-25 18:30:18 +01:00