yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
4,326 Commits 120 Branches 6 Tags
99c5bd2b5072c9bf224d70296240e8b38fb9f32b
Commit Graph

1365 Commits

Author SHA1 Message Date
Qubasa
99c5bd2b50 clan-cli: Add --host-key-check to machine update 2024-10-05 23:33:44 +02:00
Qubasa
5967bb347c clan-cli: Fix bug where --target_host is getting ignored 2024-10-05 18:51:44 +02:00
Jörg Thalheim
558fa436e8 vars/keygen: adept to new sops api 2024-10-04 16:36:35 +00:00
Jörg Thalheim
1666513e91 Revert "Merge pull request 'Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main"' (#2202) from revert into main" 
This reverts commit a5496e8db0, reversing
changes made to 9bb1aef245.
 2024-10-04 16:36:35 +00:00
DavHau
8f16cf0282 Revert "vars: refactor - copy logic to sops secret module" 
This reverts commit ae53ea7399.
 2024-10-04 18:20:53 +02:00
Jörg Thalheim
084ebf9edc Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main" 
This reverts commit 5668fd05a0, reversing
changes made to dd17fbdc6d.

Reverting for now as Dave's recent change conflicts with this change.
 2024-10-04 17:54:29 +02:00
Louis Opter
81f162d4e6 Update tests for clan secrets 2024-10-04 15:36:30 +00:00
Louis Opter
ab46e3c1e2 Improvements for clan secrets key generate. 
I am not sure to understand what `extract_public_key` was for. It seems
like `age-keygen -y` will just work fine for a file like
`extract_public_key` is looking for. Unless someone intentionally made a
file with a comment like that without the private key in it.

Messages are moved to stdout rather being logged. It feels like the
output is meaningful in the first step users are going to take. Also
makes testing easier, as log messages are captured differently than
stdout. The call to add an user is changed to be easier to copy paste
and work whether PGP or age is in use.

A description for the command is added instead of help which does not
seem to be displayed.
 2024-10-04 15:36:30 +00:00
Louis Opter
611d8b40f3 Make clan_cli.secrets.sops.SopsKey immutable and remove its __eq__ method 
Immutability seems sensible for this type.

There is some ambiguity on how to compare keys, in particular when `user.name == ""`, but the rest matches.
 2024-10-04 15:36:30 +00:00
Louis Opter
69b9f1ae23 fix: clan secrets user get dump the user identity correctly 2024-10-04 15:36:30 +00:00
Louis Opter
cf492b15aa Fix key dump in clan secrets key show 
```
In [4]: str(Type.AGE)
Out[4]: Type.AGE

In [5]: Type.AGE.name.lower()
Out[5]: age
```
 2024-10-04 15:36:30 +00:00
Jörg Thalheim
5d87bc2435 secrets/show: pretty print json 2024-10-04 15:36:30 +00:00
Jörg Thalheim
105e6bd86a secrets: replace Key, key type tuple with SopsKey class 2024-10-04 15:36:30 +00:00
Jörg Thalheim
160fe82576 fix serialisation of SopsKey type 2024-10-04 15:36:30 +00:00
Jörg Thalheim
9c25b4d61c error if we cannot load a dataclass from file 2024-10-04 15:36:30 +00:00
Jörg Thalheim
ca4ff0611c default key type to age and rename to age-key/pgp-key 2024-10-04 15:36:30 +00:00
Jörg Thalheim
4cd4334b1c secrets: do not shadow python builtins 2024-10-04 15:36:30 +00:00
Louis Opter
d18c0fa3ae Fix: do not assume users use age keys in vars/sops 
With added support for PGP for users keys, do not assume an age key is
going to be present in secrets files.
 2024-10-04 15:36:30 +00:00
Louis Opter
b2e796145a Fix: use new sops api in clan secrets machines 2024-10-04 15:36:30 +00:00
Louis Opter
7a673ea95f Draft: clan-cli: secrets: Add support for PGP keys with sops-nix 
To use a PGP key instead of an age key you can set `SOPS_PGP_FP`. (You
can use `gpg -k --fingerprint --fingerprint` to get your PGP encryption
key fingerprint, remove spaces from it).

The internal manifest file already supported a type field, and so I built
from there.

With those changes, I was able to add my PGP key, and update all my
secrets with it, instead of the age key originally generated:

```
% clan secrets key show | jq
{
  "key": "ADB6276965590A096004F6D1E114CBAE8FA29165",
  "type": "pgp"
}
% clan secrets key update
% for s in $(clan secrets list) ; do clan secrets users add-secret kal-pgp-from-2022-12-to-2024-12 "$s"; done
% for s in $(clan secrets list) ; do clan secrets users remove-secret --debug kal "$s" ; done
```
 2024-10-04 15:36:30 +00:00
DavHau
11c37ebeba vars/keygen: fix + cleanup tests 
- generate keys in ./sops instead of ./sops/vars for now
- don't initialize all flakes with sops keys, only generate when needed
- use the new 'clan vars keygen' in tests
 2024-10-04 17:25:17 +02:00
DavHau
2a9ced1e26 vars: add 'clan vars keygen' 2024-10-04 16:13:49 +02:00
DavHau
ae53ea7399 vars: refactor - copy logic to sops secret module 
This is in preparation for moving the storage away from ./sops to ./vars/sops
 2024-10-04 14:31:22 +02:00
DavHau
4a0207f0b3 sops: refactor some function names for clarity 2024-10-02 13:56:43 +02:00
Johannes Kirschbauer
536ae8701d Inventory/docs: display explizit roles only 2024-10-02 10:01:44 +02:00
Jörg Thalheim
ca8f36201b test superflous test_vm_qmp 
we already have other tests covering this and VMs + NixOS are slow
 2024-10-01 20:57:07 +02:00
Jörg Thalheim
27b1aeb827 add temp_dir fixture 2024-10-01 20:54:19 +02:00
Jörg Thalheim
4826582547 add more custom prefixes for temporary directories 2024-10-01 20:54:19 +02:00
Jörg Thalheim
196f78d2da abort tests on python warning 2024-10-01 20:54:19 +02:00
Jörg Thalheim
8b205c78bf fix resource leaks in qmp tests 2024-10-01 20:54:19 +02:00
clan-bot
2f38955066 Merge pull request 'fix resource leaks' (#2191) from fix-warning into main 2024-10-01 18:03:58 +00:00
Jörg Thalheim
4207aef029 don't leak memory in global table unless we want to record performance 2024-10-01 19:32:00 +02:00
Jörg Thalheim
13aed0792e fix file descriptor leak in cmd.run() 
we were leaking pipes.
 2024-10-01 19:27:47 +02:00
clan-bot
a57f409224 Merge pull request 'generate: don't set type=bool in argparse.BooleanOptionalAction' (#2190) from fix-warning into main 2024-10-01 17:04:49 +00:00
Jörg Thalheim
f9a42831e4 start to name temporary directories in more places 2024-10-01 18:57:59 +02:00
Jörg Thalheim
a5e18fda08 generate: don't set type=bool in argparse.BooleanOptionalAction 2024-10-01 18:48:54 +02:00
Louis Opter
3f2bb2b958 Update outdated help messages and fix a typo 2024-09-29 15:52:58 +00:00
Jörg Thalheim
62af2bab55 fix broken eval check when nixpkgs.pkgs nixos option is used 2024-09-29 16:59:02 +02:00
Jörg Thalheim
9cf2bd4f6e make default hardware report commit message nicer 2024-09-29 16:59:02 +02:00
Jörg Thalheim
bf7246104d allow to overwrite hardware configuration 
now that we call it "update" hardware configurration and we are heading
towards facter anyway, we don't need all the force overide logic. Just
allow this to be overwritten by default.
 2024-09-29 16:59:02 +02:00
Jörg Thalheim
b4652539a5 wrap hardware generate arguments into an object 2024-09-29 16:59:02 +02:00
Jörg Thalheim
7816a3e639 don't expose polymorphic api 2024-09-29 16:21:53 +02:00
Jörg Thalheim
372a5f3907 remove unused location from ClanError 2024-09-29 16:21:53 +02:00
Jörg Thalheim
1940880dcb put error description in same line as error for cli 2024-09-29 16:21:53 +02:00
Jörg Thalheim
1e11cd79c4 if error doesn't have a message set, print a stack trace 2024-09-29 16:21:53 +02:00
Jörg Thalheim
84383a4a48 if command fails, print command and exit code, regardless if error message is set 2024-09-29 16:21:53 +02:00
Jörg Thalheim
07e031f256 expose nixos-facter in cli 2024-09-29 16:21:53 +02:00
Qubasa
945c491d05 clan flash: Remove root requirement for flash, add a flash-template 2024-09-24 13:42:21 +02:00
Jörg Thalheim
d0ed48284b use packaged nixos-facter in generate_hardware_info 2024-09-24 11:38:33 +02:00
Qubasa
a27880a65e clan-cli: Move clan machines import to clan machines create 2024-09-23 17:11:48 +02:00