yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
5,050 Commits 119 Branches 6 Tags
d07d59a4fc951c00c0cd8c45fda16bf5d90f76fa
Commit Graph

5050 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mic92
dcd2581b41 Merge pull request 'clan-cli: secrets: fix encryption, and collect public and private keys separately' (#2500) from lo-sops-filter-env into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2500
 2024-11-27 06:27:53 +00:00
Louis Opter
5a5b92ef1d clan-cli: secrets: sops: SOPS_NIX_SECRET is not a sops variable 
It's a variable internal to us, and it does not need to be allowed.
 2024-11-27 06:27:53 +00:00
Louis Opter
1e0db82827 clan-cli: secrets: address CR feedback for sops encryption and key handling 
- Move public keys collection to a class method on `SopsKey`, and
  implement collection for each key type in `KeyType`, this helps make
  the code more generic ;
- Replace `Operation.__call__` by `run` (`sops.run` if you import the
  entire module), that allows us to dedent the code so that's cool ;
- Fix exception handling when trying to get a in-memory temporary file ;
- Make Executor cuter 😵🪦.
 2024-11-27 06:27:53 +00:00
Louis Opter
1ba27196d8 clan-cli: rebase sops changes on top of vars changes 
vars changes in question are from commit: 54b8f5904e

With this changeset the age specific sops logic that was added is now
generic.

To keep things simple, this changeset modifies `SopsKey` so that
`username` is ignored when comparing different keys. I don't really see
us relying on `username` and this makes `SopsKey` hashable, and usable
in a `set`, which is nice when you check that you have a particular key.
 2024-11-27 06:27:53 +00:00
Louis Opter
8d53568d95 clan-cli: secrets: treemft 2024-11-27 06:27:53 +00:00
Louis Opter
daf51f523e clan-cli: secrets.sops: improve age keys detection 
This change allows you to e.g. directly pass `$(age-keygen)` on the
command line.
 2024-11-27 06:27:53 +00:00
Louis Opter
67c7876629 clan-cli: filter any sops recipients set in the environment for encryption 
This forces sops to use our config file, otherwise if any of the
environment variables set to specify recipients is present then
`--config` will be ignored (see [env_check]).

That's simple enough, still I ended up refactoring how we call sops for
correctness, and to align with its behavior. The code now distinguishes
between public and private keys explicitly. `secrets.decrypt_secret`
does not try to lookup for public and private keys anymore.

With this changeset, some people might have to adjust their environment
as public age and PGP keys will be discovered like sops would do. In
particular if multiple public keys are discovered, then the user will
have to specify which one to use for the clan.

This also makes the following changes:

- try to use `/dev/shm` when swapping a secret (it's what [pass] does
  fwiw);
- alias immediate values for readability;
- remove some float comparison that could never succeed, and use sops'
  exit status instead;
- remove unused function `maybe_get_sops_key`.

[env_check]: 8c567aa8a7/cmd/sops/main.go (L2229)
[pass]: http://passwordstore.org/
 2024-11-27 06:27:53 +00:00
clan-bot
0bad1c79f4 Merge pull request 'Automatic flake update - 2024-11-25T00:00+00:00' (#2484) from flake-update-2024-11-25 into main 2024-11-26 18:58:35 +00:00
Clan Merge Bot
40fe706446 update flake lock - 2024-11-25T00:00+00:00 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/cb64993826fa7a477490be6ccb38ba1fa1e18fa8?narHash=sha256-f3SSp1axoOk0NAI7oFdRzbxG2XPBSIXC%2B/DaAXnvS1A%3D' (2024-11-16)
  → 'github:nix-community/disko/47bc8dfb6f48d5f66a3cb3a4cece83d8ace1f61a?narHash=sha256-B1MQLiWi4bbeNiRXKxEkpztnKyWae4x0LyK32v3DjLk%3D' (2024-11-24)
• Updated input 'nixos-facter-modules':
    'github:numtide/nixos-facter-modules/5a1c2a28589e34f8a44d46dd1909cfacf928cb1a?narHash=sha256-aIy8m4jjr/BFXzniNzoH16sF7HEFV/01/5b3FhtUHrw%3D' (2024-11-17)
  → 'github:numtide/nixos-facter-modules/862648589993a96480c2255197a28feea712f68f?narHash=sha256-zSQ2cR%2BNRJfHUVfkv%2BO6Wi53wXfzX8KHiO8fRfnvc0M%3D' (2024-11-22)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/85f7e662eda4fa3a995556527c87b2524b691933?narHash=sha256-JwQZIGSYnRNOgDDoIgqKITrPVil%2BRMWHsZH1eE1VGN0%3D' (2024-11-07)
  → 'github:NixOS/nixpkgs/8edf06bea5bcbee082df1b7369ff973b91618b8d?narHash=sha256-sQxuJm8rHY20xq6Ah%2BGwIUkF95tWjGRd1X8xF%2BPkk38%3D' (2024-11-22)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/472741cf3fee089241ac9ea705bb2b9e0bfa2978?narHash=sha256-NVUTFxKrJp/hjehlF1IvkPnlRYg/O9HFVutbxOM8zNM%3D' (2024-11-17)
  → 'github:Mic92/sops-nix/53c853fb1a7e4f25f68805ee25c83d5de18dc699?narHash=sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0%3D' (2024-11-21)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/746901bb8dba96d154b66492a29f5db0693dbfcc?narHash=sha256-vK%2Ba09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/%2BmaI%3D' (2024-10-30)
  → 'github:numtide/treefmt-nix/705df92694af7093dfbb27109ce16d828a79155f?narHash=sha256-5WSng844vXt8uytT5djmqBCkopyle6ciFgteuA9bJpw%3D' (2024-11-22)
 2024-11-26 19:52:15 +01:00
Mic92
90578d47f1 Merge pull request 'vars: make interface more type-safe' (#2459) from vars into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2459
Reviewed-by: kenji <aks.kenji@protonmail.com>
 2024-11-26 16:15:55 +00:00
Jörg Thalheim
45dfbf54db vars: make interface more type-safe 2024-11-26 17:08:26 +01:00
Jörg Thalheim
0239770978 vars: add name to generators 2024-11-26 15:26:16 +01:00
clan-bot
71bcf76feb Merge pull request 'pkgs/cli: Add --password flag to machines install' (#2499) from kenji/clan-core:kenji-add-password-flag into main 2024-11-26 14:11:01 +00:00
clan-bot
a88e98d807 Merge pull request 'docs: Fix typo in clan module' (#2498) from kenji/clan-core:kenji-docs/fix/typ into main 2024-11-26 14:08:58 +00:00
a-kenji
26344a7938 pkgs/cli: Add --password flag to machines install 
Add `--password` flag to `clan machines install`,
which allows installing through the `nixos-image` installer
manually without extra configuration.
 2024-11-26 15:01:43 +01:00
a-kenji
a1e089c3c1 docs: Fix typo in clan module 2024-11-26 15:01:00 +01:00
clan-bot
3b1c9429db Merge pull request 'less verbose logging if commands fail' (#2497) from less-logging into main 2024-11-26 13:45:01 +00:00
Jörg Thalheim
c046ea6e17 run tests less verbose in CI 2024-11-26 14:38:59 +01:00
Jörg Thalheim
09a7fccbb0 less verbose logging if commands fail 2024-11-26 14:38:59 +01:00
clan-bot
b06b8a65c6 Merge pull request 'chore: fix prettier formatter. Ignore symlinked asciinema-player' (#2496) from hsjobeki/clan-core:hsjobeki-main into main 2024-11-26 13:03:18 +00:00
Johannes Kirschbauer
4b188c82f7 UI/backButton: use button and icon component 2024-11-26 13:56:05 +01:00
Johannes Kirschbauer
e3b4797ae1 UI/button: make children optional, fix layout shift 2024-11-26 13:56:05 +01:00
Johannes Kirschbauer
4aa83351b1 UI/components: init icon 2024-11-26 13:56:05 +01:00
Johannes Kirschbauer
4e47da969b chore: fix prettier formatter. Ignore symlinked asciinema-player 2024-11-26 13:56:05 +01:00
Mic92
4d969a31ce Merge pull request 'test_vars: mock ask function instead of sys.stdin' (#2493) from stdin into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2493
 2024-11-26 11:56:38 +00:00
Jörg Thalheim
8eb37903e0 test_vars: mock ask function instead of sys.stdin 2024-11-26 11:56:38 +00:00
clan-bot
dc168e6f74 Merge pull request 'App/fonts: use ArchivoSemiCondensed' (#2494) from hsjobeki/clan-core:hsjobeki-main into main 2024-11-26 11:27:55 +00:00
Johannes Kirschbauer
4c4862e89a App/fonts: use ArchivoSemiCondensed 2024-11-26 12:21:43 +01:00
hsjobeki
10a105e25e Merge pull request 'Clan App improvements' (#2492) from hsjobeki/clan-core:inventory-modules into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2492
 2024-11-26 10:44:06 +00:00
Johannes Kirschbauer
446b2592ec API/serde: add handling for serializing enum classes 2024-11-26 10:44:06 +00:00
Johannes Kirschbauer
c31907917d App: improve exception logging 2024-11-26 10:44:06 +00:00
Johannes Kirschbauer
bdec967444 ClanModules/zerotier: simplify nix code 2024-11-26 10:44:06 +00:00
clan-bot
8be89a462b Merge pull request 'vars: fix migration - secrets end up in public store' (#2491) from DavHau/clan-core:DavHau-vars into main 2024-11-26 10:08:36 +00:00
DavHau
173436632d vars: fix migration - secrets end up in public store 2024-11-26 17:02:11 +07:00
clan-bot
72ef3006b4 Merge pull request 'clan-cli: Remove tty.py' (#2490) from Qubasa/clan-core:Qubasa-main into main 2024-11-25 19:38:31 +00:00
Qubasa
4775139091 clan-cli: Remove tty.py 2024-11-25 20:32:36 +01:00
clan-bot
80c233398f Merge pull request 'clan-vm-manager: Fix regression' (#2489) from Qubasa/clan-core:Qubasa-main into main 2024-11-25 19:15:03 +00:00
Luis Hebendanz
7bf112c067 Merge pull request 'fix webirc url' (#2478) from dezren39/clan-core:dezren39-patch-1 into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2478
 2024-11-25 19:11:30 +00:00
dezren39
c4d66e1e9f Update README.md 2024-11-25 19:11:30 +00:00
dezren39
222b4bac4c Update README.md 2024-11-25 19:11:30 +00:00
dezren39
41450c0fe0 fix webirc url 
Signed-off-by: dezren39 <drewrypope@gmail.com>
 2024-11-25 19:11:30 +00:00
Qubasa
bcbb15fcc1 clan-vm-manager: Fix regression 2024-11-25 20:08:50 +01:00
clan-bot
6620a15256 Merge pull request 'clan-cli: Refactor ssh classes to dataclasses' (#2488) from Qubasa/clan-core:Qubasa-main into main 2024-11-25 18:53:13 +00:00
Qubasa
27b40849d1 clan-cli: Refactor ssh classes to dataclasses 2024-11-25 19:47:17 +01:00
clan-bot
a1c26489c1 Merge pull request 'docs: Fix nix flake check problem with diskId' (#2487) from Qubasa/clan-core:Qubasa-main into main 2024-11-25 17:45:47 +00:00
Qubasa
41a84f5970 docs: Fix nix flake check problem with diskId 2024-11-25 18:39:16 +01:00
clan-bot
b9d41fd8dc Merge pull request 'core password-store: define fileModule only if file is secret' (#2486) from lassulus/clan-core:pass-fixes3 into main 2024-11-25 12:34:31 +00:00
lassulus
70a5910946 core password-store: define fileModule only if file is secret 2024-11-25 12:40:51 +01:00
clan-bot
89228e9e48 Merge pull request 'Automatic flake update - nixpkgs - 2024-11-25T00:00+00:00' (#2482) from flake-update-nixpkgs-2024-11-25 into main 2024-11-25 00:36:59 +00:00
clan-bot
73446202cc Merge pull request 'Automatic flake update - treefmt-nix - 2024-11-25T00:00+00:00' (#2485) from flake-update-treefmt-nix-2024-11-25 into main 2024-11-25 00:32:15 +00:00