yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
4,317 Commits 120 Branches 6 Tags
d134d94a1ed3737db73af3ba3b4bfea51b38a430
Commit Graph

59 Commits

Author SHA1 Message Date
Jörg Thalheim
d134d94a1e Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main" 
This reverts commit b956b94039, reversing
changes made to b1af3d5d6d.

Reverting for now as Dave's recent change conflicts with this change.
 2024-10-04 17:54:29 +02:00
Louis Opter
710b832066 Fix: do not assume users use age keys in vars/sops 
With added support for PGP for users keys, do not assume an age key is
going to be present in secrets files.
 2024-10-04 15:36:30 +00:00
DavHau
a257769abd vars/keygen: fix + cleanup tests 
- generate keys in ./sops instead of ./sops/vars for now
- don't initialize all flakes with sops keys, only generate when needed
- use the new 'clan vars keygen' in tests
 2024-10-04 17:25:17 +02:00
DavHau
3357a0082e vars: add 'clan vars keygen' 2024-10-04 16:13:49 +02:00
DavHau
83d850dac4 vars: refactor - copy logic to sops secret module 
This is in preparation for moving the storage away from ./sops to ./vars/sops
 2024-10-04 14:31:22 +02:00
Jörg Thalheim
2a2818d050 add more custom prefixes for temporary directories 2024-10-01 20:54:19 +02:00
clan-bot
e014800f03 Merge pull request 'generate: don't set type=bool in argparse.BooleanOptionalAction' (#2190) from fix-warning into main 2024-10-01 17:04:49 +00:00
Jörg Thalheim
237327ead3 start to name temporary directories in more places 2024-10-01 18:57:59 +02:00
Jörg Thalheim
716c6c9139 generate: don't set type=bool in argparse.BooleanOptionalAction 2024-10-01 18:48:54 +02:00
Qubasa
1b0b111f03 clan flash: Remove root requirement for flash, add a flash-template 2024-09-24 13:42:21 +02:00
DavHau
0324f4d4b8 vars/sops: improve shared secrets, switching backend 
When a second machine checks for a shared secret, now the exists() call returns negative and only when updating the secrets for that machine, the machine is added to the sops receivers.

Also throw proper errors when the user switches backends without cleaning the files first.
 2024-09-20 15:06:54 +02:00
DavHau
501ade7de7 vars: implement migration 
Migrating generated files from the facts subsystem to the vars subsystem is now possible.

HowTo:
1. declare `clan.core.vars.generators.<generator>.migrateFact = my_service` where `my_service` refers to a service from `clan.core.facts.services`
2. run `clan vers generate your_machine` or `clan machines update your_machine`

Vars will only be migrated for a generator if:
1. The facts service specified via `migrateFact` does exist
2. None of the vars to generate exist yet
3. All public var names exist in the public facts store
4. All secret var names exist in the secret fact store

If the migration is deemed possible, the generator script will not be executed. Instead the files from the public or secret facts store are read and stored into the corresponding vars store
 2024-09-19 17:57:03 +02:00
DavHau
89d39186ee vars/generate: improve output when vars are updated 
fixes #2076

- print old and new value if possible
- also inform the user if something hasn't changed
 2024-09-18 16:57:01 +02:00
DavHau
cf47c1d51a vars: generate proper commit messages 
fixes #2126
 2024-09-17 20:22:18 +02:00
DavHau
a1dd10f502 vars/sops/shared: add machines key on demand 2024-09-12 20:17:05 +02:00
DavHau
067d287398 vars/list: display '<not set>' also for secrets 2024-09-12 17:24:29 +02:00
DavHau
53592837a9 vars: get rid of meta.json 2024-09-12 16:52:44 +02:00
DavHau
3c27cc31e9 vars/sops: load sops info from nix instead of filesystem 2024-09-12 16:30:21 +02:00
DavHau
54cb6862b1 vars/password-store: implement upload and hashing 2024-09-09 22:13:16 +02:00
DavHau
6fafafa064 vars/password-store: use standard paths; fix share flag 2024-09-09 21:20:03 +02:00
DavHau
b3dd36bdb6 vars: improve generator pipeline 
Compute the whole closure of to-be-executed generators upfront before executing anything

Properly compute closures for the 4 different scenarios:

1. full_closure: run all generators for a selected machine in topological order
2. all_missing_closure: run just the missing generators including their dependents
3. requested_closure: run only a selected list of generators including their missing dependencies and their dependents
4. minimal_closure: Run just enough to ensure that the list of selected generators are in a consistent state. Don't execute anything if nothing is missing.
 2024-09-06 21:32:17 +02:00
DavHau
f5e65b5d0e vars: refactor - ask prompts before running any generators 2024-09-06 16:08:46 +02:00
DavHau
9d86c5474f clan-cli: fix cyclic import problem 2024-09-06 15:38:12 +02:00
DavHau
f161c7ca58 vars: improve generator execution pipeline 
- ensure all dependents are re-generated as well
- refactor: separate out computation of generator update closure
 2024-09-06 14:30:49 +02:00
DavHau
1254b80a52 vars: add api endpoint set_prompts 2024-09-04 18:06:11 +02:00
DavHau
112982a7fb vars: add get_prompts api endpoint 
vars: add test for api endpoint get_prompts
 2024-09-04 17:36:50 +02:00
clan-bot
87c5ded6a2 Merge pull request 'apply TRY lint' (#2035) from joerg-ci into main 2024-09-04 13:20:11 +00:00
DavHau
570aadf065 vars: set vars via cli; improve getting vars via cli; 2024-09-04 14:48:42 +02:00
DavHau
e3280e2b1d vars: add 'get' command to cli 2024-09-03 19:19:20 +02:00
Jörg Thalheim
403b9cf2cc apply TRY lint 2024-09-03 18:13:46 +02:00
DavHau
8efcd65bed vars: global metadata paths for all store backends 
This also changes the paths where sops stores teh secret -> all sops secrets will have to be re-generated
 2024-09-03 16:30:01 +02:00
DavHau
2621a961e7 vars: make simplify vars store abstraction 2024-09-02 18:44:00 +02:00
Jörg Thalheim
659e5b37dd use pathlib everywhere 2024-09-02 18:26:13 +02:00
Jörg Thalheim
357b619068 add SIM lint 2024-09-02 16:39:30 +02:00
Jörg Thalheim
ad3daa3ce4 add RET, Q, RSE lint 2024-09-02 15:58:49 +02:00
Jörg Thalheim
15ff74f7c2 enable ASYNC, DTZ, YTT and EM lints 2024-09-02 14:07:06 +02:00
Jörg Thalheim
e9a266001c enable comprehensions linting rules 2024-09-02 13:35:52 +02:00
Jörg Thalheim
af4b9cc2d5 make all same-module imports relative, the rest absolute 
This makes sorting more consitent.
 2024-09-02 13:00:19 +02:00
DavHau
2ec3abb24c vars: improve check command and add tests 2024-09-01 16:45:09 +02:00
DavHau
8ad90aa44f vars: fix listing vars + add test 2024-09-01 16:10:25 +02:00
DavHau
6f4827bde4 vars: implement listing all vars 2024-09-01 16:03:37 +02:00
DavHau
ec055f7606 vars: introduce deploy=true/false for generated files 2024-09-01 14:32:46 +02:00
DavHau
6b5a8ef10c vars: rename 'facts' _ 'vars' in docs 2024-08-23 18:00:38 +02:00
Jörg Thalheim
9f66ded76a Merge remote-tracking branch 'origin/main' into rework-installation 2024-08-21 13:38:04 +02:00
DavHau
75328beb06 vars: add test for deployment 2024-08-13 15:29:51 +02:00
DavHau
cc9c828598 vars: introduce share flag 2024-08-03 15:26:53 +07:00
Jörg Thalheim
4ed7e9b030 Merge remote-tracking branch 'origin/main' into rework-installation 2024-07-24 21:58:57 +02:00
DavHau
9996f5596c vars/sops: store secrets in /sops/vars 2024-07-24 18:42:50 +07:00
DavHau
5bd20fcf2c vars: add support for password-store 2024-07-23 14:54:18 +07:00
Jörg Thalheim
21346f84ac password-store: write secrets with read-only permission 
Otherwise we are installing secrets with the wrong permissions on the
first install
 2024-07-22 17:22:01 +02:00