yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
6,673 Commits 120 Branches 6 Tags
ec5c87c47c6442070add1adf418de08740e9e811
Commit Graph

1629 Commits

Author SHA1 Message Date
Brian McGee
1bfe318865 feat: support age plugins 
Extends how we parse the contents of `SOPS_AGE_KEY` / `SOPS_AGE_KEY_FILE` / `keys.txt`, allowing a user to prepend a comment before any `AGE-PLUGIN-` secret key entry to indicate its corresponding public key.

For example:

```
AGE-PLUGIN-FIDO2-HMAC-xxxxxxxxxxxxx
```

The comment can use any prefix (e.g. `# public key: age1xxxx`, `# recipient: age1xxx`) as we are looking directly for `age1xxxx` within the line.

This change is necessary to support `age` plugins as there is no unified mechanism to recover the public key from a plugin's secret key.

If a plugin secret key does not have a preceding public key comment, an error will be thrown when attempting to set a secret.
 2025-04-29 15:47:54 +10:00
Jonathan Thiessen
9f745ff637 Avoid a few cases of chmod-after-creation 2025-04-28 17:11:21 -07:00
Michael Hoang
87e3e59ba0 cli: don't depend on the entire clan-core 2025-04-28 13:20:07 +10:00
Michael Hoang
2f95d2edf2 cli: fallback to bundled Nixpkgs 2025-04-28 13:10:00 +10:00
Michael Hoang
c3842902ac cli: don't use select from clanLib 2025-04-28 12:52:00 +10:00
Johannes Kirschbauer
f67bf3c940 Fix(clan_lib.api): fix cyclic import problem for api schema export 2025-04-26 20:19:23 +02:00
Johannes Kirschbauer
f6628ec1a9 Refactor(clan_lib): move clan_cli.api into clan_lib.api 2025-04-26 19:51:35 +02:00
Luis Hebendanz
107170804b Merge pull request 'clan-cli: Expose private_key to Machine class, in the future we should merge Machine and Host class' (#3407) from Qubasa/clan-core:vpb-patches2 into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3407
 2025-04-25 12:26:00 +00:00
Qubasa
3214d27f0b clan-cli: Improve remote destination depth validation with detailed error messaging 2025-04-25 14:00:40 +02:00
Qubasa
f1a7f2aa69 clan-cli: Expose private_key to Machine class, in the future we should merge Machine and Host class 2025-04-25 13:38:03 +02:00
Mic92
0ceea4c8bf Merge pull request 'clanCore/vars: allow mode to be set' (#3404) from visualphoenix/clan-core:mode_fix into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3404
 2025-04-25 09:44:25 +00:00
Raymond Barbiero
4117eb2f37 clanCore/vars: allow mode to be set 
fmt
 2025-04-25 11:29:43 +02:00
Michael Hoang
4c2584e246 lib: move select.select -> select for backwards compat with old CLIs 2025-04-25 17:30:06 +10:00
Michael Hoang
a2124b4ded cli: fix restoring backups 
There was a bug in `select` that made it output attrsets instead of
lists so we fix the broken refactor done in
300aaa48e7.
 2025-04-25 16:52:13 +10:00
lassulus
1a48ce593f templates: fix usage with new select 2025-04-25 16:26:45 +10:00
lassulus
d93e58218d Refactor select with new maybe selector 
This is a great refactor of the select functionality in the flake class.
This now uses the same parser as the nix code, but runs it in python for
nice stacktraces.

Also we now have a maybe selector which can be used by prepending the
selector with a ?

Tests have been expanded to make sure the code is more stable and easier
to understand
 2025-04-25 16:26:45 +10:00
Johannes Kirschbauer
9b96f87160 Chore(clan/clan_uri): Remove ClanURI class from clan_cli 2025-04-23 16:53:11 +02:00
Jörg Thalheim
d730f73ace temporary disabling the VM test until we have vars fixed 
We are currently missing injecting public vars back into the vm.
To unblock the CI, we disable the test for a bit.
 2025-04-23 11:26:05 +02:00
hsjobeki
841ad6f48e Merge pull request 'vars-fix-overeager-chache-invalidation' (#3385) from hsjobeki/clan-core:vars-fix-overeager-chache-invalidation into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3385
 2025-04-22 18:28:27 +00:00
Johannes Kirschbauer
1a3346274e Tests/fix: forbid dynamic invalidation 
We cannot support dynamic hashInvalidation.
This means the invalidation can change *after* or *before* a 'vars generate'
But not during the generation itself. This causes heavy performance overhead.
Additionally this introduces a fixed-point-iteration (compare: fixed-point-iteration vs. fixed-point-function)
This iteration takes ~ 1min for two bare-bones machine with 1 generator (see: checks/data-mesher)
 2025-04-22 20:19:15 +02:00
Michael Hoang
d663744f40 cli/machines: don't allow installing on macOS 2025-04-23 03:13:39 +10:00
Jörg Thalheim
26d635a283 drop test_secrets_password_store 
we are phasing out facts and the only fact we had left for testing, got
now dropped. We still have a sops facts test, which we might also drop
soon.
 2025-04-22 18:20:35 +02:00
Jörg Thalheim
05214084a6 vms/run: upload vars 2025-04-22 18:20:35 +02:00
Jörg Thalheim
c00ca85bc7 drop unused machine_get_fact 2025-04-22 18:20:35 +02:00
Jörg Thalheim
3ac1907201 use machine.{secrets,public}_{vars,fact}_store everywhere 2025-04-22 18:20:35 +02:00
Jörg Thalheim
cbde58e1d8 zerotier: migrate from facts to vars 2025-04-22 18:20:35 +02:00
Johannes Kirschbauer
dc284e1c40 vars: move overeager cache invalidation after one generator closure is regenrated. 
Invalidation doesn't need to be done after each generator is executed.
We cannot interpolate values from other generators into another
generator. The generators are executed in order. The finalScript of each
generator stays constant.
After the complete closure is generated the caller of generate may
decide to invalidate the flake cache
 2025-04-22 16:42:21 +02:00
Michael Hoang
5eae0c65d8 cli: support updating nix-darwin machines 2025-04-22 23:39:47 +10:00
Michael Hoang
3480912d8d cli: fix unnecessary sudo when unspecified user defaults to root 2025-04-22 23:39:46 +10:00
Michael Hoang
3151d4ba86 cli: only use sudo when deploying locally 2025-04-22 23:14:03 +10:00
Michael Hoang
2768d959e7 cli: use sudo consistently when running nixos-rebuild switch 2025-04-22 23:14:03 +10:00
Michael Hoang
f336f6514c Back out "cli: don't update macOS machines" 
This backs out commit 83a2de0f47.
 2025-04-22 23:14:03 +10:00
Jörg Thalheim
f69bfa7ea9 Machines: remove unused method argument from self.nix() 2025-04-21 15:18:14 +02:00
Jörg Thalheim
723d72255c Reapply "remove nix_shell_legacy" 
This reverts commit c5001f19fc.
 2025-04-21 13:23:50 +02:00
Johannes Kirschbauer
8efdfc6da1 chore(select/cache): rename 'prefetch' to 'invalidate_cache' 2025-04-20 13:34:52 +02:00
Michael Hoang
f574eee5a3 vars: make wording nicer when multiple vars are found 2025-04-18 19:18:42 +02:00
Johannes Kirschbauer
c5001f19fc Revert "remove nix_shell_legacy" 
This reverts commit f3512b853a.
 2025-04-18 14:49:54 +02:00
Johannes Kirschbauer
17fb2fc53d test(cli/select): add simple caching test 2025-04-18 14:06:59 +02:00
Jörg Thalheim
f3512b853a remove nix_shell_legacy 2025-04-16 21:03:58 +02:00
Jörg Thalheim
435627d854 rename CLAN_STATIC_PROGRAMS -> CLAN_PROVIDED_PACKAGES 2025-04-16 18:27:01 +00:00
Jörg Thalheim
837789010e rename nix_shell_legacy to nix_shell and run_cmd to nix_shell 
Than it's more obvious that we need to migrate.
 2025-04-16 18:27:01 +00:00
Jörg Thalheim
9222574258 run_cmd: print what commands are allowed in if the current command is not in the allow list 2025-04-16 19:50:27 +02:00
Jörg Thalheim
4d4882ac7b update_hardware_config: migrate from nix_shell to run_cmd 2025-04-16 19:32:40 +02:00
Jörg Thalheim
7e6e51ee1b sort allowed-programs.json 2025-04-16 19:32:40 +02:00
Jörg Thalheim
3e8f3046ec Host: migrate from nix_shell to run_cmd 2025-04-16 19:32:40 +02:00
Jörg Thalheim
0b4e896af3 migrate clan history to clan-vm-manager 
this functionality is not really useful or used in clan-vm-manager and
therefore should live in the clan-vm-manager.

Not porting the test for now because we probably get rid of the clan-vm-manager soon in favour of the UI.
 2025-04-16 14:51:37 +02:00
Jörg Thalheim
f4792109ec Remove unused clan history update subcommand 2025-04-16 14:51:37 +02:00
Michael Hoang
fc7a4d2b75 machines: fix nixos-rebuild not getting retried 2025-04-15 16:16:03 +02:00
lassulus
62deb1f89b Merge pull request 'fast-vars-gen' (#3216) from fast-vars-gen into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3216
 2025-04-15 07:11:06 +00:00
Jörg Thalheim
949536bb2b rework cache to use json instead of pickle 
Pickle can silently break if migrate our data layout and also introduces
unwanted behaviour such as code injection that we want to avoid.
 2025-04-15 07:00:00 +00:00