yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
4,768 Commits 120 Branches 6 Tags
edc3f847c7c3ce36e0747d793356305832553298
Commit Graph

1187 Commits

Author SHA1 Message Date
Jörg Thalheim
1833724124 introduce better vm management abstraction and use it in tests 2024-10-08 17:51:55 +00:00
Jörg Thalheim
8101996c16 pass in flakeid to vm_state_dir 2024-10-08 17:51:55 +00:00
Jörg Thalheim
07e6d1e57c vm_config: deprecate a few fields 2024-10-08 17:51:55 +00:00
Jörg Thalheim
1c9ea1d5b8 cmd/run: remove unnecessary wait 2024-10-08 17:51:55 +00:00
Qubasa
528f9f9684 clan-cli: Fix breakage if machines update 2024-10-08 03:38:46 +02:00
Qubasa
5bd607a8ad clan-cli: Fix bug where --host-key-check is not applied to build-host 2024-10-08 03:03:13 +02:00
Qubasa
e85e5c13e4 clan-cli: Fix bug where --host-key-check is not applied everywhere 2024-10-08 00:25:15 +00:00
Qubasa
0f79c6a850 clan-cli: Improve CmdOut output 2024-10-07 01:36:40 +02:00
Qubasa
7bd50b03b3 clan-cli: Add --host-key-check to machine update 2024-10-05 23:33:44 +02:00
Qubasa
34711c419c clan-cli: Fix bug where --target_host is getting ignored 2024-10-05 18:51:44 +02:00
Jörg Thalheim
4e1d4afa9b vars/keygen: adept to new sops api 2024-10-04 16:36:35 +00:00
Jörg Thalheim
76aa8d2d82 Revert "Merge pull request 'Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main"' (#2202) from revert into main" 
This reverts commit 23f5abee0d, reversing
changes made to 66a94c91ae.
 2024-10-04 16:36:35 +00:00
DavHau
2b3fba9dd0 Revert "vars: refactor - copy logic to sops secret module" 
This reverts commit 83d850dac4.
 2024-10-04 18:20:53 +02:00
Jörg Thalheim
d134d94a1e Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main" 
This reverts commit b956b94039, reversing
changes made to b1af3d5d6d.

Reverting for now as Dave's recent change conflicts with this change.
 2024-10-04 17:54:29 +02:00
Louis Opter
103ad87bc9 Improvements for clan secrets key generate. 
I am not sure to understand what `extract_public_key` was for. It seems
like `age-keygen -y` will just work fine for a file like
`extract_public_key` is looking for. Unless someone intentionally made a
file with a comment like that without the private key in it.

Messages are moved to stdout rather being logged. It feels like the
output is meaningful in the first step users are going to take. Also
makes testing easier, as log messages are captured differently than
stdout. The call to add an user is changed to be easier to copy paste
and work whether PGP or age is in use.

A description for the command is added instead of help which does not
seem to be displayed.
 2024-10-04 15:36:30 +00:00
Louis Opter
7999465d89 Make clan_cli.secrets.sops.SopsKey immutable and remove its __eq__ method 
Immutability seems sensible for this type.

There is some ambiguity on how to compare keys, in particular when `user.name == ""`, but the rest matches.
 2024-10-04 15:36:30 +00:00
Louis Opter
6848b3b6b3 fix: clan secrets user get dump the user identity correctly 2024-10-04 15:36:30 +00:00
Louis Opter
6694c2b60d Fix key dump in clan secrets key show 
```
In [4]: str(Type.AGE)
Out[4]: Type.AGE

In [5]: Type.AGE.name.lower()
Out[5]: age
```
 2024-10-04 15:36:30 +00:00
Jörg Thalheim
be5f10e241 secrets/show: pretty print json 2024-10-04 15:36:30 +00:00
Jörg Thalheim
4a3030d6ed secrets: replace Key, key type tuple with SopsKey class 2024-10-04 15:36:30 +00:00
Jörg Thalheim
541a73692f fix serialisation of SopsKey type 2024-10-04 15:36:30 +00:00
Jörg Thalheim
d909078033 default key type to age and rename to age-key/pgp-key 2024-10-04 15:36:30 +00:00
Jörg Thalheim
24973370b3 secrets: do not shadow python builtins 2024-10-04 15:36:30 +00:00
Louis Opter
710b832066 Fix: do not assume users use age keys in vars/sops 
With added support for PGP for users keys, do not assume an age key is
going to be present in secrets files.
 2024-10-04 15:36:30 +00:00
Louis Opter
30d0afe75b Fix: use new sops api in clan secrets machines 2024-10-04 15:36:30 +00:00
Louis Opter
61ceb44a71 Draft: clan-cli: secrets: Add support for PGP keys with sops-nix 
To use a PGP key instead of an age key you can set `SOPS_PGP_FP`. (You
can use `gpg -k --fingerprint --fingerprint` to get your PGP encryption
key fingerprint, remove spaces from it).

The internal manifest file already supported a type field, and so I built
from there.

With those changes, I was able to add my PGP key, and update all my
secrets with it, instead of the age key originally generated:

```
% clan secrets key show | jq
{
  "key": "ADB6276965590A096004F6D1E114CBAE8FA29165",
  "type": "pgp"
}
% clan secrets key update
% for s in $(clan secrets list) ; do clan secrets users add-secret kal-pgp-from-2022-12-to-2024-12 "$s"; done
% for s in $(clan secrets list) ; do clan secrets users remove-secret --debug kal "$s" ; done
```
 2024-10-04 15:36:30 +00:00
DavHau
a257769abd vars/keygen: fix + cleanup tests 
- generate keys in ./sops instead of ./sops/vars for now
- don't initialize all flakes with sops keys, only generate when needed
- use the new 'clan vars keygen' in tests
 2024-10-04 17:25:17 +02:00
DavHau
3357a0082e vars: add 'clan vars keygen' 2024-10-04 16:13:49 +02:00
DavHau
83d850dac4 vars: refactor - copy logic to sops secret module 
This is in preparation for moving the storage away from ./sops to ./vars/sops
 2024-10-04 14:31:22 +02:00
DavHau
1f1be62c60 sops: refactor some function names for clarity 2024-10-02 13:56:43 +02:00
Johannes Kirschbauer
6612a8ad0f Inventory/docs: display explizit roles only 2024-10-02 10:01:44 +02:00
Jörg Thalheim
2a2818d050 add more custom prefixes for temporary directories 2024-10-01 20:54:19 +02:00
Jörg Thalheim
082c3c1416 fix resource leaks in qmp tests 2024-10-01 20:54:19 +02:00
clan-bot
91408f4c72 Merge pull request 'fix resource leaks' (#2191) from fix-warning into main 2024-10-01 18:03:58 +00:00
Jörg Thalheim
46c0b7cb2e don't leak memory in global table unless we want to record performance 2024-10-01 19:32:00 +02:00
Jörg Thalheim
d5d6774124 fix file descriptor leak in cmd.run() 
we were leaking pipes.
 2024-10-01 19:27:47 +02:00
clan-bot
e014800f03 Merge pull request 'generate: don't set type=bool in argparse.BooleanOptionalAction' (#2190) from fix-warning into main 2024-10-01 17:04:49 +00:00
Jörg Thalheim
237327ead3 start to name temporary directories in more places 2024-10-01 18:57:59 +02:00
Jörg Thalheim
716c6c9139 generate: don't set type=bool in argparse.BooleanOptionalAction 2024-10-01 18:48:54 +02:00
Louis Opter
c132811c9e Update outdated help messages and fix a typo 2024-09-29 15:52:58 +00:00
Jörg Thalheim
e58b0df2db fix broken eval check when nixpkgs.pkgs nixos option is used 2024-09-29 16:59:02 +02:00
Jörg Thalheim
5c6a0be70c make default hardware report commit message nicer 2024-09-29 16:59:02 +02:00
Jörg Thalheim
bd8bc98863 allow to overwrite hardware configuration 
now that we call it "update" hardware configurration and we are heading
towards facter anyway, we don't need all the force overide logic. Just
allow this to be overwritten by default.
 2024-09-29 16:59:02 +02:00
Jörg Thalheim
deea4a74b3 wrap hardware generate arguments into an object 2024-09-29 16:59:02 +02:00
Jörg Thalheim
b97ee66e8f don't expose polymorphic api 2024-09-29 16:21:53 +02:00
Jörg Thalheim
84cb54a537 remove unused location from ClanError 2024-09-29 16:21:53 +02:00
Jörg Thalheim
d4685e7208 put error description in same line as error for cli 2024-09-29 16:21:53 +02:00
Jörg Thalheim
11409b9608 if error doesn't have a message set, print a stack trace 2024-09-29 16:21:53 +02:00
Jörg Thalheim
6bd1bc894e if command fails, print command and exit code, regardless if error message is set 2024-09-29 16:21:53 +02:00
Jörg Thalheim
7b93ef6704 expose nixos-facter in cli 2024-09-29 16:21:53 +02:00