DavHau/clan-core
1
0
Fork 0
forked from clan/clan-core
Code Pull Requests Activity

Compare commits

base: DavHau:5bd20fcf2c8b3ecb78243ca9db881705464ec651
Branches Tags
DavHau:main
DavHau:DavHau-dave
DavHau:DavHau-vars-deploy-test
DavHau:DavHau-vars
DavHau:DavHau-rename-clanCore
DavHau:DavHau-facts-docs
DavHau:flake-update-2024-06-03
DavHau:machines-show
DavHau:nix-latest
DavHau:a-kenji-clan/complete-services
DavHau:a-kenji-clan/completions
DavHau:a-kenji-clan/cli/init-dynamic-completions
DavHau:clan/cli/init-dynamic-completions
DavHau:joerg-ci
DavHau:Mic92-synapse
DavHau:init/manpage
DavHau:DavHau-install-dev
DavHau:install-dev
DavHau:synapse
DavHau:a-kenji-improve/editor
DavHau:docs/epilog
DavHau:complete-clan-modules
DavHau:flake-update-2024-05-27
DavHau:clan/cli/facts-noisy-1443
DavHau:clan/examples
DavHau:feat/clan/facts-generate-service-1395
DavHau:init/editors
DavHau:Qubasa-flake-update-2024-05-22
DavHau:add-pre-commit
DavHau:a-kenji-modules/init/user-password
DavHau:hsjobeki-mian
DavHau:feat/clan-install-json
DavHau:flake-update-2024-05-06
DavHau:init/manpages
DavHau:improve-clan-help
DavHau:a-kenji-clan/install
DavHau:docs/improve
DavHau:ui-testing-framework
DavHau:better-template
DavHau:init-flatpak-cli
DavHau:init/flatpak
DavHau:clan-cli/check/flatpak-sandbox
DavHau:init/nextcloud
DavHau:facts_refactor2
DavHau:postgres
DavHau:a-kenji-init/sunshine-moonlight-accept
DavHau:openssh
DavHau:backup-docs
DavHau:clana
DavHau:DavHau-api-config
DavHau:dave
DavHau:feat/stack
DavHau:zerotier
DavHau:Luis-Hebendanz-main
DavHau:add-serial-option
DavHau:wayland-update
DavHau:qemu-wayland
clan:main
clan:joerg-ci
clan:Mic92-type-checking
clan:type-checking
clan:flake-update-nixpkgs-2024-09-02
clan:flake-update-2024-09-02
clan:vars-deploy-test
clan:DavHau-dave
clan:init/manpage
clan:a-kenji-improve/editor
clan:complete-clan-modules
clan:clan/cli/facts-noisy-1443
clan:clan/examples
clan:init/editors
clan:add-pre-commit
clan:feat/clan-install-json
clan:init/manpages
clan:a-kenji-clan/install
clan:docs/improve
clan:init-flatpak-cli
clan:init/flatpak
clan:a-kenji-init/sunshine-moonlight-accept
clan:clana
clan:DavHau-api-config
clan:dave
clan:feat/stack
clan:Luis-Hebendanz-main
DavHau:v2.2
DavHau:v2.1
DavHau:v2.0
DavHau:v1.1
DavHau:demo-v1.0
clan:demo-v2.2
clan:demo-v2.1
clan:demo-v2.0
clan:demo-v1.1
clan:demo-v1.0
...
compare: DavHau:00f7a6300ba850c876f4c68657fd667c2155d126
Branches Tags
DavHau:DavHau-dave
DavHau:DavHau-vars-deploy-test
DavHau:DavHau-vars
DavHau:DavHau-rename-clanCore
DavHau:DavHau-facts-docs
DavHau:main
DavHau:flake-update-2024-06-03
DavHau:machines-show
DavHau:nix-latest
DavHau:a-kenji-clan/complete-services
DavHau:a-kenji-clan/completions
DavHau:a-kenji-clan/cli/init-dynamic-completions
DavHau:clan/cli/init-dynamic-completions
DavHau:joerg-ci
DavHau:Mic92-synapse
DavHau:init/manpage
DavHau:DavHau-install-dev
DavHau:install-dev
DavHau:synapse
DavHau:a-kenji-improve/editor
DavHau:docs/epilog
DavHau:complete-clan-modules
DavHau:flake-update-2024-05-27
DavHau:clan/cli/facts-noisy-1443
DavHau:clan/examples
DavHau:feat/clan/facts-generate-service-1395
DavHau:init/editors
DavHau:Qubasa-flake-update-2024-05-22
DavHau:add-pre-commit
DavHau:a-kenji-modules/init/user-password
DavHau:hsjobeki-mian
DavHau:feat/clan-install-json
DavHau:flake-update-2024-05-06
DavHau:init/manpages
DavHau:improve-clan-help
DavHau:a-kenji-clan/install
DavHau:docs/improve
DavHau:ui-testing-framework
DavHau:better-template
DavHau:init-flatpak-cli
DavHau:init/flatpak
DavHau:clan-cli/check/flatpak-sandbox
DavHau:init/nextcloud
DavHau:facts_refactor2
DavHau:postgres
DavHau:a-kenji-init/sunshine-moonlight-accept
DavHau:openssh
DavHau:backup-docs
DavHau:clana
DavHau:DavHau-api-config
DavHau:dave
DavHau:feat/stack
DavHau:zerotier
DavHau:Luis-Hebendanz-main
DavHau:add-serial-option
DavHau:wayland-update
DavHau:qemu-wayland
clan:main
clan:joerg-ci
clan:Mic92-type-checking
clan:type-checking
clan:flake-update-nixpkgs-2024-09-02
clan:flake-update-2024-09-02
clan:vars-deploy-test
clan:DavHau-dave
clan:init/manpage
clan:a-kenji-improve/editor
clan:complete-clan-modules
clan:clan/cli/facts-noisy-1443
clan:clan/examples
clan:init/editors
clan:add-pre-commit
clan:feat/clan-install-json
clan:init/manpages
clan:a-kenji-clan/install
clan:docs/improve
clan:init-flatpak-cli
clan:init/flatpak
clan:a-kenji-init/sunshine-moonlight-accept
clan:clana
clan:DavHau-api-config
clan:dave
clan:feat/stack
clan:Luis-Hebendanz-main
DavHau:v2.2
DavHau:v2.1
DavHau:v2.0
DavHau:v1.1
DavHau:demo-v1.0
clan:demo-v2.2
clan:demo-v2.1
clan:demo-v2.0
clan:demo-v1.1
clan:demo-v1.0

2 Commits
5bd20fcf2c ... 00f7a6300b

Author SHA1 Message Date
DavHau
00f7a6300b clan-cli/secrets: refactor: rename secret -> secret_path 2024-07-23 18:18:32 +07:00
clan-bot
aec1238f20 Merge pull request 'vars: add support for password-store' (#1794) from DavHau/clan-core:DavHau-vars into main 2024-07-23 07:59:50 +00:00
1 changed files with 8 additions and 8 deletions
Show Stats Expand all files Collapse all files

16
pkgs/clan-cli/clan_cli/secrets/secrets.py
View File

@ -82,7 +82,7 @@ def collect_keys_for_path(path: Path) -> set[str]:
def encrypt_secret(
flake_dir: Path,
secret: Path,
secret_path: Path,
value: IO[str] | str | bytes | None,
add_users: list[str] = [],
add_machines: list[str] = [],
@ -95,7 +95,7 @@ def encrypt_secret(
for user in add_users:
files_to_commit.extend(
allow_member(
users_folder(flake_dir, secret.name),
users_folder(flake_dir, secret_path.name),
sops_users_folder(flake_dir),
user,
False,
@ -105,7 +105,7 @@ def encrypt_secret(
for machine in add_machines:
files_to_commit.extend(
allow_member(
machines_folder(flake_dir, secret.name),
machines_folder(flake_dir, secret_path.name),
sops_machines_folder(flake_dir),
machine,
False,
@ -115,33 +115,33 @@ def encrypt_secret(
for group in add_groups:
files_to_commit.extend(
allow_member(
groups_folder(flake_dir, secret.name),
groups_folder(flake_dir, secret_path.name),
sops_groups_folder(flake_dir),
group,
False,
)
)
keys = collect_keys_for_path(secret)
keys = collect_keys_for_path(secret_path)
if key.pubkey not in keys:
keys.add(key.pubkey)
files_to_commit.extend(
allow_member(
users_folder(flake_dir, secret.name),
users_folder(flake_dir, secret_path.name),
sops_users_folder(flake_dir),
key.username,
False,
)
)
secret_path = secret / "secret"
secret_path = secret_path / "secret"
encrypt_file(secret_path, value, list(sorted(keys)))
files_to_commit.append(secret_path)
commit_files(
files_to_commit,
flake_dir,
f"Update secret {secret.name}",
f"Update secret {secret_path.name}",
)