From 7208d63e783e835258d7cb493453194866fecdba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 22 Feb 2024 15:42:19 +0100
Subject: [PATCH 1/3] borgbackup: drop comment from string

Looks weird in the logs.
---
 clanModules/borgbackup.nix | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/clanModules/borgbackup.nix b/clanModules/borgbackup.nix
index 123b84b3..06358e6f 100644
--- a/clanModules/borgbackup.nix
+++ b/clanModules/borgbackup.nix
@@ -73,10 +73,9 @@ in
     clanCore.backups.providers.borgbackup = {
       # TODO list needs to run locally or on the remote machine
       list = ''
-        ${lib.concatMapStringsSep "\n" (dest: ''
-          # we need yes here to skip the changed url verification
-          yes y | borg-job-${dest.name} list --json | jq -r '. + {"job-name": "${dest.name}"}'
-        '') (lib.attrValues cfg.destinations)}
+        # we need yes here to skip the changed url verification
+        ${lib.concatMapStringsSep "\n" (dest: ''yes y | borg-job-${dest.name} list --json | jq -r '. + {"job-name": "${dest.name}"}' '')
+          (lib.attrValues cfg.destinations)}
       '';
       create = ''
         ${lib.concatMapStringsSep "\n" (dest: ''

From 65d2a4e081deeb2124cecdc28ca5a050e156cae1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 22 Feb 2024 15:59:12 +0100
Subject: [PATCH 2/3] secrets: commit when renaming secrets

---
 pkgs/clan-cli/clan_cli/secrets/secrets.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/pkgs/clan-cli/clan_cli/secrets/secrets.py b/pkgs/clan-cli/clan_cli/secrets/secrets.py
index b1bbab49..ca6594dd 100644
--- a/pkgs/clan-cli/clan_cli/secrets/secrets.py
+++ b/pkgs/clan-cli/clan_cli/secrets/secrets.py
@@ -272,13 +272,19 @@ def set_command(args: argparse.Namespace) -> None:
 
 
 def rename_command(args: argparse.Namespace) -> None:
-    old_path = sops_secrets_folder(Path(args.flake)) / args.secret
-    new_path = sops_secrets_folder(Path(args.flake)) / args.new_name
+    flake_dir = Path(args.flake)
+    old_path = sops_secrets_folder(flake_dir) / args.secret
+    new_path = sops_secrets_folder(flake_dir) / args.new_name
     if not old_path.exists():
         raise ClanError(f"Secret '{args.secret}' does not exist")
     if new_path.exists():
         raise ClanError(f"Secret '{args.new_name}' already exists")
     os.rename(old_path, new_path)
+    commit_files(
+        [old_path, new_path],
+        flake_dir,
+        f"Rename secret {args.secret} to {args.new_name}",
+    )
 
 
 def register_secrets_parser(subparser: argparse._SubParsersAction) -> None:

From 52fcc914792fb73efb159794877fe619681edbee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 22 Feb 2024 16:06:39 +0100
Subject: [PATCH 3/3] Also commit files when adding machines/users or removing
 secrets

---
 pkgs/clan-cli/clan_cli/git.py              |  4 +---
 pkgs/clan-cli/clan_cli/secrets/machines.py | 16 ++++++++++++++--
 pkgs/clan-cli/clan_cli/secrets/secrets.py  |  5 +++++
 pkgs/clan-cli/clan_cli/secrets/users.py    |  9 ++++++++-
 4 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/pkgs/clan-cli/clan_cli/git.py b/pkgs/clan-cli/clan_cli/git.py
index 231ad54a..06cf5be2 100644
--- a/pkgs/clan-cli/clan_cli/git.py
+++ b/pkgs/clan-cli/clan_cli/git.py
@@ -28,12 +28,10 @@ def commit_files(
     repo_dir: Path,
     commit_message: str | None = None,
 ) -> None:
-    # check that the file is in the git repository and exists
+    # check that the file is in the git repository
     for file_path in file_paths:
         if not Path(file_path).resolve().is_relative_to(repo_dir.resolve()):
             raise ClanError(f"File {file_path} is not in the git repository {repo_dir}")
-        if not file_path.exists():
-            raise ClanError(f"File {file_path} does not exist")
     # generate commit message if not provided
     if commit_message is None:
         commit_message = ""
diff --git a/pkgs/clan-cli/clan_cli/secrets/machines.py b/pkgs/clan-cli/clan_cli/secrets/machines.py
index 2c378a43..87d28583 100644
--- a/pkgs/clan-cli/clan_cli/secrets/machines.py
+++ b/pkgs/clan-cli/clan_cli/secrets/machines.py
@@ -2,6 +2,7 @@ import argparse
 from pathlib import Path
 
 from ..errors import ClanError
+from ..git import commit_files
 from ..machines.types import machine_name_type, validate_hostname
 from . import secrets
 from .folders import list_objects, remove_object, sops_machines_folder
@@ -10,7 +11,13 @@ from .types import public_or_private_age_key_type, secret_name_type
 
 
 def add_machine(flake_dir: Path, name: str, key: str, force: bool) -> None:
-    write_key(sops_machines_folder(flake_dir) / name, key, force)
+    path = sops_machines_folder(flake_dir) / name
+    write_key(path, key, force)
+    commit_files(
+        [path],
+        flake_dir,
+        f"Add machine {name} to secrets",
+    )
 
 
 def remove_machine(flake_dir: Path, name: str) -> None:
@@ -35,11 +42,16 @@ def list_machines(flake_dir: Path) -> list[str]:
 
 
 def add_secret(flake_dir: Path, machine: str, secret: str) -> None:
-    secrets.allow_member(
+    path = secrets.allow_member(
         secrets.machines_folder(flake_dir, secret),
         sops_machines_folder(flake_dir),
         machine,
     )
+    commit_files(
+        [path],
+        flake_dir,
+        f"Add {machine} to secret",
+    )
 
 
 def remove_secret(flake_dir: Path, machine: str, secret: str) -> None:
diff --git a/pkgs/clan-cli/clan_cli/secrets/secrets.py b/pkgs/clan-cli/clan_cli/secrets/secrets.py
index ca6594dd..a95a0644 100644
--- a/pkgs/clan-cli/clan_cli/secrets/secrets.py
+++ b/pkgs/clan-cli/clan_cli/secrets/secrets.py
@@ -124,6 +124,11 @@ def remove_secret(flake_dir: Path, secret: str) -> None:
     if not path.exists():
         raise ClanError(f"Secret '{secret}' does not exist")
     shutil.rmtree(path)
+    commit_files(
+        [path],
+        flake_dir,
+        f"Remove secret {secret}",
+    )
 
 
 def remove_command(args: argparse.Namespace) -> None:
diff --git a/pkgs/clan-cli/clan_cli/secrets/users.py b/pkgs/clan-cli/clan_cli/secrets/users.py
index a97d48d3..8c317638 100644
--- a/pkgs/clan-cli/clan_cli/secrets/users.py
+++ b/pkgs/clan-cli/clan_cli/secrets/users.py
@@ -2,6 +2,7 @@ import argparse
 from pathlib import Path
 
 from ..errors import ClanError
+from ..git import commit_files
 from . import secrets
 from .folders import list_objects, remove_object, sops_users_folder
 from .sops import read_key, write_key
@@ -14,7 +15,13 @@ from .types import (
 
 
 def add_user(flake_dir: Path, name: str, key: str, force: bool) -> None:
-    write_key(sops_users_folder(flake_dir) / name, key, force)
+    path = sops_users_folder(flake_dir) / name
+    write_key(path, key, force)
+    commit_files(
+        [path],
+        flake_dir,
+        f"Add user {name} to secrets",
+    )
 
 
 def remove_user(flake_dir: Path, name: str) -> None: