6b004fca6f
machines.Machine: refactor flake_dir -> flake; use Machine class in vm
2024-01-24 15:49:12 +01:00
aee0ee4d5e
move secret stores into clan_cli codebase
2024-01-24 15:49:12 +01:00
09887037f5
WIP: clan-cli secrets: add secret_store as python class
2024-01-23 15:04:40 +01:00
1a6983e031
cmd.py refactor part 6
2024-01-12 17:02:56 +01:00
ca5cc389ac
cmd.py refactor part 5
checks-impure / test (pull_request) Successful in 1m29s
checks / test (pull_request) Successful in 2m49s
2024-01-12 16:52:34 +01:00
0941367bb3
cmd.py: Fix deadlock because of incorrect select usage
checks-impure / test (pull_request) Successful in 1m20s
checks / test (pull_request) Successful in 2m53s
2024-01-11 23:03:14 +01:00
d1ca0eaf80
Identified deadlocking funciton
checks-impure / test (pull_request) Successful in 1m22s
checks / test (pull_request) Successful in 2m54s
2024-01-11 22:28:35 +01:00
0133ccd5f7
Fixed missing log.BOTH and error_msg at prev refactors
2024-01-11 21:11:49 +01:00
2ae439ec52
cmd.py refactor part 4
2024-01-11 21:11:49 +01:00
1496f45fe2
prefix nixpkgs# explicitly in nix_shell
...
checks-impure / test (pull_request) Successful in 1m27s
checks / test (pull_request) Successful in 2m3s
This makes the function usage less confusing (you can now tell from the call side what are flags and what is passed to nix-shell) and allows to use different flakes to download packages.
2023-12-08 15:14:14 +01:00
373fc83160
add option to extend path for generator
checks-impure / test (pull_request) Successful in 1m9s
checks / test (pull_request) Successful in 2m6s
2023-11-30 14:15:40 +01:00
d0362bb757
error if age key cannot be decoded
2023-11-30 10:57:58 +01:00
f1b223d0a1
modernisation for python 3.11
2023-11-29 13:29:45 +00:00
26e3e3872c
enable more linting
2023-11-29 13:29:45 +00:00
f3b3aba6c5
run_upload_secrets: don't swallow stdout output
checks-impure / test (pull_request) Successful in 1m13s
checks / test (pull_request) Successful in 2m12s
2023-11-29 11:38:01 +01:00
179d1ed2c6
add sops command to sync keys with secrets
2023-11-29 11:34:19 +01:00
978d9efd7e
secrets/generate-private-key: just create parent opportunistically
checks-impure / test (pull_request) Successful in 1m30s
checks / test (pull_request) Successful in 2m2s
2023-11-16 13:19:12 +01:00
12930b4057
clan_cli: create key directory
checks / test (pull_request) Successful in 1m3s
checks-impure / test (pull_request) Successful in 1m50s
2023-11-15 23:15:12 +01:00
6cb41cb006
also regenerate secrets if a fact is missing
checks-impure / test (pull_request) Successful in 1m36s
checks / test (pull_request) Successful in 2m48s
2023-11-14 17:07:58 +01:00
7b3d3e20b4
clan-cli secrets: flake_name -> flake_dir
checks / test (pull_request) Successful in 46s
checks-impure / test (pull_request) Successful in 1m26s
2023-11-05 16:58:48 +01:00
c1b4fa6d55
nix fmt
2023-10-27 19:21:50 +02:00
3581e0c9a8
Fixing a multitude of tests
2023-10-27 19:21:50 +02:00
d1c35301e3
Added repro_env_break debugging command. This spawn a terminal inside the temp home folder with the same environment as the python test
2023-10-27 19:20:17 +02:00
d02acbe04b
nix fmt
2023-10-27 19:19:45 +02:00
9f464dd14e
Added ipdb as breakpoint console. Improved logging.
2023-10-27 19:19:45 +02:00
8482bc79f6
Secrets tests passing. nix fmt doesn't complain
2023-10-27 19:18:45 +02:00
8cc1c2c4bd
Fixed cyclic dependencie AND swapped pytest-parallel for pytest-xdist to fix deadlock in tests
2023-10-27 19:18:45 +02:00
2ca54afe7f
Added new type FlakeName
2023-10-27 19:18:45 +02:00
32e60f5adc
Added flake_name:str argument everywhere, nix fmt doesn't complain anymore
2023-10-27 19:15:40 +02:00
fdcd7ad1d9
Updated to main
2023-10-27 19:15:11 +02:00
dbf80595fd
zerotier: fix: find free port without collissions
checks-impure / test (pull_request) Successful in 55s
checks / test (pull_request) Successful in 2m0s
2023-10-05 17:03:01 +02:00
3fb36b3ac1
secrets upload: skip on exit 23, cleanup
checks-impure / test (pull_request) Successful in 33s
checks / test (pull_request) Successful in 1m32s
2023-10-04 21:29:19 +02:00
b25af9f0f4
clan_cli: refactor secrets code into Machine class
checks-impure / test (pull_request) Successful in 19s
checks / test (pull_request) Successful in 1m27s
2023-10-04 16:41:16 +02:00
ffb7c63640
clan-cli: add machines install
2023-10-04 16:34:37 +02:00
b2ef8bf1a3
also test that updating a group works
2023-10-03 16:15:36 +00:00
6f7109dab6
clan_cli.secrets.groups: update keys if members are added/removed
2023-10-03 16:15:36 +00:00
dbe289f702
nix fmt
checks-impure / test (pull_request) Successful in 13s
checks / test (pull_request) Successful in 1m22s
2023-10-03 15:22:41 +02:00
8fa241a36b
Fixed upload_secrets_test
checks-impure / test (pull_request) Successful in 13s
checks / test (pull_request) Failing after 1m23s
2023-10-03 15:14:50 +02:00
7dde66c0df
Fixed upload_secrets_test
checks-impure / test (pull_request) Failing after 12s
checks / test (pull_request) Failing after 1m22s
2023-10-03 15:10:22 +02:00
be9d3d43bf
Fixing PYTHONPATH in secrets/generate test
checks-impure / test (pull_request) Failing after 12s
checks / test (pull_request) Failing after 1m23s
2023-10-03 15:01:13 +02:00
da72ec18ad
API: Added test for inspect_flake
2023-10-03 13:19:20 +02:00
89b7ffce6c
clan-cli secrets upload: secrets are populated into tmpdir
2023-09-29 20:05:35 +02:00
7ca9c49163
restore clanInternals with valid nixos config
2023-09-29 19:39:35 +02:00
0c91bb90ab
also encrypt secret for the machine itself
2023-09-28 17:51:37 +02:00
16b33eb0a8
add toplevel machines-json that can deploy all hosts
2023-09-28 15:23:25 +02:00
756820e4ca
clanInternals.machines: invert system and machine name
checks-impure / test (pull_request) Successful in 8s
checks / test (pull_request) Successful in 24s
2023-09-27 17:26:44 +02:00
9825c179a8
impure-tests: migrate bash to pytest and fix stuff
checks-impure / test (pull_request) Successful in 7s
checks / test (pull_request) Successful in 23s
2023-09-22 18:32:28 +02:00
17520e2553
fix impure tests
2023-09-21 18:29:18 +02:00
aeed648bd0
secrets: use clanInternal for crosscompiling, move sops generators to new file
2023-09-21 17:25:32 +02:00
0314132a1a
rewrite sops backend for secret generation and add tests
2023-09-21 17:22:20 +02:00
ead5c6e6a8
secrets: add has_machine and has_secret function
2023-09-21 17:22:20 +02:00
486ff4e7f4
age: generate private and public key in one go
2023-09-21 17:22:20 +02:00
8d29d0e69c
clan-cli: get deploymentAddress from clan.networking
2023-09-15 12:17:07 +00:00
0132abc547
secrets: use CLAN_DIR instead of clanCore.clanDir for fact storage
2023-09-15 12:17:07 +00:00
c5786614bf
clan-cli secrets: deploy -> upload
2023-09-15 12:17:07 +00:00
23c979f8db
secrets deploy/generate: use nix_build_machine
2023-09-15 12:17:07 +00:00
ac13c5b76b
clan-cli secrets: add deploy subcommand
2023-09-15 12:17:07 +00:00
798e85ee8a
clan secrets generate: use get_clan_flake_toplevel
2023-09-15 12:17:07 +00:00
17af763ad1
add edit flag to secret cli
checks-impure / test (pull_request) Successful in 6s
checks / test (pull_request) Successful in 51s
2023-09-13 10:52:03 +02:00
62e5c66867
secrets cli: hint that group/user/machine flags can be repeated
checks-impure / test (pull_request) Successful in 6s
checks / test (pull_request) Successful in 2m57s
2023-09-07 13:06:31 +02:00
c3ccf68007
only list valid secrets/users/machines
...
checks-impure / test (pull_request) Successful in 6s
checks / test (pull_request) Successful in 58s
Git often leaves empty directories behind
2023-09-07 12:48:34 +02:00
ae3283a762
clan/secrets: fix if user/machine directory does not contain a key.json
2023-09-07 12:30:29 +02:00
e6762d8b3f
sops: add explicit commands to generate secrets
checks-impure / test (pull_request) Successful in 6s
checks / test (pull_request) Successful in 49s
2023-09-07 11:41:20 +02:00
949b72bd0b
actual implement secret rename function
checks-impure / test (pull_request) Successful in 13s
checks / test (pull_request) Successful in 24s
2023-09-03 11:03:14 +02:00
6c7c9b9540
secrets/sops-import: check correct secret for conflicts
checks-impure / test (pull_request) Successful in 11s
checks / test (pull_request) Successful in 19s
2023-09-03 08:43:40 +02:00
e079627f0f
secrets/sops-import: check for key.json to exist
checks-impure / test (pull_request) Successful in 4s
checks / test (pull_request) Successful in 20s
2023-09-03 08:37:56 +02:00
10e4db7c19
clan-cli: fix error message
2023-08-30 16:40:42 +02:00
4afd9910e9
Revert "rename clanCore to clan.core"
...
This reverts commit fef796fa6e
2023-08-30 15:24:33 +02:00
fef796fa6e
rename clanCore to clan.core
2023-08-30 12:46:49 +00:00
af38408a3e
secret cli: add get command that returns the key of users/machines
checks-impure / test (pull_request) Successful in 3s
checks / test (pull_request) Successful in 3s
2023-08-30 11:30:57 +02:00
691d3bec41
Merge pull request 'secrets generator + zerotier module' ( #188 ) from secrets-module into main
checks-impure / test (push) Successful in 3s
checks / test (push) Successful in 2s
2023-08-29 15:43:15 +00:00
9fca1e7f43
move clanCore into nixosModules, add secrets generate command
checks-impure / test (pull_request) Successful in 2s
checks / test (pull_request) Successful in 2s
2023-08-29 16:28:50 +02:00
9b3bfd6950
secrets: improve error messages
checks-impure / test (pull_request) Successful in 3s
checks / test (pull_request) Successful in 19s
2023-08-29 16:20:39 +02:00
c5b16124ef
add machine subcommand
2023-08-24 16:58:22 +02:00
79c61f61c7
drop black/ruff from dependency list
...
those are used implictly by treefmt already
2023-08-23 16:03:56 +02:00
63bb9395fd
automatically import secrets into nixos
2023-08-23 13:59:43 +02:00
c2ff6acef4
sops: pass empty manifest when decrypting
build / test (pull_request) Successful in 28s
2023-08-10 12:08:17 +02:00
1f79a610d4
groups: add more api
build / test (pull_request) Successful in 20s
2023-08-09 15:30:50 +02:00
e103a4186c
add api for secret groups and decrypting secrets
build / test (pull_request) Failing after 23s
2023-08-09 15:17:43 +02:00
6c169b0bed
print nothing if secret collections are empty
build / test (pull_request) Successful in 29s
2023-08-09 14:50:04 +02:00
c535cf78a1
add secret api for machines/users/secrets
build / test (pull_request) Failing after 21s
2023-08-09 14:10:04 +02:00
2483e29819
users: seperate cli from library
build / test (pull_request) Successful in 20s
2023-08-09 13:56:24 +02:00
9189c31def
improve error message if users don't exist
build / test (pull_request) Failing after 17s
2023-08-09 10:33:54 +02:00
3d5a37ad03
check for breakpoint() function in code
build / test (pull_request) Failing after 25s
2023-08-09 10:21:59 +02:00
68905fc233
don't add user to a secret if they already can access the secret
...
build / test (pull_request) Failing after 21s
If the user is part of a group we don't need to add them explicitly
2023-08-09 10:17:30 +02:00
2988532909
allow to set groups/admins/users when setting secrets
build / test (pull_request) Successful in 20s
2023-08-08 19:40:35 +02:00
5ee620b77b
only print names when listing existing users
build / test (pull_request) Successful in 16s
2023-08-08 19:07:38 +02:00
504adb4f6d
make error message nicer when members are not found
build / test (pull_request) Successful in 21s
2023-08-08 19:05:32 +02:00
6f9aaef56a
add option to import sops secrets with groups,users,machines,prefixes
build / test (pull_request) Successful in 25s
2023-08-08 18:46:37 +02:00
efa0546da5
sops: make symlinks relative
build / test (pull_request) Successful in 21s
2023-08-08 17:24:40 +02:00
35f2d6a76e
add dummy sops manifest
build / test (pull_request) Successful in 20s
2023-08-08 16:40:32 +02:00
d8c2df2e72
add test for import-sops command
build / test (pull_request) Successful in 24s
2023-08-08 16:28:38 +02:00
1d1452ddd5
add import-sops command to secrets
build / test (pull_request) Successful in 21s
2023-08-08 15:48:19 +02:00
0533948085
fix rotating keys with sops
build / test (push) Successful in 8s
2023-08-08 13:44:15 +02:00
ae4f36ecf9
clan-cli/sops: rename add_key to write_key
build / test (push) Successful in 12s
2023-08-03 14:58:51 +02:00
54e9d4427c
fix cirular import
2023-08-03 11:07:17 +02:00
dab483339a
test list/remove secret
2023-08-02 12:00:32 +00:00
658c76336f
add secrets integration
...
clan-cli: also depend on age for secrets
2023-08-02 09:19:14 +00:00
