dannydannydanny/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(clan): re-enable dm-pull-deploy via forked clan-community 🌊

Browse source 
Stage 4e, take 2. Point the clan-community input at our fork's branch
that sanitizes machine.name for data-mesher's file-name validator
(upstream PR: clan/clan-community#25). Revisit this pin once merged.

- flake.nix: clan-community.url → fork + fix branch
- flake-modules/clan.nix: re-adds meta.domain = "clan",
  inventory.instances.data-mesher (sunken-ship bootstrap, both default),
  inventory.instances.dm-pull-deploy (sunken-ship push, both default
  action="switch"), and clanHostsModule that puts /etc/hosts entries
  for <host>.clan → each machine's ZT IPv6 so libp2p multiaddr
  resolution works without a clan-domain DNS server.
- Generator vars for data-mesher + dm-pull-deploy signing keys were
  regenerated on sunken-ship (data-mesher isn't packaged for
  aarch64-darwin, so clan vars generate runs on Linux).
This commit is contained in:
DannyDannyDanny 2026-04-20 19:58:16 +02:00
parent 1d4c6c8f4f
commit 22808f39fa
34 changed files with 337 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

1
vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/machines/sunken-ship Symbolic link
View file

@ -0,0 +1 @@
../../../../../../sops/machines/sunken-ship

18
vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/secret Normal file
View file

@ -0,0 +1,18 @@
{
"data": "ENC[AES256_GCM,data:OmnzynETGrQK8os5sSZ2Uo6+Ssurkt8wqnJU3f5pNDNBwBPLlcYfDzslkHu4eDGLpiJnVwyFJPdzwSRuTqQOIRN3Z6stSf4ISVWQnwRDDAaYfm8tj9xL6vbjXugQW9F++weMhO9gvyraDmJP/wlaCAdfgiXo/LjVneRQDBozUfPxF7KKBb8GTjP4PGILep3/n8HyxEl3ibAvgUplsdh5ybW2IeZeHwI9fuRY1EE09vGgIi7TSyHD3bfkNwQTsotNsgO3Z5SBPWPDIN2n0NYtVcUfkpJJZbp3TjWUhZuciHtsXggw4/aeW4xQdpNV,iv:LxoBD3dV1JLGJt8f8O70heIg+oVuSKrdLAv2AxFgfc0=,tag:79cQmt6gGuMO5cfYfeZ4HQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGTkZMQnZmelNKanJ4cjhu\nbGNDOENpOGoydWFFM21VNytYYkFabkE0WmdFCkNPb2ZyZHRxd2l0WnN3c24yNlZH\nRFp4ZStaY1JCUmFxL0xxVERjTk5yWW8KLS0tIE1KQURtbkl1Q0RROGZTZ2xMK0tI\nWlFQd2VFcmU5dC9FRXZ0cW1adDFCa0kK8gko5J+LsnVTuSj8yS60L05bYruuno9d\nUYtAHcfbnZ9VfrAFH+uWfsPUoloqDOiRR0BQx6m6epWlAIRILni2kw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zy3q73pujauyajgfqwu0pnyy8732lzwvw87tu7p2xg3xuzaujc2qh6ql77",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEa2dHTWJ6RGVPTy9CRVdD\nN3dvcVd6RjRQdjJqdXlMdzNML25tYlpKTG1BCkR2ZUZqMHg2cG01UUNGOEttUTBM\nMVlpaUNTdEozd0MvN281QWczUEhLNHcKLS0tIFdGSG8vY3J1bktMM2tRekdmWFJJ\nNW5TaHNMVmc3Nm1OeE05Mk1xVVRxWFEKKpqi4WjKwb44Y3LrisJ0Nq5ftQljnrEN\nE/ardHaxYUCZaAuiBFSZeOG3+zrOc5+cNx74/ULAX4QaqHshJQpdKQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-04-20T17:57:27Z",
"mac": "ENC[AES256_GCM,data:Sc+5RNJuKJtsp9c22piVnUlUFvBeLGOKw1kwiyvUb48Hy9xVAP1YyzbopN7gVurdegoMvovz6iaM5pBC0xOlvGrHr6MvV5ET76N9hdacGCoFfSviKUQnDNQbic/yj9lJx5Nwpo05nf12R/NUCcXWCHkxv1jedpVRHclL8bEta5Y=,iv:WUVIqLnh81afVwdueOn59hK5+ijUI5iWrZKpqTLYSiM=,tag:I3uNmPwrnTbRWGDTBEjVRA==,type:str]",
"version": "3.12.2"
}
}

1
vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/users/danny Symbolic link
View file

@ -0,0 +1 @@
../../../../../../sops/users/danny

1
vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/machines/sunken-ship Symbolic link
View file

@ -0,0 +1 @@
../../../../../../sops/machines/sunken-ship

18
vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/secret Normal file
View file

@ -0,0 +1,18 @@
{
"data": "ENC[AES256_GCM,data:UhTbEIclwoIKcQaAMS/ZNkGrgg3HqkA3SHVBSHJ+wBI6x4i3dnAfIi08NstykkaKfMSJX0ELADiXu9rAqC/XHLHChYJ9yp9bdV/FzhaHHiJ61uVPSpgeJf9lPmirG5cNx15my3vFu9iElNuVoj1SrQJCOHdtw98=,iv:dJV6lBytRAyVyuLIGu8I7rYYd4ybKea7/j9ZMMRB5ck=,tag:QgTQApvKJAsFN2Gpxyse0g==,type:str]",
"sops": {
"age": [
{
"recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAybjQ2MDMwTUtOZDRsc1pV\nYnhTK1FMZkVZcElSVVQwNkc0V0w1aGY1VDE4ClUwMlA3VlBLTTF0bDRBWEZsTDZK\nNzlTcWtFU0w3dEdMcmVSVWJQSndNbXcKLS0tIEZEUXFwd2JaUDNDVDh5aFVWL20y\nSGFJUVUvMmZwOTFsZEhhZHFHRXJKODgKbySNJmTEDJ+0HxsmFuaIUWzLZ47HvATg\nxuYsiSXJGnermo4yxgRuisX68wLzaTVMRfdV7cK9Mqzq0gDOi6s/VQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zy3q73pujauyajgfqwu0pnyy8732lzwvw87tu7p2xg3xuzaujc2qh6ql77",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2Q3R6L2Q3ZFRKMmFqbkdT\nK1lTOGRtK2tvVk5yZXpsN1hvR0laWTZHQ1dFCkphNzB1dE5TbWJrQU8va202UXRT\nSkdZM3FpZ2VWOExhaVVNMHROd1drb2sKLS0tIGZtZHZ2VzZJMi9tcHFMSGpodFk4\nbjlnd3NvMHdXSEovQ0txT2J2N1lzeTAKxpCIqP3TNazm96Zxsk+rhwY9CVj9cIDl\nBelBCK7fOSodayheZkAIcnOWUDGOOMuFqXGDo/HC2HmzyJsco5KkMg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-04-20T17:57:27Z",
"mac": "ENC[AES256_GCM,data:uHHOi9nYi+6QKOxjmLeOUH+0oVWvSYLWc9Vkryx1ADo58GjS4BwgFcXJaw+bnGPy1lvZzA0MdqSFL5Fb/9mFVZpt0PMGD1YjGkr8dZN2eZOYbH7ysBjv91GIDewGOpKGJQKQhmMuwfE1MkaBk6WfRD5IAK6fged+0Jr+CGE81jc=,iv:Wu0aPXx41nIr4MQGAW/4rpSbHNtdlgu+IxEP6oISINg=,tag:qLRQhOma2ly3kkRHVMYgbA==,type:str]",
"version": "3.12.2"
}
}

1
vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/users/danny Symbolic link
View file

@ -0,0 +1 @@
../../../../../../sops/users/danny

3
vars/per-machine/sunken-ship/data-mesher-node-identity/identity.pub/value Normal file
View file

@ -0,0 +1,3 @@
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAs7iffRVJb66z4p0hBZkEFdYx/YG4V8QLrd1GfXx2gLA=
-----END PUBLIC KEY-----

1
vars/per-machine/sunken-ship/data-mesher-node-identity/peer.id/value Normal file
View file

@ -0,0 +1 @@
12D3KooWMuvRnpEv9XEqyYnFcqKZALBS3Vhqi3zHSn4t4vwedkF9