feat(clan): re-enable dm-pull-deploy via forked clan-community 🌊
Stage 4e, take 2. Point the clan-community input at our fork's branch that sanitizes machine.name for data-mesher's file-name validator (upstream PR: clan/clan-community#25). Revisit this pin once merged. - flake.nix: clan-community.url → fork + fix branch - flake-modules/clan.nix: re-adds meta.domain = "clan", inventory.instances.data-mesher (sunken-ship bootstrap, both default), inventory.instances.dm-pull-deploy (sunken-ship push, both default action="switch"), and clanHostsModule that puts /etc/hosts entries for <host>.clan → each machine's ZT IPv6 so libp2p multiaddr resolution works without a clan-domain DNS server. - Generator vars for data-mesher + dm-pull-deploy signing keys were regenerated on sunken-ship (data-mesher isn't packaged for aarch64-darwin, so clan vars generate runs on Linux).
This commit is contained in:
DannyDannyDanny
parent
1d4c6c8f4f
commit
22808f39fa
34 changed files with 337 additions and 20 deletions
14
vars/shared/data-mesher-network/network.key/secret
Normal file
14
vars/shared/data-mesher-network/network.key/secret
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:N5diXVSyLS5354gi5UcSK7iWflVH549PGf4ugg/mIk0utPBscDV/9HaRCn5KWvprBeLmAgnSrFs9syU17Zwwf7FHPE1RfhalN+Pi0sesttMIBc9Bni7IcmVpFY+pXJxoqGdIkM7grEtWBquJWh1cSL1ICbG4Vz0=,iv:jdEXN0pyyYnsCtr0qEI5e3e8s1GS6Lk0HnZBI6q0Wb8=,tag:JPLfvnOFdfRtWREumJ3sow==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqaGt1dGY3RmZJaW9icGJw\nZ1RGQStFN3Z4R3BrcXVHRmZGOE1FcjFhRUM4Cmd5UnNmMFVpYU5CbFNicTBBS0tQ\nWUdOMnBMZk1Qc3NrY1NIMjJFc01PcU0KLS0tIG1sOFk1VEFyQmZuczZUeC9hSWZ3\nL0FXelZ2b3RrbVZMSGJOSDk2bDZkNU0KNVGQqSX5jSxLqAcvjyofkDP8rudeusEN\nrfrrqmvP6NUgiuQiBAWpXFS6Vt8aNIWwhpk/Ij3zw0rNWH4wdV5YSg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2026-04-20T17:57:25Z",
|
||||
"mac": "ENC[AES256_GCM,data:LB+xpBT4SsjEZKMBE5JMATxOKGmLITAurL5ZAtCT1eVBJ+2kf7hp/EdmW29RrqeRZhQe3vVVo37qsud+jkACMYODmMBAzhwz7i2c2OQBFoz65MKth74B1BaV1AIfiCxghNbFExqfwV4SCnV4XntHxYelG97GfV9hWCLRdykaD10=,iv:fnkmHHJiwtfIC4F3FXXXH4vDmFls72F1UqhL45pvAsI=,tag:8fvUupt25Ta+CA9QExtpzg==,type:str]",
|
||||
"version": "3.12.2"
|
||||
}
|
||||
}
|
||||
1
vars/shared/data-mesher-network/network.key/users/danny
Symbolic link
1
vars/shared/data-mesher-network/network.key/users/danny
Symbolic link
|
|
@ -0,0 +1 @@
|
|||
../../../../../sops/users/danny
|
||||
3
vars/shared/data-mesher-network/network.pub/value
Normal file
3
vars/shared/data-mesher-network/network.pub/value
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MCowBQYDK2VwAyEAdB1Fz8Y5HZxHcr+gvbpjG14MWVYZsHxDDRymsd0sQU8=
|
||||
-----END PUBLIC KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../../../../sops/machines/sunken-ship
|
||||
18
vars/shared/dm-pull-deploy-signing-key/signing.key/secret
Normal file
18
vars/shared/dm-pull-deploy-signing-key/signing.key/secret
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:SFWdcWNOT/lPnlk/03UrsejGiUiSE4540V0UVmd/2KxOnPf2463wlbCnx1pg4Y3dOScohNyM6MIU60/E8AZrQWUSYPM6RPVvW9Bpgb8WByUUABlxH3CxZth3ygpJGez/fchWFjkFUyydhcVWpm6UxmNnjhTwvq8=,iv:/n1pHl1DHy4pCVn1QuEK/+ud14ZWd0E5JfiMe8tczy0=,tag:NG8sO8Y8dujHVSh5d/ugFw==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjNmVGOUhDdHNlUm5GRjJo\nZFJJbUQyZys4ZjFiRUlyWUxuUnBuWmkyckVFCi8wZmdSeVBzbis4b1JZcU5QSDRp\nYXJBNzVIeXhSSnIyK1FTUDhUNFR2SVEKLS0tIFZtV0ZsRjdaaXMxbXF6S0VjV1J3\nelBUYWx0ZXpNMVZoK0dKdFdMYUpaMUEK1H4mOKs8CEtJ2P2aFkd9C2I7BRoqdZX9\nCowzfdUPQK3XwYxK0e+qM/eSPMsQr+IgPX4GtpIrkPUtkr9yNlXdTA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1zy3q73pujauyajgfqwu0pnyy8732lzwvw87tu7p2xg3xuzaujc2qh6ql77",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeHB1d0hrenZxZVVaWDgr\nbjYzcEY5VjNqL3FIR2NyYkd3bzBXNmFnNFZnCkY5TlplcEhqd2JUOFdoZzdtTWJs\ncW5rbWNkUnZ6SXJzd3ltM0FDeGIyZzAKLS0tIDZKdjZuaGdLUFVrMUE4RG1SSi83\nTVM1b1dTeVppQ3ZmLzExOVFob3VxR0EKziFYIaTcseeGJgLzb4ZgTnAnwlPavqGZ\nQ2/zQjn3i1vu1Et/qlhxQGg4AxmP976b23iwm+JYn901i00VClOuJg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2026-04-20T17:57:26Z",
|
||||
"mac": "ENC[AES256_GCM,data:Qb3eJPq4m95zvteRXmDqReXiNrGDIHsh4PLYC/BRVJKLH2NJcygFj7DRuMHsM8TITEewvee96wInBim8porAGnNPGVl9GZpKU8gVT1JPWbbWYa28AegFoTgLw7nsGfyGYtAso6NfN9uuBggFf6zHBeSbg1p87hUbyRhjnp7xnOg=,iv:ugJKegaaH/FKsGrvWXdwVojb/yAwKtREF3Ng/2qgsIY=,tag:jsZ2QnHuje683C/wM/OGHg==,type:str]",
|
||||
"version": "3.12.2"
|
||||
}
|
||||
}
|
||||
1
vars/shared/dm-pull-deploy-signing-key/signing.key/users/danny
Symbolic link
1
vars/shared/dm-pull-deploy-signing-key/signing.key/users/danny
Symbolic link
|
|
@ -0,0 +1 @@
|
|||
../../../../../sops/users/danny
|
||||
3
vars/shared/dm-pull-deploy-signing-key/signing.pub/value
Normal file
3
vars/shared/dm-pull-deploy-signing-key/signing.pub/value
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MCowBQYDK2VwAyEA2tgf1jPcQ0GEIsEU4/iVsrg4Wi9WSgCpbKarBKhpxPQ=
|
||||
-----END PUBLIC KEY-----
|
||||
Loading…
Add table
Add a link
Reference in a new issue