clan-cli secrets: deploy -> upload

nixosModules/clanCore/secrets/default.nix

@@ -68,9 +68,9 @@
         };
       }));
   };
-  config.system.build.generateDeploySecrets = pkgs.writeScript "generate_deploy_secrets" ''
+  config.system.build.generateUploadSecrets = pkgs.writeScript "generate_upload_secrets" ''
-    ${config.system.build.generateSecrets}
+    ${config.system.clan.generateSecrets}
-    ${config.system.build.deploySecrets}
+    ${config.system.clan.uploadSecrets}
   '';
   imports = [
     ./sops.nix

nixosModules/clanCore/secrets/password-store.nix

@@ -7,7 +7,7 @@ in
     type = lib.types.path;
     default = "/etc/secrets";
     description = ''
-      The directory where the password store is deployed to.
+      The directory where the password store is uploaded to.
     '';
   };
   config = lib.mkIf (config.clanCore.secretStore == "password-store") {
@@ -45,7 +45,7 @@ in
         fi)
       '') "" config.clanCore.secrets}
     '';
-    system.clan.deploySecrets = pkgs.writeScript "deploy-secrets" ''
+    system.clan.uploadSecrets = pkgs.writeScript "upload-secrets" ''
       #!/bin/sh
       set -efu
       set -x # remove for prod

nixosModules/clanCore/secrets/sops.nix

@@ -64,8 +64,8 @@ in
         fi)
       '') "" config.clanCore.secrets}
     '';
-    system.clan.deploySecrets = pkgs.writeScript "deploy-secrets" ''
+    system.clan.uploadSecrets = pkgs.writeScript "upload-secrets" ''
-      echo deployment is not needed for sops secret store, since the secrets are part of the flake
+      echo upload is not needed for sops secret store, since the secrets are part of the flake
     '';
     sops.secrets = builtins.mapAttrs
       (name: _: {

pkgs/clan-cli/clan_cli/machines/update.py

@@ -4,7 +4,7 @@ import os
 import subprocess
 
 from ..ssh import Host, HostGroup, HostKeyCheck
-from ..secrets.deploy import deploy_secrets
+from ..secrets.upload import upload_secrets
 from ..secrets.generate import generate_secrets
 
 
@@ -35,7 +35,7 @@ def deploy_nixos(hosts: HostGroup) -> None:
         ssh_arg += " -i " + h.key if h.key else ""
 
         generate_secrets(h.host)
-        deploy_secrets(h.host)
+        upload_secrets(h.host)
 
         flake_attr = h.meta.get("flake_attr", "")
         if flake_attr:

pkgs/clan-cli/clan_cli/secrets/__init__.py

@@ -1,13 +1,13 @@
 # !/usr/bin/env python3
 import argparse
 
-from .deploy import register_deploy_parser
 from .generate import register_generate_parser
 from .groups import register_groups_parser
 from .import_sops import register_import_sops_parser
 from .key import register_key_parser
 from .machines import register_machines_parser
 from .secrets import register_secrets_parser
+from .upload import register_upload_parser
 from .users import register_users_parser
 
 
@@ -37,8 +37,8 @@ def register_parser(parser: argparse.ArgumentParser) -> None:
     )
     register_generate_parser(parser_generate)
 
-    parser_deploy = subparser.add_parser("deploy", help="deploy secrets for machines")
+    parser_upload = subparser.add_parser("upload", help="upload secrets for machines")
-    register_deploy_parser(parser_deploy)
+    register_upload_parser(parser_upload)
 
     parser_key = subparser.add_parser("key", help="create and show age keys")
     register_key_parser(parser_key)

pkgs/clan-cli/clan_cli/secrets/deploy.py

@@ -1,51 +0,0 @@
-import argparse
-import subprocess
-import sys
-
-from clan_cli.errors import ClanError
-
-from ..nix import nix_build_machine
-
-
-def deploy_secrets(machine: str) -> None:
-    proc = subprocess.run(
-        nix_build_machine(
-            machine=machine,
-            attr=[
-                "config",
-                "system",
-                "clan",
-                "deploySecrets",
-            ],
-        ),
-        capture_output=True,
-        text=True,
-    )
-    if proc.returncode != 0:
-        print(proc.stderr, file=sys.stderr)
-        raise ClanError(f"failed to deploy secrets:\n{proc.stderr}")
-
-    secret_deploy_script = proc.stdout.strip()
-    secret_deploy = subprocess.run(
-        [
-            secret_deploy_script,
-            f"root@{machine}",
-        ],
-    )
-
-    if secret_deploy.returncode != 0:
-        raise ClanError("failed to deploy secrets")
-    else:
-        print("successfully deployed secrets")
-
-
-def deploy_command(args: argparse.Namespace) -> None:
-    deploy_secrets(args.machine)
-
-
-def register_deploy_parser(parser: argparse.ArgumentParser) -> None:
-    parser.add_argument(
-        "machine",
-        help="The machine to deploy secrets to",
-    )
-    parser.set_defaults(func=deploy_command)

pkgs/clan-cli/clan_cli/secrets/upload.py

@@ -0,0 +1,51 @@
+import argparse
+import subprocess
+import sys
+
+from clan_cli.errors import ClanError
+
+from ..nix import nix_build_machine
+
+
+def upload_secrets(machine: str) -> None:
+    proc = subprocess.run(
+        nix_build_machine(
+            machine=machine,
+            attr=[
+                "config",
+                "system",
+                "clan",
+                "uploadSecrets",
+            ],
+        ),
+        capture_output=True,
+        text=True,
+    )
+    if proc.returncode != 0:
+        print(proc.stderr, file=sys.stderr)
+        raise ClanError(f"failed to upload secrets:\n{proc.stderr}")
+
+    secret_upload_script = proc.stdout.strip()
+    secret_upload = subprocess.run(
+        [
+            secret_upload_script,
+            f"root@{machine}",
+        ],
+    )
+
+    if secret_upload.returncode != 0:
+        raise ClanError("failed to upload secrets")
+    else:
+        print("successfully uploaded secrets")
+
+
+def upload_command(args: argparse.Namespace) -> None:
+    upload_secrets(args.machine)
+
+
+def register_upload_parser(parser: argparse.ArgumentParser) -> None:
+    parser.add_argument(
+        "machine",
+        help="The machine to upload secrets to",
+    )
+    parser.set_defaults(func=upload_command)