clerie/nixfiles
1
0
Fork 0
Code

pkgs/nixfiles: Display generated backup secrets and make configureing hosts optional

Browse Source
This commit is contained in:
clerie 2025-02-16 18:34:15 +01:00
parent 5b03dd5ef9
commit 5345828a56
1 changed files with 40 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
pkgs/nixfiles/nixfiles-generate-backup-secrets.sh
View File

@ -4,17 +4,52 @@ set -euo pipefail
cd "$(git rev-parse --show-toplevel)" cd "$(git rev-parse --show-toplevel)"
if [[ $# -eq 0 || $# -gt 2 ]]; then
echo "Usage: nixfiles-generate-backup-secrets HOST [--configure-host]"
echo
echo " --configure-host"
echo " Directly sets the secrets in the hosts secret store"
exit 1
fi
host="$1" host="$1"
CONFIGURE_HOST=
if [[ $# -eq 2 ]]; then
if [[ "$2" == "--configure-host" ]]; then
if [[ ! -f "hosts/${host}/secrets.json" ]]; then
echo "Host ${host} does not have a secrets file, can't configure"
exit 1
fi
CONFIGURE_HOST=1
else
echo "Unknown option $2"
exit 1
fi
fi
job_main="$(pwgen -1 64 1)" job_main="$(pwgen -1 64 1)"
target_cyan="$(pwgen -1 64 1)" target_cyan="$(pwgen -1 64 1)"
target_cyan_htpasswd="$(htpasswd -nbB "${host}" "${target_cyan}")" target_cyan_htpasswd="$(htpasswd -nbB "${host}" "${target_cyan}")"
target_magenta="$(pwgen -1 64 1)" target_magenta="$(pwgen -1 64 1)"
target_magenta_htpasswd="$(htpasswd -nbB "${host}" "${target_magenta}")" target_magenta_htpasswd="$(htpasswd -nbB "${host}" "${target_magenta}")"
echo "$job_main" | clerie-sops-edit "hosts/${host}/secrets.json" set "clerie-backup-job-main"
echo "$target_cyan" | clerie-sops-edit "hosts/${host}/secrets.json" set "clerie-backup-target-cyan"
echo "$target_magenta" | clerie-sops-edit "hosts/${host}/secrets.json" set "clerie-backup-target-magenta"
echo "${target_cyan_htpasswd}" | clerie-sops-edit "hosts/clerie-backup/secrets.json" append "restic-server-cyan-htpasswd" echo "${target_cyan_htpasswd}" | clerie-sops-edit "hosts/clerie-backup/secrets.json" append "restic-server-cyan-htpasswd"
echo "$target_magenta_htpasswd" | clerie-sops-edit "hosts/backup-4/secrets.json" append "restic-server-magenta-htpasswd" echo "${target_magenta_htpasswd}" | clerie-sops-edit "hosts/backup-4/secrets.json" append "restic-server-magenta-htpasswd"
echo "Repo password main: ${job_main}"
echo
echo "URL cyan: https://cyan.backup.clerie.de/${host}/main"
echo "Auth username cyan: ${host}"
echo "Auth password cyan: ${target_cyan}"
echo
echo "URL magenta: https://magenta.backup.clerie.de/${host}/main"
echo "Auth username magenta: ${host}"
echo "Auth password magenta: ${target_magenta}"
if [[ -n "${CONFIGURE_HOST}" ]]; then
echo "$job_main" | clerie-sops-edit "hosts/${host}/secrets.json" set "clerie-backup-job-main"
echo "$target_cyan" | clerie-sops-edit "hosts/${host}/secrets.json" set "clerie-backup-target-cyan"
echo "$target_magenta" | clerie-sops-edit "hosts/${host}/secrets.json" set "clerie-backup-target-magenta"
fi