From 638721cceb48c16a58ef9e3c70934912d764da80 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 16 Feb 2025 18:59:47 +0100 Subject: [PATCH] pkgs/nixfiles,pkgs/clerie-sops: Allow htpasswd edit the htpasswd file directly and therefor update existing entries --- pkgs/clerie-sops/clerie-sops-edit.sh | 31 ++++++++++++++++--- .../nixfiles-generate-backup-secrets.sh | 6 ++-- 2 files changed, 29 insertions(+), 8 deletions(-) diff --git a/pkgs/clerie-sops/clerie-sops-edit.sh b/pkgs/clerie-sops/clerie-sops-edit.sh index 7e03445..b2227c4 100755 --- a/pkgs/clerie-sops/clerie-sops-edit.sh +++ b/pkgs/clerie-sops/clerie-sops-edit.sh @@ -7,17 +7,19 @@ set -euo pipefail print_help() { cat << EOF -clerie-sops-edit +clerie-sops-edit [cmd...] This script allows editing single secrets in a secrets file by key. is a sops secrets file - is one of "edit", "read", "set" and "append" + is one of "edit", "cmd", "read", "set" and "append" is the key of the secret in the secrets file to modify + + ACTION "cmd" a command that get passed the decrypted secret in the argument being "{}" EOF } -if [[ $# != 3 ]]; then +if [[ $# -lt 3 ]]; then print_help exit 1 fi @@ -33,7 +35,7 @@ fi ACTION="$2" -if ! echo "edit read set append" | grep -wq "${ACTION}"; then +if ! echo "edit cmd read set append" | grep -wq "${ACTION}"; then echo "Action \"${ACTION}\" not supported" echo print_help @@ -43,6 +45,15 @@ fi KEY="$3" KEY_SELECTOR="$(jq -Rsc '[.]' <(echo -n "${KEY}"))" +if [[ $# -gt 3 && "${ACTION}" != "cmd" ]]; then + print_help + exit 1 +fi + +shift +shift +shift + if [[ -n $EDITOR ]]; then EDITOR=vim fi @@ -64,6 +75,18 @@ case "${ACTION}" in edit) "${EDITOR}" "${TMP_FILE}" ;; + cmd) + CMD=() + while [[ $# -gt 0 ]]; do + if [[ "$1" == "{}" ]]; then + CMD+=("${TMP_FILE}") + else + CMD+=("$1") + fi + shift + done + "${CMD[@]}" + ;; read) cat "${TMP_FILE}" ;; diff --git a/pkgs/nixfiles/nixfiles-generate-backup-secrets.sh b/pkgs/nixfiles/nixfiles-generate-backup-secrets.sh index dbaf989..91a437e 100755 --- a/pkgs/nixfiles/nixfiles-generate-backup-secrets.sh +++ b/pkgs/nixfiles/nixfiles-generate-backup-secrets.sh @@ -31,12 +31,10 @@ fi job_main="$(pwgen -1 64 1)" target_cyan="$(pwgen -1 64 1)" -target_cyan_htpasswd="$(htpasswd -nbB "${host}" "${target_cyan}")" target_magenta="$(pwgen -1 64 1)" -target_magenta_htpasswd="$(htpasswd -nbB "${host}" "${target_magenta}")" -echo "${target_cyan_htpasswd}" | clerie-sops-edit "hosts/clerie-backup/secrets.json" append "restic-server-cyan-htpasswd" -echo "${target_magenta_htpasswd}" | clerie-sops-edit "hosts/backup-4/secrets.json" append "restic-server-magenta-htpasswd" +echo "${target_cyan}" | clerie-sops-edit "hosts/clerie-backup/secrets.json" cmd "restic-server-cyan-htpasswd" htpasswd -iB "{}" "${host}" +echo "${target_magenta}" | clerie-sops-edit "hosts/backup-4/secrets.json" cmd "restic-server-magenta-htpasswd" htpasswd -iB "{}" "${host}" echo "Repo password main: ${job_main}" echo