From 638721cceb48c16a58ef9e3c70934912d764da80 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 16 Feb 2025 18:59:47 +0100
Subject: [PATCH] pkgs/nixfiles,pkgs/clerie-sops: Allow htpasswd edit the
 htpasswd file directly and therefor update existing entries

---
 pkgs/clerie-sops/clerie-sops-edit.sh          | 31 ++++++++++++++++---
 .../nixfiles-generate-backup-secrets.sh       |  6 ++--
 2 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/pkgs/clerie-sops/clerie-sops-edit.sh b/pkgs/clerie-sops/clerie-sops-edit.sh
index 7e03445..b2227c4 100755
--- a/pkgs/clerie-sops/clerie-sops-edit.sh
+++ b/pkgs/clerie-sops/clerie-sops-edit.sh
@@ -7,17 +7,19 @@ set -euo pipefail
 
 print_help() {
 	cat << EOF
-clerie-sops-edit <secrets_file> <action> <key>
+clerie-sops-edit <secrets_file> <action> <key> [cmd...]
 
   This script allows editing single secrets in a secrets file by key.
 
   <secrets_file> is a sops secrets file
-  <action> is one of "edit", "read", "set" and "append"
+  <action> is one of "edit", "cmd", "read", "set" and "append"
   <key> is the key of the secret in the secrets file to modify
+
+  ACTION "cmd" a command that get passed the decrypted secret in the argument being "{}"
 EOF
 }
 
-if [[ $# != 3 ]]; then
+if [[ $# -lt 3 ]]; then
 	print_help
 	exit 1
 fi
@@ -33,7 +35,7 @@ fi
 
 ACTION="$2"
 
-if ! echo "edit read set append" | grep -wq "${ACTION}"; then
+if ! echo "edit cmd read set append" | grep -wq "${ACTION}"; then
 	echo "Action \"${ACTION}\" not supported"
 	echo
 	print_help
@@ -43,6 +45,15 @@ fi
 KEY="$3"
 KEY_SELECTOR="$(jq -Rsc '[.]' <(echo -n "${KEY}"))"
 
+if [[ $# -gt 3 && "${ACTION}" != "cmd" ]]; then
+	print_help
+	exit 1
+fi
+
+shift
+shift
+shift
+
 if [[ -n $EDITOR ]]; then
 	EDITOR=vim
 fi
@@ -64,6 +75,18 @@ case "${ACTION}" in
 	edit)
 		"${EDITOR}" "${TMP_FILE}"
 		;;
+	cmd)
+		CMD=()
+		while [[ $# -gt 0 ]]; do
+			if [[ "$1" == "{}" ]]; then
+				CMD+=("${TMP_FILE}")
+			else
+				CMD+=("$1")
+			fi
+			shift
+		done
+		"${CMD[@]}"
+		;;
 	read)
 		cat "${TMP_FILE}"
 		;;
diff --git a/pkgs/nixfiles/nixfiles-generate-backup-secrets.sh b/pkgs/nixfiles/nixfiles-generate-backup-secrets.sh
index dbaf989..91a437e 100755
--- a/pkgs/nixfiles/nixfiles-generate-backup-secrets.sh
+++ b/pkgs/nixfiles/nixfiles-generate-backup-secrets.sh
@@ -31,12 +31,10 @@ fi
 
 job_main="$(pwgen -1 64 1)"
 target_cyan="$(pwgen -1 64 1)"
-target_cyan_htpasswd="$(htpasswd -nbB "${host}" "${target_cyan}")"
 target_magenta="$(pwgen -1 64 1)"
-target_magenta_htpasswd="$(htpasswd -nbB "${host}" "${target_magenta}")"
 
-echo "${target_cyan_htpasswd}" | clerie-sops-edit "hosts/clerie-backup/secrets.json" append "restic-server-cyan-htpasswd"
-echo "${target_magenta_htpasswd}" | clerie-sops-edit "hosts/backup-4/secrets.json" append "restic-server-magenta-htpasswd"
+echo "${target_cyan}" | clerie-sops-edit "hosts/clerie-backup/secrets.json" cmd "restic-server-cyan-htpasswd" htpasswd -iB "{}" "${host}"
+echo "${target_magenta}" | clerie-sops-edit "hosts/backup-4/secrets.json" cmd "restic-server-magenta-htpasswd" htpasswd -iB "{}" "${host}"
 
 echo "Repo password main: ${job_main}"
 echo