clerie/nixfiles
1
0
Fork 0
Code

pkgs/nixfiles,pkgs/clerie-sops: Allow htpasswd edit the htpasswd file directly and therefor update existing entries

Browse Source
This commit is contained in:
clerie 2025-02-16 18:59:47 +01:00
parent 5345828a56
commit 638721cceb
2 changed files with 29 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
pkgs/clerie-sops/clerie-sops-edit.sh
View File

@ -7,17 +7,19 @@ set -euo pipefail
print_help() { print_help() {
cat << EOF cat << EOF
clerie-sops-edit <secrets_file> <action> <key> clerie-sops-edit <secrets_file> <action> <key> [cmd...]
This script allows editing single secrets in a secrets file by key. This script allows editing single secrets in a secrets file by key.
<secrets_file> is a sops secrets file <secrets_file> is a sops secrets file
<action> is one of "edit", "read", "set" and "append" <action> is one of "edit", "cmd", "read", "set" and "append"
<key> is the key of the secret in the secrets file to modify <key> is the key of the secret in the secrets file to modify
ACTION "cmd" a command that get passed the decrypted secret in the argument being "{}"
EOF EOF
} }
if [[ $# != 3 ]]; then if [[ $# -lt 3 ]]; then
print_help print_help
exit 1 exit 1
fi fi
@ -33,7 +35,7 @@ fi
ACTION="$2" ACTION="$2"
if ! echo "edit read set append" | grep -wq "${ACTION}"; then if ! echo "edit cmd read set append" | grep -wq "${ACTION}"; then
echo "Action \"${ACTION}\" not supported" echo "Action \"${ACTION}\" not supported"
echo echo
print_help print_help
@ -43,6 +45,15 @@ fi
KEY="$3" KEY="$3"
KEY_SELECTOR="$(jq -Rsc '[.]' <(echo -n "${KEY}"))" KEY_SELECTOR="$(jq -Rsc '[.]' <(echo -n "${KEY}"))"
if [[ $# -gt 3 && "${ACTION}" != "cmd" ]]; then
print_help
exit 1
fi
shift
shift
shift
if [[ -n $EDITOR ]]; then if [[ -n $EDITOR ]]; then
EDITOR=vim EDITOR=vim
fi fi
@ -64,6 +75,18 @@ case "${ACTION}" in
edit) edit)
"${EDITOR}" "${TMP_FILE}" "${EDITOR}" "${TMP_FILE}"
;; ;;
cmd)
CMD=()
while [[ $# -gt 0 ]]; do
if [[ "$1" == "{}" ]]; then
CMD+=("${TMP_FILE}")
else
CMD+=("$1")
fi
shift
done
"${CMD[@]}"
;;
read) read)
cat "${TMP_FILE}" cat "${TMP_FILE}"
;; ;;

6
pkgs/nixfiles/nixfiles-generate-backup-secrets.sh
View File

@ -31,12 +31,10 @@ fi
job_main="$(pwgen -1 64 1)" job_main="$(pwgen -1 64 1)"
target_cyan="$(pwgen -1 64 1)" target_cyan="$(pwgen -1 64 1)"
target_cyan_htpasswd="$(htpasswd -nbB "${host}" "${target_cyan}")"
target_magenta="$(pwgen -1 64 1)" target_magenta="$(pwgen -1 64 1)"
target_magenta_htpasswd="$(htpasswd -nbB "${host}" "${target_magenta}")"
echo "${target_cyan_htpasswd}" | clerie-sops-edit "hosts/clerie-backup/secrets.json" append "restic-server-cyan-htpasswd" echo "${target_cyan}" | clerie-sops-edit "hosts/clerie-backup/secrets.json" cmd "restic-server-cyan-htpasswd" htpasswd -iB "{}" "${host}"
echo "${target_magenta_htpasswd}" | clerie-sops-edit "hosts/backup-4/secrets.json" append "restic-server-magenta-htpasswd" echo "${target_magenta}" | clerie-sops-edit "hosts/backup-4/secrets.json" cmd "restic-server-magenta-htpasswd" htpasswd -iB "{}" "${host}"
echo "Repo password main: ${job_main}" echo "Repo password main: ${job_main}"
echo echo