From a6d02a3de902377fca27cd6332395e573fce7d33 Mon Sep 17 00:00:00 2001
From: Chaos <chaoticryptidz@owo.monster>
Date: Tue, 29 Nov 2022 10:08:44 +0000
Subject: [PATCH] move media to encrypted storage

---
 hosts/storage/rclone_config.template |  8 +++++++-
 hosts/storage/secrets.nix            | 25 +++++++++++++++++++++----
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/hosts/storage/rclone_config.template b/hosts/storage/rclone_config.template
index 1d7ec7d..91d8767 100644
--- a/hosts/storage/rclone_config.template
+++ b/hosts/storage/rclone_config.template
@@ -68,6 +68,12 @@ vendor = nextcloud
 user = chaoticryptidz
 pass = PUTIO_PASSWORD
 
+[Storage-Media-Crypt]
+type = crypt
+remote = StorageBox:Media
+password = STORAGE_MEDIA_CRYPT_PASSWORD
+password2 = STORAGE_MEDIA_CRYPT_SALT
+
 [Media-Combine-Serve]
 type = combine
-upstreams = "Media=StorageBox:Media" "PutIO=PutIO-WebDAV:"
\ No newline at end of file
+upstreams = "Media=Storage-Media-Crypt:" "PutIO=PutIO-WebDAV:"
\ No newline at end of file
diff --git a/hosts/storage/secrets.nix b/hosts/storage/secrets.nix
index 5761710..60a8c92 100644
--- a/hosts/storage/secrets.nix
+++ b/hosts/storage/secrets.nix
@@ -11,13 +11,17 @@
     ];
 
     extraFunctions = ''
+      replace_slash_for_sed() {
+        sed "s#/#\\\/#"
+      }
+
       simple_get_obscure() {
         rclone obscure "$(simple_get "$@")"
       }
 
       simple_get_replace_b2() {
-        api_account=$(simple_get "$1" .keyID)
-        api_key=$(simple_get "$1" .applicationKey | sed "s#/#\\\/#")
+        api_account=$(simple_get "$1" .keyID | replace_slash_for_sed)
+        api_key=$(simple_get "$1" .applicationKey | replace_slash_for_sed)
 
         replace_account=''${2}_ACCOUNT
         replace_key=''${2}_KEY
@@ -25,6 +29,17 @@
         sed -i "s/$replace_account/$api_account/" "$3"
         sed -i "s/$replace_key/$api_key/" "$3"
       }
+    
+      simple_get_replace_crypt() {
+        password=$(simple_get "$1" .password | replace_slash_for_sed)
+        salt=$(simple_get "$1" .salt | replace_slash_for_sed)
+
+        replace_password=''${2}_ACCOUNT
+        replace_salt=''${2}_KEY
+
+        sed -i "s/$replace_password/$password/" "$3"
+        sed -i "s/$replace_salt/$salt/" "$3"
+      }
     '';
 
     secrets = {
@@ -85,7 +100,7 @@
 
           cp ${./rclone_config.template} "$TMP_DIR/template"
 
-          pushd "$TMP_DIR"
+          pushd "$TMP_DIR" 2>/dev/null
 
           STORAGEBOX_PASSWORD=$(simple_get_obscure /api-keys/hetzner/storagebox .password)
           sed -i "s/STORAGEBOX_PASSWORD/$STORAGEBOX_PASSWORD/" ./template
@@ -99,9 +114,11 @@
           PUTIO_PASSWORD="$(rclone obscure "$PUTIO_PASSWORD")"
           sed -i "s/PUTIO_PASSWORD/$PUTIO_PASSWORD/" ./template
 
+          simple_get_replace_crypt "/private-public-keys/rclone/Chaos-Media-Crypt" "STORAGE_MEDIA_CRYPT" ./template
+
           cp ./template $secretFile
 
-          popd
+          popd 2>/dev/null
 
           rm -rf "$TMP_DIR"
         '';