chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

move media to encrypted storage

Browse source
This commit is contained in:
Chaos 2022-11-29 10:08:44 +00:00
parent 9ca10ad75a
commit a6d02a3de9
No known key found for this signature in database
2 changed files with 28 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
hosts/storage/rclone_config.template
View file

@ -68,6 +68,12 @@ vendor = nextcloud
user = chaoticryptidz user = chaoticryptidz
pass = PUTIO_PASSWORD pass = PUTIO_PASSWORD
[Storage-Media-Crypt]
type = crypt
remote = StorageBox:Media
password = STORAGE_MEDIA_CRYPT_PASSWORD
password2 = STORAGE_MEDIA_CRYPT_SALT
[Media-Combine-Serve] [Media-Combine-Serve]
type = combine type = combine
upstreams = "Media=StorageBox:Media" "PutIO=PutIO-WebDAV:" upstreams = "Media=Storage-Media-Crypt:" "PutIO=PutIO-WebDAV:"

25
hosts/storage/secrets.nix
View file

@ -11,13 +11,17 @@
]; ];
extraFunctions = '' extraFunctions = ''
replace_slash_for_sed() {
sed "s#/#\\\/#"
}
simple_get_obscure() { simple_get_obscure() {
rclone obscure "$(simple_get "$@")" rclone obscure "$(simple_get "$@")"
} }
simple_get_replace_b2() { simple_get_replace_b2() {
api_account=$(simple_get "$1" .keyID) api_account=$(simple_get "$1" .keyID | replace_slash_for_sed)
api_key=$(simple_get "$1" .applicationKey | sed "s#/#\\\/#") api_key=$(simple_get "$1" .applicationKey | replace_slash_for_sed)
replace_account=''${2}_ACCOUNT replace_account=''${2}_ACCOUNT
replace_key=''${2}_KEY replace_key=''${2}_KEY
@ -25,6 +29,17 @@
sed -i "s/$replace_account/$api_account/" "$3" sed -i "s/$replace_account/$api_account/" "$3"
sed -i "s/$replace_key/$api_key/" "$3" sed -i "s/$replace_key/$api_key/" "$3"
} }
simple_get_replace_crypt() {
password=$(simple_get "$1" .password | replace_slash_for_sed)
salt=$(simple_get "$1" .salt | replace_slash_for_sed)
replace_password=''${2}_ACCOUNT
replace_salt=''${2}_KEY
sed -i "s/$replace_password/$password/" "$3"
sed -i "s/$replace_salt/$salt/" "$3"
}
''; '';
secrets = { secrets = {
@ -85,7 +100,7 @@
cp ${./rclone_config.template} "$TMP_DIR/template" cp ${./rclone_config.template} "$TMP_DIR/template"
pushd "$TMP_DIR" pushd "$TMP_DIR" 2>/dev/null
STORAGEBOX_PASSWORD=$(simple_get_obscure /api-keys/hetzner/storagebox .password) STORAGEBOX_PASSWORD=$(simple_get_obscure /api-keys/hetzner/storagebox .password)
sed -i "s/STORAGEBOX_PASSWORD/$STORAGEBOX_PASSWORD/" ./template sed -i "s/STORAGEBOX_PASSWORD/$STORAGEBOX_PASSWORD/" ./template
@ -99,9 +114,11 @@
PUTIO_PASSWORD="$(rclone obscure "$PUTIO_PASSWORD")" PUTIO_PASSWORD="$(rclone obscure "$PUTIO_PASSWORD")"
sed -i "s/PUTIO_PASSWORD/$PUTIO_PASSWORD/" ./template sed -i "s/PUTIO_PASSWORD/$PUTIO_PASSWORD/" ./template
simple_get_replace_crypt "/private-public-keys/rclone/Chaos-Media-Crypt" "STORAGE_MEDIA_CRYPT" ./template
cp ./template $secretFile cp ./template $secretFile
popd popd 2>/dev/null
rm -rf "$TMP_DIR" rm -rf "$TMP_DIR"
''; '';