stuff
This commit is contained in:
Shelvacu
@@ -362,8 +362,9 @@
|
||||
lib.mapAttrsToList (k: v: "${v} ${k}") plain.config.vacu.ssh.authorizedKeys
|
||||
)
|
||||
);
|
||||
update-gitea-keys = pkgs.callPackage ./scripts/update-gitea-keys.nix { inherit (plain) config; };
|
||||
update-git-keys = pkgs.callPackage ./scripts/update-git-keys.nix { inherit (plain) config; };
|
||||
inherit (plain.config.vacu) sopsConfig wrappedSops;
|
||||
dns = import ./scripts/dns { inherit pkgs; inherit (plain) config; };
|
||||
nixvim = inputs.nixvim.legacyPackages.${system}.makeNixvimWithModule {
|
||||
extraSpecialArgs = {
|
||||
inputs = { };
|
||||
|
||||
23
scripts/dns/default.nix
Normal file
23
scripts/dns/default.nix
Normal file
@@ -0,0 +1,23 @@
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
pkgs.writers.writePython3Bin "dns" {
|
||||
libraries = [ pkgs.python3Packages.httpx ];
|
||||
} ''
|
||||
# flake8: noqa
|
||||
import httpx
|
||||
import os
|
||||
from pprint import pp
|
||||
auth_id = os.environ["CLOUDNS_AUTH_ID"]
|
||||
auth_password = os.environ["CLOUDNS_AUTH_PASSWORD"]
|
||||
|
||||
base_url = "https://api.cloudns.net"
|
||||
auth_params = {
|
||||
"auth-id": auth_id,
|
||||
"auth-password": auth_password,
|
||||
}
|
||||
res = httpx.get(base_url + "/dns/records.json", params={"domain-name": "jean-luc.org", "rows-per-page": 100, **auth_params}).json()
|
||||
pp(res)
|
||||
''
|
||||
53
scripts/update-git-keys.nix
Normal file
53
scripts/update-git-keys.nix
Normal file
@@ -0,0 +1,53 @@
|
||||
{
|
||||
config,
|
||||
writers,
|
||||
curl,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
writers.writeBashBin "update-git-keys" ''
|
||||
set -xev
|
||||
domain="$1"
|
||||
api_key="$(${lib.getExe config.vacu.wrappedSops} --extract '["'$domain'"]' -d ${../secrets/misc/git-keys.json})"
|
||||
if [ $domain = github.com ]; then
|
||||
url_base="https://api.github.com"
|
||||
elif [ $domain = gitlab.com ]; then
|
||||
url_base="https://$domain/api/v4"
|
||||
else
|
||||
url_base="https://$domain/api/v1"
|
||||
fi
|
||||
url_keys="$url_base/user/keys"
|
||||
if [ $domain = "git.uninsane.org" ]; then
|
||||
authorization_name="token"
|
||||
else
|
||||
authorization_name="Bearer"
|
||||
fi
|
||||
curl_common=( \
|
||||
${lib.getExe curl} \
|
||||
--fail \
|
||||
--header "Authorization: $authorization_name $api_key" \
|
||||
--header "Content-Type: application/json" \
|
||||
)
|
||||
if [ $domain = "github.com" ]; then
|
||||
curl_common+=(\
|
||||
--header "Accept: application/vnd.github+json" \
|
||||
--header "X-GitHub-Api-Version: 2022-11-28" \
|
||||
)
|
||||
fi
|
||||
# declare -p curl_common
|
||||
echo GET "$url_keys"
|
||||
resp="$("''${curl_common[@]}" "$url_keys")"
|
||||
for url in $(echo "$resp" | jq .[].url -r); do
|
||||
echo DELETE "$url"
|
||||
"''${curl_common[@]}" "$url" -X DELETE
|
||||
done
|
||||
|
||||
new_keys=(${lib.escapeShellArgs (lib.mapAttrsToList (label: sshKey: builtins.toJSON {
|
||||
key = sshKey;
|
||||
title = label;
|
||||
}) config.vacu.ssh.authorizedKeys)})
|
||||
for keydata in "''${new_keys[@]}"; do
|
||||
echo POST "$api_keys"
|
||||
"''${curl_common[@]}" "$url_keys" -X POST --data "$keydata"
|
||||
done
|
||||
''
|
||||
@@ -1,35 +0,0 @@
|
||||
{
|
||||
config,
|
||||
writers,
|
||||
curl,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
writers.writeBashBin "update-gitea-keys" ''
|
||||
set -xev
|
||||
gitea_api_key="$(${lib.getExe config.vacu.wrappedSops} --extract '["git.uninsane.org"]' -d ${../secrets/misc/git-keys.json})"
|
||||
api_base="https://git.uninsane.org/api/v1"
|
||||
api_keys="$api_base/user/keys"
|
||||
curl_common=( \
|
||||
${lib.getExe curl} \
|
||||
--header "Authorization: token $gitea_api_key" \
|
||||
--header "Content-Type: application/json" \
|
||||
)
|
||||
# declare -p curl_common
|
||||
echo GET "$api_keys"
|
||||
resp="$("''${curl_common[@]}" "$api_keys")"
|
||||
for url in $(echo "$resp" | jq .[].url -r); do
|
||||
echo DELETE "$url"
|
||||
"''${curl_common[@]}" "$url" -X DELETE
|
||||
done
|
||||
|
||||
new_keys=(${lib.escapeShellArgs (lib.mapAttrsToList (label: sshKey: builtins.toJSON {
|
||||
key = sshKey;
|
||||
read_only = false;
|
||||
title = label;
|
||||
}) config.vacu.ssh.authorizedKeys)})
|
||||
for keydata in "''${new_keys[@]}"; do
|
||||
echo POST "$api_keys"
|
||||
"''${curl_common[@]}" "$api_keys" -X POST --data "$keydata"
|
||||
done
|
||||
''
|
||||
53
secrets/misc/cloudns.json
Normal file
53
secrets/misc/cloudns.json
Normal file
@@ -0,0 +1,53 @@
|
||||
{
|
||||
"auth_password": "ENC[AES256_GCM,data:UD8l+CrofmN9g439uTOtCyP5378VX+f856dxuFDTzfCa8B+7,iv:6hgG+py3EC4cMLkhG72O5HJfbQF5Q+APq6wBsMQVRjw=,tag:KA4AupZKFdHEBzEBnd3/1A==,type:str]",
|
||||
"auth_id": "ENC[AES256_GCM,data:4cBXpVc=,iv:WPh6+xp02CMBohmxWu6UdNA3KMRSghbSQYuU0lZyUMo=,tag:+zU0EBEwLgqYC0NmW31Qtw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1dzdf4rgep3ctk3dnrmrqtdgrchaa8nszfc4dp29gqwsst3z6jyrq57vfsj",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3YW9haUtvVVRkZWVqa1Zv\nOERucllIenc3VFJkMzAvM1paTWxNaVA4MlhRCmZVNGpvdmhrUnJDYTMyWExNVVNW\nQWw2MDBPUnozTWpzTERiaExYVkJUd0kKLS0tIEFPRUhjZVdBTXZQdFFUQ0NnYU5P\nYlkvaUgzQjVORTNvTDFKYXJJYW1pTGMKW2rUNzNWsvQ9vzf+jwSBOC8OjVL30HDZ\nK8QC30Z4PUtKTk5HA7KcFfGVT8UbJc6Z4IRm6dIV6lczmctZiuAXLQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1rz75dqzfd6gulwh270ukmt5amcau6j8dpxgzx8fm6u8sjkyx9usq69y4s2",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdGxOMkNFcnRWd2EzaGVV\nNGdxTDUzM1FnY21tUUtJOEhaM0RFU2ZZbXc0CkIzVXBNY0Z4dmlVRnpHZGt6dzY4\ncW80b0lCdCtJMnQ2aXJyclpiT1BlWG8KLS0tIE4vV2gwZjBVSmc0Y3ExZUdXQnJL\nMU9EOWNNRDJualAvUjNOWlZCMjdHSU0K33nP6rM7k9er+8gC2cozXF3M7WNAPb3y\ny5ecWeGnIJe1Q3BwpqXUmxWswE95VYq6g4RCJ2TbHIJWgK6HLJoamg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age13x0f3glnz4jvqty2v92cxrrnjcna6ed4qegrhulw9jjy08zuy3aqzvrfc6",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzM0kyMHZ2UEpaYzMzMFRo\nV3IvYVI0RTVUM29pSnhYUFBpUlVnM3BUcEZBClpCL1c1cmFaRzZDU2tQY2hJQzNx\nb2ZvdTRBMVNTS01XdTJiYnljMzhiUFkKLS0tIGFuR05CYTZhbVdZMERCVUcrRTFO\nQWREQW9DU3pmOFRJczVBdTA0VFdwZ0UKuhijkZjfHrOrQ28WF0lsrh1YYcDjohJF\nHimoJrsMFf21bsWMPGsRXvvQWouMhhzDtp3ZzaR/jhwzqnNp6I2gWw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age13j6l33g0ghk4vezn0qwfal2qmcgqwkv89ejwezpe3n47mw8yxyuslj6y7d",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHcHlmTVJ1d3ZRc09WMU5p\nbmd4TzZNVisyWm1PZFBmMXpBcmd6N3ZmL0JBCnBqZzZCNVFObHpZZzd3cXBuaEVR\nZjJCdTRLalhBTnpEN21NYzRQUnFrbjgKLS0tIDJIVDlFZzJuK1pnYklaZnRWOEgz\nNkxLNSsxbzR4cUo0TVVsajNLeXZvZEkKCqo8Hw+CoO+lpKXxI1+3Pkw6iNcaJlzU\n7HE78dhMH2C01Phn9BOFY3FATxo68wYxzLWUt90iGwtnxT1K509GGg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1vla9w33lsp03s46p9p6gc2mvr844vthdqhc2hzau2ph6h60gmyqqh9sf57",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWnlkYUI3ZFIxR1dBZzNi\nNDRGT2xIZFhyWCs3SHk5Q0toWmZUc3F3RTFVCnZtZUFzNDdOMnlQWVlYVjJnYlJN\nV2xXM3F4N3RVTzVFZE5Zb1BkcjI1cUUKLS0tIHdiQTJTQlpJQlNycElCamN5MGth\nWnNKMnlEQTExbis3dktsWDliaU9IelUK/fxqRPnRbD+KCvYMI4m5K17cLI2/xEbL\nbsGdj8E0TAtzqRL4iBOQfb6xJC5AqcmHEhvFnnxEouNUXMsw5/1Ggg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1jy8mxcndkw6zd6q99tjgz3gsynn78x2lwtrff85u6ud9g9y9z5mspvhufl",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Zi80ZHU0WnVjMlpycVov\nWE9UNldKRmdMR2xkNVNuQ0NPWHNzTUg4cEU0CmhjdGhEdG5GWkxKUUdRUzMzN0RL\nRHo1QkdSaDNxTy9RVDd5TGtpZUpaRmMKLS0tIG1TTFdrNC9MREd2K0NIdmNscjB5\nQlpGMVdmK2wvQnVxMXJkeTdYbXJtZ0EK12lVIHRp/GxD4F0oMsiOmy4RC5iJEkle\ngvTGPFJkiJJJe36vMx34WdKq++6fwma624E75S4P5qmiVIeadDihGw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age148huz6rc3q9xx5t873ncx75sja2sazlescwspxl7lsmxsqkz0apsy8cldp",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUYm5Ca0NId3AyRUwxRU1q\nR0NvSUk3YmJvOVRvbTVkVjZ0ZzVxaEFtcGpFCjg3V2ZhUk9RM09ZNVRGVEhUZHZ0\nekNid3NtUVZyTTlZSFU1QkQ0amtEcUkKLS0tIDlTdTBpdDE3VHkyVHhHekZDUEdP\nRUNpdm9ENHhCWCsxbk9aOVFmeFBwUzQKJzTxCMPaYYsmjoGyEbuimDWpq5Oq8oMx\n2LXkQHYdmBi090o4ocfkHiR1SS3w6XNI8IBcQK1flobXYejI9E5yKA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age197a33mlf5294amjx59hycctu6wm4l3cu3w7n9rv3fs9340ql64rqjzpr7s",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR21LYis4SXFxcE1PeXQ3\nelpxRTJ3Y2svRnc1ZTkvVk9lTUhFSmVneWc4CnJMT05ZQnBySDBuZ2lqcnc3eHlv\neWdKUi81aWlhY3pySzhoSjdwUlhMN0kKLS0tIDRWWFR5Q0oyZ09GdlF1a0JmeVdl\nOTV4TUhWdVBVRFhxQlB0ajFSS1FnNHcKMq1FSE3OecwHopvkShKQYSFQihzFkMrG\nFRpPqWcUzaXpib8f4YQrYmLJiihGCpfovv5+NHEQB8BMEu7UNY/emw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1sqj8z3feqm2dk3gj8mxpfn5dpqnsmus862e8ayd0d4cdresqffdswcf9ru",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1YnJVMmpSNDlicUh6UEJR\nL1JUZVlxeUhmTGpUeXNtUmc2NmZGc3NObldVCitHOUgyOXFibnR3WUZRdjc3TExZ\nK0lxRUJCY3ozZExlNzRack5jTTR4aFkKLS0tIGVoOTRCNW5Yb2NVd09ZU0kzSlNV\nVWxuYjVCM3lvZHhQeU05R09WNWQwU2MKNM9VU6KE/0AUzww/qdMQoXMpZ9MT5rIK\nOvltRcVvQR1lZqiox4W1zYfw3JTlficQ31C+wSMHy4aBSlnik7hzxw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-10-24T06:58:19Z",
|
||||
"mac": "ENC[AES256_GCM,data:P5ipojcOVW0V/4J7Txj9v4RONAzqIIG71guYkqHZ/yJNrFIjVn+db3qLNbNmeKz73rbPdXYpZGM5dIwXiF9pzLAW+t3pYABGvnBT/l1cN1tYS4BCs+e6n0KqKho/Aust/QTDIuYkoAyRwD7HD/OXW8V5SJtiuaqAlX9gzDLILs8=,iv:oUxrQbPTgL/RfdGvw9rnx/mU4RklD2uet/3XRQH0pq4=,tag:wj3ehRASFcW1g6Yf8XxSKQ==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.1"
|
||||
}
|
||||
}
|
||||
@@ -1,6 +1,7 @@
|
||||
{
|
||||
"git.uninsane.org": "ENC[AES256_GCM,data:g1oZA7s16sl6tBsUy+aAUChYBomgxht08dzghBakmJ/13YrM/Pf7WQ==,iv:v3CXUaLwIdEtg6ZWiCqqZ1JSkWOlnWnGSOzNVAx5gvs=,tag:jkQGgxRMBggokRNUdW2jLQ==,type:str]",
|
||||
"gitlab.com": "ENC[AES256_GCM,data:A2+dsAgvVJsqgGOHcPsw7F5bSTg8H3icd+g=,iv:v9QVy7vP/XEHw0lHBjedvWFrsGvyDlAEF+yFL1voiQc=,tag:0kqgQOIn90MBjiNRHjiRrg==,type:str]",
|
||||
"github.com": "ENC[AES256_GCM,data:fpY8KxwIYGvIWAHKH7cmwCO4j7fPx+625Buvhu4OdJIpcDXJrpjTsQ==,iv:4W2YvZ01XjzJUX3yXx9H+kxtylYRma4wA/YWL2W6kPc=,tag:WswVoBWgzjrpz9nPQfVV3w==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
@@ -44,8 +45,8 @@
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPek9CVk5pQW1EUUhabW5E\nTWFjdFdlVVFnZlcvQWlOTk5YZTVTRWdMMmtRCkJwWjlWREdjRUhEL2R4bFRBQ3Aw\nZjdJMCtVZDErZE5wcnloR2lvVnJHSDgKLS0tIDAwajE2YTA4UFo1SmJEVUtpN2hX\nMkkzYjZOVDYvSlRGT3RJTzdySlJleXMKor4NR2gIkfvDi25eKrzLki+biWf3dVZS\niCSBxy+tpbtiO9fK8LPrz9jJp1tBism7VTIF6WBuj97GjMGHIOz43Q==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-10-24T05:45:04Z",
|
||||
"mac": "ENC[AES256_GCM,data:YDaQymYafZxGSlQSE7k68nBXqfTt2RIXueXVP1qA776MdZU1RP9Iyay3+2a5JmH4nSmoziU4y0kEEkmz0+22cmtHxzp+RafDcgdBld3qTtNqrM+u7PN0jxa3+41nk/P/YytezW1xwtVOJ/kMQS2fBuQiBixzAwT9EAme9IudyhA=,iv:d4mq3CIRg6hXIp1HBm5zFHNkIlDI6gDjiXv0IqW9o6s=,tag:9lg47/MiL23MSAEkVF2uwQ==,type:str]",
|
||||
"lastmodified": "2024-10-24T05:55:24Z",
|
||||
"mac": "ENC[AES256_GCM,data:ntQuFNOlw0CqRQO6hLOwocSyNs04KzlPlpr4k+Vxw5BOoRhDeLAvyrcrfduDw2vh9OUhHaNyc15j5J8s5akAVsf1DSfnK5HUbBB6Qp4W8YkCCAP+S8d6/iBniqlWsJeioVAX/mNXwUaFe7zZ2WDp1s/LebO2hSld1MHkW+uZGXQ=,iv:7pgK+ZqWEgWY01ugIzR5EuK4TljdFkrRvayN5AOh0Qs=,tag:zt1EaL86geu0ucHZR6WHIQ==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.1"
|
||||
|
||||
Reference in New Issue
Block a user