diff options
Diffstat (limited to 'old/bin')
| -rwxr-xr-x | old/bin/copy-secrets | 69 | ||||
| -rwxr-xr-x | old/bin/genid | 11 | ||||
| -rwxr-xr-x | old/bin/netmask-to-prefix | 12 | ||||
| -rwxr-xr-x | old/bin/nixos-query | 4 | ||||
| -rwxr-xr-x | old/bin/urlencode | 35 |
5 files changed, 131 insertions, 0 deletions
diff --git a/old/bin/copy-secrets b/old/bin/copy-secrets new file mode 100755 index 000000000..f40493599 --- /dev/null +++ b/old/bin/copy-secrets @@ -0,0 +1,69 @@ +#! /bin/sh +# +# copy-secrets system_name target +# +set -euf + +system_name=$1 +target=$2 + +nixos_config=$config_root/modules/$system_name +secrets_nix=$secrets_root/$system_name/nix +secrets_rsync=$secrets_root/$system_name/rsync + +if ! test -e "$secrets_rsync"; then + exit # nothing to do +fi + +# XXX this is ugly +# Notice NIX_PATH used from host +# Notice secrets required to evaluate configuration +NIX_PATH=$NIX_PATH:nixos-config=$PWD/modules/$system_name +NIX_PATH=$NIX_PATH:secrets=$PWD/secrets/$system_name/nix +export NIX_PATH + +case $(nixos-query tv.retiolum.enable 2>/dev/null) in true) + retiolum_secret=$(nixos-query tv.retiolum.privateKeyFile) + retiolum_uid=$(nixos-query users.extraUsers.retiolum-tinc.uid) +esac + +case $(nixos-query services.ejabberd-cd.enable 2>/dev/null) in true) + ejabberd_secret=$(nixos-query services.ejabberd-cd.certFile) + ejabberd_uid=$(nixos-query users.extraUsers.ejabberd.uid) +esac + +case $(nixos-query tv.consul.enable 2>/dev/null) in true) + consul_secret=$(nixos-query tv.consul.encrypt-file) + consul_uid=$(nixos-query users.extraUsers.consul.uid) +esac + +(set -x + rsync \ + --rsync-path="mkdir -p \"$2\" && rsync" \ + -vzrlptD \ + "$secrets_rsync/" \ + "$target:/") + +ssh "$target" -T <<EOF +set -euf + +retiolum_secret=${retiolum_secret-} +retiolum_uid=${retiolum_uid-} +ejabberd_secret=${ejabberd_secret-} +ejabberd_uid=${ejabberd_uid-} +consul_secret=${consul_secret-} +consul_uid=${consul_uid-} + +if test -n "\$retiolum_secret"; then + chown -v "\$retiolum_uid:0" "\$retiolum_secret" +fi + +if test -n "\$ejabberd_secret"; then + chown -v "\$ejabberd_uid:0" "\$ejabberd_secret" +fi + +if test -n "\$consul_secret"; then + chown -v "\$consul_uid:0" "\$consul_secret" +fi + +EOF diff --git a/old/bin/genid b/old/bin/genid new file mode 100755 index 000000000..8e2240746 --- /dev/null +++ b/old/bin/genid @@ -0,0 +1,11 @@ +#! /bin/sh +# usage: genid NAME +set -euf +name=$1 +hash=$(printf %s "$name" | sha1sum | cut -d\ -f1 | tr a-f A-F) +echo " + min=2^16 # bigger than nobody and nogroup, see <nixos/modules/misc/ids.nix> + max=2^32 # see 2^(8*sizeof(uid_t)) + ibase=16 + ($hash + min) % max +" | bc diff --git a/old/bin/netmask-to-prefix b/old/bin/netmask-to-prefix new file mode 100755 index 000000000..1c4dbeb28 --- /dev/null +++ b/old/bin/netmask-to-prefix @@ -0,0 +1,12 @@ +#! /bin/sh +set -euf + +netmask=$1 + +binaryNetmask=$(echo $1 | sed 's/^/obase=2;/;s/\./;/g' | bc | tr -d \\n) +binaryPrefix=$(echo $binaryNetmask | sed -n 's/^\(1*\)0*$/\1/p') +if ! echo $binaryPrefix | grep -q .; then + echo $0: bad netmask: $netmask >&2 + exit 4 +fi +printf %s $binaryPrefix | tr -d 0 | wc -c diff --git a/old/bin/nixos-query b/old/bin/nixos-query new file mode 100755 index 000000000..1111aead5 --- /dev/null +++ b/old/bin/nixos-query @@ -0,0 +1,4 @@ +#! /bin/sh +set -euf +result=$(nix-instantiate -A config."$1" --eval --json '<nixos>') +echo $result | jq -r . diff --git a/old/bin/urlencode b/old/bin/urlencode new file mode 100755 index 000000000..02ca03075 --- /dev/null +++ b/old/bin/urlencode @@ -0,0 +1,35 @@ +#! /bin/sh +set -euf +exec sed ' + s/%/%25/g + s/ /%20/g + s/!/%21/g + s/"/%22/g + s/#/%23/g + s/\$/%24/g + s/\&/%26/g + s/'\''/%27/g + s/(/%28/g + s/)/%29/g + s/\*/%2a/g + s/+/%2b/g + s/,/%2c/g + s/-/%2d/g + s/\./%2e/g + s/\//%2f/g + s/:/%3a/g + s/;/%3b/g + s//%3e/g + s/?/%3f/g + s/@/%40/g + s/\[/%5b/g + s/\\/%5c/g + s/\]/%5d/g + s/\^/%5e/g + s/_/%5f/g + s/`/%60/g + s/{/%7b/g + s/|/%7c/g + s/}/%7d/g + s/~/%7e/g +' |