def update_passwords(metadata):
result = {
'dns-update': {
'updates': {}
}
}
for name, data in metadata.get('dns-update', {}).get('updates', {}).items():
result['dns-update']['updates'][name] = {}
if 'private_hash' in data:
result['dns-update']['updates'][name]['private'] = teamvault.file(data['private_hash'], site='benjamin-borbe')
if 'key_hash' in data:
result['dns-update']['updates'][name]['key'] = teamvault.file(data['key_hash'], site='benjamin-borbe')
return result
def collect_vars(script: dict) -> dict:
var_dict = script.get('vars', {})
script['vars'] = var_dict # just for the case it was empty
if CONFIG['teamvault']:
for key, secret in script.get('secrets', {}).items():
sid, field = secret.split('_')
if field == 'password':
var_dict[key] = bwtv.password(sid)
elif field == 'username':
var_dict[key] = bwtv.username(sid)
elif field == 'file':
var_dict[key] = bwtv.file(sid)
else:
raise UnknownSecretTypeException(field)
for syskey, system in script.get('systems', {}).items():
var_dict[f'system_{syskey}'] = system
return var_dict
def collect_vars(script: dict) -> dict:
var_dict = script.get('vars', {})
if var_dict is None:
LOG.warning(
'Vars section defined, but empty!\nThis is illegal, either remove the section or add variables.'
)
var_dict = {}
script['vars'] = var_dict # just for the case it was empty
if CONFIG['teamvault']:
for key, secret in script.get('secrets', {}).items():
sid, field = secret.split('_')
if field == 'password':
var_dict[key] = bwtv.password(sid)
elif field == 'username':
var_dict[key] = bwtv.username(sid)
elif field == 'file':
var_dict[key] = bwtv.file(sid)
else:
raise UnknownSecretTypeException(field)
for syskey, system in script.get('systems', {}).items():
# DEPRECATED, use SYSTEMS instead
var_dict[f'system_{syskey}'] = system.replace('hostname!', '')
return var_dict
'mosquitto': {
'enabled': True,
'username': teamvault.username('9qNx3O', site='benjamin-borbe'),
'password': teamvault.password('9qNx3O', site='benjamin-borbe'),
},
'iptables': {
'enabled': True,
'nat_interfaces': [],
'rules': {
'filter': {
# allow forward
'-A FORWARD -j ACCEPT',
},
},
},
'dns-update': {
'enabled': True,
'updates': {
'home.benjamin-borbe.de': {
'zone': 'benjamin-borbe.de',
'node': 'home',
'dns-server': 'ns.rocketsource.de',
'ip-url': 'https://ip.benjamin-borbe.de',
'private': teamvault.file('aL50O8', site='benjamin-borbe'),
'key': teamvault.file('9L64w3', site='benjamin-borbe'),
},
},
},
},
}
from os import walk
from os.path import join
from collections.abc import Sequence, Mapping
import tomlkit
from bundlewrap.metadata import atomic
import bwtv as teamvault
# convert magicstrings in toml nodes
converters = {
'decrypt': lambda x: vault.decrypt(x),
'decrypt_file': lambda x: vault.decrypt_file(x),
'teamvault_file': lambda x: teamvault.file(x),
'teamvault_username': lambda x: teamvault.username(x),
'teamvault_password': lambda x: teamvault.password(x),
}
def demagify(data):
if isinstance(data, str):
for name, converter in converters.items():
if data.startswith(f'!{name}:'):
return converter(data[len(name) + 2:])
else:
return data
elif isinstance(data, Sequence):
return [demagify(element) for element in data]
elif isinstance(data, Mapping):
return {key: demagify(value) for key, value in data.items()}