def collect_vars(script: dict) -> dict:
var_dict = script.get('vars', {})
script['vars'] = var_dict # just for the case it was empty
if CONFIG['teamvault']:
for key, secret in script.get('secrets', {}).items():
sid, field = secret.split('_')
if field == 'password':
var_dict[key] = bwtv.password(sid)
elif field == 'username':
var_dict[key] = bwtv.username(sid)
elif field == 'file':
var_dict[key] = bwtv.file(sid)
else:
raise UnknownSecretTypeException(field)
for syskey, system in script.get('systems', {}).items():
var_dict[f'system_{syskey}'] = system
return var_dict
def collect_vars(script: dict) -> dict:
var_dict = script.get('vars', {})
if var_dict is None:
LOG.warning(
'Vars section defined, but empty!\nThis is illegal, either remove the section or add variables.'
)
var_dict = {}
script['vars'] = var_dict # just for the case it was empty
if CONFIG['teamvault']:
for key, secret in script.get('secrets', {}).items():
sid, field = secret.split('_')
if field == 'password':
var_dict[key] = bwtv.password(sid)
elif field == 'username':
var_dict[key] = bwtv.username(sid)
elif field == 'file':
var_dict[key] = bwtv.file(sid)
else:
raise UnknownSecretTypeException(field)
for syskey, system in script.get('systems', {}).items():
# DEPRECATED, use SYSTEMS instead
var_dict[f'system_{syskey}'] = system.replace('hostname!', '')
return var_dict
def timemachine_users(metadata):
result = {'users': {}}
if metadata.get('timemachine', {}).get('enabled', False):
for username, data in metadata.get('timemachine', {}).get('users',
{}).items():
path = data.get('path', '')
if len(path) == 0:
raise Exception('path missing')
if 'password_hash' in data:
password = teamvault.password(data['password_hash'],
site='benjamin-borbe')
else:
password = data.get('password', '')
if len(password) == 0:
raise Exception('password missing')
result['users'][username] = {
'enabled': True,
'home': path,
'shell': '/bin/false',
'password': password,
'salt': 'w9AVl6dZcq4i3Q3d',
}
return result
'eth0': {
'address': '192.168.178.6',
'netmask': '255.255.255.0',
'gateway': '192.168.178.1',
},
},
},
'co2mon': {
'enabled': True,
'device': '/dev/co2mini0',
'co2-name': 'HZ_CO2',
'temperatur-name': 'HZ_TEMP',
'mqtt-host': 'rasp3.hm.benjamin-borbe.de',
'mqtt-queue': 'co2mon',
'mqtt-username': teamvault.username('9qNx3O',
site='benjamin-borbe'),
'mqtt-password': teamvault.password('9qNx3O',
site='benjamin-borbe'),
},
'golang': {
'enabled': True,
'arch': 'armv6l',
'version': '1.15.6',
'os': 'linux',
},
'iptables': {
'enabled': True,
},
},
}
import bwtv as teamvault
groups['meta-docker'] = {
'member_patterns': (r'.*', ),
'metadata': {
'docker': {
'login': {
'docker.benjamin-borbe.de': {
'username':
teamvault.username('7qGQOW', site='benjamin-borbe'),
'password':
teamvault.password('7qGQOW', site='benjamin-borbe'),
},
},
},
},
}
from os.path import join
from collections.abc import Sequence, Mapping
import tomlkit
from bundlewrap.metadata import atomic
import bwtv as teamvault
# convert magicstrings in toml nodes
converters = {
'decrypt': lambda x: vault.decrypt(x),
'decrypt_file': lambda x: vault.decrypt_file(x),
'teamvault_file': lambda x: teamvault.file(x),
'teamvault_username': lambda x: teamvault.username(x),
'teamvault_password': lambda x: teamvault.password(x),
}
def demagify(data):
if isinstance(data, str):
for name, converter in converters.items():
if data.startswith(f'!{name}:'):
return converter(data[len(name) + 2:])
else:
return data
elif isinstance(data, Sequence):
return [demagify(element) for element in data]
elif isinstance(data, Mapping):
return {key: demagify(value) for key, value in data.items()}
else:
actions = {}
groups = {}
users = {}
if node.metadata.get('controller', {}).get('enabled', False):
groups['controller'] = {}
files['/lib/systemd/system/controller.service'] = {
'group': 'root',
'mode': '0644',
'needed_by': ['svc_systemd:controller'],
'owner': 'root',
'source': 'controller.service',
'content_type': 'mako',
'context': {
'token': teamvault.password('QL3QQw', site='benjamin-borbe'),
},
'triggers': [
'action:systemd-reload',
'svc_systemd:controller:restart',
],
}
svc_systemd['controller'] = {
'needs': [
'file:/lib/systemd/system/controller.service',
'user:controller',
'group:controller',
'action:git_pull_hue',
'action:install_golang',
],
import bwtv as teamvault
groups['meta-monit'] = {
'subgroup_patterns': (r".+", ),
'metadata': {
'monit': {
'enabled': True,
'mailserver': {
'sender': teamvault.username('KwRoO7', site='benjamin-borbe'),
'recipient': '*****@*****.**',
'server': 'mail.benjamin-borbe.de',
'port': 587,
'username': teamvault.username('KwRoO7',
site='benjamin-borbe'),
'password': teamvault.password('KwRoO7',
site='benjamin-borbe'),
},
},
},
}