pass ENCODED_PASSWORD to nixos-infect instead of USER_PASS

This commit is contained in:
Alexander Tomokhov 2023-12-27 17:59:09 +04:00
parent 659c539f38
commit 967377f171
2 changed files with 11 additions and 2 deletions

View file

@ -19,6 +19,9 @@ steps:
INFECT_COMMIT_SHA: ${DRONE_COMMIT_SHA} INFECT_COMMIT_SHA: ${DRONE_COMMIT_SHA}
commands: commands:
- set -o nounset
- > # TODO pass Base64 encoded password from Drone instead of this
ENCODED_PASSWORD="$(base64 <<<"$USER_PASS")"
# Create infect user script and then push it to a remote machine on server creation. # Create infect user script and then push it to a remote machine on server creation.
- | - |
cat << EOF > infect.sh cat << EOF > infect.sh
@ -34,6 +37,7 @@ steps:
DNS_PROVIDER_TOKEN=$CLOUDFLARE_TOKEN DNS_PROVIDER_TOKEN=$CLOUDFLARE_TOKEN
DNS_PROVIDER_TYPE=CLOUDFLARE DNS_PROVIDER_TYPE=CLOUDFLARE
DOMAIN=$DOMAIN DOMAIN=$DOMAIN
ENCODED_PASSWORD="$ENCODED_PASSWORD"
HOSTNAME=selfprivacy-ci-test HOSTNAME=selfprivacy-ci-test
LUSER=cicdcicd LUSER=cicdcicd
NIXOS_CONFIG_ID=default NIXOS_CONFIG_ID=default
@ -41,7 +45,6 @@ steps:
PROVIDER=hetzner PROVIDER=hetzner
SSH_AUTHORIZED_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBb3yVhYF4slhf1iQCiGLOVcbGKP/MmkQiEMl2un+4K" SSH_AUTHORIZED_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBb3yVhYF4slhf1iQCiGLOVcbGKP/MmkQiEMl2un+4K"
STAGING_ACME=true STAGING_ACME=true
USER_PASS="$USER_PASS"
curl --fail https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/commit/$INFECT_COMMIT_SHA/nixos-infect \ curl --fail https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/commit/$INFECT_COMMIT_SHA/nixos-infect \
| bash 2>&1 | tee /root/nixos-infect.log | bash 2>&1 | tee /root/nixos-infect.log

View file

@ -13,7 +13,7 @@
: "${STAGING_ACME:?STAGING_ACME variable is not set}" : "${STAGING_ACME:?STAGING_ACME variable is not set}"
: "${DNS_PROVIDER_TOKEN:?DNS_PROVIDER_TOKEN variable is not set}" : "${DNS_PROVIDER_TOKEN:?DNS_PROVIDER_TOKEN variable is not set}"
: "${DB_PASSWORD:?DB_PASSWORD variable is not set}" : "${DB_PASSWORD:?DB_PASSWORD variable is not set}"
: "${USER_PASS:?USER_PASS variable is not set}" : "${ENCODED_PASSWORD:?ENCODED_PASSWORD variable is not set}"
: "${NIX_VERSION:?NIX_VERSION variable is not set}" : "${NIX_VERSION:?NIX_VERSION variable is not set}"
: "${NIXOS_CONFIG_ID:?NIXOS_CONFIG_ID variable is not set}" : "${NIXOS_CONFIG_ID:?NIXOS_CONFIG_ID variable is not set}"
: "${CONFIG_URL:?CONFIG_URL variable is not set}" : "${CONFIG_URL:?CONFIG_URL variable is not set}"
@ -293,6 +293,12 @@ findESP() {
} }
prepareEnv() { prepareEnv() {
if ! USER_PASS="$(base64 -d <<<"$ENCODED_PASSWORD")"; then
echo "Error decoding ENCODED_PASSWORD from Base64!"
exit 1
fi
readonly USER_PASS
isEFI=0 isEFI=0
[ -d /sys/firmware/efi ] && isEFI=1 [ -d /sys/firmware/efi ] && isEFI=1