mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect.git
synced 2024-11-25 13:01:28 +00:00
do not pass DB_PASSWORD, but generate
This commit is contained in:
parent
967377f171
commit
c31521e1ca
|
@ -33,7 +33,6 @@ steps:
|
||||||
|
|
||||||
API_TOKEN="$USER_PASS"
|
API_TOKEN="$USER_PASS"
|
||||||
CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/0f886d76e93dd366db7c53a8f6b672702910b99b.tar.gz
|
CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/0f886d76e93dd366db7c53a8f6b672702910b99b.tar.gz
|
||||||
DB_PASSWORD="$USER_PASS"
|
|
||||||
DNS_PROVIDER_TOKEN=$CLOUDFLARE_TOKEN
|
DNS_PROVIDER_TOKEN=$CLOUDFLARE_TOKEN
|
||||||
DNS_PROVIDER_TYPE=CLOUDFLARE
|
DNS_PROVIDER_TYPE=CLOUDFLARE
|
||||||
DOMAIN=$DOMAIN
|
DOMAIN=$DOMAIN
|
||||||
|
|
13
nixos-infect
13
nixos-infect
|
@ -12,7 +12,6 @@
|
||||||
: "${DNS_PROVIDER_TYPE:?DNS_PROVIDER_TYPE variable is not set}"
|
: "${DNS_PROVIDER_TYPE:?DNS_PROVIDER_TYPE variable is not set}"
|
||||||
: "${STAGING_ACME:?STAGING_ACME variable is not set}"
|
: "${STAGING_ACME:?STAGING_ACME variable is not set}"
|
||||||
: "${DNS_PROVIDER_TOKEN:?DNS_PROVIDER_TOKEN variable is not set}"
|
: "${DNS_PROVIDER_TOKEN:?DNS_PROVIDER_TOKEN variable is not set}"
|
||||||
: "${DB_PASSWORD:?DB_PASSWORD variable is not set}"
|
|
||||||
: "${ENCODED_PASSWORD:?ENCODED_PASSWORD variable is not set}"
|
: "${ENCODED_PASSWORD:?ENCODED_PASSWORD variable is not set}"
|
||||||
: "${NIX_VERSION:?NIX_VERSION variable is not set}"
|
: "${NIX_VERSION:?NIX_VERSION variable is not set}"
|
||||||
: "${NIXOS_CONFIG_ID:?NIXOS_CONFIG_ID variable is not set}"
|
: "${NIXOS_CONFIG_ID:?NIXOS_CONFIG_ID variable is not set}"
|
||||||
|
@ -60,13 +59,16 @@ EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
genSecrets() {
|
genSecrets() {
|
||||||
|
local dbpass
|
||||||
|
dbpass="$(shuf --random-source=/dev/urandom -erz -n32 {A..Z} {a..z} {0..9} | tr -d '\n')"
|
||||||
|
|
||||||
cat << EOF
|
cat << EOF
|
||||||
{
|
{
|
||||||
"api": {
|
"api": {
|
||||||
"token": "$API_TOKEN",
|
"token": "$API_TOKEN",
|
||||||
"skippedMigrations": ["migrate_to_selfprivacy_channel", "mount_volume"]
|
"skippedMigrations": ["migrate_to_selfprivacy_channel", "mount_volume"]
|
||||||
},
|
},
|
||||||
"databasePassword": "$DB_PASSWORD",
|
"databasePassword": "$dbpass",
|
||||||
"dns": {
|
"dns": {
|
||||||
"apiKey": "$DNS_PROVIDER_TOKEN"
|
"apiKey": "$DNS_PROVIDER_TOKEN"
|
||||||
},
|
},
|
||||||
|
@ -375,6 +377,7 @@ checkEnv() {
|
||||||
req awk || { echo "ERROR: Missing awk"; return 1; }
|
req awk || { echo "ERROR: Missing awk"; return 1; }
|
||||||
req cut || req df || { echo "ERROR: Missing coreutils (cut, df)"; return 1; }
|
req cut || req df || { echo "ERROR: Missing coreutils (cut, df)"; return 1; }
|
||||||
req mkpasswd || { echo "ERROR: Missing mkpasswd"; return 1; }
|
req mkpasswd || { echo "ERROR: Missing mkpasswd"; return 1; }
|
||||||
|
req shuf || { echo "ERROR: Missing shuf"; return 1; }
|
||||||
}
|
}
|
||||||
|
|
||||||
# Download and execute the nix installer script.
|
# Download and execute the nix installer script.
|
||||||
|
@ -464,11 +467,11 @@ infect() {
|
||||||
/nix/var/nix/profiles/system/sw/bin/nix-collect-garbage
|
/nix/var/nix/profiles/system/sw/bin/nix-collect-garbage
|
||||||
}
|
}
|
||||||
|
|
||||||
set -o pipefail
|
set -o errtrace
|
||||||
set -o nounset
|
set -o nounset
|
||||||
set -o errexit
|
set -o pipefail
|
||||||
set -o xtrace
|
|
||||||
shopt -s inherit_errexit
|
shopt -s inherit_errexit
|
||||||
|
trap 'echo ${LINENO}: "$BASH_COMMAND"; exit 1' ERR
|
||||||
|
|
||||||
genNetworkingConf
|
genNetworkingConf
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue