do not pass DB_PASSWORD, but generate

This commit is contained in:
Alexander Tomokhov 2023-12-27 18:01:57 +04:00
parent 967377f171
commit c31521e1ca
2 changed files with 9 additions and 7 deletions

View file

@ -33,7 +33,6 @@ steps:
API_TOKEN="$USER_PASS" API_TOKEN="$USER_PASS"
CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/0f886d76e93dd366db7c53a8f6b672702910b99b.tar.gz CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/0f886d76e93dd366db7c53a8f6b672702910b99b.tar.gz
DB_PASSWORD="$USER_PASS"
DNS_PROVIDER_TOKEN=$CLOUDFLARE_TOKEN DNS_PROVIDER_TOKEN=$CLOUDFLARE_TOKEN
DNS_PROVIDER_TYPE=CLOUDFLARE DNS_PROVIDER_TYPE=CLOUDFLARE
DOMAIN=$DOMAIN DOMAIN=$DOMAIN

View file

@ -12,7 +12,6 @@
: "${DNS_PROVIDER_TYPE:?DNS_PROVIDER_TYPE variable is not set}" : "${DNS_PROVIDER_TYPE:?DNS_PROVIDER_TYPE variable is not set}"
: "${STAGING_ACME:?STAGING_ACME variable is not set}" : "${STAGING_ACME:?STAGING_ACME variable is not set}"
: "${DNS_PROVIDER_TOKEN:?DNS_PROVIDER_TOKEN variable is not set}" : "${DNS_PROVIDER_TOKEN:?DNS_PROVIDER_TOKEN variable is not set}"
: "${DB_PASSWORD:?DB_PASSWORD variable is not set}"
: "${ENCODED_PASSWORD:?ENCODED_PASSWORD variable is not set}" : "${ENCODED_PASSWORD:?ENCODED_PASSWORD variable is not set}"
: "${NIX_VERSION:?NIX_VERSION variable is not set}" : "${NIX_VERSION:?NIX_VERSION variable is not set}"
: "${NIXOS_CONFIG_ID:?NIXOS_CONFIG_ID variable is not set}" : "${NIXOS_CONFIG_ID:?NIXOS_CONFIG_ID variable is not set}"
@ -60,13 +59,16 @@ EOF
} }
genSecrets() { genSecrets() {
local dbpass
dbpass="$(shuf --random-source=/dev/urandom -erz -n32 {A..Z} {a..z} {0..9} | tr -d '\n')"
cat << EOF cat << EOF
{ {
"api": { "api": {
"token": "$API_TOKEN", "token": "$API_TOKEN",
"skippedMigrations": ["migrate_to_selfprivacy_channel", "mount_volume"] "skippedMigrations": ["migrate_to_selfprivacy_channel", "mount_volume"]
}, },
"databasePassword": "$DB_PASSWORD", "databasePassword": "$dbpass",
"dns": { "dns": {
"apiKey": "$DNS_PROVIDER_TOKEN" "apiKey": "$DNS_PROVIDER_TOKEN"
}, },
@ -374,7 +376,8 @@ checkEnv() {
req xzcat || { echo "ERROR: Missing xzcat"; return 1; } req xzcat || { echo "ERROR: Missing xzcat"; return 1; }
req awk || { echo "ERROR: Missing awk"; return 1; } req awk || { echo "ERROR: Missing awk"; return 1; }
req cut || req df || { echo "ERROR: Missing coreutils (cut, df)"; return 1; } req cut || req df || { echo "ERROR: Missing coreutils (cut, df)"; return 1; }
req mkpasswd || { echo "ERROR: Missing mkpasswd"; return 1; } req mkpasswd || { echo "ERROR: Missing mkpasswd"; return 1; }
req shuf || { echo "ERROR: Missing shuf"; return 1; }
} }
# Download and execute the nix installer script. # Download and execute the nix installer script.
@ -464,11 +467,11 @@ infect() {
/nix/var/nix/profiles/system/sw/bin/nix-collect-garbage /nix/var/nix/profiles/system/sw/bin/nix-collect-garbage
} }
set -o pipefail set -o errtrace
set -o nounset set -o nounset
set -o errexit set -o pipefail
set -o xtrace
shopt -s inherit_errexit shopt -s inherit_errexit
trap 'echo ${LINENO}: "$BASH_COMMAND"; exit 1' ERR
genNetworkingConf genNetworkingConf