mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect.git
synced 2025-01-15 05:16:38 +00:00
drone: pass USER_PASS without base64
This commit is contained in:
parent
ac5a9c3517
commit
ccf32a3172
|
@ -18,7 +18,7 @@ steps:
|
|||
commands:
|
||||
# Create infect user script and then push it to a remote machine on server creation.
|
||||
- echo '#! /usr/bin/env bash' > infect.sh
|
||||
- echo "curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$INFECT_SOURCE_BRANCH/nixos-infect | PROVIDER=hetzner DOMAIN=$DOMAIN LUSER=cicdcicd ENCODED_PASSWORD=\"$(printf $USER_PASS | base64)\" CF_TOKEN=$CLOUDFLARE_TOKEN DB_PASSWORD=$USER_PASS API_TOKEN=$USER_PASS HOSTNAME=selfprivacy-ci-test DNS_PROVIDER_TYPE=CLOUDFLARE STAGING_ACME=false NIX_VERSION=2.18.1 NIXOS_CONFIG_NAME=sp-nixos CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/master.tar.gz bash 2>&1 | tee /root/infect.log" >> infect.sh
|
||||
- echo "curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$INFECT_SOURCE_BRANCH/nixos-infect | PROVIDER=hetzner DOMAIN=$DOMAIN LUSER=cicdcicd USER_PASS=\"$USER_PASS\" CF_TOKEN=$CLOUDFLARE_TOKEN DB_PASSWORD=\"$USER_PASS\" API_TOKEN=\"$USER_PASS\" HOSTNAME=selfprivacy-ci-test DNS_PROVIDER_TYPE=CLOUDFLARE STAGING_ACME=true NIX_VERSION=2.18.1 NIXOS_CONFIG_NAME=sp-nixos CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/master.tar.gz bash 2>&1 | tee /root/infect.log" >> infect.sh
|
||||
- http -v --check-status --ignore-stdin POST https://api.hetzner.cloud/v1/servers Authorization:"Bearer $PASSWORD" name=ci-sibling server_type=cx11 start_after_create:=true image=ubuntu-20.04 user_data=@infect.sh automount:=false location=fsn1
|
||||
|
||||
- name: dns
|
||||
|
|
16
nixos-infect
16
nixos-infect
|
@ -13,7 +13,7 @@
|
|||
: "${STAGING_ACME:?STAGING_ACME variable is not set}"
|
||||
: "${CF_TOKEN:?CF_TOKEN variable is not set}"
|
||||
: "${DB_PASSWORD:?DB_PASSWORD variable is not set}"
|
||||
: "${ENCODED_PASSWORD:?ENCODED_PASSWORD variable is not set}"
|
||||
: "${USER_PASS:?USER_PASS variable is not set}"
|
||||
: "${NIX_VERSION:?NIX_VERSION variable is not set}"
|
||||
: "${NIXOS_CONFIG_NAME:?NIXOS_CONFIG_NAME variable is not set}"
|
||||
: "${CONFIG_URL:?CONFIG_URL variable is not set}"
|
||||
|
@ -23,9 +23,8 @@ readonly SECRETS_FILEPATH="/etc/selfprivacy/secrets.json"
|
|||
|
||||
# Merge original userdata.json with deployment specific fields and print result.
|
||||
genUserdata() {
|
||||
local password HASHED_PASSWORD userdata_infect
|
||||
password=$(printf "%s" "$ENCODED_PASSWORD" | base64 --decode)
|
||||
HASHED_PASSWORD=$(mkpasswd -m sha-512 "$password")
|
||||
local HASHED_PASSWORD userdata_infect
|
||||
HASHED_PASSWORD="$(mkpasswd -m sha-512 "$USER_PASS")"
|
||||
|
||||
userdata_infect=$(cat << EOF
|
||||
{
|
||||
|
@ -49,9 +48,6 @@ EOF
|
|||
}
|
||||
|
||||
genSecrets() {
|
||||
local ESCAPED_PASSWORD
|
||||
ESCAPED_PASSWORD=$(printf "%s" "$ENCODED_PASSWORD" | base64 --decode | jq -Rs .)
|
||||
|
||||
cat << EOF
|
||||
{
|
||||
"api": {
|
||||
|
@ -64,11 +60,11 @@ genSecrets() {
|
|||
},
|
||||
"modules": {
|
||||
"nextcloud": {
|
||||
"adminPassword": $ESCAPED_PASSWORD,
|
||||
"databasePassword": $ESCAPED_PASSWORD
|
||||
"adminPassword": "$USER_PASS",
|
||||
"databasePassword": "$USER_PASS"
|
||||
}
|
||||
},
|
||||
"resticPassword": $ESCAPED_PASSWORD
|
||||
"resticPassword": "$USER_PASS"
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue