JustScreaMy/pyinfra
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

WiP reworking bw2secrets

Browse source
This commit is contained in:
Jakub Kropáček 2024-07-23 17:13:11 +02:00
parent fb5c2a1bab
commit c3ba2b4a27
4 changed files with 52 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
scripts/bw2secrets
View file

@ -4,11 +4,47 @@ import getpass
import shutil import shutil
import subprocess as sp import subprocess as sp
from pathlib import Path from pathlib import Path
from typing import Literal
import jinja2 import jinja2
bitwarden_session = None bitwarden_session = None
TemplateEnvType = Literal["password", "username"]
def fetch_secret(bw_path: Path, secret_id: str, object_type: str = "password") -> str:
global bitwarden_session
res = sp.run(
[bw_path, "get", object_type, secret_id, "--session", bitwarden_session],
capture_output=True,
text=True,
)
res.check_returncode()
return res.stdout
class TemplateEnv:
bw_path: Path
env_type: TemplateEnvType
cached_items: dict[str, str]
def __init__(self, _type: TemplateEnvType, bw_path: Path):
self.env_type = _type
self.bw_path = bw_path
self.cached_items = dict()
def __getitem__(self, item):
print(f"{self.env_type} {self.cached_items}")
if cached_item := self.cached_items.get(item):
return cached_item
self.cached_items[item] = fetch_secret(
self.bw_path,
item,
self.env_type,
)
return self.cached_items[item]
def _add_args(parser: argparse.ArgumentParser): def _add_args(parser: argparse.ArgumentParser):
parser.add_argument( parser.add_argument(
@ -52,37 +88,29 @@ def sync_bw_session(bw_path: Path):
def find_templates(base_dirs: set[Path]) -> set[Path]: def find_templates(base_dirs: set[Path]) -> set[Path]:
env_templates: set[Path] = set() env_templates: set[Path] = set()
for path in base_dirs: for path in base_dirs:
for env_template in path.glob(f"{path}/**/*.template"): for env_template in path.glob("**/*.template"):
env_templates.add(env_template) env_templates.add(env_template)
return env_templates return env_templates
def fetch_secret(bw_path: Path, secret_id: str) -> str: # def secret_filter(bw_path: Path, secret_id: str) -> str:
global bitwarden_session # return fetch_secret(bw_path, secret_id)
res = sp.run(
[bw_path, "get", "password", secret_id, "--session", bitwarden_session],
capture_output=True,
text=True,
)
res.check_returncode()
return res.stdout
def secret_filter(bw_path: Path, secret_id: str) -> str:
return fetch_secret(bw_path, secret_id)
def compile_file(file_path: Path, bw_path: Path): def compile_file(file_path: Path, bw_path: Path):
jinja_env = jinja2.Environment( jinja_env = jinja2.Environment(
loader=jinja2.FileSystemLoader(file_path.parent), loader=jinja2.FileSystemLoader(file_path.parent),
) )
jinja_env.filters['secret'] = lambda secret_id: secret_filter( username = TemplateEnv("username", bw_path)
bw_path, secret_id, password = TemplateEnv("password", bw_path)
)
template = jinja_env.get_template(file_path.name) template = jinja_env.get_template(file_path.name)
rendered_template = template.render() rendered_template = template.render(
dict(
username=username,
password=password,
),
)
file_path.with_name( file_path.with_name(
file_path.name.replace( file_path.name.replace(
".template", "", ".template", "",

4
services/immich/.env.template
View file

@ -1,8 +1,8 @@
UPLOAD_LOCATION=/mnt/data/immich UPLOAD_LOCATION=/mnt/data/immich
DB_PASSWORD={{ 'fc4c389b-f598-4f42-940b-eaeabecd8359' | secret }} DB_PASSWORD={{ password['fc4c389b-f598-4f42-940b-eaeabecd8359'] }}
DB_HOSTNAME=database DB_HOSTNAME=database
DB_USERNAME=immich DB_USERNAME={{ username['fc4c389b-f598-4f42-940b-eaeabecd8359'] }}
DB_DATABASE_NAME=immich DB_DATABASE_NAME=immich
REDIS_HOSTNAME=redis REDIS_HOSTNAME=redis

4
services/joplin/.env.template
View file

@ -1,5 +1,5 @@
HOST=joplin.togetherdays.cz HOST=joplin.togetherdays.cz
POSTGRES_PASSWORD={{ '9562334a-3e01-4b07-9068-89e9b8f51b85' | secret }} POSTGRES_PASSWORD={{ password['9562334a-3e01-4b07-9068-89e9b8f51b85'] }}
POSTGRES_DATABASE=joplin POSTGRES_DATABASE=joplin
POSTGRES_USER=joplin POSTGRES_USER=joplin
POSTGRES_PORT=5432 POSTGRES_PORT=5432
@ -8,6 +8,6 @@ MAILER_HOST=smtp.seznam.cz
MAILER_PORT=465 MAILER_PORT=465
MAILER_SECURITY=tls MAILER_SECURITY=tls
MAILER_AUTH_USER=mailer@togetherdays.cz MAILER_AUTH_USER=mailer@togetherdays.cz
MAILER_AUTH_PASSWORD={{ 'bd699710-f430-4ec8-815b-2019fa94132f' | secret }} MAILER_AUTH_PASSWORD={{ password['bd699710-f430-4ec8-815b-2019fa94132f'] }}
MAILER_NOREPLY_NAME=no-reply MAILER_NOREPLY_NAME=no-reply
MAILER_NOREPLY_EMAIL=mailer@togetherdays.cz MAILER_NOREPLY_EMAIL=mailer@togetherdays.cz

2
services/photoprism/.env_file.template
View file

@ -36,7 +36,7 @@ PHOTOPRISM_DATABASE_DRIVER=mysql
PHOTOPRISM_DATABASE_SERVER=mariadb:3306 PHOTOPRISM_DATABASE_SERVER=mariadb:3306
PHOTOPRISM_DATABASE_NAME=photoprism PHOTOPRISM_DATABASE_NAME=photoprism
PHOTOPRISM_DATABASE_USER=photoprism PHOTOPRISM_DATABASE_USER=photoprism
PHOTOPRISM_DATABASE_PASSWORD={{ 'f1a35ea8-bc34-4a89-ad23-037e6dfa10f0' | secret }} PHOTOPRISM_DATABASE_PASSWORD={{ password['f1a35ea8-bc34-4a89-ad23-037e6dfa10f0'] }}
PHOTOPRISM_SITE_CAPTION=Gallery PHOTOPRISM_SITE_CAPTION=Gallery
PHOTOPRISM_SITE_DESCRIPTION= PHOTOPRISM_SITE_DESCRIPTION=