git.delta.rocks / jrsonnet / refs/commits / fb6d3038c4a7

1pub mod build_systems;1pub mod build_systems;
2// pub mod fetch_keys;
3pub mod generate_secrets;
4pub mod secrets;2pub mod secrets;
53

1use chrono::{DateTime, Utc};
1use serde::{Deserialize, Serialize};2use serde::{Deserialize, Serialize};
2use std::collections::BTreeMap;3use std::collections::BTreeMap;
34
4#[derive(Serialize, Deserialize, Default)]5#[derive(Serialize, Deserialize, Default)]
6#[serde(rename_all = "camelCase")]
5pub struct HostData {7pub struct HostData {
8	#[serde(default)]
9	#[serde(skip_serializing_if = "String::is_empty")]
10	pub encryption_key: String,
11}
12
13#[derive(Serialize, Deserialize)]
14pub struct FleetData {
6	#[serde(default)]15	#[serde(default)]
7	pub encryption_key: String,16	pub hosts: BTreeMap<String, HostData>,
8	#[serde(default)]17	#[serde(default)]
18	#[serde(skip_serializing_if = "BTreeMap::is_empty")]
9	pub encrypted_secrets: BTreeMap<String, String>,19	pub secrets: BTreeMap<String, FleetSecret>,
10}20}
1121
12#[derive(Serialize, Deserialize)]22#[derive(Serialize, Deserialize)]
23#[serde(rename_all = "camelCase")]
13pub struct FleetData {24pub struct FleetSecret {
25	pub owners: Vec<String>,
14	#[serde(default)]26	#[serde(default)]
27	#[serde(skip_serializing_if = "Option::is_none")]
28	pub expire_at: Option<DateTime<Utc>>,
15	pub hosts: BTreeMap<String, HostData>,29	pub data: BTreeMap<String, String>,
16}30}
1731

20		let host = data.hosts.entry(host.to_string()).or_default();20		let host = data.hosts.entry(host.to_string()).or_default();
21		host.encryption_key = key.trim().to_string();21		host.encryption_key = key.trim().to_string();
22	}22	}
23	pub fn update_secret(&self, host: &str, name: &str, value: &[u8]) {
24		let mut data = self.data_mut();
25		let host = data.hosts.entry(host.to_string()).or_default();
26		host.encrypted_secrets.insert(
27			name.to_string(),
28			format!("[ENCRYPTED:{}]", base64::encode(value)),
29		);
30	}
3123
32	pub fn key(&self, host: &str) -> anyhow::Result<String> {24	pub fn key(&self, host: &str) -> anyhow::Result<String> {
33		if let Some(key) = self.cached_key(host) {25		if let Some(key) = self.cached_key(host) {
34			Ok(key)26			Ok(key)
35		} else {27		} else {
36			warn!("Loading key for {}", host);28			warn!("Loading key for {}", host);
37			let key = self29			let key = self
38				.command_on("host", "cat", false)30				.command_on(&host, "cat", false)
39				.arg("/etc/ssh/ssh_host_ed25519_key.pub")31				.arg("/etc/ssh/ssh_host_ed25519_key.pub")
40				.run_string()?;32				.run_string()?;
41			self.update_key(host, key.clone());33			self.update_key(host, key.clone());

5pub mod keys;5pub mod keys;
66
7pub mod cmds;7pub mod cmds;
8pub mod db;
9pub mod nix;8pub mod nix;
109
11mod fleetdata;10mod fleetdata;
1211
13use anyhow::Result;12use anyhow::Result;
14use clap::Clap;13use clap::Clap;
1514
16use cmds::{build_systems::BuildSystems, generate_secrets::GenerateSecrets, secrets::Secrets};15use cmds::{build_systems::BuildSystems, secrets::Secrets};
17use host::{Config, FleetOpts};16use host::{Config, FleetOpts};
1817
19#[derive(Clap)]18#[derive(Clap)]
20#[clap(version = "1.0", author = "CertainLach <iam@lach.pw>")]19#[clap(version = "1.0", author = "CertainLach <iam@lach.pw>")]
21enum Opts {20enum Opts {
22	/// Force generation of missing secrets
23	GenerateSecrets(GenerateSecrets),
24	/// Prepare systems for deployments21	/// Prepare systems for deployments
25	BuildSystems(BuildSystems),22	BuildSystems(BuildSystems),
26	/// Secret management23	/// Secret management
38fn run_command(config: &Config, command: Opts) -> Result<()> {35fn run_command(config: &Config, command: Opts) -> Result<()> {
39	match command {36	match command {
40		Opts::BuildSystems(c) => c.run(config)?,37		Opts::BuildSystems(c) => c.run(config)?,
41		Opts::GenerateSecrets(c) => c.run()?,
42		Opts::Secrets(s) => s.run(config)?,38		Opts::Secrets(s) => s.run(config)?,
43	};39	};
44	Ok(())40	Ok(())