Encoded Passwords #23

Merged
inex merged 3 commits from escaped-passwords into master 2022-04-06 20:13:42 +03:00
1 changed files with 11 additions and 5 deletions

View File

@ -5,9 +5,15 @@
set -e -o pipefail
makeConf() {
export HASHED_PASSWORD=$( mkpasswd -m sha-512 "$PASSWORD" )
# Skip everything if main config already present
[[ -e /etc/nixos/configuration.nix ]] && return 0
if [[ $PASSWORD == null ]]; then
export PASSWORD=$(printf $ENCODED_PASSWORD | base64 --decode)
fi
export ESCAPED_PASSWORD=$(printf $ENCODED_PASSWORD | base64 --decode | jq -Rs .)
export HASHED_PASSWORD=$( mkpasswd -m sha-512 "$PASSWORD" )
# NB <<"EOF" quotes / $ ` in heredocs, <<EOF does not
mkdir -p /etc/nixos
@ -44,8 +50,8 @@ makeConf() {
"hostname": "$HOSTNAME",
"nextcloud": {
"enable": true,
"adminPassword": "$PASSWORD",
"databasePassword": "$PASSWORD"
"adminPassword": $ESCAPED_PASSWORD,
"databasePassword": $ESCAPED_PASSWORD
},
"gitea": {
"enable": true
@ -60,7 +66,7 @@ makeConf() {
"enable": true
},
"timezone": "Europe/Uzhgorod",
"resticPassword": "$PASSWORD",
"resticPassword": $ESCAPED_PASSWORD,
"username": "$LUSER"
}
EOF
@ -338,7 +344,7 @@ infect() {
[ "$PROVIDER" = "digitalocean" ] && doNetConf=y # digitalocean requires detailed network config to be generated
apt update
apt install -y git tar wget curl whois
apt install -y git tar wget curl whois jq
checkEnv
prepareEnv
makeSwap # smallest (512MB) droplet needs extra memory!