feat: add poor mans version of clan vars

2026-03-05 11:39:41 +01:00 · 2026-03-05 11:39:41 +01:00 · a5de9aea37
commit a5de9aea37
parent 13ca5cadd4
4 changed files with 41 additions and 2 deletions
--- a/.just/vars.just
+++ b/.just/vars.just
@ -1,7 +1,7 @@
 set unstable := true
 set quiet := true

-base_path := invocation_directory() / "systems/x86_64-linux"
+base_path := justfile_directory() + "/systems/x86_64-linux"

 _default:
    just --list vars
@ -25,7 +25,7 @@ edit machine:

 [doc('Get var by {key} from {machine}')]
 get machine key:
-    sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g')"
+    sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g') // \"\""

 [doc('Remove var by {key} for {machine}')]
 remove machine key:
@ -36,6 +36,20 @@ remove machine key:

    echo "Done"

+[doc('Remove var by {key} for {machine}')]
+[script]
+generate machine:
+    for key in $(nix eval --apply 'builtins.attrNames' --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets | jq -r '.[]'); do
+        # Skip if there's no script
+        [ -f "{{ justfile_directory() }}/script/$key" ] || continue
+
+        # Skip if we already have a value
+        [ $(just vars get {{ machine }} "$key" | jq -r) ] && continue
+
+        echo "Executing script for $key"
+        just vars set {{ machine }} "$key" "$(cd -- "$(dirname "{{ justfile_directory() }}/script/$key")" && source "./$(basename $key)")"
+    done
+
 [script]
 check:
    cd ..
--- a/script/qbittorrent/hash.py
+++ b/script/qbittorrent/hash.py
@ -0,0 +1,19 @@
+#!/usr/bin/bash
+
+import base64
+import hashlib
+import sys
+import uuid
+
+password = sys.argv[1]
+salt = uuid.uuid4()
+salt_bytes = salt.bytes
+
+password = str.encode(password)
+hashed_password = hashlib.pbkdf2_hmac("sha512", password, salt_bytes, 100000, dklen=64)
+b64_salt = base64.b64encode(salt_bytes).decode("utf-8")
+b64_password = base64.b64encode(hashed_password).decode("utf-8")
+password_string = "@ByteArray({salt}:{password})".format(
+    salt=b64_salt, password=b64_password
+)
+print(password_string)
--- a/script/qbittorrent/password
+++ b/script/qbittorrent/password
@ -0,0 +1,3 @@
+#!/bin/bash
+
+pwgen -s 128 1
--- a/script/qbittorrent/password_hash
+++ b/script/qbittorrent/password_hash
@ -0,0 +1,3 @@
+#!/bin/bash
+
+python ./hash.py "$(just vars get ulmo qbittorrent/password | jq -r)"