From a5de9aea3755c5eb9d5529030e460ff0ea0bf32f Mon Sep 17 00:00:00 2001
From: Chris Kruining <c.kruining@4dotnet.nl>
Date: Thu, 5 Mar 2026 11:39:41 +0100
Subject: [PATCH] feat: add poor mans version of clan vars

---
 .just/vars.just                  | 18 ++++++++++++++++--
 script/qbittorrent/hash.py       | 19 +++++++++++++++++++
 script/qbittorrent/password      |  3 +++
 script/qbittorrent/password_hash |  3 +++
 4 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 script/qbittorrent/hash.py
 create mode 100644 script/qbittorrent/password
 create mode 100644 script/qbittorrent/password_hash

diff --git a/.just/vars.just b/.just/vars.just
index 2c16d1b..7f464fb 100644
--- a/.just/vars.just
+++ b/.just/vars.just
@@ -1,7 +1,7 @@
 set unstable := true
 set quiet := true
 
-base_path := invocation_directory() / "systems/x86_64-linux"
+base_path := justfile_directory() + "/systems/x86_64-linux"
 
 _default:
     just --list vars
@@ -25,7 +25,7 @@ edit machine:
 
 [doc('Get var by {key} from {machine}')]
 get machine key:
-    sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g')"
+    sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g') // \"\""
 
 [doc('Remove var by {key} for {machine}')]
 remove machine key:
@@ -36,6 +36,20 @@ remove machine key:
 
     echo "Done"
 
+[doc('Remove var by {key} for {machine}')]
+[script]
+generate machine:
+    for key in $(nix eval --apply 'builtins.attrNames' --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets | jq -r '.[]'); do
+        # Skip if there's no script
+        [ -f "{{ justfile_directory() }}/script/$key" ] || continue
+
+        # Skip if we already have a value
+        [ $(just vars get {{ machine }} "$key" | jq -r) ] && continue
+
+        echo "Executing script for $key"
+        just vars set {{ machine }} "$key" "$(cd -- "$(dirname "{{ justfile_directory() }}/script/$key")" && source "./$(basename $key)")"
+    done
+
 [script]
 check:
     cd ..
diff --git a/script/qbittorrent/hash.py b/script/qbittorrent/hash.py
new file mode 100644
index 0000000..a92343f
--- /dev/null
+++ b/script/qbittorrent/hash.py
@@ -0,0 +1,19 @@
+#!/usr/bin/bash
+
+import base64
+import hashlib
+import sys
+import uuid
+
+password = sys.argv[1]
+salt = uuid.uuid4()
+salt_bytes = salt.bytes
+
+password = str.encode(password)
+hashed_password = hashlib.pbkdf2_hmac("sha512", password, salt_bytes, 100000, dklen=64)
+b64_salt = base64.b64encode(salt_bytes).decode("utf-8")
+b64_password = base64.b64encode(hashed_password).decode("utf-8")
+password_string = "@ByteArray({salt}:{password})".format(
+    salt=b64_salt, password=b64_password
+)
+print(password_string)
diff --git a/script/qbittorrent/password b/script/qbittorrent/password
new file mode 100644
index 0000000..85fc69f
--- /dev/null
+++ b/script/qbittorrent/password
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+pwgen -s 128 1
diff --git a/script/qbittorrent/password_hash b/script/qbittorrent/password_hash
new file mode 100644
index 0000000..86ba315
--- /dev/null
+++ b/script/qbittorrent/password_hash
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+python ./hash.py "$(just vars get ulmo qbittorrent/password | jq -r)"