forked from UCCNetsoc/NaC
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathproxmox_secrets.sh
executable file
·48 lines (41 loc) · 1.38 KB
/
proxmox_secrets.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/bin/bash
# Source this script extract ENV from the Ansible Vault for Proxmox secrets
# PM_API_URL, PM_USER, PM_PASS
# Wow! https://stackoverflow.com/a/21189044
parse_yaml() {
local prefix=$2
local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
sed -ne "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \
-e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 |
awk -F$fs '$3 !~ /\(/{
indent = length($1)/2;
vname[indent] = $2;
for (i in vname) {if (i > indent) {delete vname[i]}}
if (length($3) > 0) {
vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("_")}
printf("%s%s%s=\"%s\"\n", "'$prefix'",vn, $2, $3);
}
}'c
}
editor=$EDITOR
export EDITOR=cat
if [[ -z "${VAULT_PASS}" ]]; then
echo -n "Vault password: "
read -s vault_pass
echo "$vault_pass" > ./_vault_pass
export VAULT_PASS=$vault_pass
else
echo "$VAULT_PASS" > ./_vault_pass
fi
echo ""
ansible-vault edit vars/secrets.yml --vault-password-file ./_vault_pass > ./_secrets.yml
eval $(parse_yaml _secrets.yml "yaml_")
rm _secrets.yml
rm _vault_pass
export EDITOR=$editor
export PM_USER=$yaml_vault_proxmox_username
export PM_PASS=$yaml_vault_proxmox_password
for f in *.sh; do
alias "${f::-3}"="$(pwd)/$f"
done
echo "All .sh scripts in NaC are global. EG: 'run provision-infra-web.yml' maps to './run.sh provision-infra-web.yml'"