catvayor
3b3b61d795
Some checks failed
Check meta / check_meta (pull_request) Successful in 19s
Check meta / check_dns (pull_request) Successful in 19s
Check workflows / check_workflows (pull_request) Successful in 19s
Run pre-commit on all files / pre-commit (push) Failing after 28s
Build all the nodes / netcore00 (pull_request) Successful in 27s
Build all the nodes / netaccess01 (pull_request) Successful in 28s
Build all the nodes / netcore01 (pull_request) Successful in 28s
Run pre-commit on all files / pre-commit (pull_request) Failing after 34s
Build all the nodes / ap01 (pull_request) Successful in 42s
Build all the nodes / netcore02 (pull_request) Successful in 30s
Build all the nodes / hypervisor01 (pull_request) Successful in 57s
Build all the nodes / hypervisor03 (pull_request) Successful in 1m3s
Build all the nodes / bridge01 (pull_request) Successful in 1m6s
Build all the nodes / geo02 (pull_request) Successful in 1m6s
Build all the nodes / geo01 (pull_request) Successful in 1m6s
Build all the nodes / cof02 (pull_request) Successful in 1m7s
Build all the nodes / lab-router01 (pull_request) Successful in 1m7s
Build all the nodes / hypervisor02 (pull_request) Successful in 1m8s
Build all the nodes / build01 (pull_request) Successful in 1m15s
Build the shell / build-shell (pull_request) Failing after 15s
Build all the nodes / iso (pull_request) Successful in 1m22s
Build all the nodes / compute01 (pull_request) Successful in 1m25s
Build all the nodes / tower01 (pull_request) Successful in 57s
Build all the nodes / rescue01 (pull_request) Successful in 1m7s
Build all the nodes / vault01 (pull_request) Successful in 1m4s
Build all the nodes / web02 (pull_request) Successful in 54s
Build all the nodes / krz01 (pull_request) Successful in 1m40s
Build all the nodes / storage01 (pull_request) Successful in 1m16s
Build all the nodes / web03 (pull_request) Successful in 50s
Build all the nodes / web01 (pull_request) Failing after 1m40s
86 lines
2.5 KiB
Python
86 lines
2.5 KiB
Python
#!@python3@/bin/python
|
|
|
|
import json
|
|
import sqlite3
|
|
import subprocess
|
|
|
|
|
|
def ntfy(*args: str, env=None):
|
|
subprocess.run(["ntfy"] + list(args), env=env).check_returncode()
|
|
|
|
|
|
def create_user(u: str, role: str, passwordFile: str, hashedPassword: str):
|
|
# Create the user with the required role and password
|
|
if passwordFile != None:
|
|
with open(passwordFile) as pwd_fp:
|
|
env = {"NTFY_PASSWORD": pwd_fp.read().strip()}
|
|
|
|
ntfy("user", "add", f"--role={role}", u, env=env)
|
|
else:
|
|
env = {"NTFY_PASSWORD": hashedPassword}
|
|
|
|
ntfy("user", "add", f"--role={role}", u, env=env)
|
|
# HACK: add does not supports hashedPassword entry
|
|
ntfy("user", "change-pass-hash", u, env=env)
|
|
|
|
def update_user(u: str, role: str, passwordFile: str, hashedPassword: str):
|
|
# Update the user with the required role and password
|
|
if passwordFile != None:
|
|
with open(passwordFile) as pwd_fp:
|
|
env = {"NTFY_PASSWORD": pwd_fp.read().strip()}
|
|
|
|
ntfy("user", "change-pass", u, env=env)
|
|
else:
|
|
env = {"NTFY_PASSWORD": hashedPassword}
|
|
|
|
ntfy("user", "change-pass-hash", u, env=env)
|
|
|
|
ntfy("user", "change-role", u, role)
|
|
|
|
|
|
# Compare the ACL file path to the one used to get the actual data
|
|
try:
|
|
with open("/var/lib/ntfy-sh/.acl-path") as acl_path_fp:
|
|
acl_path: str = acl_path_fp.read().strip()
|
|
except OSError:
|
|
print("[!] Cannot open .acl-path")
|
|
exit(1)
|
|
|
|
if acl_path == "@acl_file@":
|
|
print("[-] Unchanged ACL file, exiting")
|
|
exit(0)
|
|
else:
|
|
print("[+] ACL file has changed, updating data")
|
|
|
|
# Get the wanted state
|
|
with open("@acl_file@") as acl_fp:
|
|
acl_data = json.load(acl_fp)
|
|
|
|
# Connect to the db to recover the list of current users
|
|
with sqlite3.connect("@user_db@") as con:
|
|
c = con.cursor()
|
|
existing_users: set[str] = set(c.execute("SELECT user FROM user")) - {"*"}
|
|
|
|
wanted_users: set[str] = set(acl_data["users"].keys())
|
|
|
|
# Delete extraneous users
|
|
for user in existing_users - wanted_users:
|
|
ntfy("user", "del", user)
|
|
|
|
# Create new users
|
|
for user in wanted_users - existing_users:
|
|
create_user(user, **acl_data["users"][user])
|
|
|
|
# Update existing users
|
|
for user in existing_users & wanted_users:
|
|
update_user(user, **acl_data["users"][user])
|
|
|
|
# Reset ACL rules
|
|
ntfy("access", "--reset")
|
|
|
|
for rule in acl_data["access"]:
|
|
ntfy("access", rule["user"], rule["topic"], rule["permission"])
|
|
|
|
# Write the new ACL file path
|
|
with open("/var/lib/ntfy-sh/.acl-path", "w") as f:
|
|
f.write("@acl_file@")
|