DGNum/infrastructure
9
5
Fork 3
Code Issues 31 Pull requests 30 Projects 1 Releases Packages Wiki Activity Actions
infrastructure/modules/nixos/ntfy-sh/ntfy-acl.py
catvayor ec050d0323
All checks were successful
Check meta / check_meta (pull_request) Successful in 14s
Details
Check meta / check_dns (push) Successful in 16s
Details
Check meta / check_meta (push) Successful in 16s
Details
Check meta / check_dns (pull_request) Successful in 17s
Details
Check workflows / check_workflows (pull_request) Successful in 17s
Details
Run pre-commit on all files / pre-commit (push) Successful in 29s
Details
Run pre-commit on all files / pre-commit (pull_request) Successful in 30s
Details
Build all the nodes / ap01 (pull_request) Successful in 42s
Details
Build all the nodes / geo01 (pull_request) Successful in 53s
Details
Build all the nodes / cof02 (pull_request) Successful in 55s
Details
Build all the nodes / bridge01 (pull_request) Successful in 58s
Details
Build all the nodes / geo02 (pull_request) Successful in 56s
Details
Build all the nodes / build01 (pull_request) Successful in 1m0s
Details
Build all the nodes / hypervisor02 (pull_request) Successful in 58s
Details
Build all the nodes / hypervisor03 (pull_request) Successful in 58s
Details
Build all the nodes / hypervisor01 (pull_request) Successful in 59s
Details
Build all the nodes / netaccess01 (pull_request) Successful in 22s
Details
Build all the nodes / netcore00 (pull_request) Successful in 22s
Details
Build all the nodes / netcore02 (pull_request) Successful in 23s
Details
Build all the nodes / netcore01 (pull_request) Successful in 23s
Details
Build all the nodes / iso (pull_request) Successful in 1m6s
Details
Build all the nodes / compute01 (pull_request) Successful in 1m22s
Details
Build all the nodes / lab-router01 (pull_request) Successful in 45s
Details
Build the shell / build-shell (pull_request) Successful in 23s
Details
Build all the nodes / krz01 (pull_request) Successful in 1m37s
Details
Build all the nodes / tower01 (pull_request) Successful in 46s
Details
Build all the nodes / web02 (pull_request) Successful in 48s
Details
Build all the nodes / rescue01 (pull_request) Successful in 1m7s
Details
Build all the nodes / web03 (pull_request) Successful in 58s
Details
Build all the nodes / vault01 (pull_request) Successful in 1m10s
Details
Build all the nodes / web01 (pull_request) Successful in 1m9s
Details
Build all the nodes / storage01 (pull_request) Successful in 1m43s
Details
fix(ntfy-sh): various typos and bug
2025-05-21 10:55:56 +02:00

89 lines
2.6 KiB
Python
Raw Blame History

#!@python3@/bin/python
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
import json
import sqlite3
import subprocess
def ntfy(*args: str, env=None):
subprocess.run(["@ntfy@"] + list(args), env=env).check_returncode()
def create_user(u: str, role: str, passwordFile: str, hashedPassword: str):
# Create the user with the required role and password
if passwordFile != None:
with open(passwordFile) as pwd_fp:
env = {"NTFY_PASSWORD": pwd_fp.read().strip()}
ntfy("user", "add", f"--role={role}", u, env=env)
else:
env = {"NTFY_PASSWORD": hashedPassword}
ntfy("user", "add", f"--role={role}", u, env=env)
# HACK: add does not supports hashedPassword entry
ntfy("user", "change-pass-hash", u, env=env)
def update_user(u: str, role: str, passwordFile: str, hashedPassword: str):
# Update the user with the required role and password
if passwordFile != None:
with open(passwordFile) as pwd_fp:
env = {"NTFY_PASSWORD": pwd_fp.read().strip()}
ntfy("user", "change-pass", u, env=env)
else:
env = {"NTFY_PASSWORD": hashedPassword}
ntfy("user", "change-pass-hash", u, env=env)
ntfy("user", "change-role", u, role)
# Compare the ACL file path to the one used to get the actual data
try:
with open("/var/lib/ntfy-sh/.acl-path") as acl_path_fp:
acl_path: str = acl_path_fp.read().strip()
except OSError:
print("[!] Cannot open .acl-path")
exit(1)
if acl_path == "@acl_file@":
print("[-] Unchanged ACL file, exiting")
exit(0)
else:
print("[+] ACL file has changed, updating data")
# Get the wanted state
with open("@acl_file@") as acl_fp:
acl_data = json.load(acl_fp)
# Connect to the db to recover the list of current users
with sqlite3.connect("@user_db@") as con:
c = con.cursor()
existing_users: set[str] = set(map(lambda e: e[0], c.execute("SELECT user FROM user"))) - {"*"}
wanted_users: set[str] = set(acl_data["users"].keys())
# Delete extraneous users
for user in existing_users - wanted_users:
ntfy("user", "del", user)
# Create new users
for user in wanted_users - existing_users:
create_user(user, **acl_data["users"][user])
# Update existing users
for user in existing_users & wanted_users:
update_user(user, **acl_data["users"][user])
# Reset ACL rules
ntfy("access", "--reset")
for rule in acl_data["access"]:
ntfy("access", rule["username"], rule["topic"], rule["permission"])
# Write the new ACL file path
with open("/var/lib/ntfy-sh/.acl-path", "w") as f:
f.write("@acl_file@")
Reference in a new issue View git blame Copy permalink