catvayor
fdc80e65d4
All checks were successful
Check meta / check_dns (pull_request) Successful in 15s
Check workflows / check_workflows (pull_request) Successful in 17s
Build all the nodes / Jaccess04 (pull_request) Successful in 23s
Check meta / check_meta (pull_request) Successful in 27s
Run pre-commit on all files / pre-commit (pull_request) Successful in 30s
Build all the nodes / Jaccess01 (pull_request) Successful in 37s
Run pre-commit on all files / pre-commit (push) Successful in 40s
Build all the nodes / netcore01 (pull_request) Successful in 25s
Build all the nodes / netcore02 (pull_request) Successful in 25s
Build all the nodes / geo02 (pull_request) Successful in 50s
Build all the nodes / hypervisor03 (pull_request) Successful in 51s
Build all the nodes / ap01 (pull_request) Successful in 53s
Build all the nodes / build01 (pull_request) Successful in 57s
Build all the nodes / hypervisor01 (pull_request) Successful in 1m10s
Build all the nodes / bridge01 (pull_request) Successful in 1m12s
Build all the nodes / hypervisor02 (pull_request) Successful in 1m10s
Build all the nodes / geo01 (pull_request) Successful in 1m12s
Build all the nodes / lab-router01 (pull_request) Successful in 1m3s
Build all the nodes / cof02 (pull_request) Successful in 1m23s
Build all the nodes / iso (pull_request) Successful in 1m24s
Build all the nodes / compute01 (pull_request) Successful in 1m25s
Build the shell / build-shell (pull_request) Successful in 28s
Build all the nodes / tower01 (pull_request) Successful in 50s
Build all the nodes / rescue01 (pull_request) Successful in 1m14s
Build all the nodes / krz01 (pull_request) Successful in 1m45s
Build all the nodes / vault01 (pull_request) Successful in 1m6s
Build all the nodes / web02 (pull_request) Successful in 1m0s
Build all the nodes / zulip01 (pull_request) Successful in 57s
Build all the nodes / web03 (pull_request) Successful in 1m2s
Build all the nodes / storage01 (pull_request) Successful in 1m18s
Build all the nodes / web01 (pull_request) Successful in 1m13s
81 lines
2.4 KiB
Python
81 lines
2.4 KiB
Python
#!@python3@/bin/python
|
|
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
|
|
#
|
|
# SPDX-License-Identifier: EUPL-1.2
|
|
|
|
import json
|
|
import sqlite3
|
|
import subprocess
|
|
|
|
|
|
def ntfy(*args: str, env=None):
|
|
subprocess.run(["@ntfy@"] + list(args), env=env).check_returncode()
|
|
|
|
|
|
def create_user(u: str, role: str, passwordFile: str, hashedPassword: str):
|
|
# Create the user with the required role and password
|
|
if passwordFile != None:
|
|
with open(passwordFile) as pwd_fp:
|
|
env = {"NTFY_PASSWORD": pwd_fp.read().strip()}
|
|
else:
|
|
env = {"NTFY_PASSWORD_HASH": hashedPassword}
|
|
|
|
ntfy("user", "add", f"--role={role}", u, env=env)
|
|
|
|
def update_user(u: str, role: str, passwordFile: str, hashedPassword: str):
|
|
# Update the user with the required role and password
|
|
if passwordFile != None:
|
|
with open(passwordFile) as pwd_fp:
|
|
env = {"NTFY_PASSWORD": pwd_fp.read().strip()}
|
|
else:
|
|
env = {"NTFY_PASSWORD_HASH": hashedPassword}
|
|
|
|
ntfy("user", "change-pass", u, env=env)
|
|
ntfy("user", "change-role", u, role)
|
|
|
|
|
|
# Compare the ACL file path to the one used to get the actual data
|
|
try:
|
|
with open("/var/lib/ntfy-sh/.acl-path") as acl_path_fp:
|
|
acl_path: str = acl_path_fp.read().strip()
|
|
except OSError:
|
|
acl_path: str = ""
|
|
|
|
if acl_path == "@acl_file@":
|
|
print("[-] Unchanged ACL file, exiting")
|
|
exit(0)
|
|
else:
|
|
print("[+] ACL file has changed, updating data")
|
|
|
|
# Get the wanted state
|
|
with open("@acl_file@") as acl_fp:
|
|
acl_data = json.load(acl_fp)
|
|
|
|
# Connect to the db to recover the list of current users
|
|
with sqlite3.connect("@user_db@") as con:
|
|
c = con.cursor()
|
|
existing_users: set[str] = set(map(lambda e: e[0], c.execute("SELECT user FROM user"))) - {"*"}
|
|
|
|
wanted_users: set[str] = set(acl_data["users"].keys())
|
|
|
|
# Delete extraneous users
|
|
for user in existing_users - wanted_users:
|
|
ntfy("user", "del", user)
|
|
|
|
# Create new users
|
|
for user in wanted_users - existing_users:
|
|
create_user(user, **acl_data["users"][user])
|
|
|
|
# Update existing users
|
|
for user in existing_users & wanted_users:
|
|
update_user(user, **acl_data["users"][user])
|
|
|
|
# Reset ACL rules
|
|
ntfy("access", "--reset")
|
|
|
|
for rule in acl_data["access"]:
|
|
ntfy("access", rule["username"], rule["topic"], rule["permission"])
|
|
|
|
# Write the new ACL file path
|
|
with open("/var/lib/ntfy-sh/.acl-path", "w") as f:
|
|
f.write("@acl_file@")
|