sync

2024-07-16 02:45:18 -04:00 · 2024-07-16 02:45:18 -04:00 · 1fa4bc50c7
commit 1fa4bc50c7
parent 701f2c531f
18 changed files with 259 additions and 310 deletions
--- a/tools/onboard-machine.js
+++ b/tools/onboard-machine.js
@ -1,71 +1,77 @@
-import { dirname, resolve, relative } from "path"
-import { parseDocument, stringify,  } from "yaml"
+import { dirname, resolve, relative } from "path";
+import { parseDocument, stringify } from "yaml";

-const [, script, name, host] = process.argv
+const [, script, name, host] = process.argv;

-const sopsFilePath = resolve(dirname(script), "../.sops.yaml")
-const sopsFile = await Bun.file(sopsFilePath).text()
-const sopsConfig = parseDocument(sopsFile)
+const sopsFilePath = resolve(dirname(script), "../.sops.yaml");
+const sopsFile = await Bun.file(sopsFilePath).text();
+const sopsConfig = parseDocument(sopsFile);

 //
 // STEP 1: Get the remote key, convert to age key
 //

-const remoteKeyProc = Bun.spawn(`ssh-keyscan -t ed25519 ${host}`.split(" "), { 
+const remoteKeyProc = Bun.spawn(`ssh-keyscan -qt ed25519 ${host}`.split(" "), {
  stderr: null,
-})
+});

 const sshToAgeProc = Bun.spawn(["ssh-to-age"], {
-  stdin: await new Response(remoteKeyProc.stdout).arrayBuffer()
-})
+  stdin: await new Response(remoteKeyProc.stdout).arrayBuffer(),
+});

-const ageKey = (await new Response(sshToAgeProc.stdout).text()).trim()
+const ageKey = (await new Response(sshToAgeProc.stdout).text()).trim();

 //
 // STEP 2: Add to keys
 //
-const keysNode = sopsConfig.get("keys")
-let keys = keysNode.items
+const keysNode = sopsConfig.get("keys");
+let keys = keysNode.items;

 // remove keynode if it exists
-keys = keys.filter(i => i.anchor !== `m_${name}`)
+keys = keys.filter((i) => i.anchor !== `m_${name}`);

 // create the new key node
-const newNode = sopsConfig.createNode(ageKey)
-newNode.anchor = `m_${name}`
+const newNode = sopsConfig.createNode(ageKey);
+newNode.anchor = `m_${name}`;

-keys = [...keys, newNode]
+keys = [...keys, newNode];

-keysNode.items = keys
-sopsConfig.set("keys", keysNode)
+keysNode.items = keys;
+sopsConfig.set("keys", keysNode);

 //
 // STEP 3: Add machine to creation_rules
 //
-const pathRegex = `secrets/${name}/[^/]+\\.(yaml|json|env|ini)$`
-const opsAnchors = keys.filter(i => i.anchor.startsWith("op_")).map(i => sopsConfig.createAlias(i))
+const pathRegex = `secrets/${name}/[^/]+\\.(yaml|json|env|ini)$`;
+const opsAnchors = keys
+  .filter((i) => i.anchor.startsWith("op_"))
+  .map((i) => sopsConfig.createAlias(i));

 //console.log({opsAnchors})

-const creationRuleTemplate = ({ 
-  path_regex: pathRegex, 
-  key_groups: [ 
-    { 
-      age: [
-        ...opsAnchors,
-        sopsConfig.createAlias(newNode)
-      ]
-    } 
-  ] 
-})
+const creationRuleTemplate = {
+  path_regex: pathRegex,
+  key_groups: [
+    {
+      age: [...opsAnchors, sopsConfig.createAlias(newNode)],
+    },
+  ],
+};

 // Remove old creation_rules entry
-const creationRules = sopsConfig.get("creation_rules").items.filter(i => i.get("path_regex") !== pathRegex)
+const creationRules = sopsConfig
+  .get("creation_rules")
+  .items.filter((i) => i.get("path_regex") !== pathRegex);

-const creationRulesNode = sopsConfig.createNode(creationRules)
-creationRulesNode.add(creationRuleTemplate)
-sopsConfig.set("creation_rules", creationRulesNode)
+const creationRulesNode = sopsConfig.createNode(creationRules);
+creationRulesNode.add(creationRuleTemplate);
+sopsConfig.set("creation_rules", creationRulesNode);

-await Bun.write(sopsFilePath, sopsConfig.toString())
+await Bun.write(sopsFilePath, sopsConfig.toString());

-console.log(`Finished. Added ${name} with key ${ageKey} to ${relative(dirname(script), sopsFilePath)}.`)
+console.log(
+  `Finished. Added ${name} with key ${ageKey} to ${relative(
+    dirname(script),
+    sopsFilePath
+  )}.`
+);