nix-bitcoin/pkgs/generate-secrets/update-secrets.sh

#!/usr/bin/env bash

set -eo pipefail

# Update secrets from the old format to the current one where each secret
# has a local source file.

reportError() {
    echo "Updating secrets failed. (Error in line $1)"
    echo "The secret files have been moved to secrets/old-secrets"
}
trap 'reportError $LINENO' ERR

echo "Updating old secrets to the current format."

mkdir old-secrets
# move all files into old-secrets
shopt -s extglob dotglob
mv !(old-secrets) old-secrets
shopt -u dotglob

secrets=$(cat old-secrets/secrets.nix)

extractPassword() {
    pwName="$1"
    destFile="${2:-$pwName}"
    echo "$secrets" | sed -nE "s/.*?$pwName = \"(.*?)\".*/\1/p" > "$destFile"
}

rename() {
    old="old-secrets/$1"
    if [[ -e $old ]]; then
        cp "$old" "$2"
    fi
}

extractPassword bitcoinrpcpassword bitcoin-rpcpassword
extractPassword lnd-wallet-password
extractPassword liquidrpcpassword liquid-rpcpassword
extractPassword lightning-charge-api-token lightning-charge-token
extractPassword spark-wallet-password

rename nginx.key nginx-key
rename nginx.cert nginx-cert
rename lnd.key lnd-key
rename lnd.cert lnd-cert

rm -r old-secrets
simplify secrets file format Each secret file to be deployed is now backed by one local file. This simplifies 'setup-secrets' and the secret definitions. Also, with the old format it was not possible to add new secrets to secrets.nix in a simple way. Old secrets are automatically converted to the new format when running nix-shell. Using the new option 'nix-bitcoin.secrets', secrets are now directly defined by the services that use them. 2020-01-12 11:52:38 -08:00			`#!/usr/bin/env bash`

			`set -eo pipefail`

			`# Update secrets from the old format to the current one where each secret`
			`# has a local source file.`

			`reportError() {`
			`echo "Updating secrets failed. (Error in line $1)"`
			`echo "The secret files have been moved to secrets/old-secrets"`
			`}`
			`trap 'reportError $LINENO' ERR`

			`echo "Updating old secrets to the current format."`

			`mkdir old-secrets`
			`# move all files into old-secrets`
			`shopt -s extglob dotglob`
			`mv !(old-secrets) old-secrets`
			`shopt -u dotglob`

			`secrets=$(cat old-secrets/secrets.nix)`

			`extractPassword() {`
			`pwName="$1"`
			`destFile="${2:-$pwName}"`
			`echo "$secrets" \| sed -nE "s/.?$pwName = \"(.?)\".*/\1/p" > "$destFile"`
			`}`

			`rename() {`
			`old="old-secrets/$1"`
			`if [[ -e $old ]]; then`
			`cp "$old" "$2"`
			`fi`
			`}`

			`extractPassword bitcoinrpcpassword bitcoin-rpcpassword`
			`extractPassword lnd-wallet-password`
			`extractPassword liquidrpcpassword liquid-rpcpassword`
			`extractPassword lightning-charge-api-token lightning-charge-token`
			`extractPassword spark-wallet-password`

			`rename nginx.key nginx-key`
			`rename nginx.cert nginx-cert`
			`rename lnd.key lnd-key`
			`rename lnd.cert lnd-cert`

			`rm -r old-secrets`