feat(wireguard): generate psks only if needed; add most of the qr code generator

2025-10-11 07:10:39 +02:00 · 2023-04-15 01:51:33 +02:00 · 2023-04-15 01:51:33 +02:00 · d5f2880457
commit d5f2880457
parent 925d3856e0
13 changed files with 225 additions and 108 deletions
--- a/nix/rage-decrypt-and-cache.sh
+++ b/nix/rage-decrypt-and-cache.sh
@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+print_out_path=false
+if [[ "$1" == "--print-out-path" ]]; then
+	print_out_path=true
+	shift
+fi
+
+file="$1"
+shift
+identities=("$@")
+
+# Strip .age suffix, and store path prefix or ./ if applicable
+basename="${file%".age"}"
+[[ "$file" == "/nix/store/"* ]] && basename="${basename#*"-"}"
+[[ "$file" == "./"* ]] && basename="${basename#"./"}"
+
+# Calculate a unique content-based identifier (relocations of
+# the source file in the nix store should not affect caching)
+new_name="$(sha512sum "$file")"
+new_name="${new_name:0:32}-${basename//"/"/"%"}"
+
+# Derive the path where the decrypted file will be stored
+out="/tmp/nix-import-encrypted/$new_name"
+mkdir -p "$(dirname "$out")"
+
+# Decrypt only if necessary
+if [[ ! -e "$out" ]]; then
+	args=()
+	for i in "${identities[@]}"; do
+		args+=("-i" "$i")
+	done
+	rage -d "${args[@]}" -o "$out" "$file"
+fi
+
+# Print out path or decrypted content
+[[ "$print_out_path" == true ]] && echo "$out" || cat "$out"