torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

vault: implement bootstrap integration
Some checks failed
Run nix flake check / flake-check (push) Successful in 2m31s
Details
Run nix flake check / flake-check (pull_request) Failing after 14m16s
Details

Browse Source
This commit is contained in:
Torjus Håkestad
2026-02-02 22:27:28 +01:00
parent b5364d2ccc
commit 01d4812280
28 changed files with 2305 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
scripts/create-host/manipulators.py
View File

@@ -122,3 +122,63 @@ def update_terraform_vms(config: HostConfig, repo_root: Path, force: bool = Fals
)
terraform_path.write_text(new_content)
def add_wrapped_token_to_vm(hostname: str, wrapped_token: str, repo_root: Path) -> None:
"""
Add or update the vault_wrapped_token field in an existing VM entry.
Args:
hostname: Hostname of the VM
wrapped_token: The wrapped token to add
repo_root: Path to repository root
"""
terraform_path = repo_root / "terraform" / "vms.tf"
content = terraform_path.read_text()
# Find the VM entry
hostname_pattern = rf'^\s+"{re.escape(hostname)}" = \{{'
match = re.search(hostname_pattern, content, re.MULTILINE)
if not match:
raise ValueError(f"Could not find VM entry for {hostname} in terraform/vms.tf")
# Find the full VM block
block_pattern = rf'(^\s+"{re.escape(hostname)}" = \{{)(.*?)(^\s+\}})'
block_match = re.search(block_pattern, content, re.MULTILINE | re.DOTALL)
if not block_match:
raise ValueError(f"Could not parse VM block for {hostname}")
block_start = block_match.group(1)
block_content = block_match.group(2)
block_end = block_match.group(3)
# Check if vault_wrapped_token already exists
if "vault_wrapped_token" in block_content:
# Update existing token
block_content = re.sub(
r'vault_wrapped_token\s*=\s*"[^"]*"',
f'vault_wrapped_token = "{wrapped_token}"',
block_content
)
else:
# Add new token field (add before closing brace)
# Find the last field and add after it
block_content = block_content.rstrip()
if block_content and not block_content.endswith("\n"):
block_content += "\n"
block_content += f' vault_wrapped_token = "{wrapped_token}"\n'
# Reconstruct the block
new_block = block_start + block_content + block_end
# Replace in content
new_content = re.sub(
rf'^\s+"{re.escape(hostname)}" = \{{.*?^\s+\}}',
new_block,
content,
flags=re.MULTILINE | re.DOTALL
)
terraform_path.write_text(new_content)