secrets are configurable now

author: iximeow <git@iximeow.net> 2022-12-26 00:50:26 +0000
committer: iximeow <git@iximeow.net> 2022-12-26 00:50:26 +0000
commit: 7e84420dfe659494318630863ff97a75b0ad32ff (patch)
tree: b24cd3318c2b5891e246ac4bd4678603f8bad3c9 /src
parent: 99f81b94fdc7289dcdb34a98e57b9550b3bd170b (diff)
3 files changed, 43 insertions, 17 deletions
diff --git a/src/ci_driver.rs b/src/ci_driver.rs
index ef224b8..35c9b07 100644
--- a/src/ci_driver.rs
+++ b/src/ci_driver.rs
@@ -437,18 +437,33 @@ async fn make_api_server(dbctx: Arc<DbCtx>) -> (Router, mpsc::Receiver<RunnerCli
     (router, pending_client_receiver)
 }
 
+#[derive(Deserialize, Serialize)]
+struct DriverConfig {
+    cert_path: PathBuf,
+    key_path: PathBuf,
+    config_path: PathBuf,
+    db_path: PathBuf,
+    server_addr: String,
+}
+
 #[tokio::main]
 async fn main() {
     tracing_subscriber::fmt::init();
+
+    let mut args = std::env::args();
+    args.next().expect("first arg exists");
+    let config_path = args.next().unwrap_or("./driver_config.json".to_string());
+    let driver_config: DriverConfig = serde_json::from_reader(std::fs::File::open(config_path).expect("file exists and is accessible")).expect("valid json for DriverConfig");
+
     let config = RustlsConfig::from_pem_file(
-        PathBuf::from("/etc/letsencrypt/live/ci.butactuallyin.space/fullchain.pem"),
-        PathBuf::from("/etc/letsencrypt/live/ci.butactuallyin.space/privkey.pem"),
+        driver_config.cert_path.clone(),
+        driver_config.key_path.clone(),
     ).await.unwrap();
 
-    let dbctx = Arc::new(DbCtx::new("/root/ixi_ci_server/config", "/root/ixi_ci_server/state.db"));
+    let dbctx = Arc::new(DbCtx::new(&driver_config.config_path, &driver_config.db_path));
 
     let (api_server, mut channel) = make_api_server(Arc::clone(&dbctx)).await;
-    spawn(axum_server::bind_rustls("0.0.0.0:9876".parse().unwrap(), config)
+    spawn(axum_server::bind_rustls(driver_config.server_addr.parse().unwrap(), config)
           .serve(api_server.into_make_service()));
 
     dbctx.create_tables().unwrap();
diff --git a/src/dbctx.rs b/src/dbctx.rs
index c4eb767..937b887 100644
--- a/src/dbctx.rs
+++ b/src/dbctx.rs
@@ -4,6 +4,8 @@ use rusqlite::{Connection, OptionalExtension};
 use std::time::{SystemTime, UNIX_EPOCH};
 use tokio::fs::{File, OpenOptions};
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
+use std::path::Path;
+use std::path::PathBuf;
 
 use crate::notifier::{RemoteNotifier, NotifierConfig};
 use crate::sql;
@@ -11,7 +13,7 @@ use crate::sql;
 const TOKEN_EXPIRY_MS: u64 = 1000 * 60 * 30;
 
 pub struct DbCtx {
-    pub config_path: String,
+    pub config_path: PathBuf,
     // don't love this but.. for now...
     pub conn: Mutex<Connection>,
 }
@@ -84,9 +86,9 @@ impl ArtifactDescriptor {
 }
 
 impl DbCtx {
-    pub fn new(config_path: &str, db_path: &str) -> Self {
+    pub fn new<P: AsRef<Path>>(config_path: P, db_path: P) -> Self {
         DbCtx {
-            config_path: config_path.to_owned(),
+            config_path: config_path.as_ref().to_owned(),
             conn: Mutex::new(Connection::open(db_path).unwrap())
         }
     }
@@ -293,17 +295,23 @@ impl DbCtx {
         for remote in remotes.into_iter() {
             match remote.remote_api.as_str() {
                 "github" => {
+                    let mut notifier_path = self.config_path.clone();
+                    notifier_path.push(&remote.notifier_config_path);
+
                     let notifier = RemoteNotifier {
                         remote_path: remote.remote_path,
-                        notifier: NotifierConfig::github_from_file(&format!("{}/{}", self.config_path, remote.notifier_config_path))
+                        notifier: NotifierConfig::github_from_file(&notifier_path)
                             .expect("can load notifier config")
                     };
                     notifiers.push(notifier);
                 },
                 "email" => {
+                    let mut notifier_path = self.config_path.clone();
+                    notifier_path.push(&remote.notifier_config_path);
+
                     let notifier = RemoteNotifier {
                         remote_path: remote.remote_path,
-                        notifier: NotifierConfig::email_from_file(&format!("{}/{}", self.config_path, remote.notifier_config_path))
+                        notifier: NotifierConfig::email_from_file(&notifier_path)
                             .expect("can load notifier config")
                     };
                     notifiers.push(notifier);
diff --git a/src/notifier.rs b/src/notifier.rs
index 3d9964a..3ccda47 100644
--- a/src/notifier.rs
+++ b/src/notifier.rs
@@ -6,6 +6,7 @@ use lettre::{Message, Transport};
 use lettre::transport::smtp::extension::ClientId;
 use lettre::transport::smtp::client::{SmtpConnection, TlsParametersBuilder};
 use std::time::Duration;
+use std::path::Path;
 
 use crate::DbCtx;
 
@@ -30,29 +31,31 @@ pub enum NotifierConfig {
 }
 
 impl NotifierConfig {
-    pub fn github_from_file(path: &str) -> Result<Self, String> {
+    pub fn github_from_file<P: AsRef<Path>>(path: P) -> Result<Self, String> {
+        let path = path.as_ref();
         let bytes = std::fs::read(path)
-            .map_err(|e| format!("can't read notifier config at {}: {:?}", path, e))?;
+            .map_err(|e| format!("can't read notifier config at {}: {:?}", path.display(), e))?;
         let config = serde_json::from_slice(&bytes)
-            .map_err(|e| format!("can't deserialize notifier config at {}: {:?}", path, e))?;
+            .map_err(|e| format!("can't deserialize notifier config at {}: {:?}", path.display(), e))?;
 
         if matches!(config, NotifierConfig::GitHub { .. }) {
             Ok(config)
         } else {
-            Err(format!("config at {} doesn't look like a github config (but was otherwise valid?)", path))
+            Err(format!("config at {} doesn't look like a github config (but was otherwise valid?)", path.display()))
         }
     }
 
-    pub fn email_from_file(path: &str) -> Result<Self, String> {
+    pub fn email_from_file<P: AsRef<Path>>(path: P) -> Result<Self, String> {
+        let path = path.as_ref();
         let bytes = std::fs::read(path)
-            .map_err(|e| format!("can't read notifier config at {}: {:?}", path, e))?;
+            .map_err(|e| format!("can't read notifier config at {}: {:?}", path.display(), e))?;
         let config = serde_json::from_slice(&bytes)
-            .map_err(|e| format!("can't deserialize notifier config at {}: {:?}", path, e))?;
+            .map_err(|e| format!("can't deserialize notifier config at {}: {:?}", path.display(), e))?;
 
         if matches!(config, NotifierConfig::Email { .. }) {
             Ok(config)
         } else {
-            Err(format!("config at {} doesn't look like an email config (but was otherwise valid?)", path))
+            Err(format!("config at {} doesn't look like an email config (but was otherwise valid?)", path.display()))
         }
     }
 }
author	iximeow <git@iximeow.net>	2022-12-26 00:50:26 +0000
committer	iximeow <git@iximeow.net>	2022-12-26 00:50:26 +0000
commit	7e84420dfe659494318630863ff97a75b0ad32ff (patch)
tree	b24cd3318c2b5891e246ac4bd4678603f8bad3c9 /src
parent	99f81b94fdc7289dcdb34a98e57b9550b3bd170b (diff)