-
Notifications
You must be signed in to change notification settings - Fork 160
/
Copy pathgen-graylog-creds.nix
44 lines (41 loc) · 1.67 KB
/
gen-graylog-creds.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{ user ? null, password ? null, pkgs ? import ../nix { } }:
pkgs.mkShell {
name = "gen-graylog-creds";
buildInputs = with pkgs; [ pwgen gnused ];
shellHook = ''
clusterChar="96" # Default graylog cluster secret length
clusterSecret="" # Var for the clusterSecret
credsFilename="graylog-creds.nix" # Default graylog static filename
defaultUser="root" # Default administrative user
password="${toString password}" # password supplied by cli arg
passwordChar="32" # Default graylog password length
passwordHash="" # Sha256 hash of the plaintext password
staticPath=${toString ../static} # Absolute path to the static dir
user="${toString user}" # user supplied by cli arg
if [[ -e "$staticPath/$credsFilename" ]]; then
echo "File already exists: $staticPath/$credsFilename, aborting!"
exit 1
elif [[ -z $user ]]; then
echo "User is empty -- setting to a default administrative user of $defaultUser"
user=$defaultUser
fi
echo "Writing graylog creds for user $user..."
if [[ -z $password ]]; then
echo "Password is empty -- setting to a random alphanumeric password of length $passwordChar"
password=$(pwgen -s $passwordChar 1)
fi
passwordHash=$(echo -n $password | sha256sum | sed -z 's/ -\n//g')
clusterSecret=$(pwgen -s $clusterChar 1)
umask 077
cd $path
cat << EOF > $staticPath/$credsFilename
{
user = "$user";
password = "$password";
passwordHash = "$passwordHash";
clusterSecret = "$clusterSecret";
}
EOF
exit 0
'';
}