From 51c3e5969d9cb8647501f37913679d446379ab55 Mon Sep 17 00:00:00 2001
From: naturallaw77 <advbuwxeew@use.startmail.com>
Date: Mon, 30 Mar 2026 20:41:39 -0500
Subject: [PATCH] updade PDF generator

---
 modules/credentials-pdf.nix | 60 +++++++++++++++++++++++++++++++++----
 1 file changed, 55 insertions(+), 5 deletions(-)

diff --git a/modules/credentials-pdf.nix b/modules/credentials-pdf.nix
index f4627d7..86e84f0 100644
--- a/modules/credentials-pdf.nix
+++ b/modules/credentials-pdf.nix
@@ -25,9 +25,9 @@ in
     '';
   };
 
-  # ── 2. Timer: Rebuild PDF every 5 minutes ──────────────────
+  # ── 2. Timer: Check every 5 minutes ────────────────────────
   systemd.timers.generate-credentials-pdf = {
-    description = "Periodically regenerate Magic Keys PDF";
+    description = "Periodically check if Magic Keys PDF needs regenerating";
     wantedBy = [ "timers.target" ];
     timerConfig = {
       OnBootSec = "30s";
@@ -62,10 +62,52 @@ in
       OUTPUT="$DOC_DIR/Sovran_SystemsOS_Magic_Keys.pdf"
       WORK_DIR="/tmp/magic_keys_build"
       FILE="$WORK_DIR/magic_keys.md"
-      mkdir -p "$DOC_DIR" "$WORK_DIR"
+      HASH_FILE="/var/lib/secrets/.magic-keys-hash"
 
       FENCE='```'
 
+      # ── Collect all secret sources into a single hash ──
+      SECRET_SOURCES=""
+      for f in \
+        /var/lib/secrets/root-password \
+        /etc/nix-bitcoin-secrets/rtl-password \
+        /var/lib/tor/onion/rtl/hostname \
+        /var/lib/tor/onion/electrs/hostname \
+        /var/lib/tor/onion/bitcoind/hostname \
+        /var/lib/secrets/matrix-users \
+        /var/lib/gnome-remote-desktop/rdp-credentials \
+        /var/lib/secrets/nextcloud-admin \
+        /var/lib/secrets/wordpress-admin \
+        /var/lib/secrets/vaultwarden/vaultwarden.env \
+        /var/lib/domains/vaultwarden \
+        /var/lib/domains/btcpayserver; do
+        if [ -f "$f" ]; then
+          SECRET_SOURCES="$SECRET_SOURCES$(cat "$f")"
+        fi
+      done
+
+      # Add lndconnect URL to hash sources (changes if certs/macaroons rotate)
+      if command -v lndconnect >/dev/null 2>&1; then
+        SECRET_SOURCES="$SECRET_SOURCES$(lndconnect --url 2>/dev/null || true)"
+      elif command -v lnconnect-clnrest >/dev/null 2>&1; then
+        SECRET_SOURCES="$SECRET_SOURCES$(lnconnect-clnrest --url 2>/dev/null || true)"
+      fi
+
+      CURRENT_HASH=$(echo -n "$SECRET_SOURCES" | sha256sum | cut -d' ' -f1)
+      OLD_HASH=""
+      if [ -f "$HASH_FILE" ]; then
+        OLD_HASH=$(cat "$HASH_FILE")
+      fi
+
+      # ── Skip if PDF exists and nothing changed ──
+      if [ -f "$OUTPUT" ] && [ "$CURRENT_HASH" = "$OLD_HASH" ]; then
+        echo "No changes detected, skipping PDF regeneration."
+        exit 0
+      fi
+
+      echo "Changes detected (or PDF missing), regenerating..."
+      mkdir -p "$DOC_DIR" "$WORK_DIR"
+
       # ── Read secrets (default to placeholder if missing) ──
       read_secret() { if [ -f "$1" ]; then cat "$1"; else echo "$2"; fi; }
 
@@ -85,7 +127,7 @@ in
       fi
 
       if [ -n "$ZEUS_URL" ]; then
-        qrencode -o "$WORK_DIR/zeus-qr.png" -s 10 -m 2 -l H "$ZEUS_URL" 2>/dev/null && HAS_ZEUS_QR="1"
+        qrencode -o "$WORK_DIR/zeus-qr.png" -s 4 -m 1 -l H "$ZEUS_URL" 2>/dev/null && HAS_ZEUS_QR="1"
       fi
 
       # ── Build the Markdown document ──
@@ -100,6 +142,8 @@ Welcome to your new computer! We have built a lot of cool secret forts (services
 
 Here are all of your keys in one place. **Keep this document safe and do not share it with strangers!**
 
+> **How this document works:** This PDF is automatically generated by your computer. If any of your passwords, services, or connection details change, this document will automatically update itself within a few minutes. You can always find the latest version right here in your Documents folder. If you accidentally delete it, don't worry — your computer will recreate it for you!
+
 ## 🖥️ Your Computer
 These are the master keys to the actual machine.
 
@@ -159,7 +203,7 @@ BITCOIN
         echo "2. Open Zeus and tap **\"Scan Node Config\"**" >> "$FILE"
         echo "3. Point your phone's camera at this QR code:" >> "$FILE"
         echo "" >> "$FILE"
-        echo "![Zeus Connection QR Code](zeus-qr.png)" >> "$FILE"
+        echo "![Zeus Connection QR Code](zeus-qr.png){ width=200px }" >> "$FILE"
         echo "" >> "$FILE"
         echo "That's it! You're now mobile. Send and receive Bitcoin anywhere in the world, powered by your very own node! ⚡" >> "$FILE"
       elif [ -n "$ZEUS_URL" ]; then
@@ -253,7 +297,13 @@ BITCOIN
         -V monofont="Liberation Mono"
 
       chown free:users "$OUTPUT"
+
+      # ── Save hash so we skip next time if nothing changed ──
+      mkdir -p "$(dirname "$HASH_FILE")"
+      echo "$CURRENT_HASH" > "$HASH_FILE"
+
       rm -rf "$WORK_DIR"
+      echo "PDF generated successfully."
     '';
   };
 }