Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updade PDF generator

Browse Source
This commit is contained in:
naturallaw77
2026-03-30 20:41:39 -05:00
parent f6c09910fa
commit 51c3e5969d
1 changed files with 55 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
modules/credentials-pdf.nix
View File

@@ -25,9 +25,9 @@ in
'';
};
# ── 2. Timer: Rebuild PDF every 5 minutes ──────────────────
# ── 2. Timer: Check every 5 minutes ────────────────────────
systemd.timers.generate-credentials-pdf = {
description = "Periodically regenerate Magic Keys PDF";
description = "Periodically check if Magic Keys PDF needs regenerating";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "30s";
@@ -62,10 +62,52 @@ in
OUTPUT="$DOC_DIR/Sovran_SystemsOS_Magic_Keys.pdf"
WORK_DIR="/tmp/magic_keys_build"
FILE="$WORK_DIR/magic_keys.md"
mkdir -p "$DOC_DIR" "$WORK_DIR"
HASH_FILE="/var/lib/secrets/.magic-keys-hash"
FENCE='```'
# Collect all secret sources into a single hash
SECRET_SOURCES=""
for f in \
/var/lib/secrets/root-password \
/etc/nix-bitcoin-secrets/rtl-password \
/var/lib/tor/onion/rtl/hostname \
/var/lib/tor/onion/electrs/hostname \
/var/lib/tor/onion/bitcoind/hostname \
/var/lib/secrets/matrix-users \
/var/lib/gnome-remote-desktop/rdp-credentials \
/var/lib/secrets/nextcloud-admin \
/var/lib/secrets/wordpress-admin \
/var/lib/secrets/vaultwarden/vaultwarden.env \
/var/lib/domains/vaultwarden \
/var/lib/domains/btcpayserver; do
if [ -f "$f" ]; then
SECRET_SOURCES="$SECRET_SOURCES$(cat "$f")"
fi
done
# Add lndconnect URL to hash sources (changes if certs/macaroons rotate)
if command -v lndconnect >/dev/null 2>&1; then
SECRET_SOURCES="$SECRET_SOURCES$(lndconnect --url 2>/dev/null || true)"
elif command -v lnconnect-clnrest >/dev/null 2>&1; then
SECRET_SOURCES="$SECRET_SOURCES$(lnconnect-clnrest --url 2>/dev/null || true)"
fi
CURRENT_HASH=$(echo -n "$SECRET_SOURCES" | sha256sum | cut -d' ' -f1)
OLD_HASH=""
if [ -f "$HASH_FILE" ]; then
OLD_HASH=$(cat "$HASH_FILE")
fi
# Skip if PDF exists and nothing changed
if [ -f "$OUTPUT" ] && [ "$CURRENT_HASH" = "$OLD_HASH" ]; then
echo "No changes detected, skipping PDF regeneration."
exit 0
fi
echo "Changes detected (or PDF missing), regenerating..."
mkdir -p "$DOC_DIR" "$WORK_DIR"
# Read secrets (default to placeholder if missing)
read_secret() { if [ -f "$1" ]; then cat "$1"; else echo "$2"; fi; }
@@ -85,7 +127,7 @@ in
fi
if [ -n "$ZEUS_URL" ]; then
qrencode -o "$WORK_DIR/zeus-qr.png" -s 10 -m 2 -l H "$ZEUS_URL" 2>/dev/null && HAS_ZEUS_QR="1"
qrencode -o "$WORK_DIR/zeus-qr.png" -s 4 -m 1 -l H "$ZEUS_URL" 2>/dev/null && HAS_ZEUS_QR="1"
fi
# Build the Markdown document
@@ -100,6 +142,8 @@ Welcome to your new computer! We have built a lot of cool secret forts (services
Here are all of your keys in one place. **Keep this document safe and do not share it with strangers!**
> **How this document works:** This PDF is automatically generated by your computer. If any of your passwords, services, or connection details change, this document will automatically update itself within a few minutes. You can always find the latest version right here in your Documents folder. If you accidentally delete it, don't worry your computer will recreate it for you!
## 🖥 Your Computer
These are the master keys to the actual machine.
@@ -159,7 +203,7 @@ BITCOIN
echo "2. Open Zeus and tap **\"Scan Node Config\"**" >> "$FILE"
echo "3. Point your phone's camera at this QR code:" >> "$FILE"
echo "" >> "$FILE"
echo "![Zeus Connection QR Code](zeus-qr.png)" >> "$FILE"
echo "![Zeus Connection QR Code](zeus-qr.png){ width=200px }" >> "$FILE"
echo "" >> "$FILE"
echo "That's it! You're now mobile. Send and receive Bitcoin anywhere in the world, powered by your very own node! " >> "$FILE"
elif [ -n "$ZEUS_URL" ]; then
@@ -253,7 +297,13 @@ BITCOIN
-V monofont="Liberation Mono"
chown free:users "$OUTPUT"
# Save hash so we skip next time if nothing changed
mkdir -p "$(dirname "$HASH_FILE")"
echo "$CURRENT_HASH" > "$HASH_FILE"
rm -rf "$WORK_DIR"
echo "PDF generated successfully."
'';
};
}