bundles/backup-server/metadata.py

@@ -1,9 +1,20 @@
+from ipaddress import ip_interface
+
+
 @metadata_reactor.provides(
     'users/backup-receiver/authorized_keys'
 )
 def backup_authorized_keys(metadata):
+    authorized_keys = []
+    
     for other_node in repo.nodes:
         if other_node.metadata.get('backup/server') == node.name:
-                other_node.metadata.get('users/root/pubkey')
+            authorized_keys.append(other_node.metadata.get('users/root/pubkey'))
         
-    return {}
+    return {
+        'users': {
+            'backup-receiver': {
+                'authorized_keys': authorized_keys,
+            },
+        },
+    }

libs/ssh.py

@@ -0,0 +1,28 @@
+from base64 import b64decode, b64encode
+from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+from cryptography.hazmat.primitives import serialization
+
+
+def generate_ed25519_key_pair(secret):
+    privkey_bytes = Ed25519PrivateKey.from_private_bytes(secret)
+    
+    nondeterministic_privatekey = privkey_bytes.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.OpenSSH,
+        encryption_algorithm=serialization.NoEncryption()
+    ).decode()
+    nondeterministic_bytes = b64decode(''.join(nondeterministic_privatekey.split('\n')[1:-2]))
+    # handle random 32bit number, occuring twice in a row
+    deterministic_bytes = nondeterministic_bytes[:98] + b'00000000' + nondeterministic_bytes[106:]
+    deterministic_privatekey = '\n'.join([
+        '-----BEGIN OPENSSH PRIVATE KEY-----',
+        b64encode(deterministic_bytes).decode(),
+        '-----END OPENSSH PRIVATE KEY-----',
+    ])
+
+    public_key = privkey_bytes.public_key().public_bytes(
+        encoding=serialization.Encoding.OpenSSH,
+        format=serialization.PublicFormat.OpenSSH,
+    ).decode()
+    
+    return (deterministic_privatekey, public_key)

nodes.py

@@ -1,10 +1,30 @@
 from os import walk
 from os.path import join, basename, splitext
 
+converters = {
+    '32_random_bytes_as_base64_for': lambda x: vault.random_bytes_as_base64_for(x, length=32),
+    'decrypt': lambda x: vault.decrypt(x),
+    'decrypt_file': lambda x: vault.decrypt_file(x),
+    'password_for': lambda x: vault.password_for(x),
+}
+
+def demagify(data):
+    if isinstance(data, str):
+        for name, converter in converters.items():
+            if data.startswith(f'!{name}:'):
+                return converter(data[len(name) + 2:])
+        else:
+            return data
+    elif isinstance(data, dict):
+        return type(data)({key: demagify(value) for key, value in data.items()})
+    elif isinstance(data, (list, set, tuple)):
+        return type(data)([demagify(element) for element in data])
+    else:
+        return data
 
 for root, dirs, files in walk(join(repo_path, "nodes")):
     for filename in files:
         if filename.endswith(".py"):
             node = join(root, filename)
             with open(node, 'r', encoding='utf-8') as f:
-                nodes[splitext(basename(filename))[0]] = eval(f.read())
+                nodes[splitext(basename(filename))[0]] = demagify(eval(f.read()))

nodes/client1.py

@@ -1,5 +0,0 @@
-{
-    'groups': [
-        'all',
-    ],
-}

nodes/client2.py

@@ -1,5 +0,0 @@
-{
-    'groups': [
-        'all',
-    ],
-}

nodes/client3.py

@@ -1,5 +0,0 @@
-{
-    'groups': [
-        'all',
-    ],
-}

nodes/home.backups.py

@@ -1,4 +1,5 @@
 {
+    'hostname': '10.0.0.5',
     'bundles': [
         'backup-server',
     ],

nodes/home.server.py

@@ -0,0 +1,8 @@
+{
+    'hostname': '10.0.0.2',
+    'groups': [
+        'all',
+    ],
+    'metadata': {
+    },
+}

nodes/htz.games.py

@@ -0,0 +1,8 @@
+{
+    'dummy': True,
+    'groups': [
+        'all',
+    ],
+    'metadata': {
+    },
+}

nodes/htz.mails.py

@@ -0,0 +1,8 @@
+{
+    'hostname': '162.55.188.157',
+    'groups': [
+        'all',
+    ],
+    'metadata': {
+    },
+}