From fc1105fdc30521e8199610ce8733dd374fed1408 Mon Sep 17 00:00:00 2001 From: macronova Date: Sun, 13 Oct 2024 00:25:18 -0700 Subject: [PATCH] Load wireless credentials --- .sops.yaml | 7 +++++++ Cargo.lock | 33 ++++++++++++++++++++++++++++++ Cargo.toml | 4 ++++ build.rs | 57 +++++++++++++++++++++++++++++++++++++--------------- flake.nix | 1 + secrets.yaml | 23 +++++++++++++++++++++ src/main.rs | 7 ++++++- 7 files changed, 115 insertions(+), 17 deletions(-) create mode 100644 .sops.yaml create mode 100644 secrets.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..996ae44 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - ¯onova age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra +creation_rules: + - path_regex: secrets.yaml$ + key_groups: + - age: + - *macronova diff --git a/Cargo.lock b/Cargo.lock index e4c2a55..1d8b5aa 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -826,6 +826,12 @@ dependencies = [ "either", ] +[[package]] +name = "itoa" +version = "1.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" + [[package]] name = "lalrpop" version = "0.19.12" @@ -1025,6 +1031,8 @@ dependencies = [ "log", "panic-halt", "portable-atomic", + "serde", + "serde_yaml", "static_cell", ] @@ -1241,6 +1249,12 @@ version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "955d28af4278de8121b7ebeb796b6a45735dc01436d898801014aced2773a3d6" +[[package]] +name = "ryu" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" + [[package]] name = "scopeguard" version = "1.2.0" @@ -1288,6 +1302,19 @@ dependencies = [ "syn 2.0.79", ] +[[package]] +name = "serde_yaml" +version = "0.9.34+deprecated" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47" +dependencies = [ + "indexmap", + "itoa", + "ryu", + "serde", + "unsafe-libyaml", +] + [[package]] name = "siphasher" version = "0.3.11" @@ -1448,6 +1475,12 @@ version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" +[[package]] +name = "unsafe-libyaml" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "673aac59facbab8a9007c7f6108d11f63b603f7cabff99fabf650fea5c32b861" + [[package]] name = "usb-device" version = "0.3.2" diff --git a/Cargo.toml b/Cargo.toml index abdfcc8..092c9cb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -4,6 +4,10 @@ version = "0.1.0" edition = "2021" license = "MIT" +[build-dependencies] +serde = { version = "*", features = ["derive"] } +serde_yaml = "*" + [dependencies] cortex-m-rt = "*" cyw43 = "*" diff --git a/build.rs b/build.rs index 7affe2e..43dfd00 100644 --- a/build.rs +++ b/build.rs @@ -1,33 +1,58 @@ -//! This build script copies the `memory.x` file from the crate root into -//! a directory where the linker can always find it at build time. -//! For many projects this is optional, as the linker always searches the -//! project root directory -- wherever `Cargo.toml` is. However, if you -//! are using a workspace or have a more complicated build setup, this -//! build script becomes required. Additionally, by requesting that -//! Cargo re-run the build script whenever `memory.x` is changed, -//! updating `memory.x` ensures a rebuild of the application with the -//! new memory settings. - +use std::collections::HashMap; use std::env; use std::fs::File; use std::io::Write; use std::path::PathBuf; +use std::process::Command; + +use serde::Deserialize; + +#[derive(Default, Deserialize)] +struct WirelessCredentials { + wireless_credentials: HashMap, +} + +fn load_wireless_credentials() -> Option { + let yaml_string = String::from_utf8( + Command::new("sops") + .arg("-d") + .arg("secrets.yaml") + .output() + .ok()? + .stdout, + ) + .ok()?; + + serde_yaml::from_str(&yaml_string).ok() +} fn main() { - // Put `memory.x` in our output directory and ensure it's - // on the linker search path. let out = &PathBuf::from(env::var_os("OUT_DIR").unwrap()); + File::create(out.join("memory.x")) .unwrap() .write_all(include_bytes!("memory.x")) .unwrap(); println!("cargo:rustc-link-search={}", out.display()); - // By default, Cargo will re-run a build script whenever - // any file in the project changes. By specifying `memory.x` - // here, we ensure the build script is only re-run when - // `memory.x` is changed. + let credentials = load_wireless_credentials() + .unwrap_or_default() + .wireless_credentials; + + let credential_entries: Vec = credentials + .into_iter() + .map(|(ssid, password)| format!("(\"{ssid}\", \"{password}\")")) + .collect(); + + let credential_slice_string = format!("[{}]", credential_entries.join(", ")); + + File::create(out.join("wireless-credentials.rs")) + .unwrap() + .write_all(credential_slice_string.as_bytes()) + .unwrap(); + println!("cargo:rerun-if-changed=memory.x"); + println!("cargo:rerun-if-changed=secrets.yaml"); println!("cargo:rustc-link-arg-bins=--nmagic"); println!("cargo:rustc-link-arg-bins=-Tlink.x"); diff --git a/flake.nix b/flake.nix index a36eb42..63eceb2 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,7 @@ packages = with pkgs; [ elf2uf2-rs fenixPkgs.rust-analyzer + sops ]; RUST_SRC_PATH = "${fenixPkgs.complete.rust-src}/lib/rustlib/src/rust/library"; }; diff --git a/secrets.yaml b/secrets.yaml new file mode 100644 index 0000000..5e6a619 --- /dev/null +++ b/secrets.yaml @@ -0,0 +1,23 @@ +wireless_credentials: + telescope: ENC[AES256_GCM,data:gEzvqWC95+bjrg==,iv:iP2XBs9GC1mPIAdVQiyng/Lthm3kCH7EWmdSmOy+h4c=,tag:Xr264zlPYP6dqPp7rBAywQ==,type:str] + chroma: ENC[AES256_GCM,data:tpG8VPdXN506dg==,iv:rzZAb7Vge8UouBHYVl3UkAs6JqaoOEEBgw7xkxTuIdI=,tag:Pr0KbwoVXk4hsrPKt84wVA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVcmZScFFhWVJhakJEQWZp + cTFWNzlIVm9xeXFMZXFSdk1UWndFbE1tRm5vCmNMc0FMQVdyMkZKYzJnTlora0Zy + Tmp1enZHMUpnbnRYM1pTenpNTEw4RWcKLS0tIDFEVitVbldhNWdkb29QVGJWa1Rk + YVZUZFZyNmJmRk5tQVNJMkk2S0p2UVkKx2i/QAo3c0IGS3sgeYyafm8zezQu50WT + VVaHxHfCVIvlrPV7eniofG3CF3R9vgcOLVMA/2I5p6RUttWSqlwnYg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-13T07:05:11Z" + mac: ENC[AES256_GCM,data:1ZVeiENo2l7ldHodx1j52CtNw0dpJD1Kz9GkvXpXsAxV4PunwIv8iDpzq20cHClXWZJjsY0HEwBcHwup9qgvCaFs9HDpMBV8Ps67uP2m+OAV2RKMf86xXj5D6DbsmwHLn2xQd+voHurn36FPAxlLT1HUUSwCbtRsEG72xS3wgq0=,iv:TLN1jr0ONuLcrRrx6H4VdCLunfAl4tqUil+YgjXyyhg=,tag:S41L3A3CwW+bBeJL/DnqFw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/src/main.rs b/src/main.rs index 559def2..0630ce6 100644 --- a/src/main.rs +++ b/src/main.rs @@ -15,6 +15,9 @@ use embassy_time::Timer; use log::info; use static_cell::StaticCell; +const WIFI_CREDENTIALS: &[(&str, &str)] = + &include!(concat!(env!("OUT_DIR"), "/wireless-credentials.rs")); + // bind interrupt request to handler bind_interrupts!(struct Irqs { PIO0_IRQ_0 => pio::InterruptHandler; @@ -89,8 +92,10 @@ async fn main(spawner: Spawner) { // time to blink let mut led = false; loop { + for (k, v) in WIFI_CREDENTIALS { + info!("{k}: {v}"); + } led = !led; - info!("LED: {}", led); control.gpio_set(0, led).await; Timer::after_secs(1).await; }