From d775e7027e2c0ac677928061fea4c19513ec9104 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Thu, 5 Aug 2021 00:34:24 +0300
Subject: [PATCH] Nextcloud access with rclone.

For now, just getting the Keepass password database to bootstrap things.
Should test on OpenBSD. No password stored locally and tried to be as
secure as can be (I know it's not perfect, but I don't have a better
idea right now).
---
 .config/rclone/rclone.conf         |  5 ++++
 Documents/bin/download-password-db | 41 ++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 .config/rclone/rclone.conf
 create mode 100755 Documents/bin/download-password-db

diff --git a/.config/rclone/rclone.conf b/.config/rclone/rclone.conf
new file mode 100644
index 0000000..ce52714
--- /dev/null
+++ b/.config/rclone/rclone.conf
@@ -0,0 +1,5 @@
+[nextcloud]
+type = webdav
+url = https://nextcloud.shore.co.il/remote.php/webdav/
+vendor = nextcloud
+
diff --git a/Documents/bin/download-password-db b/Documents/bin/download-password-db
new file mode 100755
index 0000000..e3fe6dc
--- /dev/null
+++ b/Documents/bin/download-password-db
@@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+# pylint: disable=invalid-name
+
+"""Runs rclone securely to download the Keepass password database from
+Nextcloud."""
+
+import getpass
+import os
+import os.path
+import subprocess  # nosec
+
+
+DB_PATH = "Documents/Database.kdbx"
+DEST = os.path.expanduser(f"~/{ os.path.dirname(DB_PATH) }")
+SOURCE = f"nextcloud:{DB_PATH}"
+
+
+if __name__ == "__main__":
+    username = input(f"Enter username (defaults to {getpass.getuser()}): ")
+    if not username:
+        username = getpass.getuser()
+    password = getpass.getpass("Enter password (will not echo): ")
+    obscured_password = subprocess.run(  # nosec
+        ["rclone", "obscure", "-"],
+        input=password,
+        capture_output=True,
+        check=True,
+        text=True,
+    ).stdout.strip()
+    os.execvp(  # nosec
+        "rclone",
+        [
+            "copy",
+            "--webdav-pass",
+            obscured_password,
+            "--webdav-user",
+            username,
+            SOURCE,
+            DEST,
+        ],
+    )
-- 
GitLab