From d775e7027e2c0ac677928061fea4c19513ec9104 Mon Sep 17 00:00:00 2001 From: Adar Nimrod <nimrod@shore.co.il> Date: Thu, 5 Aug 2021 00:34:24 +0300 Subject: [PATCH] Nextcloud access with rclone. For now, just getting the Keepass password database to bootstrap things. Should test on OpenBSD. No password stored locally and tried to be as secure as can be (I know it's not perfect, but I don't have a better idea right now). --- .config/rclone/rclone.conf | 5 ++++ Documents/bin/download-password-db | 41 ++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 .config/rclone/rclone.conf create mode 100755 Documents/bin/download-password-db diff --git a/.config/rclone/rclone.conf b/.config/rclone/rclone.conf new file mode 100644 index 0000000..ce52714 --- /dev/null +++ b/.config/rclone/rclone.conf @@ -0,0 +1,5 @@ +[nextcloud] +type = webdav +url = https://nextcloud.shore.co.il/remote.php/webdav/ +vendor = nextcloud + diff --git a/Documents/bin/download-password-db b/Documents/bin/download-password-db new file mode 100755 index 0000000..e3fe6dc --- /dev/null +++ b/Documents/bin/download-password-db @@ -0,0 +1,41 @@ +#!/usr/bin/env python3 +# pylint: disable=invalid-name + +"""Runs rclone securely to download the Keepass password database from +Nextcloud.""" + +import getpass +import os +import os.path +import subprocess # nosec + + +DB_PATH = "Documents/Database.kdbx" +DEST = os.path.expanduser(f"~/{ os.path.dirname(DB_PATH) }") +SOURCE = f"nextcloud:{DB_PATH}" + + +if __name__ == "__main__": + username = input(f"Enter username (defaults to {getpass.getuser()}): ") + if not username: + username = getpass.getuser() + password = getpass.getpass("Enter password (will not echo): ") + obscured_password = subprocess.run( # nosec + ["rclone", "obscure", "-"], + input=password, + capture_output=True, + check=True, + text=True, + ).stdout.strip() + os.execvp( # nosec + "rclone", + [ + "copy", + "--webdav-pass", + obscured_password, + "--webdav-user", + username, + SOURCE, + DEST, + ], + ) -- GitLab