]> git.immae.eu Git - perso/Immae/Config/Nix.git/commitdiff
projects / perso / Immae / Config / Nix.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 20b1c01)
Anonymize names in files
authorIsmaël Bouya <ismael.bouya@normalesup.org>
Mon, 15 Nov 2021 21:42:07 +0000 (22:42 +0100)
committerIsmaël Bouya <ismael.bouya@normalesup.org>
Sun, 9 Apr 2023 15:16:10 +0000 (17:16 +0200)
.envrc patch | blob | blame | history
.gitattributes [new file with mode: 0644] patch | blob
.gitconfig patch | blob | blame | history
scripts/anonymize [new file with mode: 0755] patch | blob
shell.nix patch | blob | blame | history
words.json [new file with mode: 0644] patch | blob

diff --git a/.envrc b/.envrc
index 438d807e29908d3c4855a7978433a504c952f38e..16c9dde5c6c5e778ef1d7b0ab2d62e143b2cfa0e 100644 (file)
--- a/.envrc
+++ b/.envrc
@@ -3,6 +3,7 @@ export NIX_PATH=nixpkgs=$(cat $(expand_path nix/sources.json) | jq -r '."nixpkgs
 NIX_PATH=$NIX_PATH:nixpkgs-nix=$(cat $(expand_path nix/sources.json) | jq -r '."nixpkgs-nix".url')
 
 export NIXOPS_ENV_LOADED=1
+export ANONYMIZE_KEY="dedhogryajkegthlwribFecnocItTelilAwdod"
 
 PATH_add $(expand_path scripts)
 PATH_add $(expand_path nixops/scripts)
diff --git a/.gitattributes b/.gitattributes
new file mode 100644 (file)
index 0000000..6fcc68e
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+#*.nix filter=anonymize
diff --git a/.gitconfig b/.gitconfig
index 7aa88705c591bb396d20e6f20c7fa21da0038ca4..fe165e23db16200296ae628b5e6da46ecd40b9ee 100644 (file)
--- a/.gitconfig
+++ b/.gitconfig
@@ -7,3 +7,15 @@
        textconv = "gpg --quiet -d"
 [diff "sopsdiffer"]
        textconv = "sops -d"
+[filter "anonymize"]
+       clean = "./scripts/anonymize -i words.json"
+       smudge = "./scripts/anonymize -i -d words.json"
+       required = true
+[submodule "nixops/secrets"]
+       url = gitolite@git.immae.eu:perso/Immae/Config/Nix/Nixops/Secrets
+       active = true
+[remote "origin-stgit"]
+       url = gitolite@git.immae.eu:perso/Immae/Config/Nix.stgit
+       push = +refs/stacks/*:refs/stacks/*
+       push = +refs/patches/*:refs/patches/*
+       push = +refs/original/*:refs/original/*
diff --git a/scripts/anonymize b/scripts/anonymize
new file mode 100755 (executable)
index 0000000..e93e1ed
--- /dev/null
+++ b/scripts/anonymize
@@ -0,0 +1,56 @@
+#!/usr/bin/env python3
+
+import sys
+import argparse
+import os
+import json
+import re
+
+parser = argparse.ArgumentParser()
+parser.add_argument("words_file", help="File that contains the words to (de)anonymize")
+parser.add_argument("--ignore-missing", "-i", action="store_true", help="treat missing file as empty list")
+parser.add_argument("--deanonymize", "-d", action="store_true", help="deanonymize")
+config = parser.parse_args()
+
+alphabet="abcdefghijklmnopqrstuvwxyz"
+
+try:
+    key = os.environ["ANONYMIZE_KEY"].lower()
+    assert all([k in alphabet for k in key])
+except KeyError:
+    print("Please set ANONYMIZE_KEY as environment variable with only letters", file=sys.stderr)
+    sys.exit(1)
+
+if not os.path.isfile(config.words_file):
+    if config.ignore_missing:
+        print(sys.stdin.read(), end="")
+        sys.exit(0)
+    else:
+        print("Could not find words file", file=sys.stderr)
+        sys.exit(1)
+
+words = json.load(open(config.words_file))
+
+if any([len(word) > len(key) for word in words]):
+    print("The key needs to be at least as long as the longest word in the list (append to existing one to keep already mangled words)", file=sys.stderr)
+    sys.exit(1)
+
+order = -1 if config.deanonymize else 1
+
+def replace(match):
+    name = match.group()
+    result = []
+    for k in range(len(name)):
+        if name[k].lower() not in alphabet:
+            result.append(name[k])
+        else:
+            key_index = alphabet.index(key[k])
+            letter_index = alphabet.index(name[k].lower())
+            new_letter = alphabet[(letter_index + order * key_index) % len(alphabet)]
+            if name[k].lower() != name[k]:
+                new_letter = new_letter.upper()
+            result.append(new_letter)
+    return ''.join(result)
+
+regexp = re.compile("(" + '|'.join([r'(\b' + w + r'\b)' for w in words]) + ")")
+print(regexp.sub(replace, sys.stdin.read()), end="")
diff --git a/shell.nix b/shell.nix
index 2295f8cc10b8eca9bf4798562080a2256963c1e5..3d27d03c38340be6813956f13d47ef5d87fee118 100644 (file)
--- a/shell.nix
+++ b/shell.nix
@@ -14,5 +14,5 @@ let
   });
 in
 pkgs.mkShell {
-  buildInputs = [ patchedNix pkgs.sops pkgs.morph pkgs.niv pkgs.curl pkgs.shellcheck pkgs.jq pkgs.gnumake pkgs.yq ];
+  buildInputs = [ patchedNix pkgs.python3 pkgs.sops pkgs.morph pkgs.niv pkgs.curl pkgs.shellcheck pkgs.jq pkgs.gnumake pkgs.yq ];
 }
diff --git a/words.json b/words.json
new file mode 100644 (file)
index 0000000..c91e1de
--- /dev/null
+++ b/words.json
@@ -0,0 +1,6 @@
+[
+  "christopheCarpentier\\w*",
+  "christophe_carpentier",
+  "Christophe",
+  "Carpentier"
+]
My infrastructure configuration