signstar_common/
system_user.rs

1//! Defaults for system users.
2//!
3//! ```
4//! use signstar_common::system_user::{get_home_base_dir_path, get_relative_user_secrets_dir};
5//!
6//! // Get the base directory below which Signstar system user homes are located.
7//! println!("{:?}", get_home_base_dir_path());
8//!
9//! // Get the relative directory below which Signstar secrets are located per system user.
10//! println!("{:?}", get_relative_user_secrets_dir());
11//! ```
12
13use std::path::PathBuf;
14
15use crate::common::get_data_home;
16
17/// The relative base directory below which system user homes are located.
18///
19/// This directory resides relative to the data home on the system.
20const HOME_BASE_DIR: &str = "home/";
21
22/// The directory name below which credentials files are stored.
23///
24/// The directory is evaluated relative to a user's home.
25const USER_SECRETS_DIR: &str = ".local/state/signstar/secrets/";
26
27/// The file extension of plaintext credential files.
28const PLAINTEXT_SECRETS_EXTENSION: &str = "txt";
29
30/// The file extension of systemd-creds encrypted credential files.
31const SYSTEMD_CREDS_SECRETS_EXTENSION: &str = "creds";
32
33/// Returns the base directory below which Signstar system user homes are located.
34pub fn get_home_base_dir_path() -> PathBuf {
35    get_data_home().join(PathBuf::from(HOME_BASE_DIR))
36}
37
38/// Returns the relative directory below which Signstar secrets are located per system user.
39pub fn get_relative_user_secrets_dir() -> PathBuf {
40    PathBuf::from(USER_SECRETS_DIR)
41}
42
43/// Returns the path to the secrets directory for a specific system user.
44pub fn get_user_secrets_dir(system_user: &str) -> PathBuf {
45    get_home_base_dir_path()
46        .join(PathBuf::from(system_user))
47        .join(get_relative_user_secrets_dir())
48}
49
50/// Returns the path to a plaintext secrets file for a system user and backend user.
51pub fn get_plaintext_secret_file(system_user: &str, backend_user: &str) -> PathBuf {
52    get_user_secrets_dir(system_user).join(PathBuf::from(
53        [backend_user, ".", PLAINTEXT_SECRETS_EXTENSION].concat(),
54    ))
55}
56
57/// Returns the path to a systemd-creds encrypted secrets file for a system user and backend user.
58pub fn get_systemd_creds_secret_file(system_user: &str, backend_user: &str) -> PathBuf {
59    get_user_secrets_dir(system_user).join(PathBuf::from(
60        [backend_user, ".", SYSTEMD_CREDS_SECRETS_EXTENSION].concat(),
61    ))
62}