infra
/
kubernetes
1
0
Fork 0
Code Pull Requests 4 Activity
kubernetes/xactfetch
History
Dustin 74fa9264df xactfetch: Configure secretsocket 
The `xactfetch` script now uses a helper tool, `secretsocket` to
handle looking up secrets.  This tool supports various secret source
types, including files, environment variables, and external commands.
Separating this functionality out of the main script makes it a lot
more flexible and pluggable.  It's main purpose, though, was actually
to allow `xactfetch` to run in a container while communicating with
`rbw` outside that container, specifically for development puposes.

The `secretsocket` tool reads its configuration from a TOML document.
This document defines the secrets the tool handles, and how to look
them up.

Note that the `xactfetch` container image no longer defines the
`XDG_CONFIG_HOME` environment variable, as it uses Chromium instead of
Firefox now, and the former does not work with a read-only config
directory.  As such, we have to mount the `rbw` configuration in the
default location.
 		2024-07-11 22:49:07 -05:00
..
README.md xactfetch: Run xactfetch in a CronJob 2023-12-27 11:08:25 -06:00
kustomization.yaml xactfetch: Configure secretsocket 2024-07-11 22:49:07 -05:00
pvc.yaml xactfetch: Run xactfetch in a CronJob 2023-12-27 11:08:25 -06:00
rbw-config.json xactfetch: Run xactfetch in a CronJob 2023-12-27 11:08:25 -06:00
secrets.toml xactfetch: Configure secretsocket 2024-07-11 22:49:07 -05:00
secrets.yaml xactfetch: Run xactfetch in a CronJob 2023-12-27 11:08:25 -06:00
xactfetch.env xactfetch: Run xactfetch in a CronJob 2023-12-27 11:08:25 -06:00
xactfetch.yaml xactfetch: Configure secretsocket 2024-07-11 22:49:07 -05:00

README.md

xactfetch—Automatically Import Bank Transactions

xactfetch is a tool that automates importing bank account transactions into Firefly-III using CSV exports from banks' websites. It uses Playwright to automate navigating the online banking portals and downloads transaction exports, then imports the data using the [Firefly-III Data Importer].

Online Banking Passwords

Credentials for online banking websites are stored in a Bitwarden Vault. xactfetch uses a dedicated account for accessing Bitwarden, which is a member of a special Organization that shares the bank credentials. My normal user is also a member of this Organization, which allows me to use and update the credentials normally, and any changes will automatically be made available to xactfetch.

Chase SMS Verification

The Chase website requires "verification" on a per-device basis. The first time accessing the Chase website, a verification code will be sent to the SMS number associated with the Chase account. That code must be provided in order to log in. xactfetch does NOT automate this process. Instead, it tries to appear like a device that has used the Chase website before by keeping a persistent cookie store across executions.

Sometimes, the cookie that indicates the device has been verified expires or otherwise becomes invalid. To fix this, xactfetch must be run manually with a non-headless browser:

DEBUG_HEADLESS_BROWSER=0 python xactfetch.py

When the verification form is presented, follow the process to enter the code. After xactfetch has completed successfully, copy the cookies.json file it created to the Kubernetes PersistentVolume. One way to do this is to create a Pod with the volume mounted, then use kubectl to copy the file:

kubectl exec -i -n firefly-iii xactfetch-28388926-5r778 -- sh -c 'cat > /var/lib/xactfetch/cookies.json' < cookies.json