From a8717f9bf5dbc9b102d872678f4e5d3d2790a408 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Wed, 20 Apr 2022 14:14:15 +0200 Subject: manage wesher key with pass --- deploy_wesher_key | 4 ++++ gen_wesher_key | 17 +++++++++++++++++ genpki.sh | 2 +- sshtool | 13 +++++++++++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100755 deploy_wesher_key create mode 100755 gen_wesher_key diff --git a/deploy_wesher_key b/deploy_wesher_key new file mode 100755 index 0000000..8f7ed77 --- /dev/null +++ b/deploy_wesher_key @@ -0,0 +1,4 @@ +#!/usr/bin/env ./sshtool + +write_pass deuxfleurs/cluster/$CLUSTER/wesher_key /var/lib/wesher/secrets +cmd systemctl restart wesher diff --git a/gen_wesher_key b/gen_wesher_key new file mode 100755 index 0000000..c66fade --- /dev/null +++ b/gen_wesher_key @@ -0,0 +1,17 @@ +#!/usr/bin/env sh + +cd $(dirname $0) + +CLUSTER="$1" +if [ -z "$CLUSTER" ] || [ ! -d "cluster/$CLUSTER" ]; then + echo "Usage: $0 " + echo "The cluster name must be the name of a subdirectory of cluster/" + exit 1 +fi + +K=deuxfleurs/cluster/$CLUSTER/wesher_key +if ! pass $K >/dev/null; then + pass insert -m $K <" echo "The cluster name must be the name of a subdirectory of cluster/" exit 1 diff --git a/sshtool b/sshtool index b5de384..1396c87 100755 --- a/sshtool +++ b/sshtool @@ -81,6 +81,19 @@ chmod 0600 $TO EOF } +function write_pass { + local PASSKEY=$1 + local TO=$2 + cat < /dev/null +$(pass $PASSKEY | base64) +EOG +chown root:root $TO +chmod 0600 $TO +EOF +} + for NIXHOST in $NIXHOSTLIST; do NIXHOST=${NIXHOST%.*} -- cgit v1.2.3