You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.6 KiB
Bash
44 lines
1.6 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
cd $(dirname $0)/..
|
|
|
|
read -r -a HOSTS <<< "$(colmena eval lib/get-hosts.nix | jq -r 'to_entries | map("\(.key) \(.value)") | @tsv')"
|
|
|
|
p=0
|
|
while [ "${HOSTS[$p]}" ]
|
|
do
|
|
hostname=${HOSTS[$p]}
|
|
ssh_host=root@${HOSTS[$p+1]}
|
|
|
|
echo
|
|
echo "##### $hostname - $ssh_host"
|
|
ssh -o ConnectTimeout=10 $ssh_host "echo > /dev/null"
|
|
rc=$?
|
|
if [ $rc = 0 ]; then
|
|
echo "$hostname is online, checking gpg-key"
|
|
ssh $ssh_host "sudo -u root gpg --fingerprint --with-colons | grep '^fpr' | grep $(cat secrets/$hostname/.gpg-id | tail -n1) > /dev/null"
|
|
rc=$?
|
|
else
|
|
echo "$hostname is offline"
|
|
rc=0
|
|
fi
|
|
|
|
if ! [ $rc = 0 ]; then
|
|
echo "generating gpg-key"
|
|
mkdir -p secrets/$hostname
|
|
ssh $ssh_host "sudo rm -rf /root/.gnupg"
|
|
cat lib/keygen | sed "s/NAME/${hostname}/" | ssh -o RequestTTY=yes $ssh_host "sudo -u root gpg --generate-key --pinentry-mode loopback --batch /dev/stdin"
|
|
cp secrets/.gpg-id secrets/$hostname/.gpg-id
|
|
ssh $ssh_host "sudo -u root gpg --fingerprint --with-colons | grep '^fpr' | head -n1 | cut -d: -f10" >> secrets/$hostname/.gpg-id
|
|
ssh $ssh_host "sudo -u root gpg --fingerprint --with-colons | grep '^fpr' | head -n1 | cut -d: -f10" >> secrets/all/.gpg-id
|
|
ssh $ssh_host "sudo -u root gpg --export --armor" > secrets/.public-keys/$hostname
|
|
lib/pass.sh init -p $hostname $(cat secrets/$hostname/.gpg-id);
|
|
lib/pass.sh init -p all $(cat secrets/all/.gpg-id);
|
|
else
|
|
echo "key does already exist..."
|
|
fi
|
|
|
|
let p=p+2
|
|
done
|
|
|