ahtlon/infrastructure
1
0
Fork 0
forked from kalipso/infrastructure
Code Pull Requests Activity

Changed the rest of the scripts to sops encryption

Browse Source
This commit is contained in:
ahtlon
2025-02-22 12:48:32 +01:00
committed by kalipso
parent 67e3037039
commit 3871f2e553
3 changed files with 11 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
scripts/remote-install-encrypt.sh
View File

@@ -25,9 +25,7 @@ fi
hostname=$1
ipaddress=$2
dbpath="./machines/secrets/keys/itag.kdbx"
read -sp "Enter password for keepassxc: " pw
pwpath="machines/secrets/keys/itag"
# Create a temporary directory
temp=$(mktemp -d)
@@ -42,13 +40,13 @@ trap cleanup EXIT
install -d -m755 "$temp/etc/ssh/"
install -d -m755 "$temp/root/"
diskKey=$(echo "$pw" | keepassxc-cli show -a Password $dbpath hosts/$hostname/encryption)
diskKey=$(sops -d $pwpath/$hostname/disk.key)
echo "$diskKey" > /tmp/secret.key
echo "$diskKey" > $temp/root/secret.key
echo "$pw" | keepassxc-cli attachment-export $dbpath hosts/$hostname/sshkey private "$temp/etc/ssh/$hostname"
sops -d "$pwpath/$hostname/$hostname" > "$temp/etc/ssh/$hostname"
echo "$pw" | keepassxc-cli attachment-export $dbpath hosts/$hostname/sshkey-init private "$temp/etc/ssh/initrd"
sopd -d "$pwpath/$hostname/$hostname"-init > "$temp/etc/ssh/initrd"
# # Set the correct permissions so sshd will accept the key
chmod 600 "$temp/etc/ssh/$hostname"