From aedf5ca0bfabbbbe3b28b323a8f8ae3ac5937c3d Mon Sep 17 00:00:00 2001
From: ahtlon <atlan@ahtlon.de>
Date: Wed, 12 Feb 2025 19:30:10 +0100
Subject: [PATCH] Add script for creating new hosts

---
 outputs.nix                  |  2 +
 scripts/add_new_host_keys.sh | 76 ++++++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+)
 create mode 100755 scripts/add_new_host_keys.sh

diff --git a/outputs.nix b/outputs.nix
index c8dac173..1947971f 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -39,6 +39,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
         pkgs.age
         pkgs.python310Packages.grip
         pkgs.mdbook
+        pkgs.keepassxc
         microvmpkg.microvm
       ];
 
@@ -49,6 +50,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
     legacyPackages = {
       scripts.remote-install = pkgs.writeShellScriptBin "remote-install" (builtins.readFile ./scripts/remote-install-encrypt.sh);
       scripts.boot-unlock = pkgs.writeShellScriptBin "boot-unlock" (builtins.readFile ./scripts/unlock-boot.sh);
+      scripts.add-host-keys = pkgs.writeShellScriptBin "add-host-keys" (builtins.readFile ./scripts/add_new_host_keys.sh);
       scripts.run-vm = self.packages.${system}.run-vm;
     };
 
diff --git a/scripts/add_new_host_keys.sh b/scripts/add_new_host_keys.sh
new file mode 100755
index 00000000..f2b09f1e
--- /dev/null
+++ b/scripts/add_new_host_keys.sh
@@ -0,0 +1,76 @@
+set -o errexit
+set -o pipefail
+
+dbpath="./machines/secrets/keys/itag.kdbx"
+
+if [ ! -e flake.nix ]
+    then
+    echo "flake.nix not found. Searching down."
+    while [ ! -e flake.nix ]
+        do
+        if [ $PWD = "/" ]
+            then
+            echo "Found root. Aborting."
+            exit 1
+            else
+            cd ..
+        fi
+    done
+fi
+
+if [ "$1" = "list" ]; then
+    read -sp "Enter password for keepassxc: " pw
+    echo "$pw" | keepassxc-cli ls -R $dbpath hosts
+    exit 0
+    
+elif [ "$1" = "add" ]; then
+    read -p "Enter new host name: " host
+    read -sp "Enter password for keepassxc: " pw
+
+    # Create a temporary directory
+    temp=$(mktemp -d)
+
+    # Function to cleanup temporary directory on exit
+    cleanup() {
+    rm -rf "$temp"
+    }
+    trap cleanup EXIT
+
+    # Generate SSH keys
+    ssh-keygen -f $temp/"$host" -t ed25519 -N ""
+    ssh-keygen -f $temp/"$host"-init -t ed25519 -N ""
+
+    ls $temp
+
+    # add folder
+    echo "$pw" | keepassxc-cli mkdir $dbpath hosts/$host
+
+    # add entries
+    echo "$pw" | keepassxc-cli add $dbpath hosts/$host/sshkey
+    echo "$pw" | keepassxc-cli add $dbpath hosts/$host/sshkey-init
+    echo "$pw" | keepassxc-cli add -glUn -L 20 $dbpath hosts/$host/encryption
+
+    # Import keys
+    echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey private "$temp/$host"
+    echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey public "$temp/$host.pub"
+
+    # Import init keys
+    echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey-init private "$temp/$host-init"
+    echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey-init public "$temp/$host-init.pub"
+
+    # Show entries
+    echo "$pw" | keepassxc-cli show -a Title --show-attachments $dbpath hosts/$host/sshkey
+    echo "$pw" | keepassxc-cli show -a Title --show-attachments $dbpath hosts/$host/sshkey-init
+
+    # Create mac-address
+    echo "Hier ist eine reproduzierbare mac-addresse:"
+    echo "$host"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
+
+    exit 0
+    
+else
+    echo
+    echo "Add a new host to the DB and generate ssh keys and encryption key."
+    echo "Usage: $0 [list|add]"
+    exit 1
+fi
\ No newline at end of file