set -o errexit set -o pipefail dbpath="./machines/secrets/keys/itag.kdbx" if [ ! -e flake.nix ] then echo "flake.nix not found. Searching down." while [ ! -e flake.nix ] do if [ $PWD = "/" ] then echo "Found root. Aborting." exit 1 else cd .. fi done fi if [ "$1" = "list" ]; then read -sp "Enter password for keepassxc: " pw echo "$pw" | keepassxc-cli ls -R $dbpath hosts exit 0 elif [ "$1" = "add" ]; then read -p "Enter new host name: " host read -sp "Enter password for keepassxc: " pw # Create a temporary directory temp=$(mktemp -d) # Function to cleanup temporary directory on exit cleanup() { rm -rf "$temp" } trap cleanup EXIT # Generate SSH keys ssh-keygen -f $temp/"$host" -t ed25519 -N "" ssh-keygen -f $temp/"$host"-init -t ed25519 -N "" ls $temp # add folder echo "$pw" | keepassxc-cli mkdir $dbpath hosts/$host # add entries echo "$pw" | keepassxc-cli add $dbpath hosts/$host/sshkey echo "$pw" | keepassxc-cli add $dbpath hosts/$host/sshkey-init echo "$pw" | keepassxc-cli add -glUn -L 20 $dbpath hosts/$host/encryption # Import keys echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey private "$temp/$host" echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey public "$temp/$host.pub" # Import init keys echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey-init private "$temp/$host-init" echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey-init public "$temp/$host-init.pub" # Info echo echo "Hier ist der age public key für sops etc:" echo "$(ssh-to-age -i $temp/$host.pub)" echo echo "Hier ist eine reproduzierbare mac-addresse:" echo "$host"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/' exit 0 else echo echo "Add a new host to the DB and generate ssh keys and encryption key." echo "Usage: $0 [list|add]" exit 1 fi