forked from kalipso/infrastructure
78 lines
2.1 KiB
Bash
Executable File
78 lines
2.1 KiB
Bash
Executable File
set -o errexit
|
|
set -o pipefail
|
|
|
|
dbpath="./machines/secrets/keys/itag.kdbx"
|
|
|
|
if [ ! -e flake.nix ]
|
|
then
|
|
echo "flake.nix not found. Searching down."
|
|
while [ ! -e flake.nix ]
|
|
do
|
|
if [ $PWD = "/" ]
|
|
then
|
|
echo "Found root. Aborting."
|
|
exit 1
|
|
else
|
|
cd ..
|
|
fi
|
|
done
|
|
fi
|
|
|
|
if [ "$1" = "list" ]; then
|
|
read -sp "Enter password for keepassxc: " pw
|
|
echo "$pw" | keepassxc-cli ls -R $dbpath hosts
|
|
exit 0
|
|
|
|
elif [ "$1" = "add" ]; then
|
|
read -p "Enter new host name: " host
|
|
read -sp "Enter password for keepassxc: " pw
|
|
|
|
# Create a temporary directory
|
|
temp=$(mktemp -d)
|
|
|
|
# Function to cleanup temporary directory on exit
|
|
cleanup() {
|
|
rm -rf "$temp"
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
# Generate SSH keys
|
|
ssh-keygen -f $temp/"$host" -t ed25519 -N ""
|
|
ssh-keygen -f $temp/"$host"-init -t ed25519 -N ""
|
|
|
|
ls $temp
|
|
|
|
# add folder
|
|
echo "$pw" | keepassxc-cli mkdir $dbpath hosts/$host
|
|
|
|
# add entries
|
|
echo "$pw" | keepassxc-cli add $dbpath hosts/$host/sshkey
|
|
echo "$pw" | keepassxc-cli add $dbpath hosts/$host/sshkey-init
|
|
echo "$pw" | keepassxc-cli add -glUn -L 20 $dbpath hosts/$host/encryption
|
|
|
|
# Import keys
|
|
echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey private "$temp/$host"
|
|
echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey public "$temp/$host.pub"
|
|
|
|
# Import init keys
|
|
echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey-init private "$temp/$host-init"
|
|
echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey-init public "$temp/$host-init.pub"
|
|
|
|
|
|
|
|
# Info
|
|
echo
|
|
echo "Hier ist der age public key für sops etc:"
|
|
echo "$(ssh-to-age -i $temp/$host.pub)"
|
|
echo
|
|
echo "Hier ist eine reproduzierbare mac-addresse:"
|
|
echo "$host"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
|
|
|
|
exit 0
|
|
|
|
else
|
|
echo
|
|
echo "Add a new host to the DB and generate ssh keys and encryption key."
|
|
echo "Usage: $0 [list|add]"
|
|
exit 1
|
|
fi |