kalipso/infrastructure
1
1
Fork 1
Code Issues 43 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

[sops] change reproducible secrets file structure

Browse Source
This commit is contained in:
kalipso
2025-02-22 19:10:44 +01:00
parent f4544b1b90
commit 21cb9ece11
4 changed files with 22 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/remote-install-encrypt.sh
View File

@@ -25,7 +25,9 @@ fi
hostname=$1
ipaddress=$2
pwpath="machines/secrets/keys/itag"
pwpath="machines/$hostname/secrets"
hostkey="ssh_host_ed25519_key"
initrdkey="initrd_ed25519_key"
# Create a temporary directory
temp=$(mktemp -d)
@@ -40,13 +42,13 @@ trap cleanup EXIT
install -d -m755 "$temp/etc/ssh/"
install -d -m755 "$temp/root/"
diskKey=$(sops -d $pwpath/$hostname/disk.key)
diskKey=$(sops -d $pwpath/disk.key)
echo "$diskKey" > /tmp/secret.key
echo "$diskKey" > $temp/root/secret.key
sops -d "$pwpath/$hostname/$hostname" > "$temp/etc/ssh/$hostname"
sops -d "$pwpath/$hostkey" > "$temp/etc/ssh/$hostname"
sopd -d "$pwpath/$hostname/$hostname"-init > "$temp/etc/ssh/initrd"
sopd -d "$pwpath/$initrdkey" > "$temp/etc/ssh/initrd"
# # Set the correct permissions so sshd will accept the key
chmod 600 "$temp/etc/ssh/$hostname"
@@ -62,4 +64,4 @@ if [ $# = 3 ]
else
nix run github:numtide/nixos-anywhere -- --extra-files "$temp" \
--disk-encryption-keys /tmp/secret.key /tmp/secret.key --flake .#$hostname root@$ipaddress
fi
fi