kalipso/infrastructure
1
1
Fork 1
Code Issues 43 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

Change install script to use db

Browse Source
This commit is contained in:
ahtlon
2025-02-14 07:10:09 +01:00
committed by kalipso
parent ff53ef6383
commit 6fdd5e1d0d
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
scripts/remote-install-encrypt.sh
View File

@@ -25,6 +25,9 @@ fi
hostname=$1 hostname=$1
ipaddress=$2 ipaddress=$2
dbpath="./machines/secrets/keys/itag.kdbx"
read -sp "Enter password for keepassxc: " pw
# Create a temporary directory # Create a temporary directory
temp=$(mktemp -d) temp=$(mktemp -d)
@@ -39,12 +42,13 @@ trap cleanup EXIT
install -d -m755 "$temp/etc/ssh/" install -d -m755 "$temp/etc/ssh/"
install -d -m755 "$temp/root/" install -d -m755 "$temp/root/"
diskKey=$(sops -d machines/$hostname/disk.key) diskKey=$(echo "$pw" | keepassxc-cli show -a Password $dbpath hosts/$hostname/encryption)
echo "$diskKey" > /tmp/secret.key echo "$diskKey" > /tmp/secret.key
echo "$diskKey" > $temp/root/secret.key echo "$diskKey" > $temp/root/secret.key
ssh-keygen -f $temp/etc/ssh/"$hostname" -t ed25519 -N "" echo "$pw" | keepassxc-cli attachment-export $dbpath hosts/$hostname/sshkey private "$temp/etc/ssh/$hostname"
ssh-keygen -f $temp/etc/ssh/initrd -t ed25519 -N ""
echo "$pw" | keepassxc-cli attachment-export $dbpath hosts/$hostname/sshkey-init private "$temp/etc/ssh/initrd"
# # Set the correct permissions so sshd will accept the key # # Set the correct permissions so sshd will accept the key
chmod 600 "$temp/etc/ssh/$hostname" chmod 600 "$temp/etc/ssh/$hostname"