Add script for creating new hosts

2025-02-12 19:30:10 +01:00
parent 923cbf4621
commit aedf5ca0bf
2 changed files with 78 additions and 0 deletions
--- a/outputs.nix
+++ b/outputs.nix
@@ -39,6 +39,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
        pkgs.age
        pkgs.python310Packages.grip
        pkgs.mdbook
        pkgs.keepassxc
        microvmpkg.microvm
      ];
@@ -49,6 +50,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
    legacyPackages = {
      scripts.remote-install = pkgs.writeShellScriptBin "remote-install" (builtins.readFile ./scripts/remote-install-encrypt.sh);
      scripts.boot-unlock = pkgs.writeShellScriptBin "boot-unlock" (builtins.readFile ./scripts/unlock-boot.sh);
      scripts.add-host-keys = pkgs.writeShellScriptBin "add-host-keys" (builtins.readFile ./scripts/add_new_host_keys.sh);
      scripts.run-vm = self.packages.${system}.run-vm;
    };
--- a/scripts/add_new_host_keys.sh
+++ b/scripts/add_new_host_keys.sh
@@ -0,0 +1,76 @@
 set -o errexit
 set -o pipefail
 dbpath="./machines/secrets/keys/itag.kdbx"
 if [ ! -e flake.nix ]
    then
    echo "flake.nix not found. Searching down."
    while [ ! -e flake.nix ]
        do
        if [ $PWD = "/" ]
            then
            echo "Found root. Aborting."
            exit 1
            else
            cd ..
        fi
    done
 fi
 if [ "$1" = "list" ]; then
    read -sp "Enter password for keepassxc: " pw
    echo "$pw" | keepassxc-cli ls -R $dbpath hosts
    exit 0
 elif [ "$1" = "add" ]; then
    read -p "Enter new host name: " host
    read -sp "Enter password for keepassxc: " pw
    # Create a temporary directory
    temp=$(mktemp -d)
    # Function to cleanup temporary directory on exit
    cleanup() {
    rm -rf "$temp"
    }
    trap cleanup EXIT
    # Generate SSH keys
    ssh-keygen -f $temp/"$host" -t ed25519 -N ""
    ssh-keygen -f $temp/"$host"-init -t ed25519 -N ""
    ls $temp
    # add folder
    echo "$pw" | keepassxc-cli mkdir $dbpath hosts/$host
    # add entries
    echo "$pw" | keepassxc-cli add $dbpath hosts/$host/sshkey
    echo "$pw" | keepassxc-cli add $dbpath hosts/$host/sshkey-init
    echo "$pw" | keepassxc-cli add -glUn -L 20 $dbpath hosts/$host/encryption
    # Import keys
    echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey private "$temp/$host"
    echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey public "$temp/$host.pub"
    # Import init keys
    echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey-init private "$temp/$host-init"
    echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey-init public "$temp/$host-init.pub"
    # Show entries
    echo "$pw" | keepassxc-cli show -a Title --show-attachments $dbpath hosts/$host/sshkey
    echo "$pw" | keepassxc-cli show -a Title --show-attachments $dbpath hosts/$host/sshkey-init
    # Create mac-address
    echo "Hier ist eine reproduzierbare mac-addresse:"
    echo "$host"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
    exit 0
 else
    echo
    echo "Add a new host to the DB and generate ssh keys and encryption key."
    echo "Usage: $0 [list|add]"
    exit 1
 fi