@@ -1,4 +1,5 @@
|
||||
#!/usr/bin/env -S nix shell nixpkgs#ssh-to-age -c bash
|
||||
# shellcheck shell=bash
|
||||
|
||||
set -o errexit
|
||||
set -o nounset
|
||||
@@ -15,11 +16,11 @@ mkdir -p "./hosts/$host/secrets"
|
||||
|
||||
ssh-keygen -t ed25519 -f "./hosts/$host/secrets/ssh_host_ed25519_key" -N ""
|
||||
|
||||
age_key=$(cat './hosts/$host/secrets/ssh_host_ed25519_key.pub' | ssh-to-age)
|
||||
age_key=$(ssh-to-age < "./hosts/$host/secrets/ssh_host_ed25519_key.pub")
|
||||
|
||||
find . -type f -name "sops.yaml" | while IFS= read -r sops_file; do
|
||||
sed -i "/- hosts:/a\ - &$host $age_key" "$sops_file"
|
||||
sed -i "/- age:/a\ - *$host" "$sops_file"
|
||||
sed -i "/- hosts:/a\ - &$host $age_key" "$sops_file"
|
||||
sed -i "/- age:/a\ - *$host" "$sops_file"
|
||||
done
|
||||
|
||||
sed -i "/knownHosts = {/a\ $host.publicKeyFile = ../../../../$host/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/configs/system/ssh/default.nix
|
||||
@@ -29,4 +30,4 @@ sed -i "/userKnownHostsFile = lib.strings.concatStringsSep \" \" \[/a\ ..
|
||||
|
||||
echo "Host $host has been successfully added."
|
||||
echo "You can generate SSH key pairs for any users that need to connect to user@host using the following command:"
|
||||
echo "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_$host_<user>"
|
||||
echo "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_${host}_<user>"
|
||||
|
||||
Reference in New Issue
Block a user