33
lib/scripts/add-host.sh
Executable file
33
lib/scripts/add-host.sh
Executable file
@@ -0,0 +1,33 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -o errexit
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
if [[ "$#" -ne 2 ]]; then
|
||||
echo "Usage: $0 <host> <sops-master-key>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
HOST="$1"
|
||||
|
||||
mkdir -p "./hosts/${HOST}/secrets"
|
||||
|
||||
ssh-keygen -t ed25519 -f "./hosts/${HOST}/secrets/ssh_host_ed25519_key" -N ""
|
||||
|
||||
AGE_KEY=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/${HOST}/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
|
||||
|
||||
for SOPS_FILE in $(find . -type f -name "sops.yaml"); do
|
||||
sed -i "/- hosts:/a\ - &${HOST} ${AGE_KEY}" "${SOPS_FILE}"
|
||||
sed -i "/- age:/a\ - *${HOST}" "${SOPS_FILE}"
|
||||
done
|
||||
|
||||
sed -i "/knownHosts = {/a\ ${HOST}.publicKeyFile = ../../../../${HOST}/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/system/configs/ssh/default.nix
|
||||
sed -i "/userKnownHostsFile = lib.strings.concatStringsSep " " [/a\ \${../../../../../${HOST}/secrets/ssh_host_ed25519_key.pub}" ./hosts/common/user/configs/console/ssh/default.nix
|
||||
|
||||
"$(dirname "$0")/update-keys.sh" "$2"
|
||||
|
||||
echo "Host ${HOST} has been successfully added."
|
||||
echo "Please generate SSH key pairs for any users that need to connect to user@host."
|
||||
echo "Use the following command:"
|
||||
echo "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_${HOST}_<user>"
|
||||
Reference in New Issue
Block a user