Review shell scripts
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
@@ -1,13 +1,13 @@
|
||||
SOURCE_FILE=$(realpath -m "$1")
|
||||
TARGET_FILE=$(realpath -m "$2")
|
||||
source=$(realpath -m "$1")
|
||||
target=$(realpath -m "$2")
|
||||
|
||||
if [[ -f "${TARGET_FILE}" ]]; then
|
||||
TEMP_FILE=$(mktemp)
|
||||
awk -F '=' 'NR==FNR{a[$1]=$0;next}($1 in a){$0=a[$1]}1' "${SOURCE_FILE}" "${TARGET_FILE}" > "${TEMP_FILE}"
|
||||
mv "${TEMP_FILE}" "${TARGET_FILE}"
|
||||
if [[ -f "$target" ]]; then
|
||||
temp=$(mktemp)
|
||||
awk -F '=' 'NR==FNR{a[$1]=$0;next}($1 in a){$0=a[$1]}1' "$source" "$target" > "$temp"
|
||||
mv "$temp" "$target"
|
||||
else
|
||||
mkdir -p "$(dirname "${TARGET_FILE}")"
|
||||
cp "${SOURCE_FILE}" "${TARGET_FILE}"
|
||||
mkdir -p "$(dirname "$target")"
|
||||
cp "$source" "$target"
|
||||
fi
|
||||
|
||||
echo "Configuration file ${TARGET_FILE} has been updated."
|
||||
echo "Configuration file $target has been updated."
|
||||
|
||||
@@ -9,24 +9,24 @@ if [[ "$#" -ne 2 ]]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
HOST="$1"
|
||||
host="$1"
|
||||
|
||||
mkdir -p "./hosts/${HOST}/secrets"
|
||||
mkdir -p "./hosts/$host/secrets"
|
||||
|
||||
ssh-keygen -t ed25519 -f "./hosts/${HOST}/secrets/ssh_host_ed25519_key" -N ""
|
||||
ssh-keygen -t ed25519 -f "./hosts/$host/secrets/ssh_host_ed25519_key" -N ""
|
||||
|
||||
AGE_KEY=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/${HOST}/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
|
||||
age_key=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/$host/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
|
||||
|
||||
find . -type f -name "sops.yaml" | while IFS= read -r SOPS_FILE; do
|
||||
sed -i "/- hosts:/a\ - &${HOST} ${AGE_KEY}" "${SOPS_FILE}"
|
||||
sed -i "/- age:/a\ - *${HOST}" "${SOPS_FILE}"
|
||||
find . -type f -name "sops.yaml" | while IFS= read -r sops_file; do
|
||||
sed -i "/- hosts:/a\ - &$host $age_key" "$sops_file"
|
||||
sed -i "/- age:/a\ - *$host" "$sops_file"
|
||||
done
|
||||
|
||||
sed -i "/knownHosts = {/a\ ${HOST}.publicKeyFile = ../../../../${HOST}/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/configs/system/ssh/default.nix
|
||||
sed -i "/userKnownHostsFile = lib.strings.concatStringsSep \" \" \[/a\ ../../../../../${HOST}/secrets/ssh_host_ed25519_key.pub" ./hosts/common/configs/user/console/ssh/default.nix
|
||||
sed -i "/knownHosts = {/a\ $host.publicKeyFile = ../../../../$host/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/configs/system/ssh/default.nix
|
||||
sed -i "/userKnownHostsFile = lib.strings.concatStringsSep \" \" \[/a\ ../../../../../$host/secrets/ssh_host_ed25519_key.pub" ./hosts/common/configs/user/console/ssh/default.nix
|
||||
|
||||
"$(dirname "$0")/update-keys.sh" "$2"
|
||||
|
||||
echo "Host ${HOST} has been successfully added."
|
||||
echo "Host $host has been successfully added."
|
||||
echo "You can generate SSH key pairs for any users that need to connect to user@host using the following command:"
|
||||
echo "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_${HOST}_<user>"
|
||||
echo "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_$host_<user>"
|
||||
|
||||
@@ -9,21 +9,21 @@ if [[ "$#" -ne 2 ]]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
HOST="$1"
|
||||
host="$1"
|
||||
|
||||
AGE_KEY=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/${HOST}/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
|
||||
age_key=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/$host/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
|
||||
|
||||
find . -type f -name "sops.yaml" | while IFS= read -r SOPS_FILE; do
|
||||
sed -i "/ - &${HOST} ${AGE_KEY}/d" "${SOPS_FILE}"
|
||||
sed -i "/ - \*${HOST}/d" "${SOPS_FILE}"
|
||||
find . -type f -name "sops.yaml" | while IFS= read -r sops_file; do
|
||||
sed -i "/ - &$host $age_key/d" "$sops_file"
|
||||
sed -i "/ - \*$host/d" "$sops_file"
|
||||
done
|
||||
|
||||
sed -i "/${HOST}/d" ./hosts/common/configs/system/ssh/default.nix
|
||||
sed -i "/${HOST}/d" ./hosts/common/configs/user/console/ssh/default.nix
|
||||
sed -i "/$host/d" ./hosts/common/configs/system/ssh/default.nix
|
||||
sed -i "/$host/d" ./hosts/common/configs/user/console/ssh/default.nix
|
||||
|
||||
"$(dirname "$0")/update-keys.sh" "$2"
|
||||
|
||||
rm -rf "./hosts/${HOST}"
|
||||
rm -rf "./hosts/$host"
|
||||
|
||||
echo "Host ${HOST} has been successfully removed."
|
||||
echo "Host $host has been successfully removed."
|
||||
echo "Please remove SSH key pairs for any users that used to connect to this host."
|
||||
|
||||
@@ -11,13 +11,13 @@ fi
|
||||
|
||||
export SOPS_AGE_KEY_FILE="$1"
|
||||
|
||||
find . -type f -name 'sops.yaml' | while IFS= read -r SOPS_FILE; do
|
||||
dir=$(dirname "${SOPS_FILE}")
|
||||
echo "${dir}"
|
||||
find "${dir}" -maxdepth 1 -type f -regextype posix-extended \
|
||||
find . -type f -name 'sops.yaml' | while IFS= read -r sops_file; do
|
||||
dir=$(dirname "$sops_file")
|
||||
echo "$dir"
|
||||
find "$dir" -maxdepth 1 -type f -regextype posix-extended \
|
||||
-regex '.+\.(yaml|yml|json|env|ini|bin)' \
|
||||
! -name 'sops.yaml' | while IFS= read -r file; do
|
||||
echo "${file}"
|
||||
nix shell nixpkgs#sops --command sops --config "${SOPS_FILE}" updatekeys "${file}" -y
|
||||
echo "$file"
|
||||
nix shell nixpkgs#sops --command sops --config "$sops_file" updatekeys "$file" -y
|
||||
done
|
||||
done
|
||||
|
||||
Reference in New Issue
Block a user