diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2018-05-23 14:15:02 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2018-05-23 14:15:02 -0300 |
| commit | bf85e9d8e4d396e1c4243594e5ece0ee0f7d8347 (patch) | |
| tree | d1851829a44c1b1bba7a6ccd203227ef29095246 | |
| parent | e2f6a5519ee72f4dd0a45ce3de90206adf7f5eca (diff) | |
| download | hydra-bf85e9d8e4d396e1c4243594e5ece0ee0f7d8347.tar.gz hydra-bf85e9d8e4d396e1c4243594e5ece0ee0f7d8347.tar.bz2 | |
Generate borg keys for nodes
| -rwxr-xr-x | share/hydra/newkeys | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/share/hydra/newkeys b/share/hydra/newkeys index 31e5ee4..88b68eb 100755 --- a/share/hydra/newkeys +++ b/share/hydra/newkeys @@ -39,6 +39,7 @@ function hydra_newkeys { node="`hydra_get_fqdn_from_nodename $node`" sshkey="$HYDRA_FOLDER/keyring/keys/nodes/$node/ssh/id_rsa.asc" gpgkey="$HYDRA_FOLDER/keyring/keys/nodes/$node/gpg/key.asc" + borgkey="$HYDRA_FOLDER/keyring/keys/nodes/$node/borg/key.asc" if [ "$which" == "all" ]; then hydra_genpairs ssh $node @@ -51,14 +52,57 @@ function hydra_newkeys { if [ ! -e "$gpgkey" ]; then hydra_genpairs openpgp $node fi + + if [ ! -e "$borgkey" ]; then + hydra_newkeys_borg $node + fi elif [ "$which" == "ssh" ]; then hydra_genpairs ssh $node elif [ "$which" == "openpgp" ]; then hydra_genpairs openpgp $node + elif [ ! -e "$borg" ]; then + hydra_newkeys_borg $node fi done } +function hydra_newkeys_borg { + # Check for borg + if ! which borg &> /dev/null; then + echo "Please install borgbackup to be able to generate borg keys" + return 1 + fi + + # Set working folder + hydra_set_tmpfile hydra.newkeys.borg -d + mkdir -p $TMPWORK/keys + + # Set password + # BORG_PASSCOMMAND is supported only on recent borg + #read -s -rep "Borg key password: " password + #export BORG_PASSCOMMAND='keyringer $HYDRA decrypt nodes/$node/borg/key.passwd 2> /dev/nul' + keyringer $HYDRA pwgen nodes/$node/borg/key.passwd + password="`keyringer $HYDRA decrypt nodes/$node/borg/key.passwd 2> /dev/null`" + export BORG_PASSPHRASE="$password" + + # Set borg parameters + export BORG_CONFIG_DIR="$TMPWORK" + export BORG_KEY_FILE="$TMPWORK/keys/key" + + # Create key + borg init --encryption=keyfile $TMPWORK/repo + + # Encrypt key + cat $BORG_KEY_FILE | keyringer $HYDRA encrypt nodes/$node/borg/key + + # Cleanup + if which wipe &> /dev/null; then + wipe -rf $TMPWORK + else + rm -rf $TMPWORK + fi +} + function hydra_genpairs { BASEDIR="/tmp" |