Automatically generate keys and add into hiera secret config at newnode

2 files changed, 23 insertions, 2 deletions

diff --git a/share/config/puppet/secrets/nodo.example.org.yaml b/share/config/puppet/secrets/nodo.example.org.yaml
index 68b11e1..b2242bd 100644
--- a/share/config/puppet/secrets/nodo.example.org.yaml
+++ b/share/config/puppet/secrets/nodo.example.org.yaml
@@ -2,5 +2,7 @@
 #
 # Backup
 #
-nodo::subsystem::backup::encryptkey : "FIXME"
-nodo::subsystem::backup::password   : 'FIXME using hiera-eyaml'
+# Example config:
+#
+#   nodo::subsystem::backup::encryptkey : "FIXME"
+#   nodo::subsystem::backup::password   : 'FIXME using hiera-eyaml'
diff --git a/share/hydra/newnode b/share/hydra/newnode
index 9926a71..96861f6 100755
--- a/share/hydra/newnode
+++ b/share/hydra/newnode
@@ -77,6 +77,25 @@ fi
 mkdir -p $HYDRA_FOLDER/puppet/config/secrets/node
 cp $YAML $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
 
+# Generate keys
+hydra $HYDRA newkeys all $NODE
+
+# Add OpenPGP key ID into secret node config
+KEYID="`keyringer $HYDRA decrypt nodes/$NODE/gpg/key.pub 2> /dev/null | gpg --with-colons 2> /dev/null | grep ^pub: | cut -d : -f 5`"
+echo "nodo::subsystem::backup::encryptkey: '$KEYID\"" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+
+echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+
+# Add OpenPGP passphrase into secret node config
+keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd | \
+hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+
+echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yam
+
+# Add Borg passphrase into secret node config
+keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd | \
+hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+
 # Add to git
 (
   cd $HYDRA_FOLDER/puppet