aboutsummaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2018-05-23 15:06:44 -0300
committerSilvio Rhatto <rhatto@riseup.net>2018-05-23 15:06:44 -0300
commit906b6cabbcd5d507ac96cc79e62d394d5e5011e1 (patch)
tree3dd3d1209d5920ee7211c6bbf1e63dac709119ad /share
parent798fd12e1bea97defb1a742957f6ca34815169b3 (diff)
downloadhydra-906b6cabbcd5d507ac96cc79e62d394d5e5011e1.tar.gz
hydra-906b6cabbcd5d507ac96cc79e62d394d5e5011e1.tar.bz2
Automatically generate keys and add into hiera secret config at newnode
Diffstat (limited to 'share')
-rw-r--r--share/config/puppet/secrets/nodo.example.org.yaml6
-rwxr-xr-xshare/hydra/newnode19
2 files changed, 23 insertions, 2 deletions
diff --git a/share/config/puppet/secrets/nodo.example.org.yaml b/share/config/puppet/secrets/nodo.example.org.yaml
index 68b11e1..b2242bd 100644
--- a/share/config/puppet/secrets/nodo.example.org.yaml
+++ b/share/config/puppet/secrets/nodo.example.org.yaml
@@ -2,5 +2,7 @@
#
# Backup
#
-nodo::subsystem::backup::encryptkey : "FIXME"
-nodo::subsystem::backup::password : 'FIXME using hiera-eyaml'
+# Example config:
+#
+# nodo::subsystem::backup::encryptkey : "FIXME"
+# nodo::subsystem::backup::password : 'FIXME using hiera-eyaml'
diff --git a/share/hydra/newnode b/share/hydra/newnode
index 9926a71..96861f6 100755
--- a/share/hydra/newnode
+++ b/share/hydra/newnode
@@ -77,6 +77,25 @@ fi
mkdir -p $HYDRA_FOLDER/puppet/config/secrets/node
cp $YAML $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+# Generate keys
+hydra $HYDRA newkeys all $NODE
+
+# Add OpenPGP key ID into secret node config
+KEYID="`keyringer $HYDRA decrypt nodes/$NODE/gpg/key.pub 2> /dev/null | gpg --with-colons 2> /dev/null | grep ^pub: | cut -d : -f 5`"
+echo "nodo::subsystem::backup::encryptkey: '$KEYID\"" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+
+echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+
+# Add OpenPGP passphrase into secret node config
+keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd | \
+hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+
+echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yam
+
+# Add Borg passphrase into secret node config
+keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd | \
+hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+
# Add to git
(
cd $HYDRA_FOLDER/puppet