From a35205cbc3c65039a9fe1f9903edd324b782c44c Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sun, 12 May 2019 22:17:32 -0300
Subject: Newnodes: move all key management code into newkeys

---
 share/hydra/newkeys | 21 +++++++++++++++++++++
 share/hydra/newnode | 21 ---------------------
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/share/hydra/newkeys b/share/hydra/newkeys
index 8bc7ece..04a1f43 100755
--- a/share/hydra/newkeys
+++ b/share/hydra/newkeys
@@ -100,6 +100,14 @@ function hydra_newkeys_borg {
   # Encrypt key
   cat $BORG_KEY_FILE | keyringer $HYDRA encrypt nodes/$node/borg/key
 
+  if [ -e "$HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml" ]; then
+    # Add Borg passphrase into secret node config
+    #keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd | \
+    #hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+    PASSWORD="`keyringer $HYDRA decrypt nodes/$node/borg/key.passwd`"
+    echo -n "$PASSWORD" | hydra fluxo eyaml $node encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml
+  fi
+
   # Cleanup
   if which wipe &> /dev/null; then
     wipe -rf $TMPWORK
@@ -116,6 +124,19 @@ function hydra_genpairs {
 
   if [ "$which" == "openpgp" ]; then
     keyringer $HYDRA genpair gpg nodes/$node/gpg/key    $node
+
+    if [ -e "$HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml" ]; then
+      # Add OpenPGP key ID into secret node config
+      KEYID="`keyringer $HYDRA decrypt nodes/$node/gpg/key.pub 2> /dev/null | gpg --with-colons 2> /dev/null | grep ^pub: | cut -d : -f 5`"
+      echo "nodo::subsystem::backup::encryptkey: '$KEYID'" >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml
+
+      # Add OpenPGP passphrase into secret node config
+      # We cannot simple pipe keyringer output into hiera-eyaml otherwiser the newline after the password will be interpreted as part of the password
+      #keyringer $HYDRA decrypt nodes/$node/gpg/key.passwd | \
+      #hydra fluxo eyaml $node encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml
+      PASSWORD="`keyringer $HYDRA decrypt nodes/$node/gpg/key.passwd`"
+      echo -n "$PASSWORD" | hydra fluxo eyaml $node encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml
+    fi
   elif [ "$which" == "ssh" ]; then
     keyringer $HYDRA genpair ssh nodes/$node/ssh/id_rsa $node
   elif [ "$which" == "borg" ]; then
diff --git a/share/hydra/newnode b/share/hydra/newnode
index d087e5b..3e32d8a 100755
--- a/share/hydra/newnode
+++ b/share/hydra/newnode
@@ -84,27 +84,6 @@ cp $YAML $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
 # Generate keys
 hydra $HYDRA newkeys all $NODE
 
-# Add OpenPGP key ID into secret node config
-KEYID="`keyringer $HYDRA decrypt nodes/$NODE/gpg/key.pub 2> /dev/null | gpg --with-colons 2> /dev/null | grep ^pub: | cut -d : -f 5`"
-echo "nodo::subsystem::backup::encryptkey: '$KEYID'" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
-echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
-# Add OpenPGP passphrase into secret node config
-# We cannot simple pipe keyringer output into hiera-eyaml otherwiser the newline after the password will be interpreted as part of the password
-#keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd | \
-#hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-PASSWORD="`keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd`"
-echo -n "$PASSWORD" | hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
-echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
-# Add Borg passphrase into secret node config
-#keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd | \
-#hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-PASSWORD="`keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd`"
-echo -n "$PASSWORD" | hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
 # Ansible config
 if [ -e "$HYDRA_FOLDER/ansible/inventories/production/hosts" ]; then
   echo "$NODE" >> $HYDRA_FOLDER/ansible/inventories/production/hosts
-- 
cgit v1.2.3