From bf85e9d8e4d396e1c4243594e5ece0ee0f7d8347 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Wed, 23 May 2018 14:15:02 -0300
Subject: Generate borg keys for nodes

---
 share/hydra/newkeys | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/share/hydra/newkeys b/share/hydra/newkeys
index 31e5ee4..88b68eb 100755
--- a/share/hydra/newkeys
+++ b/share/hydra/newkeys
@@ -39,6 +39,7 @@ function hydra_newkeys {
     node="`hydra_get_fqdn_from_nodename $node`"
     sshkey="$HYDRA_FOLDER/keyring/keys/nodes/$node/ssh/id_rsa.asc"
     gpgkey="$HYDRA_FOLDER/keyring/keys/nodes/$node/gpg/key.asc"
+    borgkey="$HYDRA_FOLDER/keyring/keys/nodes/$node/borg/key.asc"
 
     if [ "$which" == "all" ]; then
       hydra_genpairs ssh     $node
@@ -51,14 +52,57 @@ function hydra_newkeys {
       if [ ! -e "$gpgkey" ]; then
         hydra_genpairs openpgp $node
       fi
+
+      if [ ! -e "$borgkey" ]; then
+        hydra_newkeys_borg $node
+      fi
     elif [ "$which" == "ssh" ]; then
       hydra_genpairs ssh $node
     elif [ "$which" == "openpgp" ]; then
       hydra_genpairs openpgp $node
+    elif [ ! -e "$borg" ]; then
+      hydra_newkeys_borg $node
     fi
   done
 }
 
+function hydra_newkeys_borg {
+  # Check for borg
+  if ! which borg &> /dev/null; then
+    echo "Please install borgbackup to be able to generate borg keys"
+    return 1
+  fi
+
+  # Set working folder
+  hydra_set_tmpfile hydra.newkeys.borg -d
+  mkdir -p $TMPWORK/keys
+
+  # Set password
+  # BORG_PASSCOMMAND is supported only on recent borg
+  #read -s -rep "Borg key password: " password
+  #export BORG_PASSCOMMAND='keyringer $HYDRA decrypt nodes/$node/borg/key.passwd 2> /dev/nul'
+  keyringer $HYDRA pwgen nodes/$node/borg/key.passwd
+  password="`keyringer $HYDRA decrypt nodes/$node/borg/key.passwd 2> /dev/null`"
+  export BORG_PASSPHRASE="$password"
+
+  # Set borg parameters
+  export BORG_CONFIG_DIR="$TMPWORK"
+  export BORG_KEY_FILE="$TMPWORK/keys/key"
+
+  # Create key
+  borg init --encryption=keyfile $TMPWORK/repo
+
+  # Encrypt key
+  cat $BORG_KEY_FILE | keyringer $HYDRA encrypt nodes/$node/borg/key
+
+  # Cleanup
+  if which wipe &> /dev/null; then
+    wipe -rf $TMPWORK
+  else
+    rm -rf $TMPWORK
+  fi
+}
+
 function hydra_genpairs {
   BASEDIR="/tmp"
 
-- 
cgit v1.2.3