From a354b347ff6c6274366d7746bc4240bf7e3dc215 Mon Sep 17 00:00:00 2001 From: cspark-dev Date: Wed, 26 Jun 2024 18:59:27 +0100 Subject: [PATCH] Example config changes and bootstrap file to help init system --- bootstrap.sh | 35 +++++++++++++++++++++++++++ serversecrets.example | 56 +++++++++++++++++++++---------------------- 2 files changed, 63 insertions(+), 28 deletions(-) create mode 100755 bootstrap.sh diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100755 index 0000000..7fe00b5 --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +# Simple script to bootstrap making secrets encryption keys etc + +echo "Please input usbkey absolute directory path:" +read USBKEYSLOCATION_INPUT +echo "Please input ansible configuration absolute directory path (Path that this script is parent of):" +read ANSIBLECONF_DIR_INPUT +USBKEYSLOCATION=$(realpath $USBKEYSLOCATION_INPUT) +ANSIBLECONF_DIR=$(realpath $ANSIBLECONF_DIR_INPUT) + +echo Checking if path $USBKEYSLOCATION exists... +if [ ! -d $USBKEYSLOCATION ]; then + echo USB Directory Path provided does not exist! + exit 1 +fi +if [ ! -d $ANSIBLECONF_DIR ]; then + echo Ansible Directory Path provided does not exist! + exit 1 +fi +if [ ! -f $ANSIBLECONF_DIR/serversecrets.enc ]; then + echo Server secrets does not exist yet! Please copy/edit the serversecrets.example configuration. + exit 1 +fi + +echo Path $USBKEYSLOCATION exists! Proceeding... +echo Now proceeding to generate server/service secret encryption keys... +mkdir -p $USBKEYSLOCATION/$(hostname) +openssl rand -base64 1390 > $USBKEYSLOCATION/$(hostname)/serversecrets +openssl rand -base64 1390 > $USBKEYSLOCATION/$(hostname)/servicesecrets + +echo Now proceeding to encrypt the serversecrets file... +ansible-vault encrypt $ANSIBLECONF_DIR/serversecrets.enc --vault-password-file $USBKEYSLOCATION/$(hostname)/serversecrets + +ansible-playbook -e @$ANSIBLECONF_DIR/serversecrets.enc --vault-password-file $USBKEYSLOCATION/$(hostname)/serversecrets $ANSIBLECONFI_DIR/server-setup.yml; diff --git a/serversecrets.example b/serversecrets.example index 20884d5..9ec67c9 100755 --- a/serversecrets.example +++ b/serversecrets.example @@ -7,47 +7,47 @@ ansibleconf_directory: ~/Client-Ansible-Setup # Services Directory - Where all service data and docker configuration will be deployed services_directory: /services -domain_name: ***.com +domain_name: temp.com # Primarily used in resources -proxy_server_hostname: *** -proxy_server_username: *** +proxy_server_hostname: temp +proxy_server_username: temp proxy_server_ip: 127.0.0.1 proxy_server_ssh_port: 22 proxy_server_vpn_port: 51820 # VPN Config # VPN Server Private Key -vpn_server_privkey: *** +vpn_server_privkey: temp # VPN Server Public Key -vpn_server_pubkey: *** +vpn_server_pubkey: temp # VPN Client Private Keys -mail_service_privkey: *** -git_service_privkey: *** -invidious_service_privkey: *** -searxng_service_privkey: *** -nextcloud_service_privkey: *** -chat_service_privkey: *** -minecraft_service_privkey: *** -icinga2_backend_privkey: *** -cockpit_backend_privkey: *** -user_privkey: *** +mail_service_privkey: temp +git_service_privkey: temp +invidious_service_privkey: temp +searxng_service_privkey: temp +nextcloud_service_privkey: temp +chat_service_privkey: temp +minecraft_service_privkey: temp +icinga2_backend_privkey: temp +cockpit_backend_privkey: temp +user_privkey: temp # VPN Client Public Keys -mail_service_pubkey: *** -git_service_pubkey: *** -invidious_service_pubkey: *** -searxng_service_pubkey: *** -nextcloud_service_pubkey: *** -chat_service_pubkey: *** -minecraft_service_pubkey: *** -icinga2_backend_pubkey: *** -cockpit_backend_pubkey: *** -user_pubkey: *** +mail_service_pubkey: temp +git_service_pubkey: temp +invidious_service_pubkey: temp +searxng_service_pubkey: temp +nextcloud_service_pubkey: temp +chat_service_pubkey: temp +minecraft_service_pubkey: temp +icinga2_backend_pubkey: temp +cockpit_backend_pubkey: temp +user_pubkey: temp # USB Encryption Key -usbkey_uuid: *** -usbkey_mountdir: /mnt -usbkey_keysdir: /mnt/keys +usbkey_uuid: temp +usbkey_mountdir: /media/KeyUSB +usbkey_keysdir: /media/KeyUSB/Keys