36 lines
1.4 KiB
Bash
Executable File
36 lines
1.4 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
# Simple script to bootstrap making secrets encryption keys etc
|
|
|
|
echo "Please input usbkey absolute directory path:"
|
|
read USBKEYSLOCATION_INPUT
|
|
echo "Please input ansible configuration absolute directory path (Path that this script is parent of):"
|
|
read ANSIBLECONF_DIR_INPUT
|
|
USBKEYSLOCATION=$(realpath $USBKEYSLOCATION_INPUT)
|
|
ANSIBLECONF_DIR=$(realpath $ANSIBLECONF_DIR_INPUT)
|
|
|
|
echo Checking if path $USBKEYSLOCATION exists...
|
|
if [ ! -d $USBKEYSLOCATION ]; then
|
|
echo USB Directory Path provided does not exist!
|
|
exit 1
|
|
fi
|
|
if [ ! -d $ANSIBLECONF_DIR ]; then
|
|
echo Ansible Directory Path provided does not exist!
|
|
exit 1
|
|
fi
|
|
if [ ! -f $ANSIBLECONF_DIR/serversecrets.enc ]; then
|
|
echo Server secrets does not exist yet! Please copy/edit the serversecrets.example configuration.
|
|
exit 1
|
|
fi
|
|
|
|
echo Path $USBKEYSLOCATION exists! Proceeding...
|
|
echo Now proceeding to generate server/service secret encryption keys...
|
|
mkdir -p $USBKEYSLOCATION/$(hostname)
|
|
openssl rand -base64 1390 > $USBKEYSLOCATION/$(hostname)/serversecrets
|
|
openssl rand -base64 1390 > $USBKEYSLOCATION/$(hostname)/servicesecrets
|
|
|
|
echo Now proceeding to encrypt the serversecrets file...
|
|
ansible-vault encrypt $ANSIBLECONF_DIR/serversecrets.enc --vault-password-file $USBKEYSLOCATION/$(hostname)/serversecrets
|
|
|
|
ansible-playbook -e @$ANSIBLECONF_DIR/serversecrets.enc --vault-password-file $USBKEYSLOCATION/$(hostname)/serversecrets $ANSIBLECONFI_DIR/server-setup.yml;
|