36 lines
1.1 KiB
Bash
Executable File
36 lines
1.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
echo "Generating an age key based on the new ssh_host_ed25519_key."
|
|
|
|
target_key=$(ssh-keyscan -p $ssh_port -t ssh-ed25519 "$target_destination" 2>&1 | grep ssh-ed25519 | cut -f2- -d" ")
|
|
age_key=$(nix shell nixpkgs#ssh-to-age.out -c sh -c "echo $target_key | ssh-to-age")
|
|
|
|
if grep -qv '^age1' <<<"$age_key"; then
|
|
echo "The result from generated age key does not match the expected format."
|
|
echo "Result: $age_key"
|
|
echo "Expected format: age10000000000000000000000000000000000000000000000000000000000"
|
|
exit 1
|
|
else
|
|
echo "$age_key"
|
|
fi
|
|
|
|
echo "Updating nix-secrets/.sops.yaml"
|
|
cd ../nix-secrets
|
|
|
|
SOPS_FILE=".sops.yaml"
|
|
sed -i "{
|
|
# Remove any * and & entries for this host
|
|
/[*&]$target_hostname/ d;
|
|
# Inject a new age: entry
|
|
# n matches the first line following age: and p prints it, then we transform it while reusing the spacing
|
|
/age:/{n; p; s/\(.*- \*\).*/\1$target_hostname/};
|
|
# Inject a new hosts: entry
|
|
/&hosts:/{n; p; s/\(.*- &\).*/\1$target_hostname $age_key/}
|
|
}" $SOPS_FILE
|
|
|
|
echo "Updating nix-secrets/.sops.yaml"
|
|
cd -
|
|
just rekey
|
|
|
|
echo "Updating flake lock on source machine with new .sops.yaml info"
|
|
nix flake lock --update-input nix-secrets
|