47 lines
1 KiB
Bash
Executable file
47 lines
1 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
|
|
set -euxo pipefail
|
|
|
|
SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
|
|
host_ca_key="${SCRIPT_DIR}/ssh_certs/host_ca"
|
|
user_ca_pub="${SCRIPT_DIR}/ssh_certs/user_ca.pub"
|
|
|
|
if [ ! -f "${host_ca_key}" ]
|
|
then
|
|
echo "Host CA key not found."
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -f "${user_ca_pub}" ]
|
|
then
|
|
echo "Public User CA key not found."
|
|
exit 1
|
|
fi
|
|
|
|
temp=$(mktemp -d)
|
|
|
|
cleanup() {
|
|
rm -rf "${temp}"
|
|
}
|
|
# trap cleanup EXIT
|
|
|
|
host_type=$1
|
|
hostname=$2
|
|
extra_names=${3:-}
|
|
|
|
principal_names="${hostname}"
|
|
|
|
if [ ! -z "${extra_names}" ]
|
|
then
|
|
principal_names="${principal_names},${extra_names}"
|
|
fi
|
|
|
|
install -d -m755 "${temp}/persisted/etc/ssh"
|
|
ssh-keygen -t ed25519 -f "${temp}/persisted/etc/ssh/ssh_host_ed25519_key" -C '' -N ''
|
|
ssh-keygen -s ${host_ca_key} -I ${hostname} -h -n "${principal_names}" -V +52w "${temp}/persisted/etc/ssh/ssh_host_ed25519_key.pub"
|
|
|
|
cp "${user_ca_pub}" "${temp}/persisted/etc/ssh/user_cas.pub"
|
|
|
|
echo "${temp}"
|
|
|
|
#nix run github:nix-community/nixos-anywhere -- --extra-files "${temp}" --flake .#${host_type} --target-host root@${hostname}
|