greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check for existing secrets and create them more granularly

Browse Source 
This allows an user to delete only the lnd certs for example and
run nix-shell to recreate them, leaving other secrets intact.
This commit is contained in:
Ștefan D. Mihăilă 2019-08-22 19:23:53 +02:00
parent d6f961db89
commit 5a2517b926
No known key found for this signature in database
GPG Key ID: 6220AD7846220A52
1 changed files with 34 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
secrets/generate_secrets.sh
View File

@ -2,13 +2,9 @@
SECRETSFILE=secrets/secrets.nix SECRETSFILE=secrets/secrets.nix
if [ -e "$SECRETSFILE" ]; then if [ ! -e "$SECRETSFILE" ]; then
echo $SECRETSFILE already exists. No new secrets were generated. echo Write secrets to $SECRETSFILE
exit 1 {
fi
echo Write secrets to $SECRETSFILE
{
echo \{ echo \{
echo " bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" echo " bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo " lnd-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" echo " lnd-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
@ -16,19 +12,30 @@ echo Write secrets to $SECRETSFILE
echo " liquidrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" echo " liquidrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo " spark-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" echo " spark-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo \} echo \}
} >> $SECRETSFILE } >> $SECRETSFILE
echo Done echo Done
else
echo $SECRETSFILE already exists. Skipping.
fi
echo Generate Self-Signed Cert if [ ! -e secrets/nginx.key ] || [ ! -e secrets/nginx.cert ]; then
openssl genrsa -out secrets/nginx.key 2048 echo Generate Nginx Self-Signed Cert
openssl req -new -key secrets/nginx.key -out secrets/nginx.csr -subj "/C=KN" openssl genrsa -out secrets/nginx.key 2048
openssl x509 -req -days 1825 -in secrets/nginx.csr -signkey secrets/nginx.key -out secrets/nginx.cert openssl req -new -key secrets/nginx.key -out secrets/nginx.csr -subj "/C=KN"
rm secrets/nginx.csr openssl x509 -req -days 1825 -in secrets/nginx.csr -signkey secrets/nginx.key -out secrets/nginx.cert
echo Done rm secrets/nginx.csr
echo Done
else
echo Nginx Cert already exists. Skipping.
fi
echo Generate LND compatible TLS Cert if [ ! -e secrets/lnd.key ] || [ ! -e secrets/lnd.cert ]; then
openssl ecparam -genkey -name prime256v1 -out secrets/lnd.key echo Generate LND compatible TLS Cert
openssl req -config secrets/openssl.cnf -new -sha256 -key secrets/lnd.key -out secrets/lnd.csr -subj '/CN=localhost/O=lnd' openssl ecparam -genkey -name prime256v1 -out secrets/lnd.key
openssl req -config secrets/openssl.cnf -x509 -sha256 -days 1825 -key secrets/lnd.key -in secrets/lnd.csr -out secrets/lnd.cert openssl req -config secrets/openssl.cnf -new -sha256 -key secrets/lnd.key -out secrets/lnd.csr -subj '/CN=localhost/O=lnd'
rm secrets/lnd.csr openssl req -config secrets/openssl.cnf -x509 -sha256 -days 1825 -key secrets/lnd.key -in secrets/lnd.csr -out secrets/lnd.cert
echo Done rm secrets/lnd.csr
echo Done
else
echo LND cert already exists. Skipping.
fi