Check for existing secrets and create them more granularly
This allows an user to delete only the lnd certs for example and run nix-shell to recreate them, leaving other secrets intact.
This commit is contained in:
parent
d6f961db89
commit
5a2517b926
@ -2,33 +2,40 @@
|
|||||||
|
|
||||||
SECRETSFILE=secrets/secrets.nix
|
SECRETSFILE=secrets/secrets.nix
|
||||||
|
|
||||||
if [ -e "$SECRETSFILE" ]; then
|
if [ ! -e "$SECRETSFILE" ]; then
|
||||||
echo $SECRETSFILE already exists. No new secrets were generated.
|
echo Write secrets to $SECRETSFILE
|
||||||
exit 1
|
{
|
||||||
|
echo \{
|
||||||
|
echo " bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
|
||||||
|
echo " lnd-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
|
||||||
|
echo " lightning-charge-api-token = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
|
||||||
|
echo " liquidrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
|
||||||
|
echo " spark-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
|
||||||
|
echo \}
|
||||||
|
} >> $SECRETSFILE
|
||||||
|
echo Done
|
||||||
|
else
|
||||||
|
echo $SECRETSFILE already exists. Skipping.
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo Write secrets to $SECRETSFILE
|
if [ ! -e secrets/nginx.key ] || [ ! -e secrets/nginx.cert ]; then
|
||||||
{
|
echo Generate Nginx Self-Signed Cert
|
||||||
echo \{
|
openssl genrsa -out secrets/nginx.key 2048
|
||||||
echo " bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
|
openssl req -new -key secrets/nginx.key -out secrets/nginx.csr -subj "/C=KN"
|
||||||
echo " lnd-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
|
openssl x509 -req -days 1825 -in secrets/nginx.csr -signkey secrets/nginx.key -out secrets/nginx.cert
|
||||||
echo " lightning-charge-api-token = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
|
rm secrets/nginx.csr
|
||||||
echo " liquidrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
|
echo Done
|
||||||
echo " spark-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
|
else
|
||||||
echo \}
|
echo Nginx Cert already exists. Skipping.
|
||||||
} >> $SECRETSFILE
|
fi
|
||||||
echo Done
|
|
||||||
|
|
||||||
echo Generate Self-Signed Cert
|
if [ ! -e secrets/lnd.key ] || [ ! -e secrets/lnd.cert ]; then
|
||||||
openssl genrsa -out secrets/nginx.key 2048
|
echo Generate LND compatible TLS Cert
|
||||||
openssl req -new -key secrets/nginx.key -out secrets/nginx.csr -subj "/C=KN"
|
openssl ecparam -genkey -name prime256v1 -out secrets/lnd.key
|
||||||
openssl x509 -req -days 1825 -in secrets/nginx.csr -signkey secrets/nginx.key -out secrets/nginx.cert
|
openssl req -config secrets/openssl.cnf -new -sha256 -key secrets/lnd.key -out secrets/lnd.csr -subj '/CN=localhost/O=lnd'
|
||||||
rm secrets/nginx.csr
|
openssl req -config secrets/openssl.cnf -x509 -sha256 -days 1825 -key secrets/lnd.key -in secrets/lnd.csr -out secrets/lnd.cert
|
||||||
echo Done
|
rm secrets/lnd.csr
|
||||||
|
echo Done
|
||||||
echo Generate LND compatible TLS Cert
|
else
|
||||||
openssl ecparam -genkey -name prime256v1 -out secrets/lnd.key
|
echo LND cert already exists. Skipping.
|
||||||
openssl req -config secrets/openssl.cnf -new -sha256 -key secrets/lnd.key -out secrets/lnd.csr -subj '/CN=localhost/O=lnd'
|
fi
|
||||||
openssl req -config secrets/openssl.cnf -x509 -sha256 -days 1825 -key secrets/lnd.key -in secrets/lnd.csr -out secrets/lnd.cert
|
|
||||||
rm secrets/lnd.csr
|
|
||||||
echo Done
|
|
||||||
|
Loading…
Reference in New Issue
Block a user