Check for existing secrets and create them more granularly

This allows an user to delete only the lnd certs for example and
run nix-shell to recreate them, leaving other secrets intact.
This commit is contained in:
Ștefan D. Mihăilă 2019-08-22 19:23:53 +02:00
parent d6f961db89
commit 5a2517b926
No known key found for this signature in database
GPG Key ID: 6220AD7846220A52

View File

@ -2,33 +2,40 @@
SECRETSFILE=secrets/secrets.nix SECRETSFILE=secrets/secrets.nix
if [ -e "$SECRETSFILE" ]; then if [ ! -e "$SECRETSFILE" ]; then
echo $SECRETSFILE already exists. No new secrets were generated. echo Write secrets to $SECRETSFILE
exit 1 {
echo \{
echo " bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo " lnd-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo " lightning-charge-api-token = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo " liquidrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo " spark-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo \}
} >> $SECRETSFILE
echo Done
else
echo $SECRETSFILE already exists. Skipping.
fi fi
echo Write secrets to $SECRETSFILE if [ ! -e secrets/nginx.key ] || [ ! -e secrets/nginx.cert ]; then
{ echo Generate Nginx Self-Signed Cert
echo \{ openssl genrsa -out secrets/nginx.key 2048
echo " bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" openssl req -new -key secrets/nginx.key -out secrets/nginx.csr -subj "/C=KN"
echo " lnd-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" openssl x509 -req -days 1825 -in secrets/nginx.csr -signkey secrets/nginx.key -out secrets/nginx.cert
echo " lightning-charge-api-token = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" rm secrets/nginx.csr
echo " liquidrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" echo Done
echo " spark-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" else
echo \} echo Nginx Cert already exists. Skipping.
} >> $SECRETSFILE fi
echo Done
echo Generate Self-Signed Cert if [ ! -e secrets/lnd.key ] || [ ! -e secrets/lnd.cert ]; then
openssl genrsa -out secrets/nginx.key 2048 echo Generate LND compatible TLS Cert
openssl req -new -key secrets/nginx.key -out secrets/nginx.csr -subj "/C=KN" openssl ecparam -genkey -name prime256v1 -out secrets/lnd.key
openssl x509 -req -days 1825 -in secrets/nginx.csr -signkey secrets/nginx.key -out secrets/nginx.cert openssl req -config secrets/openssl.cnf -new -sha256 -key secrets/lnd.key -out secrets/lnd.csr -subj '/CN=localhost/O=lnd'
rm secrets/nginx.csr openssl req -config secrets/openssl.cnf -x509 -sha256 -days 1825 -key secrets/lnd.key -in secrets/lnd.csr -out secrets/lnd.cert
echo Done rm secrets/lnd.csr
echo Done
echo Generate LND compatible TLS Cert else
openssl ecparam -genkey -name prime256v1 -out secrets/lnd.key echo LND cert already exists. Skipping.
openssl req -config secrets/openssl.cnf -new -sha256 -key secrets/lnd.key -out secrets/lnd.csr -subj '/CN=localhost/O=lnd' fi
openssl req -config secrets/openssl.cnf -x509 -sha256 -days 1825 -key secrets/lnd.key -in secrets/lnd.csr -out secrets/lnd.cert
rm secrets/lnd.csr
echo Done