greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check for existing secrets and create them more granularly

Browse Source 
This allows an user to delete only the lnd certs for example and
run nix-shell to recreate them, leaving other secrets intact.
This commit is contained in:
Ștefan D. Mihăilă 2019-08-22 19:23:53 +02:00
parent d6f961db89
commit 5a2517b926
No known key found for this signature in database
GPG Key ID: 6220AD7846220A52
1 changed files with 34 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
secrets/generate_secrets.sh
View File

@ -2,33 +2,40 @@
SECRETSFILE=secrets/secrets.nix SECRETSFILE=secrets/secrets.nix
if [ -e "$SECRETSFILE" ]; then if [ ! -e "$SECRETSFILE" ]; then
echo $SECRETSFILE already exists. No new secrets were generated. echo Write secrets to $SECRETSFILE
exit 1 {
echo \{
echo " bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo " lnd-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo " lightning-charge-api-token = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo " liquidrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo " spark-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo \}
} >> $SECRETSFILE
echo Done
else
echo $SECRETSFILE already exists. Skipping.
fi fi
echo Write secrets to $SECRETSFILE if [ ! -e secrets/nginx.key ] || [ ! -e secrets/nginx.cert ]; then
{ echo Generate Nginx Self-Signed Cert
echo \{ openssl genrsa -out secrets/nginx.key 2048
echo " bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" openssl req -new -key secrets/nginx.key -out secrets/nginx.csr -subj "/C=KN"
echo " lnd-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" openssl x509 -req -days 1825 -in secrets/nginx.csr -signkey secrets/nginx.key -out secrets/nginx.cert
echo " lightning-charge-api-token = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" rm secrets/nginx.csr
echo " liquidrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" echo Done
echo " spark-wallet-password = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" else
echo \} echo Nginx Cert already exists. Skipping.
} >> $SECRETSFILE fi
echo Done
echo Generate Self-Signed Cert if [ ! -e secrets/lnd.key ] || [ ! -e secrets/lnd.cert ]; then
openssl genrsa -out secrets/nginx.key 2048 echo Generate LND compatible TLS Cert
openssl req -new -key secrets/nginx.key -out secrets/nginx.csr -subj "/C=KN" openssl ecparam -genkey -name prime256v1 -out secrets/lnd.key
openssl x509 -req -days 1825 -in secrets/nginx.csr -signkey secrets/nginx.key -out secrets/nginx.cert openssl req -config secrets/openssl.cnf -new -sha256 -key secrets/lnd.key -out secrets/lnd.csr -subj '/CN=localhost/O=lnd'
rm secrets/nginx.csr openssl req -config secrets/openssl.cnf -x509 -sha256 -days 1825 -key secrets/lnd.key -in secrets/lnd.csr -out secrets/lnd.cert
echo Done rm secrets/lnd.csr
echo Done
echo Generate LND compatible TLS Cert else
openssl ecparam -genkey -name prime256v1 -out secrets/lnd.key echo LND cert already exists. Skipping.
openssl req -config secrets/openssl.cnf -new -sha256 -key secrets/lnd.key -out secrets/lnd.csr -subj '/CN=localhost/O=lnd' fi
openssl req -config secrets/openssl.cnf -x509 -sha256 -days 1825 -key secrets/lnd.key -in secrets/lnd.csr -out secrets/lnd.cert
rm secrets/lnd.csr
echo Done