greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check for existing secrets and create them more granularly

Browse Source 
This allows an user to delete only the lnd certs for example and
run nix-shell to recreate them, leaving other secrets intact.
This commit is contained in:
Ștefan D. Mihăilă 2019-08-22 19:23:53 +02:00
parent d6f961db89
commit 5a2517b926
No known key found for this signature in database
GPG Key ID: 6220AD7846220A52
1 changed files with 34 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
secrets/generate_secrets.sh
View File

@ -2,11 +2,7 @@
SECRETSFILE=secrets/secrets.nix
if [ -e "$SECRETSFILE" ]; then
echo $SECRETSFILE already exists. No new secrets were generated.
exit 1
fi
if [ ! -e "$SECRETSFILE" ]; then
echo Write secrets to $SECRETSFILE
{
echo \{
@ -18,17 +14,28 @@ echo Write secrets to $SECRETSFILE
echo \}
} >> $SECRETSFILE
echo Done
else
echo $SECRETSFILE already exists. Skipping.
fi
echo Generate Self-Signed Cert
if [ ! -e secrets/nginx.key ] || [ ! -e secrets/nginx.cert ]; then
echo Generate Nginx Self-Signed Cert
openssl genrsa -out secrets/nginx.key 2048
openssl req -new -key secrets/nginx.key -out secrets/nginx.csr -subj "/C=KN"
openssl x509 -req -days 1825 -in secrets/nginx.csr -signkey secrets/nginx.key -out secrets/nginx.cert
rm secrets/nginx.csr
echo Done
else
echo Nginx Cert already exists. Skipping.
fi
if [ ! -e secrets/lnd.key ] || [ ! -e secrets/lnd.cert ]; then
echo Generate LND compatible TLS Cert
openssl ecparam -genkey -name prime256v1 -out secrets/lnd.key
openssl req -config secrets/openssl.cnf -new -sha256 -key secrets/lnd.key -out secrets/lnd.csr -subj '/CN=localhost/O=lnd'
openssl req -config secrets/openssl.cnf -x509 -sha256 -days 1825 -key secrets/lnd.key -in secrets/lnd.csr -out secrets/lnd.cert
rm secrets/lnd.csr
echo Done
else
echo LND cert already exists. Skipping.
fi