nix-bitcoin/pkgs/generate-secrets/update-secrets.sh
Erik Arvstedt b1e13e9415
simplify secrets file format
Each secret file to be deployed is now backed by one local file.
This simplifies 'setup-secrets' and the secret definitions.
Also, with the old format it was not possible to add new secrets
to secrets.nix in a simple way.

Old secrets are automatically converted to the new format when running
nix-shell.

Using the new option 'nix-bitcoin.secrets', secrets are now directly
defined by the services that use them.
2020-01-13 00:25:11 +01:00

49 lines
1.1 KiB
Bash

#!/usr/bin/env bash
set -eo pipefail
# Update secrets from the old format to the current one where each secret
# has a local source file.
reportError() {
echo "Updating secrets failed. (Error in line $1)"
echo "The secret files have been moved to secrets/old-secrets"
}
trap 'reportError $LINENO' ERR
echo "Updating old secrets to the current format."
mkdir old-secrets
# move all files into old-secrets
shopt -s extglob dotglob
mv !(old-secrets) old-secrets
shopt -u dotglob
secrets=$(cat old-secrets/secrets.nix)
extractPassword() {
pwName="$1"
destFile="${2:-$pwName}"
echo "$secrets" | sed -nE "s/.*?$pwName = \"(.*?)\".*/\1/p" > "$destFile"
}
rename() {
old="old-secrets/$1"
if [[ -e $old ]]; then
cp "$old" "$2"
fi
}
extractPassword bitcoinrpcpassword bitcoin-rpcpassword
extractPassword lnd-wallet-password
extractPassword liquidrpcpassword liquid-rpcpassword
extractPassword lightning-charge-api-token lightning-charge-token
extractPassword spark-wallet-password
rename nginx.key nginx-key
rename nginx.cert nginx-cert
rename lnd.key lnd-key
rename lnd.cert lnd-cert
rm -r old-secrets