b1e13e9415
Each secret file to be deployed is now backed by one local file. This simplifies 'setup-secrets' and the secret definitions. Also, with the old format it was not possible to add new secrets to secrets.nix in a simple way. Old secrets are automatically converted to the new format when running nix-shell. Using the new option 'nix-bitcoin.secrets', secrets are now directly defined by the services that use them.
32 lines
1.2 KiB
Bash
Executable File
32 lines
1.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
opensslConf=${1:-openssl.cnf}
|
|
|
|
makePasswordSecret() {
|
|
[[ -e $1 ]] || apg -m 20 -x 20 -M Ncl -n 1 > "$1"
|
|
}
|
|
|
|
makePasswordSecret bitcoin-rpcpassword
|
|
makePasswordSecret lnd-wallet-password
|
|
makePasswordSecret liquid-rpcpassword
|
|
makePasswordSecret lightning-charge-token
|
|
makePasswordSecret spark-wallet-password
|
|
|
|
[[ -e lightning-charge-env ]] || echo "API_TOKEN=$(cat lightning-charge-token)" > lightning-charge-env
|
|
[[ -e nanopos-env ]] || echo "CHARGE_TOKEN=$(cat lightning-charge-token)" > nanopos-env
|
|
[[ -e spark-wallet-login ]] || echo "login=spark-wallet:$(cat spark-wallet-password)" > spark-wallet-login
|
|
|
|
if [[ ! -e nginx-key || ! -e nginx-cert ]]; then
|
|
openssl genrsa -out nginx-key 2048
|
|
openssl req -new -key nginx-key -out nginx.csr -subj "/C=KN"
|
|
openssl x509 -req -days 1825 -in nginx.csr -signkey nginx-key -out nginx-cert
|
|
rm nginx.csr
|
|
fi
|
|
|
|
if [[ ! -e lnd-key || ! -e lnd-cert ]]; then
|
|
openssl ecparam -genkey -name prime256v1 -out lnd-key
|
|
openssl req -config $opensslConf -new -sha256 -key lnd-key -out lnd.csr -subj '/CN=localhost/O=lnd'
|
|
openssl req -config $opensslConf -x509 -sha256 -days 1825 -key lnd-key -in lnd.csr -out lnd-cert
|
|
rm lnd.csr
|
|
fi
|