2024-01-08 07:49:51 +03:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
|
|
set +euo pipefail
|
|
|
|
|
|
2024-05-01 04:59:31 +03:00
|
|
|
if [ "$1" == "--unsafe" ]; then
|
|
|
|
|
is_unsafe=true
|
|
|
|
|
shift
|
|
|
|
|
else
|
|
|
|
|
is_unsafe=false
|
|
|
|
|
fi
|
2024-01-08 07:49:51 +03:00
|
|
|
|
2024-05-01 04:59:31 +03:00
|
|
|
name="$1"
|
2024-01-08 07:49:51 +03:00
|
|
|
script_dir=$(dirname "$(readlink -f "$0")")
|
2024-05-01 04:59:31 +03:00
|
|
|
|
|
|
|
|
if [ "$is_unsafe" == "true" ]; then
|
2024-05-01 05:48:50 +03:00
|
|
|
name="UNSAFE.$name"
|
2024-05-01 04:59:31 +03:00
|
|
|
public_key=$(cat "$script_dir/ssh/agenix-unsafe.pub")
|
|
|
|
|
else
|
|
|
|
|
public_key=$(cat "$script_dir/ssh/agenix.pub")
|
|
|
|
|
fi
|
|
|
|
|
|
2024-01-08 07:49:51 +03:00
|
|
|
fullname="$script_dir/secrets/$name.age"
|
|
|
|
|
|
|
|
|
|
if [ -z "$name" ]; then
|
|
|
|
|
echo "Usage: $0 <name>"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
tempfile="$(mktemp)"
|
|
|
|
|
micro_config_dir="$(mktemp -d)"
|
|
|
|
|
trap "rm -rf $tempfile $micro_config_dir" EXIT
|
|
|
|
|
|
|
|
|
|
cat > "$tempfile" <<EOF
|
|
|
|
|
{
|
|
|
|
|
"$fullname".publicKeys = [ "$public_key" ];
|
|
|
|
|
}
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
echo '{"eofnewline": false}' > "$micro_config_dir/settings.json"
|
|
|
|
|
|
|
|
|
|
export MICRO_CONFIG_HOME="$micro_config_dir"
|
|
|
|
|
export EDITOR=micro
|
|
|
|
|
export RULES="$tempfile"
|
2024-05-01 04:59:31 +03:00
|
|
|
|
|
|
|
|
if [ "$(uname)" == "Darwin" ]; then
|
|
|
|
|
if [ "$is_unsafe" == "true" ]; then
|
|
|
|
|
private_path="/Users/Shared/agenix-key-unsafe"
|
|
|
|
|
else
|
|
|
|
|
private_path="$HOME/.ssh/agenix-key"
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
if [ "$is_unsafe" == "true" ]; then
|
|
|
|
|
private_path="/etc/ssh/agenix-key-unsafe"
|
|
|
|
|
else
|
|
|
|
|
private_path="/etc/ssh/agenix-key"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
agenix -e "$fullname" --identity "$private_path"
|
