hosts/gpg2cred-remote.sh

   1 #!/usr/bin/env bash
   2 set -eux
   3 set -o pipefail
   4 gpg=$1
   5 name=${2-}
   6 base=${gpg%.gpg}
   7 ssh_target=${ssh_target:-root@"$(basename "$PWD")".sp}
   8
   9 ssh "$ssh_target" sh -xec '" \
  10   rm -vf /etc/machine-id &&
  11   install -m 400 /dev/stdin /etc/machine-id
  12 "' <machine-id.clear
  13
  14 gpg --yes --decrypt "credential.secret.gpg" |
  15 ssh "$ssh_target" install -m 400 /dev/stdin /var/lib/systemd/credential.secret
  16
  17 gpg --decrypt "$gpg" |
  18 ssh "$ssh_target" sh -xec '" \
  19   systemd-creds encrypt '"${name:+--name "$name"}"' - -
  20 "' |
  21 install -m 400 -o "$USER" -g users /dev/stdin "$base".cred