]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/encrypt.sh
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
nebula: enable service
[sourcephile-nix.git] / hosts / losurdo / encrypt.sh
1 #!/usr/bin/env bash
2 set -eux
3 set -o pipefail
4 #dir=${0%/*}
5 gpg=$(realpath -e "$1")
6 base=${gpg%.gpg}
7 name=${NAME:-${base##*/}}
8
9 umask 177
10 SECRET=$(mktemp /dev/shm/secret.XXXXXXX)
11 trap 'chmod 600 $SECRET; shred --remove=unlink $SECRET' EXIT
12 gpg --batch --decrypt "$gpg" |
13 ssh -o StrictHostKeyChecking=yes -o ControlMaster=auto -o ControlPersist=16s root@losurdo.wg -- systemd-creds encrypt --name "$name" --with-key=auto - - |
14 install -D -m 640 /dev/stdin "$SECRET"
15 cp "$SECRET" "$base".cred
NixOS configurations for Sourcephile's infrastructure