|
|
|
|
@ -3,6 +3,8 @@
|
|
|
|
|
set -euo pipefail
|
|
|
|
|
# sops.yaml doc: https://github.com/getsops/sops?tab=readme-ov-file#using-sops-yaml-conf-to-select-kms-pgp-and-age-for-new-files
|
|
|
|
|
|
|
|
|
|
sops_config=".sops.yaml"
|
|
|
|
|
|
|
|
|
|
function fn_extract_fpr(){
|
|
|
|
|
gpgkeyfile=$1;shift;
|
|
|
|
|
# fingerprint
|
|
|
|
|
@ -23,32 +25,36 @@ function fn_extract_uid(){
|
|
|
|
|
echo "${uid}"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# CAVEAT: dirty hacks, just get it done. Not DRY at all.
|
|
|
|
|
function fn_update_sops_config(){
|
|
|
|
|
# CAVEAT: dirty hacks, just get it done. Not DRY at all.
|
|
|
|
|
|
|
|
|
|
echo "# Fingerprint | User Type | User ID"
|
|
|
|
|
for gpgkeyfile in *automation*gpg.pub; do
|
|
|
|
|
u_type="autom"
|
|
|
|
|
echo "# $(fn_extract_fpr "${gpgkeyfile}") | ${u_type} | $(fn_extract_uid "${gpgkeyfile}")"
|
|
|
|
|
done
|
|
|
|
|
for gpgkeyfile in $(ls *gpg.pub | grep -v automation); do
|
|
|
|
|
u_type="human"
|
|
|
|
|
echo "# $(fn_extract_fpr "${gpgkeyfile}") | ${u_type} | $(fn_extract_uid "${gpgkeyfile}")"
|
|
|
|
|
done
|
|
|
|
|
echo "# keys in https://git.dev-at.de/smardigo-hetzner/communication-keys"
|
|
|
|
|
echo "# Fingerprint | User Type | User ID"
|
|
|
|
|
for gpgkeyfile in *automation*gpg.pub; do
|
|
|
|
|
u_type="autom"
|
|
|
|
|
echo "# $(fn_extract_fpr "${gpgkeyfile}") | ${u_type} | $(fn_extract_uid "${gpgkeyfile}")"
|
|
|
|
|
done
|
|
|
|
|
for gpgkeyfile in $(ls *gpg.pub | grep -v automation); do
|
|
|
|
|
u_type="human"
|
|
|
|
|
echo "# $(fn_extract_fpr "${gpgkeyfile}") | ${u_type} | $(fn_extract_uid "${gpgkeyfile}")"
|
|
|
|
|
done
|
|
|
|
|
echo "# keys in https://git.dev-at.de/smardigo-hetzner/communication-keys"
|
|
|
|
|
|
|
|
|
|
cat <<EOM
|
|
|
|
|
cat <<EOM
|
|
|
|
|
creation_rules:
|
|
|
|
|
# list of keys for encryption in stage
|
|
|
|
|
- pgp: >-
|
|
|
|
|
EOM
|
|
|
|
|
for gpgkeyfile in *automation*gpg.pub; do
|
|
|
|
|
echo " $(fn_extract_fpr "${gpgkeyfile}"),"
|
|
|
|
|
done
|
|
|
|
|
# all but last line get comma
|
|
|
|
|
for gpgkeyfile in $(ls *gpg.pub | grep -v automation | sed '$d'); do
|
|
|
|
|
echo " $(fn_extract_fpr "${gpgkeyfile}"),"
|
|
|
|
|
done
|
|
|
|
|
# last line no comma
|
|
|
|
|
for gpgkeyfile in $(ls *gpg.pub | grep -v automation | tail -n 1); do
|
|
|
|
|
echo " $(fn_extract_fpr "${gpgkeyfile}")"
|
|
|
|
|
done
|
|
|
|
|
for gpgkeyfile in *automation*gpg.pub; do
|
|
|
|
|
echo " $(fn_extract_fpr "${gpgkeyfile}"),"
|
|
|
|
|
done
|
|
|
|
|
# all but last line get comma
|
|
|
|
|
for gpgkeyfile in $(ls *gpg.pub | grep -v automation | sed '$d'); do
|
|
|
|
|
echo " $(fn_extract_fpr "${gpgkeyfile}"),"
|
|
|
|
|
done
|
|
|
|
|
# last line no comma
|
|
|
|
|
for gpgkeyfile in $(ls *gpg.pub | grep -v automation | tail -n 1); do
|
|
|
|
|
echo " $(fn_extract_fpr "${gpgkeyfile}")"
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
(fn_update_sops_config) >> "${sops_config}"
|
|
|
|
|
|
LeeW
11 months ago