nix-bitcoin/pkgs/generate-secrets/generate-secrets.sh

#!/bin/sh

opensslConf=${1:-openssl.cnf}
secretsFile=secrets.nix

if [ ! -e "$secretsFile" ]; then
    echo Write secrets to $secretsFile
    makepw="apg -m 20 -x 20 -M Ncl -n 1"
    {
        echo \{
        echo "  bitcoinrpcpassword = \"$($makepw)\";"
        echo "  lnd-wallet-password = \"$($makepw)\";"
        echo "  lightning-charge-api-token = \"$($makepw)\";"
        echo "  liquidrpcpassword = \"$($makepw)\";"
        echo "  spark-wallet-password = \"$($makepw)\";"
        echo \}
    } >> $secretsFile
    echo Done
else
    echo $secretsFile already exists. Skipping.
fi

if [ ! -e nginx.key ] || [ ! -e nginx.cert ]; then
    echo Generate Nginx Self-Signed Cert
    openssl genrsa -out nginx.key 2048
    openssl req -new -key nginx.key -out nginx.csr -subj "/C=KN"
    openssl x509 -req -days 1825 -in nginx.csr -signkey nginx.key -out nginx.cert
    rm nginx.csr
    echo Done
else
    echo Nginx Cert already exists. Skipping.
fi

if [ ! -e lnd.key ] || [ ! -e lnd.cert ]; then
    echo Generate LND compatible TLS Cert
    openssl ecparam -genkey -name prime256v1 -out lnd.key
    openssl req -config $opensslConf -new -sha256 -key lnd.key -out lnd.csr -subj '/CN=localhost/O=lnd'
    openssl req -config $opensslConf -x509 -sha256 -days 1825 -key lnd.key -in lnd.csr -out lnd.cert
    rm lnd.csr
    echo Done
else
    echo LND cert already exists. Skipping.
fi
Use plain /bin/sh as /bin/bash does not exist under NixOS. 2019-03-25 06:29:05 -07:00			`#!/bin/sh`
Add rpc user and password as secrets 2018-11-22 15:51:16 -08:00
generate_secrets.sh: add opensslConf option Needed for the following commit. 2019-11-27 05:04:30 -08:00			`opensslConf=${1:-openssl.cnf}`
			`secretsFile=secrets.nix`
Add rpc user and password as secrets 2018-11-22 15:51:16 -08:00
generate_secrets.sh: add opensslConf option Needed for the following commit. 2019-11-27 05:04:30 -08:00			`if [ ! -e "$secretsFile" ]; then`
			`echo Write secrets to $secretsFile`
generate_secrets.sh: extract makepw command This makes it obvious that all passwords are generated with the same parameters 2019-11-27 05:04:28 -08:00			`makepw="apg -m 20 -x 20 -M Ncl -n 1"`
Check for existing secrets and create them more granularly This allows an user to delete only the lnd certs for example and run nix-shell to recreate them, leaving other secrets intact. 2019-08-22 10:23:53 -07:00			`{`
			`echo \{`
generate_secrets.sh: extract makepw command This makes it obvious that all passwords are generated with the same parameters 2019-11-27 05:04:28 -08:00			`echo " bitcoinrpcpassword = \"$($makepw)\";"`
			`echo " lnd-wallet-password = \"$($makepw)\";"`
			`echo " lightning-charge-api-token = \"$($makepw)\";"`
			`echo " liquidrpcpassword = \"$($makepw)\";"`
			`echo " spark-wallet-password = \"$($makepw)\";"`
Check for existing secrets and create them more granularly This allows an user to delete only the lnd certs for example and run nix-shell to recreate them, leaving other secrets intact. 2019-08-22 10:23:53 -07:00			`echo \}`
generate_secrets.sh: add opensslConf option Needed for the following commit. 2019-11-27 05:04:30 -08:00			`} >> $secretsFile`
Check for existing secrets and create them more granularly This allows an user to delete only the lnd certs for example and run nix-shell to recreate them, leaving other secrets intact. 2019-08-22 10:23:53 -07:00			`echo Done`
			`else`
generate_secrets.sh: add opensslConf option Needed for the following commit. 2019-11-27 05:04:30 -08:00			`echo $secretsFile already exists. Skipping.`
Add rpc user and password as secrets 2018-11-22 15:51:16 -08:00			`fi`

generate_secrets.sh: write secrets to working directory Write to $PWD instead to ./secrets. 1. Simplifies the code 2. Easier to use in generate-secrets.service (introduced in a later commit) 2019-11-27 05:04:29 -08:00			`if [ ! -e nginx.key ] \|\| [ ! -e nginx.cert ]; then`
Check for existing secrets and create them more granularly This allows an user to delete only the lnd certs for example and run nix-shell to recreate them, leaving other secrets intact. 2019-08-22 10:23:53 -07:00			`echo Generate Nginx Self-Signed Cert`
generate_secrets.sh: write secrets to working directory Write to $PWD instead to ./secrets. 1. Simplifies the code 2. Easier to use in generate-secrets.service (introduced in a later commit) 2019-11-27 05:04:29 -08:00			`openssl genrsa -out nginx.key 2048`
			`openssl req -new -key nginx.key -out nginx.csr -subj "/C=KN"`
			`openssl x509 -req -days 1825 -in nginx.csr -signkey nginx.key -out nginx.cert`
			`rm nginx.csr`
Check for existing secrets and create them more granularly This allows an user to delete only the lnd certs for example and run nix-shell to recreate them, leaving other secrets intact. 2019-08-22 10:23:53 -07:00			`echo Done`
			`else`
			`echo Nginx Cert already exists. Skipping.`
			`fi`
Add LND support 2019-08-05 01:44:38 -07:00
generate_secrets.sh: write secrets to working directory Write to $PWD instead to ./secrets. 1. Simplifies the code 2. Easier to use in generate-secrets.service (introduced in a later commit) 2019-11-27 05:04:29 -08:00			`if [ ! -e lnd.key ] \|\| [ ! -e lnd.cert ]; then`
Check for existing secrets and create them more granularly This allows an user to delete only the lnd certs for example and run nix-shell to recreate them, leaving other secrets intact. 2019-08-22 10:23:53 -07:00			`echo Generate LND compatible TLS Cert`
generate_secrets.sh: write secrets to working directory Write to $PWD instead to ./secrets. 1. Simplifies the code 2. Easier to use in generate-secrets.service (introduced in a later commit) 2019-11-27 05:04:29 -08:00			`openssl ecparam -genkey -name prime256v1 -out lnd.key`
generate_secrets.sh: add opensslConf option Needed for the following commit. 2019-11-27 05:04:30 -08:00			`openssl req -config $opensslConf -new -sha256 -key lnd.key -out lnd.csr -subj '/CN=localhost/O=lnd'`
			`openssl req -config $opensslConf -x509 -sha256 -days 1825 -key lnd.key -in lnd.csr -out lnd.cert`
generate_secrets.sh: write secrets to working directory Write to $PWD instead to ./secrets. 1. Simplifies the code 2. Easier to use in generate-secrets.service (introduced in a later commit) 2019-11-27 05:04:29 -08:00			`rm lnd.csr`
Check for existing secrets and create them more granularly This allows an user to delete only the lnd certs for example and run nix-shell to recreate them, leaving other secrets intact. 2019-08-22 10:23:53 -07:00			`echo Done`
			`else`
			`echo LND cert already exists. Skipping.`
			`fi`