generate_secrets.sh: write secrets to working directory

Write to $PWD instead to ./secrets.
1. Simplifies the code
2. Easier to use in generate-secrets.service (introduced in a later commit)
This commit is contained in:
Erik Arvstedt 2019-11-27 14:04:29 +01:00
parent 51fb054001
commit 9d14d5ba64
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
2 changed files with 12 additions and 12 deletions

View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
SECRETSFILE=secrets/secrets.nix SECRETSFILE=secrets.nix
if [ ! -e "$SECRETSFILE" ]; then if [ ! -e "$SECRETSFILE" ]; then
echo Write secrets to $SECRETSFILE echo Write secrets to $SECRETSFILE
@ -19,23 +19,23 @@ else
echo $SECRETSFILE already exists. Skipping. echo $SECRETSFILE already exists. Skipping.
fi fi
if [ ! -e secrets/nginx.key ] || [ ! -e secrets/nginx.cert ]; then if [ ! -e nginx.key ] || [ ! -e nginx.cert ]; then
echo Generate Nginx Self-Signed Cert echo Generate Nginx Self-Signed Cert
openssl genrsa -out secrets/nginx.key 2048 openssl genrsa -out nginx.key 2048
openssl req -new -key secrets/nginx.key -out secrets/nginx.csr -subj "/C=KN" openssl req -new -key nginx.key -out nginx.csr -subj "/C=KN"
openssl x509 -req -days 1825 -in secrets/nginx.csr -signkey secrets/nginx.key -out secrets/nginx.cert openssl x509 -req -days 1825 -in nginx.csr -signkey nginx.key -out nginx.cert
rm secrets/nginx.csr rm nginx.csr
echo Done echo Done
else else
echo Nginx Cert already exists. Skipping. echo Nginx Cert already exists. Skipping.
fi fi
if [ ! -e secrets/lnd.key ] || [ ! -e secrets/lnd.cert ]; then if [ ! -e lnd.key ] || [ ! -e lnd.cert ]; then
echo Generate LND compatible TLS Cert echo Generate LND compatible TLS Cert
openssl ecparam -genkey -name prime256v1 -out secrets/lnd.key openssl ecparam -genkey -name prime256v1 -out lnd.key
openssl req -config secrets/openssl.cnf -new -sha256 -key secrets/lnd.key -out secrets/lnd.csr -subj '/CN=localhost/O=lnd' openssl req -config openssl.cnf -new -sha256 -key lnd.key -out lnd.csr -subj '/CN=localhost/O=lnd'
openssl req -config secrets/openssl.cnf -x509 -sha256 -days 1825 -key secrets/lnd.key -in secrets/lnd.csr -out secrets/lnd.cert openssl req -config openssl.cnf -x509 -sha256 -days 1825 -key lnd.key -in lnd.csr -out lnd.cert
rm secrets/lnd.csr rm lnd.csr
echo Done echo Done
else else
echo LND cert already exists. Skipping. echo LND cert already exists. Skipping.

View File

@ -18,6 +18,6 @@ stdenv.mkDerivation rec {
# keys already added to my ssh-agent. # keys already added to my ssh-agent.
export SSH_AUTH_SOCK="" export SSH_AUTH_SOCK=""
figlet "nix-bitcoin" figlet "nix-bitcoin"
./secrets/generate_secrets.sh (cd secrets; ./generate_secrets.sh)
''; '';
} }