Init server infrastructure files

7 files changed, 232 insertions, 0 deletions

diff --git a/src/keys/GPG/andre.asc b/src/keys/GPG/andre.asc
new file mode 100644
index 0000000..9164cbd
--- /dev/null
+++ b/src/keys/GPG/andre.asc
@@ -0,0 +1,86 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFjVvh4BEADIlHUiO6IfkhcNm3J7ilXERgimvKuFNyLIUPZlDcESC1ORrv4y
+9slMDA5uojXctuLRC7nNdynLP+eFFfVUQ+hUXcV24AzyOE0CYo5c4PQA5TLe2AUC
+E9YqqfQF4XuNddY+UpcG47MuVDR+6SHkFkF29ATzpmShJj41lc7a9CdRib+62Wpe
+h7WJOFj/YoxMCBBzic4tiFNgoYobu+lLxyA4T2kCmxEaiZzc6eXBDDgJ0STL4+S8
+avpglaQ+mb5gHbH0yOtuwDG3sWyHKf7LSRVtzWvOqaGmRUmmDsSPjb5vQqvT8EMq
+UfqFFZhScLalthF3PhG0SLXPvoCoRm2aLkN+O3sv057RqaN8E39223mmz6EMXmLk
+H/U5qk2SUl3dx86dIQcB+2WUVu5zuFyfR1g6tD+DcqzxGc9XB7Gz/0TTDf3OimHb
+rp1x5i/04198ocRZT3MzXx8H25tLMS/rHmE87YdgPhMTWheSUevyhoGNHfAOcDwX
+P2oGzELXbLqHxtjENMEw2E996KrSmpcz7WOqIl3PHS1J6eRZoYQesXE+SZTeIiYb
+wD0kkZGYhBZbtLC4VWIuU2T3AL/2hF6aUh1tj1B6vcV0i3HpIHNbvPAF/I0NUhhc
+Gxwwi+ggG/MBHBbxkq7LvG5DfDbav0ZoZaov5dyhtX0CBWjVYATvjRfeAwARAQAB
+tBlFdUFuZHJlaCA8ZXVAZXVhbmRyZS5vcmc+iQI5BBMBCAAjBQJY1b4eAhsDBwsJ
+CAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQgfkOw801YGCWzg//QtDpwgbDY9uC
+Y9a/RgUsbqGAYzSInsbyDCXrAAhWGzkDMLPeFp03Sw9QyCDe0wWu8L2H4hV/FN58
++4G6353ISwkqsf9R+P9lQs/5dwG7lp5/Gez8bZK3y7zFrdtVwcOCb4De+9fhPsgP
+9pRU8dHpLNo8Ui9IzbiYla7aGxXQdkXU2cvOuEoiuFgvcWU1KWNOWrjImATcC8EF
+8VaEaZYGRXz8lML8KgsAUxrjFkk6tqxrMlOLTjY0BuzcYZpt5XLZ2NuSIDYBoSib
+uBQ1H7DLGa+r0hnNjVEBmMOvFA1hbWa33h1AyYjYhoeVlBYpoHuDosEFqkwZ+otz
+zvImaRAOOFX1IehifTGEFie3imuOHdVuRjXb8SGu8Cgeby0T096A/vf+L1S35nc2
+mdRCUE/SIURW6hfH7uT6KqpokU86vozKmNzIcV3zhAXJ9UYwQqZgg2H3DOcTtZyE
+jVBl2glspoclsfR20T+g+qPqNDAgoDbC71fEAbUTACQau162utpHiabog7e7vyhI
+go5xdjxA8xb3Jtn39pYzbg75ArZqPbxHNZ38m00EBtC5EkD4DFh0cpQ2peuZIh1k
+c5bragCt8o6cV9t4jaq+TtVv4PrFEPqEd+w1FqqwabBq3xSsIgKg2X5rXQkktymB
+un+oN41wofuTZIoGNt8nnGb+skFBxgyJAlYEEwEKAEACGwMHCwkIBwMCAQYVCAIJ
+CgsEFgIDAQIeAQIXgBYhBFva6biy9sa8uw1s5YH5DsPNNWBgBQJi00VjBQkNv+5F
+AAoJEIH5DsPNNWBgy9IP/A8ERtFP3B5BDfIb4BUyw9AvWPAMyNfuKiXVcfrn/CGn
+D+x0dx5doGcIXskTWGEow1/6sFSheYk728wO3pp+DUaDp+2rVwO2AsKBEjBptk9i
+b9YJ4fl4rYtltscLHBGflrQ6C8jIwBqt72Ots+F7IEXy1NcskS/jU6DUzLPDmOog
+doM5IHD/2Fekmq8QVvyryH0nT5YxaJ/qRgOr1NTnnmgTcZHO7l21gJNvWo1QJLME
+lz5xNXRN/rFl5xQ3NxqVh9hwDwp/k5lXW0dxJCpmjbNKG2hNsTYrjTFrG6mSaER5
+0rdzGzQVWavyR+PDY5KRRKupYY4P5luLFy9zCdBr+ZBDTHmLfRcwXubLOSmq+gUO
+8LievpDZITHtgtWGIhWWqA80gOoqWRfAO+cpDpCqWIa+KoZyaxd19WXUqHEBr6Y9
+ZcyCCenM/+WsfmySNqAo6HGVoehewMVSRI6GObS9bdDDJTa3QySQGjdRyAn3uavo
+JwjpXfy09Kirji2x9G85OzOdXDNUrMqu0nB4AFxOU0SLhg0YpRJCig/2uuYRhRMe
+gLFM52AGxk1LfK9Pjrr2V029eRclD8SwC/F51YFP6CKGMyYHJWuaBJL1HXr/fzDD
+sLq4K1TZN/8TpYRA6t8B1mY/57KVsv2naWprmVv7q2eNU17nriLQiYYqfybcVGwn
+uQINBFjVvh4BEADzt2iKa1gSksHtTFkPQ5ULqUF2sHDClr3ykbLq/AxgSCON58eP
+A9SKQy2O+qDpojHAN1UULJgHEn34afzMkBzjxcJXMRgaTV2M+1trjwx/VluD9OKX
+wmnhmSdvCIP7Z0qdhU78maLq10UG1vVwej3kVlxsf4Eu2ZA+NeIr7Tj0DERqEDQo
+DRtNPVEy3h1xoYruy/VjNDi1CI3yFkM6HW1CgRA50rI7GDtvOuitZy+9Lpqs0mWq
+vdApWZxoQwslFcziNd+ZVaQjgO6LSnkDttRkAOblFiD710OQy3/Yo97i7bqsKrnZ
+qQMRUk0n12VXY9I94c7ELfViVqGk123ELtTViiIz5BT5iQRkJj1GiizTgGY6cfsj
+kwWwvabpmWYdyQ85sYoVuNAPz3yDaLdtStWRNHWi4+UHC03J2BiBgIrQbuXoNGuc
+j0b1fsntdntaBoZgFygwW6kXUjHLeEfnrGX3C2X49zg0rBTvEzdZwr2K0xgc2z26
+1EEf5ObmOGRt27K1fwrCxKHbKTscReHv78S4v3uN/9LvHfvIEaBoYHqMCcxy7Aii
+dk+02dNDO/jZDnTAJH2NWhyB+PJvrlnK34zHhUMVH0i5nUjaCDL/n07Vd2sbE5qW
+ivE2MWeayVKRGPci80tEGA1i42FJzGiA1uZrxXNImnsyxQyS8cr9iKoTIQARAQAB
+iQIfBBgBCAAJBQJY1b4eAhsMAAoJEIH5DsPNNWBg+bYQALJyD1nyuz8+vl8rqj7K
+Z9aRSW+XeG/wz6xrAqdY3OVvHwXYw33pgOmhNhfMUgP/Uy5OsxZdjIO7NzyKa2H9
+JoVSsAs/eLQDOQCcwXruBND6zuxt99kZh6o/Xp4lII9vuLafKner+fWluFHhOy/w
+E3Q3VwCbC9npbmzweEl9Q83R7IxbEhtFF5HV0wKVRzW/GX7iWADoHpkAAQ2sUnQp
+HhE1wOrdPm0dD9BEbTRQHekUiIQ8cFoORyWbJBwbflY64ioaFjyM+Ji49pNMykie
+LzQFW1UYyhkXJeTvv93ym4XyMi2mhsOzna7mG1bonKvbKj6qaXb7gFHUXHh/ARuu
+6CNARzBh6BTp+7c1brthGjT/L8CxrAeW2oE5wVIRuk8mdKiFoK3BuXc1P+vsnp36
+ioOQ0y+KPcp+PSbw6oDp7hTHztcW/3EoAgyHneWCmtYYi6RmVptTNpeeyHwqRP/O
+elCN1cw9zopofVQhnxDEUgzVPrWWaE7UR6vrHbzlXvWMeGTYtmdmo/9xkYbQzZW7
+y90QLUGyDwQ+KeCG29W3EhygGy3myVQbRaXywgzzO2YvovjATDa7wZQrXNoVE7J9
+uLonNtRlyRlTAfFP6hCLDXwuE6WRHXhdu7aFKbq0LQGFv5hY4wPUp8vnUtGYT/wo
+qqSkuSYhzNvmuKBIHPs6YD8duQINBGC7n68BEADnUv7iWOejQNa3fZ6v4lkHT6qF
+Rp2+NuzIpFJ2Vy7eP58XZoiz6HJPcCU8Hf95JXwaXEwS4S7mXdw1x60hd8JIe058
+Ek6MZSSVQmlLfocGsAYj1wTrLmnQ8+PV0IeQlNj1aytBI1fL+v3IPt+JdLt6b+g3
+vwcEUU9efzxx2E0KZ5GIpb2meiCQ6ha+tcd7XqegB53eQj/h/coE2zLJodpaJ3xb
+j894pE/OJCNC0+4d0Sv7oHhY7QoLYldTQbSgPyhyfl4iZpJf6OEPZxK2cJaB+cbe
+oBB6aGNyU+CIJToM+uAJJ7H7EpvxfcnfJQ1PuY5szTdvFbW820euiUEKEW69mW4u
+aFNPSc6D4Z8tZ5hXQIqBD40irULhF0CYNkIILmyNV/KJIZ5HkbQ1q+UrCFHJyvuH
+/3aCTjj9OSfE7xHPQ3xd3Xw8vvj0Mjie09xFbbcklBTw5WRzH7cw8c+Q0O69kZZ8
+b+ykcdzWTeZeWNdnzptNqnMjfheig90rUIJ7DN0c+53jCUcGpWJxJhcYF9Uk1RNH
+mSE5+VzK1y+20t0grVFX90nApm4Tl35QPrX7Qxp9C81cWiUB8xCAE6jYrmd4x+P/
+3wSQfc1Xg0Eg3QjJB+6JD7cbyDJpzDR3ja+CLZCAr9I0B4rDKD2d6et/z67iXPnZ
+UWMyZ8RVVZPFbBMOTwARAQABiQI8BBgBCAAmAhsgFiEEW9rpuLL2xry7DWzlgfkO
+w801YGAFAmT94IMFCQgEp9QACgkQgfkOw801YGBd1Q//bsHS8B2D3PCE69FdOBhG
+0BmOw88Z6Bz2jwALG3vhoo5gZggKjReeu78zh9dVLgstF/Vz6K5/03GidZMlSc5G
+2zuL2gzYINazcdPfJzToY/B+8dM9SsIXCI5augPTqinVKBMjay2NI87iorVGs0Cc
+UVmCH139ns28OKrCW3VdskHdlxkkc5JmeHGU5950+WCrEvDPurO1MWb2XhjzXojz
+QIbf91UNOWq0pB8kOTtF/JNq/EtI9HhNw1phaiqMafNvjwJBfKt5Ksvo4Z1F6gG4
+3Dx5BLGiEFYjc8oGf8b7ge/OW8MVrvjlP0HjJOe9UmHZIXQKpuDkVxGwelN0vaqj
+17UyV54GQZmfFYUpZlZwmhzMPWnGNkYgU0jVozGhIwHTIDpPQ8Bu6mugCTZNefw0
+POwUk/oREz7dzUBE2LBnzAKOI0KHFflwSHhyI2W2RDnhkX/tIhBYHFwnwjAe5yQj
+CvfQ6bSWE6K49tlauktfT90EJTip3A5VpB1pGiklTsTZchas3/yL6jtYAT3F0h1U
+dmDQf5Y9Zr+U6znJ+xJcRLdjvDE5HxyFbTfz/LzZMQKTss/51nIUonbpVK+o8fEy
+qaOL9QmM4H4rnFpoJ+WfOwrOxoR/l9EIisKnqV0heHT/HSymqwQk9c85vjSgGc3M
+s5K/1f77Aqr6hdYRfw5KqGs=
+=kMg0
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/src/keys/SSH/andre.pub.txt b/src/keys/SSH/andre.pub.txt
new file mode 100644
index 0000000..bfd5e6f
--- /dev/null
+++ b/src/keys/SSH/andre.pub.txt
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnUv7iWOejQNa3fZ6v4lkHT6qFRp2+NuzIpFJ2Vy7eP58XZoiz6HJPcCU8Hf95JXwaXEwS4S7mXdw1x60hd8JIe058Ek6MZSSVQmlLfocGsAYj1wTrLmnQ8+PV0IeQlNj1aytBI1fL+v3IPt+JdLt6b+g3vwcEUU9efzxx2E0KZ5GIpb2meiCQ6ha+tcd7XqegB53eQj/h/coE2zLJodpaJ3xbj894pE/OJCNC0+4d0Sv7oHhY7QoLYldTQbSgPyhyfl4iZpJf6OEPZxK2cJaB+cbeoBB6aGNyU+CIJToM+uAJJ7H7EpvxfcnfJQ1PuY5szTdvFbW820euiUEKEW69mW4uaFNPSc6D4Z8tZ5hXQIqBD40irULhF0CYNkIILmyNV/KJIZ5HkbQ1q+UrCFHJyvuH/3aCTjj9OSfE7xHPQ3xd3Xw8vvj0Mjie09xFbbcklBTw5WRzH7cw8c+Q0O69kZZ8b+ykcdzWTeZeWNdnzptNqnMjfheig90rUIJ7DN0c+53jCUcGpWJxJhcYF9Uk1RNHmSE5+VzK1y+20t0grVFX90nApm4Tl35QPrX7Qxp9C81cWiUB8xCAE6jYrmd4x+P/3wSQfc1Xg0Eg3QjJB+6JD7cbyDJpzDR3ja+CLZCAr9I0B4rDKD2d6et/z67iXPnZUWMyZ8RVVZPFbBMOTw== openpgp:0xF727046D
diff --git a/src/keys/SSH/laisse.pub.txt b/src/keys/SSH/laisse.pub.txt
new file mode 100644
index 0000000..9dc9d85
--- /dev/null
+++ b/src/keys/SSH/laisse.pub.txt
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+cecVzuCf1GfURtCa8MDEPZ4bcJSnakcunlWw4FTCl9XTyO46Wx5wRfEHPMMhu6tE55OzbqxbdZLIoni4PvUA1KxAddJuz6vuAmAxGA2a46Xg5Pi+efYGue2194cYAyCW6dn7RcU+aTNoHTGVdypjUcTZwkQ7hBSlz0ICbVWYUa6qDbsKK68bWuhSoOFzOkERHQEBhXcIkg0uKZmTsDzEJZ+2H0kUgdvsaUKDTPpujPU7AOV9sDEFyNDh77aX1RSx14J3gCiJuWAYk1iLuoxbvg5VOieePRRvaDbtJt3RvSFHgNiVHWnBtK1FAg2EbMHl72dWSKhdjpPD37AQE0GX
diff --git a/src/keys/SSH/root@papo.im.id_rsa.pub.stripped b/src/keys/SSH/root@papo.im.id_rsa.pub.stripped
new file mode 100644
index 0000000..9d6cf4b
--- /dev/null
+++ b/src/keys/SSH/root@papo.im.id_rsa.pub.stripped
@@ -0,0 +1 @@
+FIXME
diff --git a/src/keys/SSH/root@papo.im.id_rsa.pub.txt b/src/keys/SSH/root@papo.im.id_rsa.pub.txt
new file mode 100644
index 0000000..9d6cf4b
--- /dev/null
+++ b/src/keys/SSH/root@papo.im.id_rsa.pub.txt
@@ -0,0 +1 @@
+FIXME
diff --git a/src/keys/gpg-import.sh b/src/keys/gpg-import.sh
new file mode 100755
index 0000000..63d2347
--- /dev/null
+++ b/src/keys/gpg-import.sh
@@ -0,0 +1,71 @@
+#!/bin/sh
+set -eu
+
+usage() {
+	cat <<-'EOF'
+		Usage:
+		  gpg-import.sh
+		  gpg-import.sh -h
+	EOF
+}
+
+help() {
+	cat <<-'EOF'
+
+
+		Options:
+		  -h, --help    show this message
+
+
+		Import GPG keys under src/infrastructure/keys/GPG/ and mark them as
+		trusted, so that they can be used as recipients for encryption.
+
+
+		Examples:
+
+		  Just run it:
+
+		    $ gpg-import.sh
+	EOF
+}
+
+
+for flag in "$@"; do
+	case "$flag" in
+		--)
+			break
+			;;
+		--help)
+			usage
+			help
+			exit
+			;;
+		*)
+			;;
+	esac
+done
+
+while getopts 'h' flag; do
+	case "$flag" in
+		h)
+			usage
+			help
+			exit
+			;;
+		*)
+			usage >&2
+			exit 2
+			;;
+	esac
+done
+shift $((OPTIND - 1))
+
+
+gpg --import src/infrastructure/keys/GPG/*
+
+gpg --with-colons --show-key src/infrastructure/keys/GPG/* |
+	awk -F: '$1 == "fpr" { print $10 }' |
+	while read -r fpr; do
+		printf '5\ny\n' |
+			gpg --command-fd 0 --expert --edit-key "$fpr" trust
+	done
diff --git a/src/keys/gpg-recipients.sh b/src/keys/gpg-recipients.sh
new file mode 100755
index 0000000..ad6e522
--- /dev/null
+++ b/src/keys/gpg-recipients.sh
@@ -0,0 +1,71 @@
+#!/bin/sh
+set -eu
+
+usage() {
+	cat <<-'EOF'
+		Usage:
+		  gpg-recipients.sh
+		  gpg-recipients.sh -h
+	EOF
+}
+
+help() {
+	cat <<-'EOF'
+
+
+		Options:
+		  -h, --help    show this message
+
+
+		Process GPG keys under src/infrastructure/keys/GPG/, and emit
+		the command-line flags to be given to the `gpg` command, as in:
+
+		  $ gpg -r KEY1 -r KEY2 ...
+
+		gpg-recipients.sh emits the `-r KEY1 -r KEY2` part, getting
+		those values from the fingerprints of the GPG keys in the
+		directory.
+
+
+		Examples:
+
+		  Just run it:
+
+		    $ gpg-recipients.sh
+	EOF
+}
+
+
+for flag in "$@"; do
+	case "$flag" in
+		--)
+			break
+			;;
+		--help)
+			usage
+			help
+			exit
+			;;
+		*)
+			;;
+	esac
+done
+
+while getopts 'h' flag; do
+	case "$flag" in
+		h)
+			usage
+			help
+			exit
+			;;
+		*)
+			usage >&2
+			exit 2
+			;;
+	esac
+done
+shift $((OPTIND - 1))
+
+
+gpg --with-colons --show-key src/infrastructure/keys/GPG/* |
+	awk -F: '$1 == "fpr" { printf " -r %s", $10 }'