diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Makefile | 14 | ||||
| -rw-r--r-- | deps.mk | 7 | ||||
| -rwxr-xr-x | mkdeps.sh | 7 |
4 files changed, 16 insertions, 13 deletions
@@ -1,3 +1,4 @@ /*.scm /*.sentinel /src/secrets/*/*.txt +/authorized-keys.txt @@ -21,6 +21,7 @@ repo-secrets.txt = $(repo-secrets.txt.gpg:.gpg=) derived-assets = \ system.scm.sentinel \ + authorized-keys.txt \ side-assets = \ $(prod-secrets.txt) \ @@ -59,6 +60,9 @@ system.scm.sentinel: src/guix/system.scm $(config.txt) guix build -v3 -r system.scm -Kf src/guix/system.scm touch $@ +authorized-keys.txt: $(keys.txt) + find src/keys/SSH/*.txt | LANG=POSIX.UTF-8 sort | xargs cat > $@ + check-unit: @@ -115,12 +119,10 @@ upload-secrets: $(prod-secrets.txt) $(prod-secrets.txt) $(TLD):/opt/secrets/ -## Generate the ".ssh/authorized_keys" file and upload -## it to $(OFFSITE_SSH). -upload-keys: - find src/keys/SSH/*.txt | \ - LANG=POSIX.UTF-8 sort | \ - xargs cat | \ +## Upload the generated "authorized-keys.txt" file to +## ".ssh/authorized_keys" in $(OFFSITE_SSH). +upload-keys: authorized-keys.txt + cat authorized-keys.txt | \ ssh $(OFFSITE_SSH) dd of=.ssh/authorized_keys ## Update SHAs under src/versions/*.txt @@ -4,9 +4,14 @@ prod-secrets.txt.gpg = \ repo-secrets.txt.gpg = \ src/secrets/repo/VPS-root.txt.gpg \ - src/secrets/repo/borg-key.txt.gpg \ + src/secrets/repo/borg-key-offsite.txt.gpg \ + src/secrets/repo/borg-key-standby.txt.gpg \ src/secrets/repo/borg-passphrase.txt.gpg \ src/secrets/repo/nic.im.txt.gpg \ src/secrets/repo/root@papo.im.id_rsa.txt.gpg \ src/secrets/repo/rsync.net.txt.gpg \ +keys.txt = \ + src/keys/SSH/andre.pub.txt \ + src/keys/SSH/root@papo.im.id_rsa.pub.txt \ + @@ -3,12 +3,7 @@ set -eu export LANG=POSIX.UTF-8 -varlist() { - printf '%s = \\\n' "$1" - sort | sed 's|^\(.*\)$|\t\1 \\|' - printf '\n' -} - find src/secrets/prod/*.txt.gpg | varlist 'prod-secrets.txt.gpg' find src/secrets/repo/*.txt.gpg | varlist 'repo-secrets.txt.gpg' +find src/keys/SSH/*.txt | varlist 'keys.txt' |