diff options
| -rw-r--r-- | .gitignore | 3 | ||||
| -rwxr-xr-x | rotate-ssh-keys.sh | 2 | ||||
| -rwxr-xr-x | scripts/ci/setup.sh | 2 | ||||
| -rw-r--r-- | secrets/ssh/known-hosts.txt | bin | 774 -> 0 bytes | |||
| -rw-r--r-- | ssh.env.conf | 2 |
5 files changed, 5 insertions, 4 deletions
@@ -10,4 +10,5 @@ /hosts /user-data.sh /scripts/box/create-backup.sh -/scripts/box/restore-backup.sh
\ No newline at end of file +/scripts/box/restore-backup.sh +/generated-known-hosts.txt
\ No newline at end of file diff --git a/rotate-ssh-keys.sh b/rotate-ssh-keys.sh index 4369002..7189657 100755 --- a/rotate-ssh-keys.sh +++ b/rotate-ssh-keys.sh @@ -5,8 +5,6 @@ cd "$(dirname "${BASH_SOURCE[0]}")" rm -f ./secrets/ssh/* ssh-keygen -t rsa -b 4096 -q -N '' -f ./secrets/ssh/vps-box-client ssh-keygen -t rsa -b 4096 -q -N '' -f ./secrets/ssh/vps-box-server -PUBLIC_KEY="$(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)" -echo "${TLD},${PINNED_IP} ssh-rsa ${PUBLIC_KEY}" > ./secrets/ssh/known-hosts.txt git add ./secrets/ssh/ git commit -m "Script: rotate SSH keys" diff --git a/scripts/ci/setup.sh b/scripts/ci/setup.sh index d9ac70c..b23b48f 100755 --- a/scripts/ci/setup.sh +++ b/scripts/ci/setup.sh @@ -33,6 +33,8 @@ export SSH_SERVER_PUBLIC_KEY # https://stackoverflow.com/questions/24963705/is-there-an-escape-character-for-envsubst export DOLLAR='$' +PUBLIC_KEY_ONLY="$(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)" +echo "${TLD},${PINNED_IP} ssh-rsa $(echo $SSH_SERVER_PUBLIC_KEY | awk '{print $2}')" > ./generated-known-hosts.txt envsubst < ./ssh.env.conf >> ~/.ssh/config envsubst < ./hosts.env > ./hosts envsubst < ./docker-compose.env.yaml > ./docker-compose.yaml diff --git a/secrets/ssh/known-hosts.txt b/secrets/ssh/known-hosts.txt Binary files differdeleted file mode 100644 index 8bbf729..0000000 --- a/secrets/ssh/known-hosts.txt +++ /dev/null diff --git a/ssh.env.conf b/ssh.env.conf index b3dc21d..6a7ba03 100644 --- a/ssh.env.conf +++ b/ssh.env.conf @@ -1,7 +1,7 @@ Host $TLD User root IdentityFile $PWD/secrets/ssh/vps-box-client - UserKnownHostsFile $PWD/secrets/ssh/known-hosts.txt + UserKnownHostsFile $PWD/generated-known-hosts.txt Port $SSH_PORT Host git.sr.ht StrictHostKeyChecking no |