aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore3
-rwxr-xr-xrotate-ssh-keys.sh2
-rwxr-xr-xscripts/ci/setup.sh2
-rw-r--r--secrets/ssh/known-hosts.txtbin774 -> 0 bytes
-rw-r--r--ssh.env.conf2
5 files changed, 5 insertions, 4 deletions
diff --git a/.gitignore b/.gitignore
index 7dfc366..88329b0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,4 +10,5 @@
/hosts
/user-data.sh
/scripts/box/create-backup.sh
-/scripts/box/restore-backup.sh \ No newline at end of file
+/scripts/box/restore-backup.sh
+/generated-known-hosts.txt \ No newline at end of file
diff --git a/rotate-ssh-keys.sh b/rotate-ssh-keys.sh
index 4369002..7189657 100755
--- a/rotate-ssh-keys.sh
+++ b/rotate-ssh-keys.sh
@@ -5,8 +5,6 @@ cd "$(dirname "${BASH_SOURCE[0]}")"
rm -f ./secrets/ssh/*
ssh-keygen -t rsa -b 4096 -q -N '' -f ./secrets/ssh/vps-box-client
ssh-keygen -t rsa -b 4096 -q -N '' -f ./secrets/ssh/vps-box-server
-PUBLIC_KEY="$(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)"
-echo "${TLD},${PINNED_IP} ssh-rsa ${PUBLIC_KEY}" > ./secrets/ssh/known-hosts.txt
git add ./secrets/ssh/
git commit -m "Script: rotate SSH keys"
diff --git a/scripts/ci/setup.sh b/scripts/ci/setup.sh
index d9ac70c..b23b48f 100755
--- a/scripts/ci/setup.sh
+++ b/scripts/ci/setup.sh
@@ -33,6 +33,8 @@ export SSH_SERVER_PUBLIC_KEY
# https://stackoverflow.com/questions/24963705/is-there-an-escape-character-for-envsubst
export DOLLAR='$'
+PUBLIC_KEY_ONLY="$(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)"
+echo "${TLD},${PINNED_IP} ssh-rsa $(echo $SSH_SERVER_PUBLIC_KEY | awk '{print $2}')" > ./generated-known-hosts.txt
envsubst < ./ssh.env.conf >> ~/.ssh/config
envsubst < ./hosts.env > ./hosts
envsubst < ./docker-compose.env.yaml > ./docker-compose.yaml
diff --git a/secrets/ssh/known-hosts.txt b/secrets/ssh/known-hosts.txt
deleted file mode 100644
index 8bbf729..0000000
--- a/secrets/ssh/known-hosts.txt
+++ /dev/null
Binary files differ
diff --git a/ssh.env.conf b/ssh.env.conf
index b3dc21d..6a7ba03 100644
--- a/ssh.env.conf
+++ b/ssh.env.conf
@@ -1,7 +1,7 @@
Host $TLD
User root
IdentityFile $PWD/secrets/ssh/vps-box-client
- UserKnownHostsFile $PWD/secrets/ssh/known-hosts.txt
+ UserKnownHostsFile $PWD/generated-known-hosts.txt
Port $SSH_PORT
Host git.sr.ht
StrictHostKeyChecking no