blob: 31e021be41e9346af3eb59dca20995e8b0754942 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
.POSIX:
all: result
result: ALWAYS
rm -f result-next
guix system -v3 -r result-next build src/infrastructure/guix/system.scm
rm -f result
mv result-next result
check:
clean:
rm -rf \
src/secrets/*.txt src/infrastructure/keys/SSH/*.stripped \
result result-next \
public:
prod-secrets.txt.gpg = \
src/secrets/borg-passphrase.txt.gpg \
src/secrets/root@euandre.org.id_rsa.txt.gpg
prod-secrets.txt = $(prod-secrets.txt.gpg:.gpg=)
repo-secrets = \
$(prod-secrets.txt.gpg) \
.SUFFIXES: .gpg
.gpg:
gpg -d < $< > $@
$(repo-secrets):
gpg -aer eu@euandre.org < $(@D)/`basename $@ .gpg` > $@
public-ssh = src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub
$(public-ssh).stripped: $(public-ssh).txt
cut -d' ' -f6- < $(public-ssh).txt > $@
upload-secrets: $(prod-secrets.txt) $(public-ssh).stripped
ssh euandre.org sudo -u secrets-keeper 'rm -f /opt/secrets/*'
rsync \
--rsync-path='sudo -u secrets-keeper rsync' \
--chmod=000 \
-avzP \
$(prod-secrets.txt) $(public-ssh).stripped euandre.org:/opt/secrets/
## Generate the ".ssh/authorized_keys" file and upload
## it to rsync.net.
upload-keys:
cat src/infrastructure/keys/SSH/*.txt | ssh suyin dd of=.ssh/authorized_keys
ALWAYS:
|
