diff options
| author | Jesse Luehrs <doy@tozt.net> | 2018-10-16 00:04:50 -0400 |
|---|---|---|
| committer | Jesse Luehrs <doy@tozt.net> | 2018-10-16 00:04:50 -0400 |
| commit | 44cfd774e357033e6e359cc828116ffd96a298f3 (patch) | |
| tree | fdbb5ac6689b593018f2dd4a4921ce2a9adebdb9 /bin/secrets | |
| parent | 51722cfaf0e0a852e440173152f822b155af328f (diff) | |
| download | puppet-tozt-44cfd774e357033e6e359cc828116ffd96a298f3.tar.gz puppet-tozt-44cfd774e357033e6e359cc828116ffd96a298f3.zip | |
more secrets handling
Diffstat (limited to 'bin/secrets')
| -rwxr-xr-x | bin/secrets | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/bin/secrets b/bin/secrets new file mode 100755 index 0000000..4e97314 --- /dev/null +++ b/bin/secrets @@ -0,0 +1,63 @@ +#!/usr/bin/env bash +set -eu +set -o pipefail + +opened() { + test -e /dev/mapper/tozt-secrets +} + +mounted() { + grep -q '^/dev/mapper/tozt-secrets /mnt' /proc/mounts +} + +cmd_open() { + if ! opened; then + sudo cryptsetup open ~/crypt/tozt-secrets.luks tozt-secrets + fi + if ! mounted; then + sudo mount /dev/mapper/tozt-secrets /mnt + fi +} + +cmd_close() { + if mounted; then + sudo umount /dev/mapper/tozt-secrets + fi + if opened; then + sudo cryptsetup close tozt-secrets + fi +} + +cmd_sync() { + if mounted && opened; then + was_opened=1 + else + cmd_open + was_opened="" + fi + + host="${2:-tozt.net}" + rsync -avz --delete \ + /mnt/puppet/. \ + root@"$host":/usr/local/share/puppet-tozt/modules/secret/files + + if [ -z "$was_opened" ]; then + cmd_close + fi +} + +case "$1" in + open) + cmd_open "$@" + ;; + close) + cmd_close "$@" + ;; + sync) + cmd_sync "$@" + ;; + *) + echo "unknown subcommand $1" >&2 + exit 1 + ;; +esac |