diff options
author | Jesse Luehrs <doy@tozt.net> | 2018-10-16 00:04:50 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2018-10-16 00:04:50 -0400 |
commit | 44cfd774e357033e6e359cc828116ffd96a298f3 (patch) | |
tree | fdbb5ac6689b593018f2dd4a4921ce2a9adebdb9 /bin | |
parent | 51722cfaf0e0a852e440173152f822b155af328f (diff) | |
download | puppet-tozt-44cfd774e357033e6e359cc828116ffd96a298f3.tar.gz puppet-tozt-44cfd774e357033e6e359cc828116ffd96a298f3.zip |
more secrets handling
Diffstat (limited to 'bin')
-rwxr-xr-x | bin/secrets | 63 | ||||
-rwxr-xr-x | bin/sync-secrets | 7 |
2 files changed, 63 insertions, 7 deletions
diff --git a/bin/secrets b/bin/secrets new file mode 100755 index 0000000..4e97314 --- /dev/null +++ b/bin/secrets @@ -0,0 +1,63 @@ +#!/usr/bin/env bash +set -eu +set -o pipefail + +opened() { + test -e /dev/mapper/tozt-secrets +} + +mounted() { + grep -q '^/dev/mapper/tozt-secrets /mnt' /proc/mounts +} + +cmd_open() { + if ! opened; then + sudo cryptsetup open ~/crypt/tozt-secrets.luks tozt-secrets + fi + if ! mounted; then + sudo mount /dev/mapper/tozt-secrets /mnt + fi +} + +cmd_close() { + if mounted; then + sudo umount /dev/mapper/tozt-secrets + fi + if opened; then + sudo cryptsetup close tozt-secrets + fi +} + +cmd_sync() { + if mounted && opened; then + was_opened=1 + else + cmd_open + was_opened="" + fi + + host="${2:-tozt.net}" + rsync -avz --delete \ + /mnt/puppet/. \ + root@"$host":/usr/local/share/puppet-tozt/modules/secret/files + + if [ -z "$was_opened" ]; then + cmd_close + fi +} + +case "$1" in + open) + cmd_open "$@" + ;; + close) + cmd_close "$@" + ;; + sync) + cmd_sync "$@" + ;; + *) + echo "unknown subcommand $1" >&2 + exit 1 + ;; +esac diff --git a/bin/sync-secrets b/bin/sync-secrets deleted file mode 100755 index 2ebdd76..0000000 --- a/bin/sync-secrets +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash -set -eux -set -o pipefail - -host="${1:-tozt.net}" - -rsync -avz --delete /mnt/puppet/. root@"$host":/usr/local/share/puppet-tozt/modules/secret/files |