From 44cfd774e357033e6e359cc828116ffd96a298f3 Mon Sep 17 00:00:00 2001 From: Jesse Luehrs Date: Tue, 16 Oct 2018 00:04:50 -0400 Subject: more secrets handling --- bin/secrets | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ bin/sync-secrets | 7 ------- 2 files changed, 63 insertions(+), 7 deletions(-) create mode 100755 bin/secrets delete mode 100755 bin/sync-secrets (limited to 'bin') diff --git a/bin/secrets b/bin/secrets new file mode 100755 index 0000000..4e97314 --- /dev/null +++ b/bin/secrets @@ -0,0 +1,63 @@ +#!/usr/bin/env bash +set -eu +set -o pipefail + +opened() { + test -e /dev/mapper/tozt-secrets +} + +mounted() { + grep -q '^/dev/mapper/tozt-secrets /mnt' /proc/mounts +} + +cmd_open() { + if ! opened; then + sudo cryptsetup open ~/crypt/tozt-secrets.luks tozt-secrets + fi + if ! mounted; then + sudo mount /dev/mapper/tozt-secrets /mnt + fi +} + +cmd_close() { + if mounted; then + sudo umount /dev/mapper/tozt-secrets + fi + if opened; then + sudo cryptsetup close tozt-secrets + fi +} + +cmd_sync() { + if mounted && opened; then + was_opened=1 + else + cmd_open + was_opened="" + fi + + host="${2:-tozt.net}" + rsync -avz --delete \ + /mnt/puppet/. \ + root@"$host":/usr/local/share/puppet-tozt/modules/secret/files + + if [ -z "$was_opened" ]; then + cmd_close + fi +} + +case "$1" in + open) + cmd_open "$@" + ;; + close) + cmd_close "$@" + ;; + sync) + cmd_sync "$@" + ;; + *) + echo "unknown subcommand $1" >&2 + exit 1 + ;; +esac diff --git a/bin/sync-secrets b/bin/sync-secrets deleted file mode 100755 index 2ebdd76..0000000 --- a/bin/sync-secrets +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash -set -eux -set -o pipefail - -host="${1:-tozt.net}" - -rsync -avz --delete /mnt/puppet/. root@"$host":/usr/local/share/puppet-tozt/modules/secret/files -- cgit v1.2.3-54-g00ecf