scripts v1

2025-10-22 21:47:09 -05:00
commit acea71c326
10 changed files with 177 additions and 0 deletions
--- a/ansible/nebula_cert.sh
+++ b/ansible/nebula_cert.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# Author: Landon Dyck
+# Generates and encrypts a new certificate for a nebula host. Calls unlock.sh so you don't
+# have to enter your password twice, but will honor an unlock.sh called outside the script.
+# Don't forget to add the host and ip address in ansible/group_vars/all/nebula.yml
+# 
+# Usage: $ ./nebula_cert.sh ip_address hostname
+# * ip_address: the ip address of the host. Make sure it's in the correct /24 network
+# * hostname: the hostname of the host. If I need to explain more, you probably should
+#             not use this
+
+. $(dirname "$0")/unlock.sh
+ca_crt=roles/nebula/files/ca.crt
+ca_key=roles/nebula/files/ca.key
+client_key=roles/nebula/files/certs/$2.key
+client_crt=roles/nebula/files/certs/$2.crt
+
+
+cd ansible/
+ansible-vault decrypt roles/nebula/files/ca.*
+nebula-cert sign \
+  -ip "$1/24" \
+  -name $2 \
+  -out-key $client_key \
+  -out-crt $client_crt  \
+  -ca-crt $ca_crt  \
+  -ca-key $ca_key
+read -p "Press [Enter] key to complete encryption"
+ansible-vault encrypt roles/nebula/files/certs/$2.* roles/nebula/files/ca.*