scripts v1

2025-10-22 21:47:09 -05:00
commit acea71c326
10 changed files with 177 additions and 0 deletions
--- a/ansible/nebula_new_ca.sh
+++ b/ansible/nebula_new_ca.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Author: Landon Dyck
+# Nebula CAs expire, and creating a new one is a hassle. This creates a new CA certificate,
+# then recreates each certificate for the hosts in ansible/group_vars/nebula.yml. Once
+# the new certificates are deployed, the old ones cannot be used. Caution should be taken
+# to avoid breaking the network.
+# 
+# Usage: $ ./nebula_new_ca.sh
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+create_cert="$SCRIPT_DIR/nebula_cert.sh"
+$SCRIPT_DIR/unlock.sh
+
+ca_key=ansible/roles/nebula/files/ca.key
+ca_crt=ansible/roles/nebula/files/ca.crt
+
+nebula-cert ca \
+  -duration 26280h \
+  -name 'Code Monkey Software LLC' \
+  -out-crt $ca_crt \
+  -out-key $ca_key
+
+
+NEBULA_CLIENTS=$(yq '.nebula.clients | keys' ansible/group_vars/all/nebula.yml -o c | tr "," "\n")
+
+for client in $NEBULA_CLIENTS
+do
+  ip=$(yq ".nebula.clients.$client.ip" ansible/group_vars/all/nebula.yml)
+  $create_cert $ip $client
+done